drivers/staging/rtl8712/rtl871x_security.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /******************************************************************************
   3  * rtl871x_security.c
   4  *
   5  * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved.
   6  * Linux device driver for RTL8192SU
   7  *
   8  * Modifications for inclusion into the Linux staging tree are
   9  * Copyright(c) 2010 Larry Finger. All rights reserved.
  10  *
  11  * Contact information:
  12  * WLAN FAE <wlanfae@realtek.com>
  13  * Larry Finger <Larry.Finger@lwfinger.net>
  14  *
  15  ******************************************************************************/
  16
  17 #define  _RTL871X_SECURITY_C_
  18
  19 #include <linux/compiler.h>
  20 #include <linux/kernel.h>
  21 #include <linux/errno.h>
  22 #include <linux/slab.h>
  23 #include <linux/module.h>
  24 #include <linux/kref.h>
  25 #include <linux/netdevice.h>
  26 #include <linux/skbuff.h>
  27 #include <linux/circ_buf.h>
  28 #include <linux/uaccess.h>
  29 #include <asm/byteorder.h>
  30 #include <linux/atomic.h>
  31 #include <linux/crc32poly.h>
  32 #include <linux/semaphore.h>
  33
  34 #include "osdep_service.h"
  35 #include "drv_types.h"
  36 #include "wifi.h"
  37 #include "osdep_intf.h"
  38
  39 /* =====WEP related===== */
  40
  41 struct arc4context {
  42         u32 x;
  43         u32 y;
  44         u8 state[256];
  45 };
  46
  47 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
  48 {
  49         u32     t, u;
  50         u32     keyindex;
  51         u32     stateindex;
  52         u8 *state;
  53         u32     counter;
  54
  55         state = parc4ctx->state;
  56         parc4ctx->x = 0;
  57         parc4ctx->y = 0;
  58         for (counter = 0; counter < 256; counter++)
  59                 state[counter] = (u8)counter;
  60         keyindex = 0;
  61         stateindex = 0;
  62         for (counter = 0; counter < 256; counter++) {
  63                 t = state[counter];
  64                 stateindex = (stateindex + key[keyindex] + t) & 0xff;
  65                 u = state[stateindex];
  66                 state[stateindex] = (u8)t;
  67                 state[counter] = (u8)u;
  68                 if (++keyindex >= key_len)
  69                         keyindex = 0;
  70         }
  71 }
  72
  73 static u32 arcfour_byte(struct arc4context *parc4ctx)
  74 {
  75         u32 x;
  76         u32 y;
  77         u32 sx, sy;
  78         u8 *state;
  79
  80         state = parc4ctx->state;
  81         x = (parc4ctx->x + 1) & 0xff;
  82         sx = state[x];
  83         y = (sx + parc4ctx->y) & 0xff;
  84         sy = state[y];
  85         parc4ctx->x = x;
  86         parc4ctx->y = y;
  87         state[y] = (u8)sx;
  88         state[x] = (u8)sy;
  89         return state[(sx + sy) & 0xff];
  90 }
  91
  92 static void arcfour_encrypt(struct arc4context  *parc4ctx,
  93                      u8 *dest, u8 *src, u32 len)
  94 {
  95         u32 i;
  96
  97         for (i = 0; i < len; i++)
  98                 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
  99 }
 100
 101 static sint bcrc32initialized;
 102 static u32 crc32_table[256];
 103
 104 static u8 crc32_reverseBit(u8 data)
 105 {
 106         return ((u8)(data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3)
 107                  & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) |
 108                  ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((data >> 7) &
 109                  0x01);
 110 }
 111
 112 static void crc32_init(void)
 113 {
 114         sint i, j;
 115         u32 c;
 116         u8 *p = (u8 *)&c, *p1;
 117         u8 k;
 118
 119         if (bcrc32initialized == 1)
 120                 return;
 121
 122         for (i = 0; i < 256; ++i) {
 123                 k = crc32_reverseBit((u8)i);
 124                 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
 125                         c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1);
 126                 p1 = (u8 *)&crc32_table[i];
 127                 p1[0] = crc32_reverseBit(p[3]);
 128                 p1[1] = crc32_reverseBit(p[2]);
 129                 p1[2] = crc32_reverseBit(p[1]);
 130                 p1[3] = crc32_reverseBit(p[0]);
 131         }
 132         bcrc32initialized = 1;
 133 }
 134
 135 static u32 getcrc32(u8 *buf, u32 len)
 136 {
 137         u8 *p;
 138         u32  crc;
 139
 140         if (!bcrc32initialized)
 141                 crc32_init();
 142         crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
 143         for (p = buf; len > 0; ++p, --len)
 144                 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
 145         return ~crc;    /* transmit complement, per CRC-32 spec */
 146 }
 147
 148 /*
 149  * Need to consider the fragment situation
 150  */
 151 void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe)
 152 {       /* exclude ICV */
 153         unsigned char   crc[4];
 154         struct arc4context  mycontext;
 155         u32 curfragnum, length, keylength, pki;
 156         u8 *pframe, *payload, *iv;    /*,*wepkey*/
 157         u8 wepkey[16];
 158         struct  pkt_attrib  *pattrib = &((struct xmit_frame *)
 159                                        pxmitframe)->attrib;
 160         struct  security_priv *psecuritypriv = &padapter->securitypriv;
 161         struct  xmit_priv *pxmitpriv = &padapter->xmitpriv;
 162
 163         if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
 164                 return;
 165         pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
 166         /*start to encrypt each fragment*/
 167         if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
 168                 pki = psecuritypriv->PrivacyKeyIndex;
 169                 keylength = psecuritypriv->DefKeylen[pki];
 170                 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
 171                      curfragnum++) {
 172                         iv = pframe + pattrib->hdrlen;
 173                         memcpy(&wepkey[0], iv, 3);
 174                         memcpy(&wepkey[3], &psecuritypriv->DefKey[
 175                                 psecuritypriv->PrivacyKeyIndex].skey[0],
 176                                 keylength);
 177                         payload = pframe + pattrib->iv_len + pattrib->hdrlen;
 178                         if ((curfragnum + 1) == pattrib->nr_frags) {
 179                                 length = pattrib->last_txcmdsz -
 180                                         pattrib->hdrlen -
 181                                         pattrib->iv_len -
 182                                         pattrib->icv_len;
 183                                 *((__le32 *)crc) = cpu_to_le32(getcrc32(
 184                                                 payload, length));
 185                                 arcfour_init(&mycontext, wepkey, 3 + keylength);
 186                                 arcfour_encrypt(&mycontext, payload, payload,
 187                                                 length);
 188                                 arcfour_encrypt(&mycontext, payload + length,
 189                                                 crc, 4);
 190                         } else {
 191                                 length = pxmitpriv->frag_len -
 192                                          pattrib->hdrlen - pattrib->iv_len -
 193                                          pattrib->icv_len;
 194                                 *((__le32 *)crc) = cpu_to_le32(getcrc32(
 195                                                 payload, length));
 196                                 arcfour_init(&mycontext, wepkey, 3 + keylength);
 197                                 arcfour_encrypt(&mycontext, payload, payload,
 198                                                 length);
 199                                 arcfour_encrypt(&mycontext, payload + length,
 200                                                 crc, 4);
 201                                 pframe += pxmitpriv->frag_len;
 202                                 pframe = (u8 *)RND4((addr_t)(pframe));
 203                         }
 204                 }
 205         }
 206 }
 207
 208 void r8712_wep_decrypt(struct _adapter  *padapter, u8 *precvframe)
 209 {
 210         /* exclude ICV */
 211         u8 crc[4];
 212         struct arc4context  mycontext;
 213         u32 length, keylength;
 214         u8 *pframe, *payload, *iv, wepkey[16];
 215         u8  keyindex;
 216         struct rx_pkt_attrib  *prxattrib = &(((union recv_frame *)
 217                                           precvframe)->u.hdr.attrib);
 218         struct security_priv *psecuritypriv = &padapter->securitypriv;
 219
 220         pframe = (unsigned char *)((union recv_frame *)precvframe)->
 221                   u.hdr.rx_data;
 222         /* start to decrypt recvframe */
 223         if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt ==
 224              _WEP104_)) {
 225                 iv = pframe + prxattrib->hdrlen;
 226                 keyindex = (iv[3] & 0x3);
 227                 keylength = psecuritypriv->DefKeylen[keyindex];
 228                 memcpy(&wepkey[0], iv, 3);
 229                 memcpy(&wepkey[3], &psecuritypriv->DefKey[
 230                         psecuritypriv->PrivacyKeyIndex].skey[0],
 231                         keylength);
 232                 length = ((union recv_frame *)precvframe)->
 233                            u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
 234                 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
 235                 /* decrypt payload include icv */
 236                 arcfour_init(&mycontext, wepkey, 3 + keylength);
 237                 arcfour_encrypt(&mycontext, payload, payload,  length);
 238                 /* calculate icv and compare the icv */
 239                 *((__le32 *)crc) = cpu_to_le32(getcrc32(payload, length - 4));
 240         }
 241 }
 242
 243 /* 3 =====TKIP related===== */
 244
 245 static u32 secmicgetuint32(u8 *p)
 246 /* Convert from Byte[] to Us4Byte32 in a portable way */
 247 {
 248         s32 i;
 249         u32 res = 0;
 250
 251         for (i = 0; i < 4; i++)
 252                 res |= ((u32)(*p++)) << (8 * i);
 253         return res;
 254 }
 255
 256 static void secmicputuint32(u8 *p, u32 val)
 257 /* Convert from Us4Byte32 to Byte[] in a portable way */
 258 {
 259         long i;
 260
 261         for (i = 0; i < 4; i++) {
 262                 *p++ = (u8) (val & 0xff);
 263                 val >>= 8;
 264         }
 265 }
 266
 267 static void secmicclear(struct mic_data *pmicdata)
 268 {
 269 /* Reset the state to the empty message. */
 270         pmicdata->L = pmicdata->K0;
 271         pmicdata->R = pmicdata->K1;
 272         pmicdata->nBytesInM = 0;
 273         pmicdata->M = 0;
 274 }
 275
 276 void r8712_secmicsetkey(struct mic_data *pmicdata, u8 *key)
 277 {
 278         /* Set the key */
 279         pmicdata->K0 = secmicgetuint32(key);
 280         pmicdata->K1 = secmicgetuint32(key + 4);
 281         /* and reset the message */
 282         secmicclear(pmicdata);
 283 }
 284
 285 static void secmicappendbyte(struct mic_data *pmicdata, u8 b)
 286 {
 287         /* Append the byte to our word-sized buffer */
 288         pmicdata->M |= ((u32)b) << (8 * pmicdata->nBytesInM);
 289         pmicdata->nBytesInM++;
 290         /* Process the word if it is full. */
 291         if (pmicdata->nBytesInM >= 4) {
 292                 pmicdata->L ^= pmicdata->M;
 293                 pmicdata->R ^= ROL32(pmicdata->L, 17);
 294                 pmicdata->L += pmicdata->R;
 295                 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) |
 296                                ((pmicdata->L & 0x00ff00ff) << 8);
 297                 pmicdata->L += pmicdata->R;
 298                 pmicdata->R ^= ROL32(pmicdata->L, 3);
 299                 pmicdata->L += pmicdata->R;
 300                 pmicdata->R ^= ROR32(pmicdata->L, 2);
 301                 pmicdata->L += pmicdata->R;
 302                 /* Clear the buffer */
 303                 pmicdata->M = 0;
 304                 pmicdata->nBytesInM = 0;
 305         }
 306 }
 307
 308 void r8712_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
 309 {
 310         /* This is simple */
 311         while (nbytes > 0) {
 312                 secmicappendbyte(pmicdata, *src++);
 313                 nbytes--;
 314         }
 315 }
 316
 317 void r8712_secgetmic(struct mic_data *pmicdata, u8 *dst)
 318 {
 319         /* Append the minimum padding */
 320         secmicappendbyte(pmicdata, 0x5a);
 321         secmicappendbyte(pmicdata, 0);
 322         secmicappendbyte(pmicdata, 0);
 323         secmicappendbyte(pmicdata, 0);
 324         secmicappendbyte(pmicdata, 0);
 325         /* and then zeroes until the length is a multiple of 4 */
 326         while (pmicdata->nBytesInM != 0)
 327                 secmicappendbyte(pmicdata, 0);
 328         /* The appendByte function has already computed the result. */
 329         secmicputuint32(dst, pmicdata->L);
 330         secmicputuint32(dst + 4, pmicdata->R);
 331         /* Reset to the empty message. */
 332         secmicclear(pmicdata);
 333 }
 334
 335 void seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code,
 336                     u8 pri)
 337 {
 338
 339         struct mic_data micdata;
 340         u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
 341
 342         r8712_secmicsetkey(&micdata, key);
 343         priority[0] = pri;
 344         /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
 345         if (header[1] & 1) {   /* ToDS==1 */
 346                 r8712_secmicappend(&micdata, &header[16], 6);  /* DA */
 347                 if (header[1] & 2)  /* From Ds==1 */
 348                         r8712_secmicappend(&micdata, &header[24], 6);
 349                 else
 350                         r8712_secmicappend(&micdata, &header[10], 6);
 351         } else {        /* ToDS==0 */
 352                 r8712_secmicappend(&micdata, &header[4], 6);   /* DA */
 353                 if (header[1] & 2)  /* From Ds==1 */
 354                         r8712_secmicappend(&micdata, &header[16], 6);
 355                 else
 356                         r8712_secmicappend(&micdata, &header[10], 6);
 357         }
 358         r8712_secmicappend(&micdata, &priority[0], 4);
 359         r8712_secmicappend(&micdata, data, data_len);
 360         r8712_secgetmic(&micdata, mic_code);
 361 }
 362
 363 /* macros for extraction/creation of unsigned char/unsigned short values  */
 364 #define RotR1(v16)   ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
 365 #define   Lo8(v16)   ((u8)((v16) & 0x00FF))
 366 #define   Hi8(v16)   ((u8)(((v16) >> 8) & 0x00FF))
 367 #define  Lo16(v32)   ((u16)((v32) & 0xFFFF))
 368 #define  Hi16(v32)   ((u16)(((v32) >> 16) & 0xFFFF))
 369 #define  Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
 370
 371 /* select the Nth 16-bit word of the temporal key unsigned char array TK[]   */
 372 #define  TK16(N)  Mk16(tk[2 * (N) + 1], tk[2 * (N)])
 373
 374 /* S-box lookup: 16 bits --> 16 bits */
 375 #define _S_(v16)  (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
 376
 377 /* fixed algorithm "parameters" */
 378 #define PHASE1_LOOP_CNT   8    /* this needs to be "big enough"     */
 379 #define TA_SIZE           6    /*  48-bit transmitter address       */
 380 #define TK_SIZE          16    /* 128-bit temporal key              */
 381 #define P1K_SIZE         10    /*  80-bit Phase1 key                */
 382 #define RC4_KEY_SIZE     16    /* 128-bit RC4KEY (104 bits unknown) */
 383
 384
 385 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
 386 static const unsigned short Sbox1[2][256] = {/* Sbox for hash (can be in ROM) */
 387         {
 388         0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
 389         0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
 390         0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
 391         0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
 392         0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
 393         0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
 394         0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
 395         0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
 396         0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
 397         0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
 398         0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
 399         0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
 400         0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
 401         0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
 402         0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
 403         0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
 404         0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
 405         0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
 406         0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
 407         0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
 408         0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
 409         0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
 410         0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
 411         0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
 412         0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
 413         0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
 414         0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
 415         0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
 416         0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
 417         0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
 418         0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
 419         0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
 420         },
 421         {  /* second half is unsigned char-reversed version of first! */
 422         0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
 423         0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
 424         0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
 425         0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
 426         0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
 427         0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
 428         0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
 429         0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
 430         0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
 431         0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
 432         0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
 433         0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
 434         0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
 435         0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
 436         0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
 437         0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
 438         0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
 439         0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
 440         0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
 441         0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
 442         0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
 443         0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
 444         0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
 445         0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
 446         0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
 447         0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
 448         0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
 449         0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
 450         0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
 451         0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
 452         0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
 453         0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
 454         }
 455 };
 456
 457 /*
 458  **********************************************************************
 459  * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
 460  *
 461  * Inputs:
 462  *     tk[]      = temporal key                         [128 bits]
 463  *     ta[]      = transmitter's MAC address            [ 48 bits]
 464  *     iv32      = upper 32 bits of IV                  [ 32 bits]
 465  * Output:
 466  *     p1k[]     = Phase 1 key                          [ 80 bits]
 467  *
 468  * Note:
 469  *     This function only needs to be called every 2**16 packets,
 470  *     although in theory it could be called every packet.
 471  *
 472  **********************************************************************
 473  */
 474 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
 475 {
 476         sint  i;
 477
 478         /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5]     */
 479         p1k[0] = Lo16(iv32);
 480         p1k[1] = Hi16(iv32);
 481         p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
 482         p1k[3] = Mk16(ta[3], ta[2]);
 483         p1k[4] = Mk16(ta[5], ta[4]);
 484         /* Now compute an unbalanced Feistel cipher with 80-bit block */
 485         /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
 486         for (i = 0; i < PHASE1_LOOP_CNT; i++) {  /* Each add is mod 2**16 */
 487                 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
 488                 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
 489                 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
 490                 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
 491                 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
 492                 p1k[4] +=  (unsigned short)i;   /* avoid "slide attacks" */
 493         }
 494 }
 495
 496 /*
 497  **********************************************************************
 498  * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
 499  *
 500  * Inputs:
 501  *     tk[]      = Temporal key                         [128 bits]
 502  *     p1k[]     = Phase 1 output key                   [ 80 bits]
 503  *     iv16      = low 16 bits of IV counter            [ 16 bits]
 504  * Output:
 505  *     rc4key[]  = the key used to encrypt the packet   [128 bits]
 506  *
 507  * Note:
 508  *     The value {TA,IV32,IV16} for Phase1/Phase2 must be unique
 509  *     across all packets using the same key TK value. Then, for a
 510  *     given value of TK[], this TKIP48 construction guarantees that
 511  *     the final RC4KEY value is unique across all packets.
 512  *
 513  * Suggested implementation optimization: if PPK[] is "overlaid"
 514  *     appropriately on RC4KEY[], there is no need for the final
 515  *     for loop below that copies the PPK[] result into RC4KEY[].
 516  *
 517  **********************************************************************
 518  */
 519 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
 520 {
 521         sint  i;
 522         u16 PPK[6];                     /* temporary key for mixing    */
 523
 524         /* Note: all adds in the PPK[] equations below are mod 2**16 */
 525         for (i = 0; i < 5; i++)
 526                 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
 527         PPK[5]  =  p1k[4] + iv16; /* next,  add in IV16 */
 528         /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
 529         PPK[0] += _S_(PPK[5] ^ TK16(0));   /* Mix key in each "round" */
 530         PPK[1] += _S_(PPK[0] ^ TK16(1));
 531         PPK[2] += _S_(PPK[1] ^ TK16(2));
 532         PPK[3] += _S_(PPK[2] ^ TK16(3));
 533         PPK[4] += _S_(PPK[3] ^ TK16(4));
 534         PPK[5] += _S_(PPK[4] ^ TK16(5));   /* Total # S-box lookups == 6  */
 535         /* Final sweep: bijective, "linear". Rotates kill LSB correlations   */
 536         PPK[0] +=  RotR1(PPK[5] ^ TK16(6));
 537         PPK[1] +=  RotR1(PPK[0] ^ TK16(7));   /* Use all of TK[] in Phase2   */
 538         PPK[2] +=  RotR1(PPK[1]);
 539         PPK[3] +=  RotR1(PPK[2]);
 540         PPK[4] +=  RotR1(PPK[3]);
 541         PPK[5] +=  RotR1(PPK[4]);
 542         /* Note: At this point, for a given key TK[0..15], the 96-bit output */
 543         /* value PPK[0..5] is guaranteed to be unique, as a function   */
 544         /* of the 96-bit "input" value   {TA,IV32,IV16}. That is, P1K  */
 545         /* is now a keyed permutation of {TA,IV32,IV16}. */
 546         /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key   */
 547         rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV  */
 548         rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys  */
 549         rc4key[2] = Lo8(iv16);
 550         rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
 551         /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15]  (little-endian) */
 552         for (i = 0; i < 6; i++) {
 553                 rc4key[4 + 2 * i] = Lo8(PPK[i]);
 554                 rc4key[5 + 2 * i] = Hi8(PPK[i]);
 555         }
 556 }
 557
 558 /*The hlen isn't include the IV*/
 559 u32 r8712_tkip_encrypt(struct _adapter *padapter, u8 *pxmitframe)
 560 {       /*  exclude ICV */
 561         u16 pnl;
 562         u32 pnh;
 563         u8 rc4key[16];
 564         u8 ttkey[16];
 565         u8 crc[4];
 566         struct arc4context mycontext;
 567         u32 curfragnum, length;
 568
 569         u8 *pframe, *payload, *iv, *prwskey;
 570         union pn48 txpn;
 571         struct sta_info *stainfo;
 572         struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
 573         struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
 574         u32 res = _SUCCESS;
 575
 576         if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
 577                 return _FAIL;
 578
 579         pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
 580         /* 4 start to encrypt each fragment */
 581         if (pattrib->encrypt == _TKIP_) {
 582                 if (pattrib->psta)
 583                         stainfo = pattrib->psta;
 584                 else
 585                         stainfo = r8712_get_stainfo(&padapter->stapriv,
 586                                   &pattrib->ra[0]);
 587                 if (stainfo != NULL) {
 588                         prwskey = &stainfo->x_UncstKey.skey[0];
 589                         for (curfragnum = 0; curfragnum < pattrib->nr_frags;
 590                              curfragnum++) {
 591                                 iv = pframe + pattrib->hdrlen;
 592                                 payload = pframe + pattrib->iv_len +
 593                                           pattrib->hdrlen;
 594                                 GET_TKIP_PN(iv, txpn);
 595                                 pnl = (u16)(txpn.val);
 596                                 pnh = (u32)(txpn.val >> 16);
 597                                 phase1((u16 *)&ttkey[0], prwskey,
 598                                        &pattrib->ta[0], pnh);
 599                                 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0],
 600                                        pnl);
 601                                 if ((curfragnum + 1) == pattrib->nr_frags) {
 602                                         /* 4 the last fragment */
 603                                         length = pattrib->last_txcmdsz -
 604                                              pattrib->hdrlen -
 605                                              pattrib->iv_len -
 606                                              pattrib->icv_len;
 607                                         *((__le32 *)crc) = cpu_to_le32(
 608                                                 getcrc32(payload, length));
 609                                         arcfour_init(&mycontext, rc4key, 16);
 610                                         arcfour_encrypt(&mycontext, payload,
 611                                                         payload, length);
 612                                         arcfour_encrypt(&mycontext, payload +
 613                                                         length, crc, 4);
 614                                 } else {
 615                                         length = pxmitpriv->frag_len -
 616                                                  pattrib->hdrlen -
 617                                                  pattrib->iv_len -
 618                                                  pattrib->icv_len;
 619                                         *((__le32 *)crc) = cpu_to_le32(getcrc32(
 620                                                         payload, length));
 621                                         arcfour_init(&mycontext, rc4key, 16);
 622                                         arcfour_encrypt(&mycontext, payload,
 623                                                          payload, length);
 624                                         arcfour_encrypt(&mycontext,
 625                                                         payload + length, crc,
 626                                                         4);
 627                                         pframe += pxmitpriv->frag_len;
 628                                         pframe = (u8 *)RND4((addr_t)(pframe));
 629                                 }
 630                         }
 631                 } else {
 632                         res = _FAIL;
 633                 }
 634         }
 635         return res;
 636 }
 637
 638 /* The hlen doesn't include the IV */
 639 u32 r8712_tkip_decrypt(struct _adapter *padapter, u8 *precvframe)
 640 {       /* exclude ICV */
 641         u16 pnl;
 642         u32 pnh;
 643         u8 rc4key[16];
 644         u8 ttkey[16];
 645         u8 crc[4];
 646         struct arc4context mycontext;
 647         u32 length;
 648         u8 *pframe, *payload, *iv, *prwskey, idx = 0;
 649         union pn48 txpn;
 650         struct  sta_info *stainfo;
 651         struct  rx_pkt_attrib *prxattrib = &((union recv_frame *)
 652                                            precvframe)->u.hdr.attrib;
 653         struct  security_priv   *psecuritypriv = &padapter->securitypriv;
 654
 655         pframe = (unsigned char *)((union recv_frame *)
 656                                    precvframe)->u.hdr.rx_data;
 657         /* 4 start to decrypt recvframe */
 658         if (prxattrib->encrypt == _TKIP_) {
 659                 stainfo = r8712_get_stainfo(&padapter->stapriv,
 660                                             &prxattrib->ta[0]);
 661                 if (stainfo != NULL) {
 662                         iv = pframe + prxattrib->hdrlen;
 663                         payload = pframe + prxattrib->iv_len +
 664                                   prxattrib->hdrlen;
 665                         length = ((union recv_frame *)precvframe)->
 666                                  u.hdr.len - prxattrib->hdrlen -
 667                                  prxattrib->iv_len;
 668                         if (is_multicast_ether_addr(prxattrib->ra)) {
 669                                 idx = iv[3];
 670                                 prwskey = &psecuritypriv->XGrpKey[
 671                                          ((idx >> 6) & 0x3) - 1].skey[0];
 672                                 if (!psecuritypriv->binstallGrpkey)
 673                                         return _FAIL;
 674                         } else {
 675                                 prwskey = &stainfo->x_UncstKey.skey[0];
 676                         }
 677                         GET_TKIP_PN(iv, txpn);
 678                         pnl = (u16)(txpn.val);
 679                         pnh = (u32)(txpn.val >> 16);
 680                         phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0],
 681                                 pnh);
 682                         phase2(&rc4key[0], prwskey, (unsigned short *)
 683                                &ttkey[0], pnl);
 684                         /* 4 decrypt payload include icv */
 685                         arcfour_init(&mycontext, rc4key, 16);
 686                         arcfour_encrypt(&mycontext, payload, payload, length);
 687                         *((__le32 *)crc) = cpu_to_le32(getcrc32(payload,
 688                                         length - 4));
 689                         if (crc[3] != payload[length - 1] ||
 690                             crc[2] != payload[length - 2] ||
 691                             crc[1] != payload[length - 3] ||
 692                             crc[0] != payload[length - 4])
 693                                 return _FAIL;
 694                 } else {
 695                         return _FAIL;
 696                 }
 697         }
 698         return _SUCCESS;
 699 }
 700
 701 /* 3 =====AES related===== */
 702
 703 #define MAX_MSG_SIZE    2048
 704 /*****************************/
 705 /******** SBOX Table *********/
 706 /*****************************/
 707
 708 static const u8 sbox_table[256] = {
 709         0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
 710         0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
 711         0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
 712         0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
 713         0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
 714         0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
 715         0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
 716         0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
 717         0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
 718         0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
 719         0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
 720         0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
 721         0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
 722         0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
 723         0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
 724         0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
 725         0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
 726         0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
 727         0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
 728         0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
 729         0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
 730         0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
 731         0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
 732         0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
 733         0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
 734         0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
 735         0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
 736         0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
 737         0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
 738         0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
 739         0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
 740         0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
 741 };
 742
 743 /****************************************/
 744 /* aes128k128d()                        */
 745 /* Performs a 128 bit AES encrypt with  */
 746 /* 128 bit data.                        */
 747 /****************************************/
 748 static void xor_128(u8 *a, u8 *b, u8 *out)
 749 {
 750         sint i;
 751
 752         for (i = 0; i < 16; i++)
 753                 out[i] = a[i] ^ b[i];
 754 }
 755
 756 static void xor_32(u8 *a, u8 *b, u8 *out)
 757 {
 758         sint i;
 759
 760         for (i = 0; i < 4; i++)
 761                 out[i] = a[i] ^ b[i];
 762 }
 763
 764 static u8 sbox(u8 a)
 765 {
 766         return sbox_table[(sint)a];
 767 }
 768
 769 static void next_key(u8 *key, sint round)
 770 {
 771         u8 rcon;
 772         u8 sbox_key[4];
 773         u8 rcon_table[12] = {
 774                 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
 775                 0x1b, 0x36, 0x36, 0x36
 776         };
 777
 778         sbox_key[0] = sbox(key[13]);
 779         sbox_key[1] = sbox(key[14]);
 780         sbox_key[2] = sbox(key[15]);
 781         sbox_key[3] = sbox(key[12]);
 782         rcon = rcon_table[round];
 783         xor_32(&key[0], sbox_key, &key[0]);
 784         key[0] = key[0] ^ rcon;
 785         xor_32(&key[4], &key[0], &key[4]);
 786         xor_32(&key[8], &key[4], &key[8]);
 787         xor_32(&key[12], &key[8], &key[12]);
 788 }
 789
 790 static void byte_sub(u8 *in, u8 *out)
 791 {
 792         sint i;
 793
 794         for (i = 0; i < 16; i++)
 795                 out[i] = sbox(in[i]);
 796 }
 797
 798 static void shift_row(u8 *in, u8 *out)
 799 {
 800         out[0] =  in[0];
 801         out[1] =  in[5];
 802         out[2] =  in[10];
 803         out[3] =  in[15];
 804         out[4] =  in[4];
 805         out[5] =  in[9];
 806         out[6] =  in[14];
 807         out[7] =  in[3];
 808         out[8] =  in[8];
 809         out[9] =  in[13];
 810         out[10] = in[2];
 811         out[11] = in[7];
 812         out[12] = in[12];
 813         out[13] = in[1];
 814         out[14] = in[6];
 815         out[15] = in[11];
 816 }
 817
 818 static void mix_column(u8 *in, u8 *out)
 819 {
 820         sint i;
 821         u8 add1b[4];
 822         u8 add1bf7[4];
 823         u8 rotl[4];
 824         u8 swap_halves[4];
 825         u8 andf7[4];
 826         u8 rotr[4];
 827         u8 temp[4];
 828         u8 tempb[4];
 829
 830         for (i = 0; i < 4; i++) {
 831                 if ((in[i] & 0x80) == 0x80)
 832                         add1b[i] = 0x1b;
 833                 else
 834                         add1b[i] = 0x00;
 835         }
 836         swap_halves[0] = in[2];    /* Swap halves */
 837         swap_halves[1] = in[3];
 838         swap_halves[2] = in[0];
 839         swap_halves[3] = in[1];
 840         rotl[0] = in[3];        /* Rotate left 8 bits */
 841         rotl[1] = in[0];
 842         rotl[2] = in[1];
 843         rotl[3] = in[2];
 844         andf7[0] = in[0] & 0x7f;
 845         andf7[1] = in[1] & 0x7f;
 846         andf7[2] = in[2] & 0x7f;
 847         andf7[3] = in[3] & 0x7f;
 848         for (i = 3; i > 0; i--) {   /* logical shift left 1 bit */
 849                 andf7[i] = andf7[i] << 1;
 850                 if ((andf7[i - 1] & 0x80) == 0x80)
 851                         andf7[i] = (andf7[i] | 0x01);
 852         }
 853         andf7[0] = andf7[0] << 1;
 854         andf7[0] = andf7[0] & 0xfe;
 855         xor_32(add1b, andf7, add1bf7);
 856         xor_32(in, add1bf7, rotr);
 857         temp[0] = rotr[0];         /* Rotate right 8 bits */
 858         rotr[0] = rotr[1];
 859         rotr[1] = rotr[2];
 860         rotr[2] = rotr[3];
 861         rotr[3] = temp[0];
 862         xor_32(add1bf7, rotr, temp);
 863         xor_32(swap_halves, rotl, tempb);
 864         xor_32(temp, tempb, out);
 865 }
 866
 867 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
 868 {
 869         sint round;
 870         sint i;
 871         u8 intermediatea[16];
 872         u8 intermediateb[16];
 873         u8 round_key[16];
 874
 875         for (i = 0; i < 16; i++)
 876                 round_key[i] = key[i];
 877         for (round = 0; round < 11; round++) {
 878                 if (round == 0) {
 879                         xor_128(round_key, data, ciphertext);
 880                         next_key(round_key, round);
 881                 } else if (round == 10) {
 882                         byte_sub(ciphertext, intermediatea);
 883                         shift_row(intermediatea, intermediateb);
 884                         xor_128(intermediateb, round_key, ciphertext);
 885                 } else {   /* 1 - 9 */
 886                         byte_sub(ciphertext, intermediatea);
 887                         shift_row(intermediatea, intermediateb);
 888                         mix_column(&intermediateb[0], &intermediatea[0]);
 889                         mix_column(&intermediateb[4], &intermediatea[4]);
 890                         mix_column(&intermediateb[8], &intermediatea[8]);
 891                         mix_column(&intermediateb[12], &intermediatea[12]);
 892                         xor_128(intermediatea, round_key, ciphertext);
 893                         next_key(round_key, round);
 894                 }
 895         }
 896 }
 897
 898 /************************************************/
 899 /* construct_mic_iv()                           */
 900 /* Builds the MIC IV from header fields and PN  */
 901 /************************************************/
 902 static void construct_mic_iv(u8 *mic_iv, sint qc_exists, sint a4_exists,
 903                              u8 *mpdu, uint payload_length, u8 *pn_vector)
 904 {
 905         sint i;
 906
 907         mic_iv[0] = 0x59;
 908         if (qc_exists && a4_exists)
 909                 mic_iv[1] = mpdu[30] & 0x0f;    /* QoS_TC           */
 910         if (qc_exists && !a4_exists)
 911                 mic_iv[1] = mpdu[24] & 0x0f;   /* mute bits 7-4    */
 912         if (!qc_exists)
 913                 mic_iv[1] = 0x00;
 914         for (i = 2; i < 8; i++)
 915                 mic_iv[i] = mpdu[i + 8];
 916         for (i = 8; i < 14; i++)
 917                 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
 918         mic_iv[14] = (unsigned char) (payload_length / 256);
 919         mic_iv[15] = (unsigned char) (payload_length % 256);
 920 }
 921
 922 /************************************************/
 923 /* construct_mic_header1()                      */
 924 /* Builds the first MIC header block from       */
 925 /* header fields.                               */
 926 /************************************************/
 927 static void construct_mic_header1(u8 *mic_header1, sint header_length, u8 *mpdu)
 928 {
 929         mic_header1[0] = (u8)((header_length - 2) / 256);
 930         mic_header1[1] = (u8)((header_length - 2) % 256);
 931         mic_header1[2] = mpdu[0] & 0xcf;    /* Mute CF poll & CF ack bits */
 932         /* Mute retry, more data and pwr mgt bits */
 933         mic_header1[3] = mpdu[1] & 0xc7;
 934         mic_header1[4] = mpdu[4];       /* A1 */
 935         mic_header1[5] = mpdu[5];
 936         mic_header1[6] = mpdu[6];
 937         mic_header1[7] = mpdu[7];
 938         mic_header1[8] = mpdu[8];
 939         mic_header1[9] = mpdu[9];
 940         mic_header1[10] = mpdu[10];     /* A2 */
 941         mic_header1[11] = mpdu[11];
 942         mic_header1[12] = mpdu[12];
 943         mic_header1[13] = mpdu[13];
 944         mic_header1[14] = mpdu[14];
 945         mic_header1[15] = mpdu[15];
 946 }
 947
 948 /************************************************/
 949 /* construct_mic_header2()                      */
 950 /* Builds the last MIC header block from        */
 951 /* header fields.                               */
 952 /************************************************/
 953 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, sint a4_exists,
 954                            sint qc_exists)
 955 {
 956         sint i;
 957
 958         for (i = 0; i < 16; i++)
 959                 mic_header2[i] = 0x00;
 960         mic_header2[0] = mpdu[16];    /* A3 */
 961         mic_header2[1] = mpdu[17];
 962         mic_header2[2] = mpdu[18];
 963         mic_header2[3] = mpdu[19];
 964         mic_header2[4] = mpdu[20];
 965         mic_header2[5] = mpdu[21];
 966         mic_header2[6] = 0x00;
 967         mic_header2[7] = 0x00; /* mpdu[23]; */
 968         if (!qc_exists && a4_exists)
 969                 for (i = 0; i < 6; i++)
 970                         mic_header2[8 + i] = mpdu[24 + i];   /* A4 */
 971         if (qc_exists && !a4_exists) {
 972                 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
 973                 mic_header2[9] = mpdu[25] & 0x00;
 974         }
 975         if (qc_exists && a4_exists) {
 976                 for (i = 0; i < 6; i++)
 977                         mic_header2[8 + i] = mpdu[24 + i];   /* A4 */
 978                 mic_header2[14] = mpdu[30] & 0x0f;
 979                 mic_header2[15] = mpdu[31] & 0x00;
 980         }
 981 }
 982
 983 /************************************************/
 984 /* construct_mic_header2()                      */
 985 /* Builds the last MIC header block from        */
 986 /* header fields.                               */
 987 /************************************************/
 988 static void construct_ctr_preload(u8 *ctr_preload,
 989                                   sint a4_exists, sint qc_exists,
 990                                   u8 *mpdu, u8 *pn_vector, sint c)
 991 {
 992         sint i;
 993
 994         for (i = 0; i < 16; i++)
 995                 ctr_preload[i] = 0x00;
 996         i = 0;
 997         ctr_preload[0] = 0x01;    /* flag */
 998         if (qc_exists && a4_exists)
 999                 ctr_preload[1] = mpdu[30] & 0x0f;
1000         if (qc_exists && !a4_exists)
1001                 ctr_preload[1] = mpdu[24] & 0x0f;
1002         for (i = 2; i < 8; i++)
1003                 ctr_preload[i] = mpdu[i + 8];
1004         for (i = 8; i < 14; i++)
1005                 ctr_preload[i] = pn_vector[13 - i];
1006         ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
1007         ctr_preload[15] = (unsigned char) (c % 256);
1008 }
1009
1010 /************************************/
1011 /* bitwise_xor()                    */
1012 /* A 128 bit, bitwise exclusive or  */
1013 /************************************/
1014 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1015 {
1016         sint i;
1017
1018         for (i = 0; i < 16; i++)
1019                 out[i] = ina[i] ^ inb[i];
1020 }
1021
1022 static sint aes_cipher(u8 *key, uint    hdrlen,
1023                         u8 *pframe, uint plen)
1024 {
1025         uint qc_exists, a4_exists, i, j, payload_remainder;
1026         uint num_blocks, payload_index;
1027
1028         u8 pn_vector[6];
1029         u8 mic_iv[16];
1030         u8 mic_header1[16];
1031         u8 mic_header2[16];
1032         u8 ctr_preload[16];
1033
1034         /* Intermediate Buffers */
1035         u8 chain_buffer[16];
1036         u8 aes_out[16];
1037         u8 padded_buffer[16];
1038         u8 mic[8];
1039         u16 frtype  = GetFrameType(pframe);
1040         u16 frsubtype  = GetFrameSubType(pframe);
1041
1042         frsubtype >>= 4;
1043         memset((void *)mic_iv, 0, 16);
1044         memset((void *)mic_header1, 0, 16);
1045         memset((void *)mic_header2, 0, 16);
1046         memset((void *)ctr_preload, 0, 16);
1047         memset((void *)chain_buffer, 0, 16);
1048         memset((void *)aes_out, 0, 16);
1049         memset((void *)padded_buffer, 0, 16);
1050
1051         if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen ==  WLAN_HDR_A3_QOS_LEN))
1052                 a4_exists = 0;
1053         else
1054                 a4_exists = 1;
1055
1056         if ((frtype == WIFI_DATA_CFACK) ||
1057              (frtype == WIFI_DATA_CFPOLL) ||
1058              (frtype == WIFI_DATA_CFACKPOLL)) {
1059                 qc_exists = 1;
1060                 if (hdrlen !=  WLAN_HDR_A3_QOS_LEN)
1061                         hdrlen += 2;
1062         } else if ((frsubtype == 0x08) ||
1063                    (frsubtype == 0x09) ||
1064                    (frsubtype == 0x0a) ||
1065                    (frsubtype == 0x0b)) {
1066                 if (hdrlen !=  WLAN_HDR_A3_QOS_LEN)
1067                         hdrlen += 2;
1068                 qc_exists = 1;
1069         } else {
1070                 qc_exists = 0;
1071         }
1072         pn_vector[0] = pframe[hdrlen];
1073         pn_vector[1] = pframe[hdrlen + 1];
1074         pn_vector[2] = pframe[hdrlen + 4];
1075         pn_vector[3] = pframe[hdrlen + 5];
1076         pn_vector[4] = pframe[hdrlen + 6];
1077         pn_vector[5] = pframe[hdrlen + 7];
1078         construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1079         construct_mic_header1(mic_header1, hdrlen, pframe);
1080         construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1081         payload_remainder = plen % 16;
1082         num_blocks = plen / 16;
1083         /* Find start of payload */
1084         payload_index = hdrlen + 8;
1085         /* Calculate MIC */
1086         aes128k128d(key, mic_iv, aes_out);
1087         bitwise_xor(aes_out, mic_header1, chain_buffer);
1088         aes128k128d(key, chain_buffer, aes_out);
1089         bitwise_xor(aes_out, mic_header2, chain_buffer);
1090         aes128k128d(key, chain_buffer, aes_out);
1091         for (i = 0; i < num_blocks; i++) {
1092                 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1093                 payload_index += 16;
1094                 aes128k128d(key, chain_buffer, aes_out);
1095         }
1096         /* Add on the final payload block if it needs padding */
1097         if (payload_remainder > 0) {
1098                 for (j = 0; j < 16; j++)
1099                         padded_buffer[j] = 0x00;
1100                 for (j = 0; j < payload_remainder; j++)
1101                         padded_buffer[j] = pframe[payload_index++];
1102                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1103                 aes128k128d(key, chain_buffer, aes_out);
1104         }
1105         for (j = 0; j < 8; j++)
1106                 mic[j] = aes_out[j];
1107         /* Insert MIC into payload */
1108         for (j = 0; j < 8; j++)
1109                 pframe[payload_index + j] = mic[j];
1110         payload_index = hdrlen + 8;
1111         for (i = 0; i < num_blocks; i++) {
1112                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1113                                       pframe, pn_vector, i + 1);
1114                 aes128k128d(key, ctr_preload, aes_out);
1115                 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1116                 for (j = 0; j < 16; j++)
1117                         pframe[payload_index++] = chain_buffer[j];
1118         }
1119         if (payload_remainder > 0) {  /* If short final block, then pad it,*/
1120                                       /* encrypt and copy unpadded part back */
1121                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1122                                       pframe, pn_vector, num_blocks + 1);
1123                 for (j = 0; j < 16; j++)
1124                         padded_buffer[j] = 0x00;
1125                 for (j = 0; j < payload_remainder; j++)
1126                         padded_buffer[j] = pframe[payload_index + j];
1127                 aes128k128d(key, ctr_preload, aes_out);
1128                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1129                 for (j = 0; j < payload_remainder; j++)
1130                         pframe[payload_index++] = chain_buffer[j];
1131         }
1132         /* Encrypt the MIC */
1133         construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1134                               pframe, pn_vector, 0);
1135         for (j = 0; j < 16; j++)
1136                 padded_buffer[j] = 0x00;
1137         for (j = 0; j < 8; j++)
1138                 padded_buffer[j] = pframe[j + hdrlen + 8 + plen];
1139         aes128k128d(key, ctr_preload, aes_out);
1140         bitwise_xor(aes_out, padded_buffer, chain_buffer);
1141         for (j = 0; j < 8; j++)
1142                 pframe[payload_index++] = chain_buffer[j];
1143         return _SUCCESS;
1144 }
1145
1146 u32 r8712_aes_encrypt(struct _adapter *padapter, u8 *pxmitframe)
1147 {       /* exclude ICV */
1148         /* Intermediate Buffers */
1149         sint    curfragnum, length;
1150         u8      *pframe, *prwskey;
1151         struct  sta_info *stainfo;
1152         struct  pkt_attrib  *pattrib = &((struct xmit_frame *)
1153                                        pxmitframe)->attrib;
1154         struct  xmit_priv *pxmitpriv = &padapter->xmitpriv;
1155         u32 res = _SUCCESS;
1156
1157         if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1158                 return _FAIL;
1159         pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
1160         /* 4 start to encrypt each fragment */
1161         if (pattrib->encrypt == _AES_) {
1162                 if (pattrib->psta)
1163                         stainfo = pattrib->psta;
1164                 else
1165                         stainfo = r8712_get_stainfo(&padapter->stapriv,
1166                                   &pattrib->ra[0]);
1167                 if (stainfo != NULL) {
1168                         prwskey = &stainfo->x_UncstKey.skey[0];
1169                         for (curfragnum = 0; curfragnum < pattrib->nr_frags;
1170                              curfragnum++) {
1171                                 if ((curfragnum + 1) == pattrib->nr_frags) {
1172                                         length = pattrib->last_txcmdsz -
1173                                                  pattrib->hdrlen -
1174                                                  pattrib->iv_len -
1175                                                  pattrib->icv_len;
1176                                         aes_cipher(prwskey, pattrib->hdrlen,
1177                                                    pframe, length);
1178                                 } else {
1179                                         length = pxmitpriv->frag_len -
1180                                                  pattrib->hdrlen -
1181                                                  pattrib->iv_len -
1182                                                  pattrib->icv_len;
1183                                         aes_cipher(prwskey, pattrib->hdrlen,
1184                                                    pframe, length);
1185                                         pframe += pxmitpriv->frag_len;
1186                                         pframe = (u8 *)RND4((addr_t)(pframe));
1187                                 }
1188                         }
1189                 } else {
1190                         res = _FAIL;
1191                 }
1192         }
1193         return res;
1194 }
1195
1196 static sint aes_decipher(u8 *key, uint  hdrlen,
1197                         u8 *pframe, uint plen)
1198 {
1199         static u8 message[MAX_MSG_SIZE];
1200         uint qc_exists, a4_exists, i, j, payload_remainder;
1201         uint num_blocks, payload_index;
1202         u8 pn_vector[6];
1203         u8 mic_iv[16];
1204         u8 mic_header1[16];
1205         u8 mic_header2[16];
1206         u8 ctr_preload[16];
1207         /* Intermediate Buffers */
1208         u8 chain_buffer[16];
1209         u8 aes_out[16];
1210         u8 padded_buffer[16];
1211         u8 mic[8];
1212         uint frtype  = GetFrameType(pframe);
1213         uint frsubtype  = GetFrameSubType(pframe);
1214
1215         frsubtype >>= 4;
1216         memset((void *)mic_iv, 0, 16);
1217         memset((void *)mic_header1, 0, 16);
1218         memset((void *)mic_header2, 0, 16);
1219         memset((void *)ctr_preload, 0, 16);
1220         memset((void *)chain_buffer, 0, 16);
1221         memset((void *)aes_out, 0, 16);
1222         memset((void *)padded_buffer, 0, 16);
1223         /* start to decrypt the payload */
1224         /*(plen including llc, payload and mic) */
1225         num_blocks = (plen - 8) / 16;
1226         payload_remainder = (plen - 8) % 16;
1227         pn_vector[0] = pframe[hdrlen];
1228         pn_vector[1] = pframe[hdrlen + 1];
1229         pn_vector[2] = pframe[hdrlen + 4];
1230         pn_vector[3] = pframe[hdrlen + 5];
1231         pn_vector[4] = pframe[hdrlen + 6];
1232         pn_vector[5] = pframe[hdrlen + 7];
1233         if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen ==  WLAN_HDR_A3_QOS_LEN))
1234                 a4_exists = 0;
1235         else
1236                 a4_exists = 1;
1237         if ((frtype == WIFI_DATA_CFACK) ||
1238             (frtype == WIFI_DATA_CFPOLL) ||
1239             (frtype == WIFI_DATA_CFACKPOLL)) {
1240                 qc_exists = 1;
1241                 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1242                         hdrlen += 2;
1243         } else if ((frsubtype == 0x08) ||
1244                    (frsubtype == 0x09) ||
1245                    (frsubtype == 0x0a) ||
1246                    (frsubtype == 0x0b)) {
1247                 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1248                         hdrlen += 2;
1249                 qc_exists = 1;
1250         } else {
1251                 qc_exists = 0;
1252         }
1253         /* now, decrypt pframe with hdrlen offset and plen long */
1254         payload_index = hdrlen + 8; /* 8 is for extiv */
1255         for (i = 0; i < num_blocks; i++) {
1256                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1257                                       pframe, pn_vector, i + 1);
1258                 aes128k128d(key, ctr_preload, aes_out);
1259                 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1260                 for (j = 0; j < 16; j++)
1261                         pframe[payload_index++] = chain_buffer[j];
1262         }
1263         if (payload_remainder > 0) {  /* If short final block, pad it,*/
1264                 /* encrypt it and copy the unpadded part back   */
1265                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1266                                       pframe, pn_vector, num_blocks + 1);
1267                 for (j = 0; j < 16; j++)
1268                         padded_buffer[j] = 0x00;
1269                 for (j = 0; j < payload_remainder; j++)
1270                         padded_buffer[j] = pframe[payload_index + j];
1271                 aes128k128d(key, ctr_preload, aes_out);
1272                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1273                 for (j = 0; j < payload_remainder; j++)
1274                         pframe[payload_index++] = chain_buffer[j];
1275         }
1276         /* start to calculate the mic */
1277         memcpy((void *)message, pframe, (hdrlen + plen + 8));
1278         pn_vector[0] = pframe[hdrlen];
1279         pn_vector[1] = pframe[hdrlen + 1];
1280         pn_vector[2] = pframe[hdrlen + 4];
1281         pn_vector[3] = pframe[hdrlen + 5];
1282         pn_vector[4] = pframe[hdrlen + 6];
1283         pn_vector[5] = pframe[hdrlen + 7];
1284         construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen - 8,
1285                          pn_vector);
1286         construct_mic_header1(mic_header1, hdrlen, message);
1287         construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1288         payload_remainder = (plen - 8) % 16;
1289         num_blocks = (plen - 8) / 16;
1290         /* Find start of payload */
1291         payload_index = hdrlen + 8;
1292         /* Calculate MIC */
1293         aes128k128d(key, mic_iv, aes_out);
1294         bitwise_xor(aes_out, mic_header1, chain_buffer);
1295         aes128k128d(key, chain_buffer, aes_out);
1296         bitwise_xor(aes_out, mic_header2, chain_buffer);
1297         aes128k128d(key, chain_buffer, aes_out);
1298         for (i = 0; i < num_blocks; i++) {
1299                 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1300                 payload_index += 16;
1301                 aes128k128d(key, chain_buffer, aes_out);
1302         }
1303         /* Add on the final payload block if it needs padding */
1304         if (payload_remainder > 0) {
1305                 for (j = 0; j < 16; j++)
1306                         padded_buffer[j] = 0x00;
1307                 for (j = 0; j < payload_remainder; j++)
1308                         padded_buffer[j] = message[payload_index++];
1309                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1310                 aes128k128d(key, chain_buffer, aes_out);
1311         }
1312         for (j = 0; j < 8; j++)
1313                 mic[j] = aes_out[j];
1314         /* Insert MIC into payload */
1315         for (j = 0; j < 8; j++)
1316                 message[payload_index + j] = mic[j];
1317         payload_index = hdrlen + 8;
1318         for (i = 0; i < num_blocks; i++) {
1319                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1320                                       message, pn_vector, i + 1);
1321                 aes128k128d(key, ctr_preload, aes_out);
1322                 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1323                 for (j = 0; j < 16; j++)
1324                         message[payload_index++] = chain_buffer[j];
1325         }
1326         if (payload_remainder > 0) { /* If short final block, pad it,*/
1327                                      /* encrypt and copy unpadded part back */
1328                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1329                                       message, pn_vector, num_blocks + 1);
1330                 for (j = 0; j < 16; j++)
1331                         padded_buffer[j] = 0x00;
1332                 for (j = 0; j < payload_remainder; j++)
1333                         padded_buffer[j] = message[payload_index + j];
1334                 aes128k128d(key, ctr_preload, aes_out);
1335                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1336                 for (j = 0; j < payload_remainder; j++)
1337                         message[payload_index++] = chain_buffer[j];
1338         }
1339         /* Encrypt the MIC */
1340         construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message,
1341                               pn_vector, 0);
1342         for (j = 0; j < 16; j++)
1343                 padded_buffer[j] = 0x00;
1344         for (j = 0; j < 8; j++)
1345                 padded_buffer[j] = message[j + hdrlen + plen];
1346         aes128k128d(key, ctr_preload, aes_out);
1347         bitwise_xor(aes_out, padded_buffer, chain_buffer);
1348         for (j = 0; j < 8; j++)
1349                 message[payload_index++] = chain_buffer[j];
1350         /* compare the mic */
1351         return _SUCCESS;
1352 }
1353
1354 u32 r8712_aes_decrypt(struct _adapter *padapter, u8 *precvframe)
1355 {       /* exclude ICV */
1356         /* Intermediate Buffers */
1357         sint            length;
1358         u8      *pframe, *prwskey, *iv, idx;
1359         struct  sta_info *stainfo;
1360         struct  rx_pkt_attrib *prxattrib = &((union recv_frame *)
1361                                            precvframe)->u.hdr.attrib;
1362         struct  security_priv *psecuritypriv = &padapter->securitypriv;
1363
1364         pframe = (unsigned char *)((union recv_frame *)precvframe)->
1365                  u.hdr.rx_data;
1366         /* 4 start to encrypt each fragment */
1367         if (prxattrib->encrypt == _AES_) {
1368                 stainfo = r8712_get_stainfo(&padapter->stapriv,
1369                                             &prxattrib->ta[0]);
1370                 if (stainfo != NULL) {
1371                         if (is_multicast_ether_addr(prxattrib->ra)) {
1372                                 iv = pframe + prxattrib->hdrlen;
1373                                 idx = iv[3];
1374                                 prwskey = &psecuritypriv->XGrpKey[
1375                                           ((idx >> 6) & 0x3) - 1].skey[0];
1376                                 if (!psecuritypriv->binstallGrpkey)
1377                                         return _FAIL;
1378
1379                         } else {
1380                                 prwskey = &stainfo->x_UncstKey.skey[0];
1381                         }
1382                         length = ((union recv_frame *)precvframe)->
1383                                  u.hdr.len - prxattrib->hdrlen -
1384                                  prxattrib->iv_len;
1385                         aes_decipher(prwskey, prxattrib->hdrlen, pframe,
1386                                      length);
1387                 } else {
1388                         return _FAIL;
1389                 }
1390         }
1391         return _SUCCESS;
1392 }
1393
1394 void r8712_use_tkipkey_handler(struct timer_list *t)
1395 {
1396         struct _adapter *padapter =
1397                 from_timer(padapter, t, securitypriv.tkip_timer);
1398
1399         padapter->securitypriv.busetkipkey = true;
1400 }