diff options
Diffstat (limited to 'drivers/staging/rt3090/common/cmm_tkip.c')
-rw-r--r-- | drivers/staging/rt3090/common/cmm_tkip.c | 966 |
1 files changed, 0 insertions, 966 deletions
diff --git a/drivers/staging/rt3090/common/cmm_tkip.c b/drivers/staging/rt3090/common/cmm_tkip.c deleted file mode 100644 index 0b474f20859..00000000000 --- a/drivers/staging/rt3090/common/cmm_tkip.c +++ /dev/null @@ -1,966 +0,0 @@ -/* - ************************************************************************* - * Ralink Tech Inc. - * 5F., No.36, Taiyuan St., Jhubei City, - * Hsinchu County 302, - * Taiwan, R.O.C. - * - * (c) Copyright 2002-2007, Ralink Technology, Inc. - * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the * - * Free Software Foundation, Inc., * - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * * - ************************************************************************* - - Module Name: - cmm_tkip.c - - Abstract: - - Revision History: - Who When What - -------- ---------- ---------------------------------------------- - Paul Wu 02-25-02 Initial -*/ - -#include "../rt_config.h" - - -// Rotation functions on 32 bit values -#define ROL32( A, n ) \ - ( ((A) << (n)) | ( ((A)>>(32-(n))) & ( (1UL << (n)) - 1 ) ) ) -#define ROR32( A, n ) ROL32( (A), 32-(n) ) - -UINT Tkip_Sbox_Lower[256] = -{ - 0xA5,0x84,0x99,0x8D,0x0D,0xBD,0xB1,0x54, - 0x50,0x03,0xA9,0x7D,0x19,0x62,0xE6,0x9A, - 0x45,0x9D,0x40,0x87,0x15,0xEB,0xC9,0x0B, - 0xEC,0x67,0xFD,0xEA,0xBF,0xF7,0x96,0x5B, - 0xC2,0x1C,0xAE,0x6A,0x5A,0x41,0x02,0x4F, - 0x5C,0xF4,0x34,0x08,0x93,0x73,0x53,0x3F, - 0x0C,0x52,0x65,0x5E,0x28,0xA1,0x0F,0xB5, - 0x09,0x36,0x9B,0x3D,0x26,0x69,0xCD,0x9F, - 0x1B,0x9E,0x74,0x2E,0x2D,0xB2,0xEE,0xFB, - 0xF6,0x4D,0x61,0xCE,0x7B,0x3E,0x71,0x97, - 0xF5,0x68,0x00,0x2C,0x60,0x1F,0xC8,0xED, - 0xBE,0x46,0xD9,0x4B,0xDE,0xD4,0xE8,0x4A, - 0x6B,0x2A,0xE5,0x16,0xC5,0xD7,0x55,0x94, - 0xCF,0x10,0x06,0x81,0xF0,0x44,0xBA,0xE3, - 0xF3,0xFE,0xC0,0x8A,0xAD,0xBC,0x48,0x04, - 0xDF,0xC1,0x75,0x63,0x30,0x1A,0x0E,0x6D, - 0x4C,0x14,0x35,0x2F,0xE1,0xA2,0xCC,0x39, - 0x57,0xF2,0x82,0x47,0xAC,0xE7,0x2B,0x95, - 0xA0,0x98,0xD1,0x7F,0x66,0x7E,0xAB,0x83, - 0xCA,0x29,0xD3,0x3C,0x79,0xE2,0x1D,0x76, - 0x3B,0x56,0x4E,0x1E,0xDB,0x0A,0x6C,0xE4, - 0x5D,0x6E,0xEF,0xA6,0xA8,0xA4,0x37,0x8B, - 0x32,0x43,0x59,0xB7,0x8C,0x64,0xD2,0xE0, - 0xB4,0xFA,0x07,0x25,0xAF,0x8E,0xE9,0x18, - 0xD5,0x88,0x6F,0x72,0x24,0xF1,0xC7,0x51, - 0x23,0x7C,0x9C,0x21,0xDD,0xDC,0x86,0x85, - 0x90,0x42,0xC4,0xAA,0xD8,0x05,0x01,0x12, - 0xA3,0x5F,0xF9,0xD0,0x91,0x58,0x27,0xB9, - 0x38,0x13,0xB3,0x33,0xBB,0x70,0x89,0xA7, - 0xB6,0x22,0x92,0x20,0x49,0xFF,0x78,0x7A, - 0x8F,0xF8,0x80,0x17,0xDA,0x31,0xC6,0xB8, - 0xC3,0xB0,0x77,0x11,0xCB,0xFC,0xD6,0x3A -}; - -UINT Tkip_Sbox_Upper[256] = -{ - 0xC6,0xF8,0xEE,0xF6,0xFF,0xD6,0xDE,0x91, - 0x60,0x02,0xCE,0x56,0xE7,0xB5,0x4D,0xEC, - 0x8F,0x1F,0x89,0xFA,0xEF,0xB2,0x8E,0xFB, - 0x41,0xB3,0x5F,0x45,0x23,0x53,0xE4,0x9B, - 0x75,0xE1,0x3D,0x4C,0x6C,0x7E,0xF5,0x83, - 0x68,0x51,0xD1,0xF9,0xE2,0xAB,0x62,0x2A, - 0x08,0x95,0x46,0x9D,0x30,0x37,0x0A,0x2F, - 0x0E,0x24,0x1B,0xDF,0xCD,0x4E,0x7F,0xEA, - 0x12,0x1D,0x58,0x34,0x36,0xDC,0xB4,0x5B, - 0xA4,0x76,0xB7,0x7D,0x52,0xDD,0x5E,0x13, - 0xA6,0xB9,0x00,0xC1,0x40,0xE3,0x79,0xB6, - 0xD4,0x8D,0x67,0x72,0x94,0x98,0xB0,0x85, - 0xBB,0xC5,0x4F,0xED,0x86,0x9A,0x66,0x11, - 0x8A,0xE9,0x04,0xFE,0xA0,0x78,0x25,0x4B, - 0xA2,0x5D,0x80,0x05,0x3F,0x21,0x70,0xF1, - 0x63,0x77,0xAF,0x42,0x20,0xE5,0xFD,0xBF, - 0x81,0x18,0x26,0xC3,0xBE,0x35,0x88,0x2E, - 0x93,0x55,0xFC,0x7A,0xC8,0xBA,0x32,0xE6, - 0xC0,0x19,0x9E,0xA3,0x44,0x54,0x3B,0x0B, - 0x8C,0xC7,0x6B,0x28,0xA7,0xBC,0x16,0xAD, - 0xDB,0x64,0x74,0x14,0x92,0x0C,0x48,0xB8, - 0x9F,0xBD,0x43,0xC4,0x39,0x31,0xD3,0xF2, - 0xD5,0x8B,0x6E,0xDA,0x01,0xB1,0x9C,0x49, - 0xD8,0xAC,0xF3,0xCF,0xCA,0xF4,0x47,0x10, - 0x6F,0xF0,0x4A,0x5C,0x38,0x57,0x73,0x97, - 0xCB,0xA1,0xE8,0x3E,0x96,0x61,0x0D,0x0F, - 0xE0,0x7C,0x71,0xCC,0x90,0x06,0xF7,0x1C, - 0xC2,0x6A,0xAE,0x69,0x17,0x99,0x3A,0x27, - 0xD9,0xEB,0x2B,0x22,0xD2,0xA9,0x07,0x33, - 0x2D,0x3C,0x15,0xC9,0x87,0xAA,0x50,0xA5, - 0x03,0x59,0x09,0x1A,0x65,0xD7,0x84,0xD0, - 0x82,0x29,0x5A,0x1E,0x7B,0xA8,0x6D,0x2C -}; - -// -// Expanded IV for TKIP function. -// -typedef struct PACKED _IV_CONTROL_ -{ - union PACKED - { - struct PACKED - { - UCHAR rc0; - UCHAR rc1; - UCHAR rc2; - - union PACKED - { - struct PACKED - { -#ifdef RT_BIG_ENDIAN - UCHAR KeyID:2; - UCHAR ExtIV:1; - UCHAR Rsvd:5; -#else - UCHAR Rsvd:5; - UCHAR ExtIV:1; - UCHAR KeyID:2; -#endif - } field; - UCHAR Byte; - } CONTROL; - } field; - - ULONG word; - } IV16; - - ULONG IV32; -} TKIP_IV, *PTKIP_IV; - - -/* - ======================================================================== - - Routine Description: - Convert from UCHAR[] to ULONG in a portable way - - Arguments: - pMICKey pointer to MIC Key - - Return Value: - None - - Note: - - ======================================================================== -*/ -ULONG RTMPTkipGetUInt32( - IN PUCHAR pMICKey) -{ - ULONG res = 0; - INT i; - - for (i = 0; i < 4; i++) - { - res |= (*pMICKey++) << (8 * i); - } - - return res; -} - -/* - ======================================================================== - - Routine Description: - Convert from ULONG to UCHAR[] in a portable way - - Arguments: - pDst pointer to destination for convert ULONG to UCHAR[] - val the value for convert - - Return Value: - None - - IRQL = DISPATCH_LEVEL - - Note: - - ======================================================================== -*/ -VOID RTMPTkipPutUInt32( - IN OUT PUCHAR pDst, - IN ULONG val) -{ - INT i; - - for(i = 0; i < 4; i++) - { - *pDst++ = (UCHAR) (val & 0xff); - val >>= 8; - } -} - -/* - ======================================================================== - - Routine Description: - Set the MIC Key. - - Arguments: - pAd Pointer to our adapter - pMICKey pointer to MIC Key - - Return Value: - None - - IRQL = DISPATCH_LEVEL - - Note: - - ======================================================================== -*/ -VOID RTMPTkipSetMICKey( - IN PTKIP_KEY_INFO pTkip, - IN PUCHAR pMICKey) -{ - // Set the key - pTkip->K0 = RTMPTkipGetUInt32(pMICKey); - pTkip->K1 = RTMPTkipGetUInt32(pMICKey + 4); - // and reset the message - pTkip->L = pTkip->K0; - pTkip->R = pTkip->K1; - pTkip->nBytesInM = 0; - pTkip->M = 0; -} - -/* - ======================================================================== - - Routine Description: - Calculate the MIC Value. - - Arguments: - pAd Pointer to our adapter - uChar Append this uChar - - Return Value: - None - - IRQL = DISPATCH_LEVEL - - Note: - - ======================================================================== -*/ -VOID RTMPTkipAppendByte( - IN PTKIP_KEY_INFO pTkip, - IN UCHAR uChar) -{ - // Append the byte to our word-sized buffer - pTkip->M |= (uChar << (8* pTkip->nBytesInM)); - pTkip->nBytesInM++; - // Process the word if it is full. - if( pTkip->nBytesInM >= 4 ) - { - pTkip->L ^= pTkip->M; - pTkip->R ^= ROL32( pTkip->L, 17 ); - pTkip->L += pTkip->R; - pTkip->R ^= ((pTkip->L & 0xff00ff00) >> 8) | ((pTkip->L & 0x00ff00ff) << 8); - pTkip->L += pTkip->R; - pTkip->R ^= ROL32( pTkip->L, 3 ); - pTkip->L += pTkip->R; - pTkip->R ^= ROR32( pTkip->L, 2 ); - pTkip->L += pTkip->R; - // Clear the buffer - pTkip->M = 0; - pTkip->nBytesInM = 0; - } -} - -/* - ======================================================================== - - Routine Description: - Calculate the MIC Value. - - Arguments: - pAd Pointer to our adapter - pSrc Pointer to source data for Calculate MIC Value - Len Indicate the length of the source data - - Return Value: - None - - IRQL = DISPATCH_LEVEL - - Note: - - ======================================================================== -*/ -VOID RTMPTkipAppend( - IN PTKIP_KEY_INFO pTkip, - IN PUCHAR pSrc, - IN UINT nBytes) -{ - // This is simple - while(nBytes > 0) - { - RTMPTkipAppendByte(pTkip, *pSrc++); - nBytes--; - } -} - -/* - ======================================================================== - - Routine Description: - Get the MIC Value. - - Arguments: - pAd Pointer to our adapter - - Return Value: - None - - IRQL = DISPATCH_LEVEL - - Note: - the MIC Value is store in pAd->PrivateInfo.MIC - ======================================================================== -*/ -VOID RTMPTkipGetMIC( - IN PTKIP_KEY_INFO pTkip) -{ - // Append the minimum padding - RTMPTkipAppendByte(pTkip, 0x5a ); - RTMPTkipAppendByte(pTkip, 0 ); - RTMPTkipAppendByte(pTkip, 0 ); - RTMPTkipAppendByte(pTkip, 0 ); - RTMPTkipAppendByte(pTkip, 0 ); - // and then zeroes until the length is a multiple of 4 - while( pTkip->nBytesInM != 0 ) - { - RTMPTkipAppendByte(pTkip, 0 ); - } - // The appendByte function has already computed the result. - RTMPTkipPutUInt32(pTkip->MIC, pTkip->L); - RTMPTkipPutUInt32(pTkip->MIC + 4, pTkip->R); -} - -/* - ======================================================================== - - Routine Description: - Init Tkip function. - - Arguments: - pAd Pointer to our adapter - pTKey Pointer to the Temporal Key (TK), TK shall be 128bits. - KeyId TK Key ID - pTA Pointer to transmitter address - pMICKey pointer to MIC Key - - Return Value: - None - - IRQL = DISPATCH_LEVEL - - Note: - - ======================================================================== -*/ -VOID RTMPInitTkipEngine( - IN PRTMP_ADAPTER pAd, - IN PUCHAR pKey, - IN UCHAR KeyId, - IN PUCHAR pTA, - IN PUCHAR pMICKey, - IN PUCHAR pTSC, - OUT PULONG pIV16, - OUT PULONG pIV32) -{ - TKIP_IV tkipIv; - - // Prepare 8 bytes TKIP encapsulation for MPDU - NdisZeroMemory(&tkipIv, sizeof(TKIP_IV)); - tkipIv.IV16.field.rc0 = *(pTSC + 1); - tkipIv.IV16.field.rc1 = (tkipIv.IV16.field.rc0 | 0x20) & 0x7f; - tkipIv.IV16.field.rc2 = *pTSC; - tkipIv.IV16.field.CONTROL.field.ExtIV = 1; // 0: non-extended IV, 1: an extended IV - tkipIv.IV16.field.CONTROL.field.KeyID = KeyId; -// tkipIv.IV32 = *(PULONG)(pTSC + 2); - NdisMoveMemory(&tkipIv.IV32, (pTSC + 2), 4); // Copy IV - - *pIV16 = tkipIv.IV16.word; - *pIV32 = tkipIv.IV32; -} - -/* - ======================================================================== - - Routine Description: - Init MIC Value calculation function which include set MIC key & - calculate first 16 bytes (DA + SA + priority + 0) - - Arguments: - pAd Pointer to our adapter - pTKey Pointer to the Temporal Key (TK), TK shall be 128bits. - pDA Pointer to DA address - pSA Pointer to SA address - pMICKey pointer to MIC Key - - Return Value: - None - - Note: - - ======================================================================== -*/ -VOID RTMPInitMICEngine( - IN PRTMP_ADAPTER pAd, - IN PUCHAR pKey, - IN PUCHAR pDA, - IN PUCHAR pSA, - IN UCHAR UserPriority, - IN PUCHAR pMICKey) -{ - ULONG Priority = UserPriority; - - // Init MIC value calculation - RTMPTkipSetMICKey(&pAd->PrivateInfo.Tx, pMICKey); - // DA - RTMPTkipAppend(&pAd->PrivateInfo.Tx, pDA, MAC_ADDR_LEN); - // SA - RTMPTkipAppend(&pAd->PrivateInfo.Tx, pSA, MAC_ADDR_LEN); - // Priority + 3 bytes of 0 - RTMPTkipAppend(&pAd->PrivateInfo.Tx, (PUCHAR)&Priority, 4); -} - -/* - ======================================================================== - - Routine Description: - Compare MIC value of received MSDU - - Arguments: - pAd Pointer to our adapter - pSrc Pointer to the received Plain text data - pDA Pointer to DA address - pSA Pointer to SA address - pMICKey pointer to MIC Key - Len the length of the received plain text data exclude MIC value - - Return Value: - TRUE MIC value matched - FALSE MIC value mismatched - - IRQL = DISPATCH_LEVEL - - Note: - - ======================================================================== -*/ -BOOLEAN RTMPTkipCompareMICValue( - IN PRTMP_ADAPTER pAd, - IN PUCHAR pSrc, - IN PUCHAR pDA, - IN PUCHAR pSA, - IN PUCHAR pMICKey, - IN UCHAR UserPriority, - IN UINT Len) -{ - UCHAR OldMic[8]; - ULONG Priority = UserPriority; - - // Init MIC value calculation - RTMPTkipSetMICKey(&pAd->PrivateInfo.Rx, pMICKey); - // DA - RTMPTkipAppend(&pAd->PrivateInfo.Rx, pDA, MAC_ADDR_LEN); - // SA - RTMPTkipAppend(&pAd->PrivateInfo.Rx, pSA, MAC_ADDR_LEN); - // Priority + 3 bytes of 0 - RTMPTkipAppend(&pAd->PrivateInfo.Rx, (PUCHAR)&Priority, 4); - - // Calculate MIC value from plain text data - RTMPTkipAppend(&pAd->PrivateInfo.Rx, pSrc, Len); - - // Get MIC valude from received frame - NdisMoveMemory(OldMic, pSrc + Len, 8); - - // Get MIC value from decrypted plain data - RTMPTkipGetMIC(&pAd->PrivateInfo.Rx); - - // Move MIC value from MSDU, this steps should move to data path. - // Since the MIC value might cross MPDUs. - if(!NdisEqualMemory(pAd->PrivateInfo.Rx.MIC, OldMic, 8)) - { - DBGPRINT_RAW(RT_DEBUG_ERROR, ("RTMPTkipCompareMICValue(): TKIP MIC Error !\n")); //MIC error. - - - return (FALSE); - } - return (TRUE); -} - -/* - ======================================================================== - - Routine Description: - Compare MIC value of received MSDU - - Arguments: - pAd Pointer to our adapter - pLLC LLC header - pSrc Pointer to the received Plain text data - pDA Pointer to DA address - pSA Pointer to SA address - pMICKey pointer to MIC Key - Len the length of the received plain text data exclude MIC value - - Return Value: - TRUE MIC value matched - FALSE MIC value mismatched - - IRQL = DISPATCH_LEVEL - - Note: - - ======================================================================== -*/ -BOOLEAN RTMPTkipCompareMICValueWithLLC( - IN PRTMP_ADAPTER pAd, - IN PUCHAR pLLC, - IN PUCHAR pSrc, - IN PUCHAR pDA, - IN PUCHAR pSA, - IN PUCHAR pMICKey, - IN UINT Len) -{ - UCHAR OldMic[8]; - ULONG Priority = 0; - - // Init MIC value calculation - RTMPTkipSetMICKey(&pAd->PrivateInfo.Rx, pMICKey); - // DA - RTMPTkipAppend(&pAd->PrivateInfo.Rx, pDA, MAC_ADDR_LEN); - // SA - RTMPTkipAppend(&pAd->PrivateInfo.Rx, pSA, MAC_ADDR_LEN); - // Priority + 3 bytes of 0 - RTMPTkipAppend(&pAd->PrivateInfo.Rx, (PUCHAR)&Priority, 4); - - // Start with LLC header - RTMPTkipAppend(&pAd->PrivateInfo.Rx, pLLC, 8); - - // Calculate MIC value from plain text data - RTMPTkipAppend(&pAd->PrivateInfo.Rx, pSrc, Len); - - // Get MIC valude from received frame - NdisMoveMemory(OldMic, pSrc + Len, 8); - - // Get MIC value from decrypted plain data - RTMPTkipGetMIC(&pAd->PrivateInfo.Rx); - - // Move MIC value from MSDU, this steps should move to data path. - // Since the MIC value might cross MPDUs. - if(!NdisEqualMemory(pAd->PrivateInfo.Rx.MIC, OldMic, 8)) - { - DBGPRINT_RAW(RT_DEBUG_ERROR, ("RTMPTkipCompareMICValueWithLLC(): TKIP MIC Error !\n")); //MIC error. - - - return (FALSE); - } - return (TRUE); -} -/* - ======================================================================== - - Routine Description: - Copy frame from waiting queue into relative ring buffer and set - appropriate ASIC register to kick hardware transmit function - - Arguments: - pAd Pointer to our adapter - PNDIS_PACKET Pointer to Ndis Packet for MIC calculation - pEncap Pointer to LLC encap data - LenEncap Total encap length, might be 0 which indicates no encap - - Return Value: - None - - IRQL = DISPATCH_LEVEL - - Note: - - ======================================================================== -*/ -VOID RTMPCalculateMICValue( - IN PRTMP_ADAPTER pAd, - IN PNDIS_PACKET pPacket, - IN PUCHAR pEncap, - IN PCIPHER_KEY pKey, - IN UCHAR apidx) -{ - PACKET_INFO PacketInfo; - PUCHAR pSrcBufVA; - UINT SrcBufLen; - PUCHAR pSrc; - UCHAR UserPriority; - UCHAR vlan_offset = 0; - - RTMP_QueryPacketInfo(pPacket, &PacketInfo, &pSrcBufVA, &SrcBufLen); - - UserPriority = RTMP_GET_PACKET_UP(pPacket); - pSrc = pSrcBufVA; - - // determine if this is a vlan packet - if (((*(pSrc + 12) << 8) + *(pSrc + 13)) == 0x8100) - vlan_offset = 4; - -#ifdef CONFIG_STA_SUPPORT -#endif // CONFIG_STA_SUPPORT // - { - RTMPInitMICEngine( - pAd, - pKey->Key, - pSrc, - pSrc + 6, - UserPriority, - pKey->TxMic); - } - - - if (pEncap != NULL) - { - // LLC encapsulation - RTMPTkipAppend(&pAd->PrivateInfo.Tx, pEncap, 6); - // Protocol Type - RTMPTkipAppend(&pAd->PrivateInfo.Tx, pSrc + 12 + vlan_offset, 2); - } - SrcBufLen -= (14 + vlan_offset); - pSrc += (14 + vlan_offset); - do - { - if (SrcBufLen > 0) - { - RTMPTkipAppend(&pAd->PrivateInfo.Tx, pSrc, SrcBufLen); - } - - break; // No need handle next packet - - } while (TRUE); // End of copying payload - - // Compute the final MIC Value - RTMPTkipGetMIC(&pAd->PrivateInfo.Tx); -} - - -/************************************************************/ -/* tkip_sbox() */ -/* Returns a 16 bit value from a 64K entry table. The Table */ -/* is synthesized from two 256 entry byte wide tables. */ -/************************************************************/ - -UINT tkip_sbox(UINT index) -{ - UINT index_low; - UINT index_high; - UINT left, right; - - index_low = (index % 256); - index_high = ((index >> 8) % 256); - - left = Tkip_Sbox_Lower[index_low] + (Tkip_Sbox_Upper[index_low] * 256); - right = Tkip_Sbox_Upper[index_high] + (Tkip_Sbox_Lower[index_high] * 256); - - return (left ^ right); -} - -UINT rotr1(UINT a) -{ - unsigned int b; - - if ((a & 0x01) == 0x01) - { - b = (a >> 1) | 0x8000; - } - else - { - b = (a >> 1) & 0x7fff; - } - b = b % 65536; - return b; -} - -VOID RTMPTkipMixKey( - UCHAR *key, - UCHAR *ta, - ULONG pnl, /* Least significant 16 bits of PN */ - ULONG pnh, /* Most significant 32 bits of PN */ - UCHAR *rc4key, - UINT *p1k) -{ - - UINT tsc0; - UINT tsc1; - UINT tsc2; - - UINT ppk0; - UINT ppk1; - UINT ppk2; - UINT ppk3; - UINT ppk4; - UINT ppk5; - - INT i; - INT j; - - tsc0 = (unsigned int)((pnh >> 16) % 65536); /* msb */ - tsc1 = (unsigned int)(pnh % 65536); - tsc2 = (unsigned int)(pnl % 65536); /* lsb */ - - /* Phase 1, step 1 */ - p1k[0] = tsc1; - p1k[1] = tsc0; - p1k[2] = (UINT)(ta[0] + (ta[1]*256)); - p1k[3] = (UINT)(ta[2] + (ta[3]*256)); - p1k[4] = (UINT)(ta[4] + (ta[5]*256)); - - /* Phase 1, step 2 */ - for (i=0; i<8; i++) - { - j = 2*(i & 1); - p1k[0] = (p1k[0] + tkip_sbox( (p1k[4] ^ ((256*key[1+j]) + key[j])) % 65536 )) % 65536; - p1k[1] = (p1k[1] + tkip_sbox( (p1k[0] ^ ((256*key[5+j]) + key[4+j])) % 65536 )) % 65536; - p1k[2] = (p1k[2] + tkip_sbox( (p1k[1] ^ ((256*key[9+j]) + key[8+j])) % 65536 )) % 65536; - p1k[3] = (p1k[3] + tkip_sbox( (p1k[2] ^ ((256*key[13+j]) + key[12+j])) % 65536 )) % 65536; - p1k[4] = (p1k[4] + tkip_sbox( (p1k[3] ^ (((256*key[1+j]) + key[j]))) % 65536 )) % 65536; - p1k[4] = (p1k[4] + i) % 65536; - } - - /* Phase 2, Step 1 */ - ppk0 = p1k[0]; - ppk1 = p1k[1]; - ppk2 = p1k[2]; - ppk3 = p1k[3]; - ppk4 = p1k[4]; - ppk5 = (p1k[4] + tsc2) % 65536; - - /* Phase2, Step 2 */ - ppk0 = ppk0 + tkip_sbox( (ppk5 ^ ((256*key[1]) + key[0])) % 65536); - ppk1 = ppk1 + tkip_sbox( (ppk0 ^ ((256*key[3]) + key[2])) % 65536); - ppk2 = ppk2 + tkip_sbox( (ppk1 ^ ((256*key[5]) + key[4])) % 65536); - ppk3 = ppk3 + tkip_sbox( (ppk2 ^ ((256*key[7]) + key[6])) % 65536); - ppk4 = ppk4 + tkip_sbox( (ppk3 ^ ((256*key[9]) + key[8])) % 65536); - ppk5 = ppk5 + tkip_sbox( (ppk4 ^ ((256*key[11]) + key[10])) % 65536); - - ppk0 = ppk0 + rotr1(ppk5 ^ ((256*key[13]) + key[12])); - ppk1 = ppk1 + rotr1(ppk0 ^ ((256*key[15]) + key[14])); - ppk2 = ppk2 + rotr1(ppk1); - ppk3 = ppk3 + rotr1(ppk2); - ppk4 = ppk4 + rotr1(ppk3); - ppk5 = ppk5 + rotr1(ppk4); - - /* Phase 2, Step 3 */ - /* Phase 2, Step 3 */ - - tsc0 = (unsigned int)((pnh >> 16) % 65536); /* msb */ - tsc1 = (unsigned int)(pnh % 65536); - tsc2 = (unsigned int)(pnl % 65536); /* lsb */ - - rc4key[0] = (tsc2 >> 8) % 256; - rc4key[1] = (((tsc2 >> 8) % 256) | 0x20) & 0x7f; - rc4key[2] = tsc2 % 256; - rc4key[3] = ((ppk5 ^ ((256*key[1]) + key[0])) >> 1) % 256; - - rc4key[4] = ppk0 % 256; - rc4key[5] = (ppk0 >> 8) % 256; - - rc4key[6] = ppk1 % 256; - rc4key[7] = (ppk1 >> 8) % 256; - - rc4key[8] = ppk2 % 256; - rc4key[9] = (ppk2 >> 8) % 256; - - rc4key[10] = ppk3 % 256; - rc4key[11] = (ppk3 >> 8) % 256; - - rc4key[12] = ppk4 % 256; - rc4key[13] = (ppk4 >> 8) % 256; - - rc4key[14] = ppk5 % 256; - rc4key[15] = (ppk5 >> 8) % 256; -} - - -// -// TRUE: Success! -// FALSE: Decrypt Error! -// -BOOLEAN RTMPSoftDecryptTKIP( - IN PRTMP_ADAPTER pAd, - IN PUCHAR pData, - IN ULONG DataByteCnt, - IN UCHAR UserPriority, - IN PCIPHER_KEY pWpaKey) -{ - UCHAR KeyID; - UINT HeaderLen; - UCHAR fc0; - UCHAR fc1; - USHORT fc; - UINT frame_type; - UINT frame_subtype; - UINT from_ds; - UINT to_ds; - INT a4_exists; - INT qc_exists; - USHORT duration; - USHORT seq_control; - USHORT qos_control; - UCHAR TA[MAC_ADDR_LEN]; - UCHAR DA[MAC_ADDR_LEN]; - UCHAR SA[MAC_ADDR_LEN]; - UCHAR RC4Key[16]; - UINT p1k[5]; //for mix_key; - ULONG pnl;/* Least significant 16 bits of PN */ - ULONG pnh;/* Most significant 32 bits of PN */ - UINT num_blocks; - UINT payload_remainder; - ARCFOURCONTEXT ArcFourContext; - UINT crc32 = 0; - UINT trailfcs = 0; - UCHAR MIC[8]; - UCHAR TrailMIC[8]; - -#ifdef RT_BIG_ENDIAN - RTMPFrameEndianChange(pAd, (PUCHAR)pData, DIR_READ, FALSE); -#endif - - fc0 = *pData; - fc1 = *(pData + 1); - - fc = *((PUSHORT)pData); - - frame_type = ((fc0 >> 2) & 0x03); - frame_subtype = ((fc0 >> 4) & 0x0f); - - from_ds = (fc1 & 0x2) >> 1; - to_ds = (fc1 & 0x1); - - a4_exists = (from_ds & to_ds); - qc_exists = ((frame_subtype == 0x08) || /* Assumed QoS subtypes */ - (frame_subtype == 0x09) || /* Likely to change. */ - (frame_subtype == 0x0a) || - (frame_subtype == 0x0b) - ); - - HeaderLen = 24; - if (a4_exists) - HeaderLen += 6; - - KeyID = *((PUCHAR)(pData+ HeaderLen + 3)); - KeyID = KeyID >> 6; - - if (pWpaKey[KeyID].KeyLen == 0) - { - DBGPRINT(RT_DEBUG_TRACE, ("RTMPSoftDecryptTKIP failed!(KeyID[%d] Length can not be 0)\n", KeyID)); - return FALSE; - } - - duration = *((PUSHORT)(pData+2)); - - seq_control = *((PUSHORT)(pData+22)); - - if (qc_exists) - { - if (a4_exists) - { - qos_control = *((PUSHORT)(pData+30)); - } - else - { - qos_control = *((PUSHORT)(pData+24)); - } - } - - if (to_ds == 0 && from_ds == 1) - { - NdisMoveMemory(DA, pData+4, MAC_ADDR_LEN); - NdisMoveMemory(SA, pData+16, MAC_ADDR_LEN); - NdisMoveMemory(TA, pData+10, MAC_ADDR_LEN); //BSSID - } - else if (to_ds == 0 && from_ds == 0 ) - { - NdisMoveMemory(TA, pData+10, MAC_ADDR_LEN); - NdisMoveMemory(DA, pData+4, MAC_ADDR_LEN); - NdisMoveMemory(SA, pData+10, MAC_ADDR_LEN); - } - else if (to_ds == 1 && from_ds == 0) - { - NdisMoveMemory(SA, pData+10, MAC_ADDR_LEN); - NdisMoveMemory(TA, pData+10, MAC_ADDR_LEN); - NdisMoveMemory(DA, pData+16, MAC_ADDR_LEN); - } - else if (to_ds == 1 && from_ds == 1) - { - NdisMoveMemory(TA, pData+10, MAC_ADDR_LEN); - NdisMoveMemory(DA, pData+16, MAC_ADDR_LEN); - NdisMoveMemory(SA, pData+22, MAC_ADDR_LEN); - } - - num_blocks = (DataByteCnt - 16) / 16; - payload_remainder = (DataByteCnt - 16) % 16; - - pnl = (*(pData + HeaderLen)) * 256 + *(pData + HeaderLen + 2); - pnh = *((PULONG)(pData + HeaderLen + 4)); - pnh = cpu2le32(pnh); - RTMPTkipMixKey(pWpaKey[KeyID].Key, TA, pnl, pnh, RC4Key, p1k); - - ARCFOUR_INIT(&ArcFourContext, RC4Key, 16); - - ARCFOUR_DECRYPT(&ArcFourContext, pData + HeaderLen, pData + HeaderLen + 8, DataByteCnt - HeaderLen - 8); - NdisMoveMemory(&trailfcs, pData + DataByteCnt - 8 - 4, 4); - crc32 = RTMP_CALC_FCS32(PPPINITFCS32, pData + HeaderLen, DataByteCnt - HeaderLen - 8 - 4); //Skip IV+EIV 8 bytes & Skip last 4 bytes(FCS). - crc32 ^= 0xffffffff; /* complement */ - - if(crc32 != cpu2le32(trailfcs)) - { - DBGPRINT(RT_DEBUG_TRACE, ("RTMPSoftDecryptTKIP, WEP Data ICV Error !\n")); //ICV error. - - return (FALSE); - } - - NdisMoveMemory(TrailMIC, pData + DataByteCnt - 8 - 8 - 4, 8); - RTMPInitMICEngine(pAd, pWpaKey[KeyID].Key, DA, SA, UserPriority, pWpaKey[KeyID].RxMic); - RTMPTkipAppend(&pAd->PrivateInfo.Tx, pData + HeaderLen, DataByteCnt - HeaderLen - 8 - 12); - RTMPTkipGetMIC(&pAd->PrivateInfo.Tx); - NdisMoveMemory(MIC, pAd->PrivateInfo.Tx.MIC, 8); - - if (!NdisEqualMemory(MIC, TrailMIC, 8)) - { - DBGPRINT(RT_DEBUG_ERROR, ("RTMPSoftDecryptTKIP, WEP Data MIC Error !\n")); //MIC error. - //RTMPReportMicError(pAd, &pWpaKey[KeyID]); // marked by AlbertY @ 20060630 - return (FALSE); - } - -#ifdef RT_BIG_ENDIAN - RTMPFrameEndianChange(pAd, (PUCHAR)pData, DIR_READ, FALSE); -#endif - //DBGPRINT(RT_DEBUG_TRACE, "RTMPSoftDecryptTKIP Decript done!!\n"); - return TRUE; -} |