2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 * Purpose: AES_CCMP decryption
29 * AESbGenCCMP - Parsing RX-packet
36 #if !defined(__UMEM_H__)
39 #if !defined(__DEVICE_H__)
42 #if !defined(__80211HDR_H__)
47 /*--------------------- Static Definitions -------------------------*/
49 /*--------------------- Static Classes ----------------------------*/
51 /*--------------------- Static Variables --------------------------*/
57 BYTE sbox_table[256] =
59 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
60 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
61 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
62 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
63 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
64 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
65 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
66 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
67 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
68 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
69 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
70 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
71 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
72 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
73 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
74 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
77 BYTE dot2_table[256] = {
78 0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e,
79 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e, 0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e,
80 0x40, 0x42, 0x44, 0x46, 0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e,
81 0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76, 0x78, 0x7a, 0x7c, 0x7e,
82 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e, 0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e,
83 0xa0, 0xa2, 0xa4, 0xa6, 0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe,
84 0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6, 0xd8, 0xda, 0xdc, 0xde,
85 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee, 0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe,
86 0x1b, 0x19, 0x1f, 0x1d, 0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05,
87 0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d, 0x23, 0x21, 0x27, 0x25,
88 0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55, 0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45,
89 0x7b, 0x79, 0x7f, 0x7d, 0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65,
90 0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d, 0x83, 0x81, 0x87, 0x85,
91 0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5, 0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5,
92 0xdb, 0xd9, 0xdf, 0xdd, 0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5,
93 0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed, 0xe3, 0xe1, 0xe7, 0xe5
96 BYTE dot3_table[256] = {
97 0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d, 0x14, 0x17, 0x12, 0x11,
98 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39, 0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21,
99 0x60, 0x63, 0x66, 0x65, 0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71,
100 0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d, 0x44, 0x47, 0x42, 0x41,
101 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9, 0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1,
102 0xf0, 0xf3, 0xf6, 0xf5, 0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1,
103 0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd, 0xb4, 0xb7, 0xb2, 0xb1,
104 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99, 0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81,
105 0x9b, 0x98, 0x9d, 0x9e, 0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a,
106 0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6, 0xbf, 0xbc, 0xb9, 0xba,
107 0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2, 0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea,
108 0xcb, 0xc8, 0xcd, 0xce, 0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda,
109 0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46, 0x4f, 0x4c, 0x49, 0x4a,
110 0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62, 0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a,
111 0x3b, 0x38, 0x3d, 0x3e, 0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a,
112 0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16, 0x1f, 0x1c, 0x19, 0x1a
115 /*--------------------- Static Functions --------------------------*/
117 /*--------------------- Export Variables --------------------------*/
119 /*--------------------- Export Functions --------------------------*/
121 void xor_128(BYTE *a, BYTE *b, BYTE *out)
123 PDWORD dwPtrA = (PDWORD) a;
124 PDWORD dwPtrB = (PDWORD) b;
125 PDWORD dwPtrOut =(PDWORD) out;
127 (*dwPtrOut++) = (*dwPtrA++) ^ (*dwPtrB++);
128 (*dwPtrOut++) = (*dwPtrA++) ^ (*dwPtrB++);
129 (*dwPtrOut++) = (*dwPtrA++) ^ (*dwPtrB++);
130 (*dwPtrOut++) = (*dwPtrA++) ^ (*dwPtrB++);
134 void xor_32(BYTE *a, BYTE *b, BYTE *out)
136 PDWORD dwPtrA = (PDWORD) a;
137 PDWORD dwPtrB = (PDWORD) b;
138 PDWORD dwPtrOut =(PDWORD) out;
140 (*dwPtrOut++) = (*dwPtrA++) ^ (*dwPtrB++);
143 void AddRoundKey(BYTE *key, int round)
146 BYTE rcon_table[10] = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36};
148 sbox_key[0] = sbox_table[key[13]];
149 sbox_key[1] = sbox_table[key[14]];
150 sbox_key[2] = sbox_table[key[15]];
151 sbox_key[3] = sbox_table[key[12]];
153 key[0] = key[0] ^ rcon_table[round];
154 xor_32(&key[0], sbox_key, &key[0]);
156 xor_32(&key[4], &key[0], &key[4]);
157 xor_32(&key[8], &key[4], &key[8]);
158 xor_32(&key[12], &key[8], &key[12]);
161 void SubBytes(BYTE *in, BYTE *out)
165 for (i=0; i< 16; i++)
167 out[i] = sbox_table[in[i]];
171 void ShiftRows(BYTE *in, BYTE *out)
191 void MixColumns(BYTE *in, BYTE *out)
194 out[0] = dot2_table[in[0]] ^ dot3_table[in[1]] ^ in[2] ^ in[3];
195 out[1] = in[0] ^ dot2_table[in[1]] ^ dot3_table[in[2]] ^ in[3];
196 out[2] = in[0] ^ in[1] ^ dot2_table[in[2]] ^ dot3_table[in[3]];
197 out[3] = dot3_table[in[0]] ^ in[1] ^ in[2] ^ dot2_table[in[3]];
201 void AESv128(BYTE *key, BYTE *data, BYTE *ciphertext)
207 BYTE abyRoundKey[16];
210 abyRoundKey[i] = key[i];
212 for (round = 0; round < 11; round++)
216 xor_128(abyRoundKey, data, ciphertext);
217 AddRoundKey(abyRoundKey, round);
219 else if (round == 10)
221 SubBytes(ciphertext, TmpdataA);
222 ShiftRows(TmpdataA, TmpdataB);
223 xor_128(TmpdataB, abyRoundKey, ciphertext);
227 SubBytes(ciphertext, TmpdataA);
228 ShiftRows(TmpdataA, TmpdataB);
229 MixColumns(&TmpdataB[0], &TmpdataA[0]);
230 MixColumns(&TmpdataB[4], &TmpdataA[4]);
231 MixColumns(&TmpdataB[8], &TmpdataA[8]);
232 MixColumns(&TmpdataB[12], &TmpdataA[12]);
233 xor_128(TmpdataA, abyRoundKey, ciphertext);
234 AddRoundKey(abyRoundKey, round);
241 * Description: AES decryption
245 * pbyRxKey - The key used to decrypt
246 * pbyFrame - Starting address of packet header
247 * wFrameSize - Total packet size including CRC
251 * Return Value: MIC compare result
254 BOOL AESbGenCCMP(PBYTE pbyRxKey, PBYTE pbyFrame, WORD wFrameSize)
263 BYTE abyPlainText[16];
264 BYTE abyLastCipher[16];
266 PS802_11Header pMACHeader = (PS802_11Header) pbyFrame;
270 WORD wPayloadSize = wFrameSize - 8 - 8 - 4 - WLAN_HDR_ADDR3_LEN;//8 is IV, 8 is MIC, 4 is CRC
277 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
278 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
279 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
281 pbyIV += 6; // 6 is 802.11 address4
285 pbyPayload = pbyIV + 8; //IV-length
287 abyNonce[0] = 0x00; //now is 0, if Qos here will be priority
288 MEMvCopy(&(abyNonce[1]), pMACHeader->abyAddr2, U_ETHER_ADDR_LEN);
289 abyNonce[7] = pbyIV[7];
290 abyNonce[8] = pbyIV[6];
291 abyNonce[9] = pbyIV[5];
292 abyNonce[10] = pbyIV[4];
293 abyNonce[11] = pbyIV[1];
294 abyNonce[12] = pbyIV[0];
298 MEMvCopy(&(MIC_IV[1]), &(abyNonce[0]), 13);
299 MIC_IV[14] = (BYTE)(wPayloadSize >> 8);
300 MIC_IV[15] = (BYTE)(wPayloadSize & 0xff);
303 MIC_HDR1[0] = (BYTE)(wHLen >> 8);
304 MIC_HDR1[1] = (BYTE)(wHLen & 0xff);
305 byTmp = (BYTE)(pMACHeader->wFrameCtl & 0xff);
306 MIC_HDR1[2] = byTmp & 0x8f;
307 byTmp = (BYTE)(pMACHeader->wFrameCtl >> 8);
309 MIC_HDR1[3] = byTmp | 0x40;
310 MEMvCopy(&(MIC_HDR1[4]), pMACHeader->abyAddr1, U_ETHER_ADDR_LEN);
311 MEMvCopy(&(MIC_HDR1[10]), pMACHeader->abyAddr2, U_ETHER_ADDR_LEN);
314 MEMvCopy(&(MIC_HDR2[0]), pMACHeader->abyAddr3, U_ETHER_ADDR_LEN);
315 byTmp = (BYTE)(pMACHeader->wSeqCtl & 0xff);
316 MIC_HDR2[6] = byTmp & 0x0f;
319 MEMvCopy(&(MIC_HDR2[8]), pMACHeader->abyAddr4, U_ETHER_ADDR_LEN);
332 AESv128(pbyRxKey,MIC_IV,abyMIC);
333 for ( kk=0; kk<16; kk++ ) {
334 abyTmp[kk] = MIC_HDR1[kk] ^ abyMIC[kk];
336 AESv128(pbyRxKey,abyTmp,abyMIC);
337 for ( kk=0; kk<16; kk++ ) {
338 abyTmp[kk] = MIC_HDR2[kk] ^ abyMIC[kk];
340 AESv128(pbyRxKey,abyTmp,abyMIC);
344 MEMvCopy(&(abyCTRPLD[1]), &(abyNonce[0]), 13);
346 for(jj=wPayloadSize; jj>16; jj=jj-16) {
348 abyCTRPLD[14] = (BYTE) (wCnt >> 8);
349 abyCTRPLD[15] = (BYTE) (wCnt & 0xff);
351 AESv128(pbyRxKey,abyCTRPLD,abyTmp);
353 for ( kk=0; kk<16; kk++ ) {
354 abyPlainText[kk] = abyTmp[kk] ^ pbyPayload[kk];
356 for ( kk=0; kk<16; kk++ ) {
357 abyTmp[kk] = abyMIC[kk] ^ abyPlainText[kk];
359 AESv128(pbyRxKey,abyTmp,abyMIC);
361 MEMvCopy(pbyPayload, abyPlainText, 16);
367 MEMvCopy(&(abyLastCipher[0]), pbyPayload, jj);
368 for ( ii=jj; ii<16; ii++ ) {
369 abyLastCipher[ii] = 0x00;
372 abyCTRPLD[14] = (BYTE) (wCnt >> 8);
373 abyCTRPLD[15] = (BYTE) (wCnt & 0xff);
375 AESv128(pbyRxKey,abyCTRPLD,abyTmp);
376 for ( kk=0; kk<16; kk++ ) {
377 abyPlainText[kk] = abyTmp[kk] ^ abyLastCipher[kk];
379 MEMvCopy(pbyPayload, abyPlainText, jj);
382 //for MIC calculation
383 for ( ii=jj; ii<16; ii++ ) {
384 abyPlainText[ii] = 0x00;
386 for ( kk=0; kk<16; kk++ ) {
387 abyTmp[kk] = abyMIC[kk] ^ abyPlainText[kk];
389 AESv128(pbyRxKey,abyTmp,abyMIC);
391 //=>above is the calculate MIC
392 //--------------------------------------------
395 abyCTRPLD[14] = (BYTE) (wCnt >> 8);
396 abyCTRPLD[15] = (BYTE) (wCnt & 0xff);
397 AESv128(pbyRxKey,abyCTRPLD,abyTmp);
398 for ( kk=0; kk<8; kk++ ) {
399 abyTmp[kk] = abyTmp[kk] ^ pbyPayload[kk];
401 //=>above is the dec-MIC from packet
402 //--------------------------------------------
404 if ( MEMEqualMemory(abyMIC,abyTmp,8) ) {