#include "8192cd_cfg.h" #if defined(CONFIG_RTL_WAPI_SUPPORT) #define _WAPI_CRYPTO_C_ #ifdef __LINUX_2_6__ #ifdef CONFIG_RTL8672 #include "./romeperf.h" #else #if !defined(NOT_RTK_BSP) #include #endif #endif #include #else #include "../rtl865x/rtl_types.h" #endif #include #include "8192cd.h" #include "wapi_wai.h" #include "wapiCrypto.h" #include "8192cd_util.h" #include "8192cd_headers.h" /* * 32-bit integer manipulation macros (big endian) */ #ifndef GET_ULONG_BE #define GET_ULONG_BE(n,b,i) \ { \ (n) = ( (unsigned long) (b)[(i) ] << 24 ) \ | ( (unsigned long) (b)[(i) + 1] << 16 ) \ | ( (unsigned long) (b)[(i) + 2] << 8 ) \ | ( (unsigned long) (b)[(i) + 3] ); \ } #endif #ifndef PUT_ULONG_BE #define PUT_ULONG_BE(n,b,i) \ { \ (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ (b)[(i) + 3] = (unsigned char) ( (n) ); \ } #endif /* * SHA-256 context setup */ void sha2_starts( sha2_context *ctx, int is224 ) { ctx->total[0] = 0; ctx->total[1] = 0; if( is224 == 0 ) { /* SHA-256 */ ctx->state[0] = 0x6A09E667; ctx->state[1] = 0xBB67AE85; ctx->state[2] = 0x3C6EF372; ctx->state[3] = 0xA54FF53A; ctx->state[4] = 0x510E527F; ctx->state[5] = 0x9B05688C; ctx->state[6] = 0x1F83D9AB; ctx->state[7] = 0x5BE0CD19; } else { /* SHA-224 */ ctx->state[0] = 0xC1059ED8; ctx->state[1] = 0x367CD507; ctx->state[2] = 0x3070DD17; ctx->state[3] = 0xF70E5939; ctx->state[4] = 0xFFC00B31; ctx->state[5] = 0x68581511; ctx->state[6] = 0x64F98FA7; ctx->state[7] = 0xBEFA4FA4; } ctx->is224 = is224; } static void sha2_process( sha2_context *ctx, unsigned char data[64] ) { unsigned long temp1, temp2, W[64]; unsigned long A, B, C, D, E, F, G, H; GET_ULONG_BE( W[ 0], data, 0 ); GET_ULONG_BE( W[ 1], data, 4 ); GET_ULONG_BE( W[ 2], data, 8 ); GET_ULONG_BE( W[ 3], data, 12 ); GET_ULONG_BE( W[ 4], data, 16 ); GET_ULONG_BE( W[ 5], data, 20 ); GET_ULONG_BE( W[ 6], data, 24 ); GET_ULONG_BE( W[ 7], data, 28 ); GET_ULONG_BE( W[ 8], data, 32 ); GET_ULONG_BE( W[ 9], data, 36 ); GET_ULONG_BE( W[10], data, 40 ); GET_ULONG_BE( W[11], data, 44 ); GET_ULONG_BE( W[12], data, 48 ); GET_ULONG_BE( W[13], data, 52 ); GET_ULONG_BE( W[14], data, 56 ); GET_ULONG_BE( W[15], data, 60 ); #define SHR(x,n) ((x & 0xFFFFFFFF) >> n) #define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) #define F0(x,y,z) ((x & y) | (z & (x | y))) #define F1(x,y,z) (z ^ (x & (y ^ z))) #define R(t) \ ( \ W[t] = S1(W[t - 2]) + W[t - 7] + \ S0(W[t - 15]) + W[t - 16] \ ) #define P(a,b,c,d,e,f,g,h,x,K) \ { \ temp1 = h + S3(e) + F1(e,f,g) + K + x; \ temp2 = S2(a) + F0(a,b,c); \ d += temp1; h = temp1 + temp2; \ } A = ctx->state[0]; B = ctx->state[1]; C = ctx->state[2]; D = ctx->state[3]; E = ctx->state[4]; F = ctx->state[5]; G = ctx->state[6]; H = ctx->state[7]; P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 ); P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 ); P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF ); P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 ); P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B ); P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 ); P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 ); P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 ); P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 ); P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 ); P( G, H, A, B, C, D, E, F, W[10], 0x243185BE ); P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 ); P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 ); P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE ); P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 ); P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 ); P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 ); P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 ); P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 ); P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC ); P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F ); P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA ); P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC ); P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA ); P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 ); P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D ); P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 ); P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 ); P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 ); P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 ); P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 ); P( B, C, D, E, F, G, H, A, R(31), 0x14292967 ); P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 ); P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 ); P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC ); P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 ); P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 ); P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB ); P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E ); P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 ); P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 ); P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B ); P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 ); P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 ); P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 ); P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 ); P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 ); P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 ); P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 ); P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 ); P( G, H, A, B, C, D, E, F, R(50), 0x2748774C ); P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 ); P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 ); P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A ); P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F ); P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 ); P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE ); P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F ); P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 ); P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 ); P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA ); P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB ); P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 ); P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 ); ctx->state[0] += A; ctx->state[1] += B; ctx->state[2] += C; ctx->state[3] += D; ctx->state[4] += E; ctx->state[5] += F; ctx->state[6] += G; ctx->state[7] += H; } /* * SHA-256 process buffer */ void sha2_update( sha2_context *ctx, unsigned char *input, int ilen ) { int fill; unsigned long left; if( ilen <= 0 ) return; left = ctx->total[0] & 0x3F; fill = 64 - left; ctx->total[0] += ilen; ctx->total[0] &= 0xFFFFFFFF; if( ctx->total[0] < (unsigned long) ilen ) ctx->total[1]++; if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), (void *) input, fill ); sha2_process( ctx, ctx->buffer ); input += fill; ilen -= fill; left = 0; } while( ilen >= 64 ) { sha2_process( ctx, input ); input += 64; ilen -= 64; } if( ilen > 0 ) { memcpy( (void *) (ctx->buffer + left), (void *) input, ilen ); } } static const unsigned char sha2_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; /* * SHA-256 final digest */ void sha2_finish( sha2_context *ctx, unsigned char output[32] ) { unsigned long last, padn; unsigned long high, low; unsigned char msglen[8]; high = ( ctx->total[0] >> 29 ) | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 ); PUT_ULONG_BE( high, msglen, 0 ); PUT_ULONG_BE( low, msglen, 4 ); last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); sha2_update( ctx, (unsigned char *) sha2_padding, padn ); sha2_update( ctx, msglen, 8 ); PUT_ULONG_BE( ctx->state[0], output, 0 ); PUT_ULONG_BE( ctx->state[1], output, 4 ); PUT_ULONG_BE( ctx->state[2], output, 8 ); PUT_ULONG_BE( ctx->state[3], output, 12 ); PUT_ULONG_BE( ctx->state[4], output, 16 ); PUT_ULONG_BE( ctx->state[5], output, 20 ); PUT_ULONG_BE( ctx->state[6], output, 24 ); if( ctx->is224 == 0 ) PUT_ULONG_BE( ctx->state[7], output, 28 ); } /* * output = SHA-256( input buffer ) */ void sha2( unsigned char *input, int ilen, unsigned char output[32], int is224 ) { sha2_context ctx; sha2_starts( &ctx, is224 ); sha2_update( &ctx, input, ilen ); sha2_finish( &ctx, output ); memset( &ctx, 0, sizeof( sha2_context ) ); } #if 0 /* * output = SHA-256( file contents ) */ int sha2_file( char *path, unsigned char output[32], int is224 ) { FILE *f; size_t n; sha2_context ctx; unsigned char buf[1024]; if( ( f = fopen( path, "rb" ) ) == NULL ) return( 1 ); sha2_starts( &ctx, is224 ); while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) sha2_update( &ctx, buf, (int) n ); sha2_finish( &ctx, output ); memset( &ctx, 0, sizeof( sha2_context ) ); if( ferror( f ) != 0 ) { fclose( f ); return( 2 ); } fclose( f ); return( 0 ); } #endif /* * SHA-256 HMAC context setup */ void sha2_hmac_starts( sha2_context *ctx, unsigned char *key, int keylen, int is224 ) { int i; unsigned char sum[32]; if( keylen > 64 ) { sha2( key, keylen, sum, is224 ); keylen = ( is224 ) ? 28 : 32; key = sum; } memset( ctx->ipad, 0x36, 64 ); memset( ctx->opad, 0x5C, 64 ); for( i = 0; i < keylen; i++ ) { ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); } sha2_starts( ctx, is224 ); sha2_update( ctx, ctx->ipad, 64 ); memset( sum, 0, sizeof( sum ) ); } /* * SHA-256 HMAC process buffer */ void sha2_hmac_update( sha2_context *ctx, unsigned char *input, int ilen ) { sha2_update( ctx, input, ilen ); } /* * SHA-256 HMAC final digest */ void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] ) { int is224, hlen; unsigned char tmpbuf[32]; is224 = ctx->is224; hlen = ( is224 == 0 ) ? 32 : 28; sha2_finish( ctx, tmpbuf ); sha2_starts( ctx, is224 ); sha2_update( ctx, ctx->opad, 64 ); sha2_update( ctx, tmpbuf, hlen ); sha2_finish( ctx, output ); memset( tmpbuf, 0, sizeof( tmpbuf ) ); } /* * output = HMAC-SHA-256( hmac key, input buffer ) */ void sha2_hmac( unsigned char *key, int keylen, unsigned char *input, int ilen, unsigned char output[32], int is224 ) { sha2_context ctx; sha2_hmac_starts( &ctx, key, keylen, is224 ); sha2_hmac_update( &ctx, input, ilen ); sha2_hmac_finish( &ctx, output ); memset( &ctx, 0, sizeof( sha2_context ) ); } /* * output = HMAC-SHA-256 ( hmac key, input buffer ) */ void sha256_hmac( unsigned char *key, int keylen, unsigned char *input, int ilen, unsigned char *output, int hlen) { unsigned char temp[32]; sha2_hmac(key, keylen, input, ilen, temp, 0); memcpy(output, temp, hlen); memset(temp, 0, 32); } void KD_hmac_sha256( unsigned char *key, int keylen, unsigned char *input, int ilen, unsigned char *output, int hlen) { int i; for(i=0;hlen/32;i++, hlen-=32) { sha256_hmac(key, keylen, input, ilen, &output[i*32], 32); input = &output[i*32]; ilen = 32; } if (hlen>0) sha256_hmac(key, keylen, input, ilen, &output[i*32], hlen); } #define WapiSMS4Encryption WapiSMS4Cryption #define WapiSMS4Decryption WapiSMS4Cryption #if (0) void WapiSMS4Encryption(uint8 *Key, uint8 *IV, uint8 *Input, uint16 InputLength, uint8 *Output, uint16 *OutputLength); static unsigned char data_before_mic[2][70] = { {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x08, 0x06, 0x00, 0x01, 0x08, 0x00, 0x06, 0x04, 0x00, 0x01, 0x00, 0xe0, 0x4c, 0x72, 0x00, 0x01, 0xc0, 0xa8, 0x01, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0xa8, 0x01, 0xfe}, {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x3d, 0xbc, 0x7d, 0x00, 0x00, 0x40, 0x01, 0x39, 0x74, 0xc0, 0xa8, 0x01, 0xfe, 0xc0, 0xa8, 0x01, 0x80, 0x00, 0x00, 0xce, 0x5b, 0x03, 0x00, 0x1a, 0x00, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a } }; static unsigned short data_before_mic_len[2] = {36, 69}; static unsigned char data_before_mic_key[2][16] = { {0x56, 0x65, 0xc2, 0x87, 0x04, 0x5c, 0x2b, 0x48, 0xae, 0x42, 0xec, 0x83, 0x42, 0x48, 0x83, 0xed}, {0x7e, 0xb4, 0x5d, 0xaf, 0x23, 0xe6, 0x9c, 0x76, 0xa7, 0xb4, 0x29, 0xe8, 0x79, 0xc7, 0x6a, 0xe8} }; static unsigned char data_before_mic_head[2][34] = { {0x88, 0x41, 0x00, 0xa9, 0x9a, 0x88, 0x89, 0x99, 0x00, 0xe0, 0x4c, 0x72, 0x00, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24}, {0x88, 0x42, 0x00, 0xe0, 0x4c, 0x72, 0x00, 0x01, 0x00, 0xa9, 0x9a, 0x88, 0x89, 0x99, 0x00, 0x00, 0x00, 0xa9, 0x9a, 0x88, 0x89, 0x99, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x45} }; static unsigned char data_before_mic_head_len[2] = {34, 34}; static unsigned char data_mic_iv[2][16] = { {0x92, 0x5c, 0x36, 0x5c, 0x36, 0x5c, 0x36, 0x5c, 0x36, 0x5c, 0x36, 0x5c, 0x36, 0x5c, 0x36, 0x5c}, {0x47, 0x5c, 0x36, 0x5c, 0x36, 0x5c, 0x36, 0x5c, 0x36, 0x5c, 0x36, 0x5c, 0x36, 0x5c, 0x36, 0x5c} }; static unsigned char data_after_mic[2][16] = { {0x30, 0x50, 0xe3, 0xc9, 0x5b, 0x7c, 0x6a, 0x9d, 0x1c, 0x2e, 0xd5, 0x8a, 0xc4, 0x77, 0x68, 0xba}, {0xcd, 0x59, 0x58, 0xfe, 0x62, 0x4c, 0x36, 0xaa, 0x62, 0xe2, 0x1b, 0xab, 0x71, 0x5f, 0x25, 0x99} }; /* * WAPI Encrypt test */ static unsigned char data_before_encrypt[1][96] = { 0x88, 0x41, 0x00, 0x00, 0x00, 0x0B, 0xC0, 0x02, 0x30, 0x73, 0x00, 0xE0, 0x4C, 0x81, 0x72, 0x0A, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0xAA, 0xAA, 0x03, 0x00, 0x00, 0x00, 0x08, 0x06, 0x00, 0x01, 0x08, 0x00, 0x06, 0x04, 0x00, 0x01, 0x00, 0xE0, 0x4C, 0x81, 0x72, 0x0A, 0xC0, 0xA8, 0x01, 0x7B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0xA8, 0x01, 0x7B, 0x07, 0xE7, 0x81, 0x88, 0x2F, 0x98, 0xDF, 0xDD, 0x9A, 0x23, 0xE2, 0x74, 0xA6, 0xEF, 0x35, 0xC1 }; static unsigned char data_before_encrypt_len[1] = {96}; static unsigned char data_before_encrypt_key[1][16] = { 0x83, 0x32, 0x29, 0x16, 0xDE, 0x93, 0x76, 0x38, 0xAC, 0x13, 0x2F, 0xB2, 0xD4, 0x9B, 0xCA, 0x5A }; static unsigned char data_before_encrypt_PN[1][16] = { 0x40, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C }; static unsigned char data_after_encrypt[1][96] = { 0x88, 0x41, 0x00, 0x00, 0x00, 0x0B, 0xC0, 0x02, 0x30, 0x73, 0x00, 0xE0, 0x4C, 0x81, 0x72, 0x0A, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0x36, 0x5C, 0xE4, 0x0B, 0xA5, 0xDF, 0x57, 0x10, 0xA5, 0x0C, 0x81, 0x38, 0xB8, 0xAE, 0x32, 0xE9, 0x40, 0x6E, 0x57, 0xEC, 0x03, 0xA4, 0x7F, 0x3C, 0x85, 0x1E, 0xC7, 0xF8, 0xA8, 0x8C, 0xAA, 0xA7, 0xBC, 0xA7, 0xDC, 0xC8, 0x54, 0x60, 0xFE, 0xC6, 0xD1, 0x0D, 0x8D, 0x79, 0x0E, 0xED, 0xB4, 0xAA, 0x10, 0x6E, 0xBF, 0xE1, 0x86, 0xE3 }; /* * WAPI test vectors */ static unsigned char wapi_digest_test_key[4][37] = { {0x01,0x02,0x03,0x04,0x05,0x06,0x7,0x08, 0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10, 0x011,0x12,0x13,0x14,0x15,0x16,0x17,0x18, 0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20}, {0x01,0x02,0x03,0x04,0x05,0x06,0x7,0x08, 0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10, 0x011,0x12,0x13,0x14,0x15,0x16,0x17,0x18, 0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20, 0x21,0x22,0x23,0x24,0x25}, {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b}, {0x4a,0x65,0x66,0x65} }; static unsigned char wapi_digest_test_keylen[4] = { 32, 37, 32, 4 }; static unsigned char wapi_digest_test_buf[4][112] = { {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"}, {0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd, 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd}, {"Hi There"}, {"what do ya want for nothing?"} }; static unsigned char wapi_digest_test_buflen[4] = { 112, 50, 8, 28 }; static unsigned char wapi_digest_test_output[4][32] = { {0x47,0x03,0x05,0xfc,0x7e,0x40,0xfe,0x34,0xd3,0xee,0xb3,0xe7,0x73,0xd9,0x5a,0xab,0x73,0xac,0xf0,0xfd,0x06,0x04,0x47,0xa5,0xeb,0x45,0x95,0xbf,0x33,0xa9,0xd1,0xa3 }, {0xd4,0x63,0x3c,0x17,0xf6,0xfb,0x8d,0x74,0x4c,0x66,0xde,0xe0,0xf8,0xf0,0x74,0x55,0x6e,0xc4,0xaf,0x55,0xef,0x07,0x99,0x85,0x41,0x46,0x8e,0xb4,0x9b,0xd2,0xe9,0x17 }, {0x19,0x8a,0x60,0x7e,0xb4,0x4b,0xfb,0xc6,0x99,0x03,0xa0,0xf1,0xcf,0x2b,0xbd,0xc5,0xba,0x0a,0xa3,0xf3,0xd9,0xae,0x3c,0x1c,0x7a,0x3b,0x16,0x96,0xa0,0xb6,0x8c,0xf7 }, {0x5b,0xdc,0xc1,0x46,0xbf,0x60,0x75,0x4e,0x6a,0x04,0x24,0x26,0x08,0x95,0x75,0xc7,0x5a,0x00,0x3f,0x08,0x9d,0x27,0x39,0x83,0x9d,0xec,0x58,0xb9,0x64,0xec,0x38,0x43} }; static unsigned char wapi_test_key[3][37] = { {0x01,0x02,0x03,0x04,0x05,0x06,0x7,0x08, 0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10, 0x011,0x12,0x13,0x14,0x15,0x16,0x17,0x18, 0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20}, {0x01,0x02,0x03,0x04,0x05,0x06,0x7,0x08, 0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10, 0x011,0x12,0x13,0x14,0x15,0x16,0x17,0x18, 0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20, 0x21,0x22,0x23,0x24,0x25}, {0x01,0x02,0x03,0x04,0x05,0x06,0x7,0x08, 0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10, 0x011,0x12,0x13,0x14,0x15} }; static const int wapi_test_keylen[3] = { 32, 37, 16 }; static unsigned char wapi_test_buf[3][49] = { {"pairwise key expansion for infrastructure unicast"}, {"group key expansion for multicast and broadcast"}, {"pre-share key expansion for adhoc network"} }; static const int wapi_test_buflen[3] = { 49, 47, 41 }; static unsigned char wapi_test_output[9][48] = { /* 1-3 */ {0xe3,0xa6,0x45,0x46,0xf2,0xd1,0xf5,0xee,0xb7,0xd1,0xee,0x06,0xd2,0xc9,0xe5,0x4a,0x2c,0xc9,0xd6,0xce,0xc3,0xb7,0x6f,0xfd,0x62,0x63,0xf4,0x26,0xdc,0x25,0x39,0xaf,0xbd,0x98,0x80,0xa5,0x27,0xa1,0xb5,0x85,0x59,0x4b,0x57,0xce,0x33,0x21,0x4f,0x0c}, {0x3b,0x6e,0xca,0x4f,0x08,0x76,0xc4,0x3a,0xb3,0x1b,0x26,0x3f,0x2c,0x38,0xb8,0x81,0x21,0xb5,0x68,0xe5,0xf8,0xfd,0x1d,0x4c,0xfa,0x4c,0x7f,0x8c,0x60,0x97,0x04,0x3d,0x7b,0x40,0xa8,0x63,0xb9,0x43,0xb9,0xf5,0xbb,0x37,0x2f,0x3a,0xdd,0xa5,0xda,0x27}, {0xbc,0x29,0xf3,0xe6,0x09,0x1f,0x6a,0xc9,0x0b,0xa0,0x20,0x61,0x92,0x12,0x48,0x69,0x5f,0xee,0xff,0x1a,0x4c,0xab,0x53,0x3b,0x11,0x67,0xd8,0x54,0x5f,0x93,0x5f,0x28,0x11,0x84,0xc9,0xbb,0x32,0xf9,0x87,0xb9,0x86,0x81,0x0f,0xfb,0x17,0xc4,0x10,0xf5}, /* 4-6 */ { 0x20,0x8f,0x72,0x54,0xa4,0xbf,0x56,0xf0,0xfa,0x49,0x5f,0xe1, 0x0c,0x99,0x15,0x05,0x92,0xed,0x79,0xdf,0x57,0x74,0xa9,0x6e, 0x13,0x97,0x1e,0xc4,0xa1,0x5e,0x16,0xa7,0xed,0x75,0xf5,0xe5, 0x44,0xbb,0xd3,0x35,0x67,0xeb,0x88,0xe7,0x83,0x24,0xa9,0xd2 }, { 0x33,0x32,0x61,0x7a,0x90,0x8e,0xa5,0xa0,0x7f,0xfa,0x1d,0x23, 0x79,0xf3,0xd8,0x3e,0x8b,0xe9,0x14,0x1f,0x15,0x53,0x8f,0xd3, 0xef,0xde,0x58,0x01,0x19,0xe8,0xc5,0x09,0x5d,0x25,0xb2,0xd3, 0x0a,0xc7,0xa6,0x35,0xad,0xb4,0x3c,0x6c,0xac,0xf0,0xaa,0x2b }, { 0xf2,0xcb,0xf1,0x1c,0x6d,0x40,0xb8,0x09,0xd0,0xc0,0xed,0x48, 0x2a,0x4a,0x1b,0x6a,0x15,0x1a,0xf1,0xfb,0x4c,0x80,0xf9,0x80, 0x5c,0x93,0xe5,0x6e,0xb1,0xcf,0x5c,0xb5,0xec,0xc1,0x3e,0x7a, 0xbc,0xaf,0xe0,0xa7,0xd2,0x59,0x5d,0x51,0x9b,0x76,0x9a,0x24 }, /* 7-9 */ { 0xc0,0x7a,0xd8,0x32,0x25,0x2a,0x0c,0x14,0x76,0x18,0xf4,0xc0, 0xd0,0x6b,0x35,0xf4,0xf6,0xd6,0x73,0x5d,0x1a,0xa3,0x8e,0x47, 0x9a,0x7e,0xe0,0xac,0x1c,0x0c,0x38,0x5b,0x2d,0x33,0x28,0x74, 0x1e,0x4d,0xa0,0xc8,0x76,0xfc,0x6c,0xc9,0xe3,0x60,0xc8,0xd7 }, { 0xf0,0x0b,0xee,0xf2,0xf5,0x5f,0x85,0xd8,0xee,0xb0,0x6f,0x8c, 0xc4,0x1b,0xe6,0x0e,0xc2,0x69,0xf5,0x82,0x9a,0x0b,0x6e,0xfb, 0x2d,0x9b,0x49,0x5e,0xb1,0x87,0xd3,0x58,0x59,0x68,0x88,0xc3, 0xd2,0x6f,0x94,0x9f,0x8d,0x2e,0x41,0xfe,0xbc,0xbb,0xb9,0x9a }, { 0x05,0x8e,0xb8,0x7c,0xff,0x82,0x66,0x47,0xde,0x50,0x7b,0x14, 0x17,0xac,0x99,0x6e,0xb5,0x7f,0xcf,0x11,0xfd,0xfc,0x83,0xbe, 0x59,0xd5,0x85,0xf4,0xa7,0x3e,0x69,0x7d,0xd4,0x38,0xe3,0x34, 0xfe,0xbb,0x06,0x7d,0x14,0x6f,0x01,0x31,0xa6,0x96,0x4f,0x26 }, }; static const int wapi_test_outputlen[3] = { 48, 48, 48 }; /* * FIPS-180-2 test vectors */ static unsigned char sha2_test_buf[3][57] = { { "abc" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, { "" } }; static const int sha2_test_buflen[3] = { 3, 56, 1000 }; static const unsigned char sha2_test_sum[6][32] = { /* * SHA-224 test vectors */ { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22, 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3, 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7, 0xE3, 0x6C, 0x9D, 0xA7 }, { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC, 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50, 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19, 0x52, 0x52, 0x25, 0x25 }, { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8, 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B, 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE, 0x4E, 0xE7, 0xAD, 0x67 }, /* * SHA-256 test vectors */ { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA, 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23, 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C, 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD }, { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8, 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39, 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67, 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 }, { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92, 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67, 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E, 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 } }; /* * RFC 4231 test vectors */ static unsigned char sha2_hmac_test_key[7][26] = { { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" "\x0B\x0B\x0B\x0B" }, { "Jefe" }, { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA\xAA" }, { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10" "\x11\x12\x13\x14\x15\x16\x17\x18\x19" }, { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C" "\x0C\x0C\x0C\x0C" }, { "" }, /* 0xAA 131 times */ { "" } }; static const int sha2_hmac_test_keylen[7] = { 20, 4, 20, 25, 20, 131, 131 }; static unsigned char sha2_hmac_test_buf[7][153] = { { "Hi There" }, { "what do ya want for nothing?" }, { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" }, { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" }, { "Test With Truncation" }, { "Test Using Larger Than Block-Size Key - Hash Key First" }, { "This is a test using a larger than block-size key " "and a larger than block-size data. The key needs to " "be hashed before being used by the HMAC algorithm." } }; static const int sha2_hmac_test_buflen[7] = { 8, 28, 50, 50, 20, 54, 152 }; static const unsigned char sha2_hmac_test_sum[14][32] = { /* * HMAC-SHA-224 test vectors */ { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19, 0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F, 0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F, 0x53, 0x68, 0x4B, 0x22 }, { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF, 0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F, 0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00, 0x8F, 0xD0, 0x5E, 0x44 }, { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6, 0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64, 0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1, 0xEC, 0x83, 0x33, 0xEA }, { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC, 0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C, 0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D, 0xE7, 0xAF, 0xEC, 0x5A }, { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37, 0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 }, { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD, 0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2, 0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27, 0x3F, 0xA6, 0x87, 0x0E }, { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02, 0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD, 0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9, 0xF6, 0xF5, 0x65, 0xD1 }, /* * HMAC-SHA-256 test vectors */ { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53, 0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B, 0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7, 0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 }, { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E, 0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7, 0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83, 0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 }, { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46, 0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7, 0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22, 0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE }, { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E, 0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A, 0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07, 0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B }, { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0, 0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B }, { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F, 0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F, 0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14, 0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 }, { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB, 0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44, 0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93, 0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 } }; extern void WapiSMS4CalculateMic(uint8 *Key, uint8 *IV, uint8 *Input1, uint8 Input1Length, uint8 *Input2, uint16 Input2Length, uint8 *Output); /* * Checkup routine */ int sha2_self_test( int verbose ) { int i, j, k, buflen; unsigned char buf[1024]; unsigned char sha2sum[32]; sha2_context ctx; for( i = 0; i < 6; i++ ) { j = i % 3; k = i < 3; if( verbose != 0 ) printk( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); sha2_starts( &ctx, k ); if( j == 2 ) { memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) sha2_update( &ctx, buf, buflen ); } else sha2_update( &ctx, sha2_test_buf[j], sha2_test_buflen[j] ); sha2_finish( &ctx, sha2sum ); if( memcmp( sha2sum, sha2_test_sum[i], 32 - k * 4 ) != 0 ) { if( verbose != 0 ) printk( "failed\n" ); return( 1 ); } if( verbose != 0 ) printk( "passed\n" ); } if( verbose != 0 ) printk( "\n" ); for( i = 0; i < 14; i++ ) { j = i % 7; k = i < 7; if( verbose != 0 ) printk( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 ); if( j == 5 || j == 6 ) { memset( buf, '\xAA', buflen = 131 ); sha2_hmac_starts( &ctx, buf, buflen, k ); } else sha2_hmac_starts( &ctx, sha2_hmac_test_key[j], sha2_hmac_test_keylen[j], k ); sha2_hmac_update( &ctx, sha2_hmac_test_buf[j], sha2_hmac_test_buflen[j] ); sha2_hmac_finish( &ctx, sha2sum ); buflen = ( j == 4 ) ? 16 : 32 - k * 4; if( memcmp( sha2sum, sha2_hmac_test_sum[i], buflen ) != 0 ) { if( verbose != 0 ) printk( "failed\n" ); return( 1 ); } if( verbose != 0 ) printk( "passed\n" ); } if( verbose != 0 ) printk( "\n" ); for (i=0;i<4;i++) { sha256_hmac(&wapi_digest_test_key[i][0], wapi_digest_test_keylen[i], &wapi_digest_test_buf[i][0], wapi_digest_test_buflen[i], buf, 32); if ( memcmp(buf, wapi_digest_test_output[i], 32) ) printk("WAPI digest test failed: Case[%d]\n", i); else printk("WAPI digest test Passed: Case[%d]\n", i); } for(i=0;i<3;i++) { for(j=0;j<3;j++) { #if 1 KD_hmac_sha256(&wapi_test_key[j][0],wapi_test_keylen[j], &wapi_test_buf[i][0], wapi_test_buflen[i], buf, 48); #else KD_hmac_sha256(wapi_test_buf[i],wapi_test_buflen[i], wapi_test_key[i], wapi_test_keylen[i], buf, wapi_test_outputlen[i]); #endif if ( memcmp(buf, &wapi_test_output[(i*3)+j][0], 48)) { printk("WAPI test failed: Case[%d]:Index[%d]\n", i,j); } else { printk("WAPI test Passed: Case[%d]:Index[%d]\n", i,j); } } } #if 0 printk("Start test WAPI Encryption:\n"); /* test wapi encryption */ { uint16 buflen2; char* ptrBuf; buflen2 = 0; ptrBuf = buf+44; memcpy(buf, &data_before_encrypt[0][0], 44); WapiSMS4Encryption(&data_before_encrypt_key[0][0], &data_before_encrypt_PN[0][0], &data_before_encrypt[0][0]+44, data_before_encrypt_len[0]-44, ptrBuf, &buflen2); if (buflen2!=data_before_encrypt_len[0]-44) printk("WAPI Encryption length error: [%d]:[%d]\n", data_before_encrypt_len[0], buflen2); else printk("WAPI Encryption length OK: [%d]:[%d]\n", data_before_encrypt_len[0], buflen2); if (memcmp(buf, &data_after_encrypt[0][0], buflen2+44)) { printk("***********************************************************\n"); memDump(buf, buflen2+44, "buf"); memDump(&data_after_encrypt[0][0], buflen2+44, "enc1"); printk("***********************************************************\n"); printk("WAPI Encryption failed.\n"); //memDump(buf, 16, "DATA"); } else printk("WAPI Encryption OK.\n"); } printk("Mic check test:\n"); for(i=0;i<2;i++) { WapiSMS4CalculateMic(&data_before_mic_key[i][0], &data_mic_iv[i][0], &data_before_mic_head[i][0], data_before_mic_head_len[i], &data_before_mic[i][0], data_before_mic_len[i], buf); if (memcmp(buf, &data_after_mic[i][0], SMS4_MIC_LEN)) { printk("***********************************************************\n"); memDump(buf, SMS4_MIC_LEN, "buf"); memDump(&data_after_mic[i][0], SMS4_MIC_LEN, "mic"); printk("***********************************************************\n"); printk("WAPI MIC idx %d check failed.\n", i); } else printk("WAPI MIC idx %d check OK.\n", i); } #endif return( 0 ); } #endif typedef unsigned char muint8; typedef unsigned short muint16; typedef unsigned int muint32; static muint8 wapiCryptoTemp[16]; static muint8 wapiBlockIn[16], wapiTempBlock[16]; static muint32 wapiRK[32]; static muint8 wapiDecrytBuf[MAXDATALEN]; static muint8 wapiDecrytHdrBuf[64]; __DRAM_IN_865X muint8 Sbox[256]; __DRAM_IN_865X muint32 CK[32]; #define Rotl(_x, _y) (((_x) << (_y)) | ((_x) >> (32 - (_y)))) #define ByteSub(_A) (Sbox[(_A) >> 24] << 24 ^ \ Sbox[(_A) >> 16 & 0xFF] << 16 ^ \ Sbox[(_A) >> 8 & 0xFF] << 8 ^ \ Sbox[(_A) & 0xFF]) #define L1(_B) ((_B) ^ Rotl(_B, 2) ^ Rotl(_B, 10) ^ Rotl(_B, 18) ^ Rotl(_B, 24)) #define L2(_B) ((_B) ^ Rotl(_B, 13) ^ Rotl(_B, 23)) static inline void xor_block(void *dst, void *src1, void *src2) /* 128-bit xor: *dst = *src1 xor *src2. Pointers must be 32-bit aligned */ { ((uint32*)dst)[0] = ((uint32*)src1)[0] ^ ((uint32*)src2)[0]; ((uint32*)dst)[1] = ((uint32*)src1)[1] ^ ((uint32*)src2)[1]; ((uint32*)dst)[2] = ((uint32*)src1)[2] ^ ((uint32*)src2)[2]; ((uint32*)dst)[3] = ((uint32*)src1)[3] ^ ((uint32*)src2)[3]; } int32 init_SMS4_CK_Sbox(void) { static muint8 Sbox_tmp[256] = { 0xd6,0x90,0xe9,0xfe,0xcc,0xe1,0x3d,0xb7,0x16,0xb6,0x14,0xc2,0x28,0xfb,0x2c,0x05, 0x2b,0x67,0x9a,0x76,0x2a,0xbe,0x04,0xc3,0xaa,0x44,0x13,0x26,0x49,0x86,0x06,0x99, 0x9c,0x42,0x50,0xf4,0x91,0xef,0x98,0x7a,0x33,0x54,0x0b,0x43,0xed,0xcf,0xac,0x62, 0xe4,0xb3,0x1c,0xa9,0xc9,0x08,0xe8,0x95,0x80,0xdf,0x94,0xfa,0x75,0x8f,0x3f,0xa6, 0x47,0x07,0xa7,0xfc,0xf3,0x73,0x17,0xba,0x83,0x59,0x3c,0x19,0xe6,0x85,0x4f,0xa8, 0x68,0x6b,0x81,0xb2,0x71,0x64,0xda,0x8b,0xf8,0xeb,0x0f,0x4b,0x70,0x56,0x9d,0x35, 0x1e,0x24,0x0e,0x5e,0x63,0x58,0xd1,0xa2,0x25,0x22,0x7c,0x3b,0x01,0x21,0x78,0x87, 0xd4,0x00,0x46,0x57,0x9f,0xd3,0x27,0x52,0x4c,0x36,0x02,0xe7,0xa0,0xc4,0xc8,0x9e, 0xea,0xbf,0x8a,0xd2,0x40,0xc7,0x38,0xb5,0xa3,0xf7,0xf2,0xce,0xf9,0x61,0x15,0xa1, 0xe0,0xae,0x5d,0xa4,0x9b,0x34,0x1a,0x55,0xad,0x93,0x32,0x30,0xf5,0x8c,0xb1,0xe3, 0x1d,0xf6,0xe2,0x2e,0x82,0x66,0xca,0x60,0xc0,0x29,0x23,0xab,0x0d,0x53,0x4e,0x6f, 0xd5,0xdb,0x37,0x45,0xde,0xfd,0x8e,0x2f,0x03,0xff,0x6a,0x72,0x6d,0x6c,0x5b,0x51, 0x8d,0x1b,0xaf,0x92,0xbb,0xdd,0xbc,0x7f,0x11,0xd9,0x5c,0x41,0x1f,0x10,0x5a,0xd8, 0x0a,0xc1,0x31,0x88,0xa5,0xcd,0x7b,0xbd,0x2d,0x74,0xd0,0x12,0xb8,0xe5,0xb4,0xb0, 0x89,0x69,0x97,0x4a,0x0c,0x96,0x77,0x7e,0x65,0xb9,0xf1,0x09,0xc5,0x6e,0xc6,0x84, 0x18,0xf0,0x7d,0xec,0x3a,0xdc,0x4d,0x20,0x79,0xee,0x5f,0x3e,0xd7,0xcb,0x39,0x48 }; static muint32 CK_tmp[32] = { 0x00070e15, 0x1c232a31, 0x383f464d, 0x545b6269, 0x70777e85, 0x8c939aa1, 0xa8afb6bd, 0xc4cbd2d9, 0xe0e7eef5, 0xfc030a11, 0x181f262d, 0x343b4249, 0x50575e65, 0x6c737a81, 0x888f969d, 0xa4abb2b9, 0xc0c7ced5, 0xdce3eaf1, 0xf8ff060d, 0x141b2229, 0x30373e45, 0x4c535a61, 0x686f767d, 0x848b9299, 0xa0a7aeb5, 0xbcc3cad1, 0xd8dfe6ed, 0xf4fb0209, 0x10171e25, 0x2c333a41, 0x484f565d, 0x646b7279 }; memcpy(Sbox,Sbox_tmp, sizeof(muint8)*256); memcpy(CK,CK_tmp,sizeof(muint32)*32); return SUCCESS; } static void SMS4Crypt(muint8 *Input, muint8 *Output, muint32 *rk) { muint32 r, mid, x0, x1, x2, x3, *p; p = (muint32 *)Input; x0 = p[0]; x1 = p[1]; x2 = p[2]; x3 = p[3]; #ifdef _LITTLE_ENDIAN_ x0 = Rotl(x0, 16); x0 = ((x0 & 0x00FF00FF) << 8) ^ ((x0 & 0xFF00FF00) >> 8); x1 = Rotl(x1, 16); x1 = ((x1 & 0x00FF00FF) << 8) ^ ((x1 & 0xFF00FF00) >> 8); x2 = Rotl(x2, 16); x2 = ((x2 & 0x00FF00FF) << 8) ^ ((x2 & 0xFF00FF00) >> 8); x3 = Rotl(x3, 16); x3 = ((x3 & 0x00FF00FF) << 8) ^ ((x3 & 0xFF00FF00) >> 8); #endif for (r = 0; r < 32; r += 4) { mid = x1 ^ x2 ^ x3 ^ rk[r + 0]; mid = ByteSub(mid); x0 ^= L1(mid); mid = x2 ^ x3 ^ x0 ^ rk[r + 1]; mid = ByteSub(mid); x1 ^= L1(mid); mid = x3 ^ x0 ^ x1 ^ rk[r + 2]; mid = ByteSub(mid); x2 ^= L1(mid); mid = x0 ^ x1 ^ x2 ^ rk[r + 3]; mid = ByteSub(mid); x3 ^= L1(mid); } #ifdef _LITTLE_ENDIAN_ x0 = Rotl(x0, 16); x0 = ((x0 & 0x00FF00FF) << 8) ^ ((x0 & 0xFF00FF00) >> 8); x1 = Rotl(x1, 16); x1 = ((x1 & 0x00FF00FF) << 8) ^ ((x1 & 0xFF00FF00) >> 8); x2 = Rotl(x2, 16); x2 = ((x2 & 0x00FF00FF) << 8) ^ ((x2 & 0xFF00FF00) >> 8); x3 = Rotl(x3, 16); x3 = ((x3 & 0x00FF00FF) << 8) ^ ((x3 & 0xFF00FF00) >> 8); #endif p = (muint32 *)Output; p[0] = x3; p[1] = x2; p[2] = x1; p[3] = x0; } static void SMS4KeyExt(muint8 *Key, muint32 *rk) { muint32 r, mid, x0, x1, x2, x3, *p; p = (muint32 *)Key; x0 = p[0]; x1 = p[1]; x2 = p[2]; x3 = p[3]; #ifdef _LITTLE_ENDIAN_ x0 = Rotl(x0, 16); x0 = ((x0 & 0xFF00FF) << 8) ^ ((x0 & 0xFF00FF00) >> 8); x1 = Rotl(x1, 16); x1 = ((x1 & 0xFF00FF) << 8) ^ ((x1 & 0xFF00FF00) >> 8); x2 = Rotl(x2, 16); x2 = ((x2 & 0xFF00FF) << 8) ^ ((x2 & 0xFF00FF00) >> 8); x3 = Rotl(x3, 16); x3 = ((x3 & 0xFF00FF) << 8) ^ ((x3 & 0xFF00FF00) >> 8); #endif x0 ^= 0xa3b1bac6; x1 ^= 0x56aa3350; x2 ^= 0x677d9197; x3 ^= 0xb27022dc; for (r = 0; r < 32; r += 4) { mid = x1 ^ x2 ^ x3 ^ CK[r + 0]; mid = ByteSub(mid); rk[r + 0] = x0 ^= L2(mid); mid = x2 ^ x3 ^ x0 ^ CK[r + 1]; mid = ByteSub(mid); rk[r + 1] = x1 ^= L2(mid); mid = x3 ^ x0 ^ x1 ^ CK[r + 2]; mid = ByteSub(mid); rk[r + 2] = x2 ^= L2(mid); mid = x0 ^ x1 ^ x2 ^ CK[r + 3]; mid = ByteSub(mid); rk[r + 3] = x3 ^= L2(mid); } } void WapiSMS4Cryption(muint8 *Key, muint8 *IV, muint8 *Input, muint16 InputLength, muint8 *Output, muint16 *OutputLength) { muint32 blockNum,i,j; muint16 remainder; muint8 *pBlockIn, *pBlockOut, *pBlockTemp; remainder = InputLength & 0x0F; blockNum = InputLength >> 4; for(i=0;i<16;i++) wapiBlockIn[i] = IV[15-i]; SMS4KeyExt((muint8 *)Key, wapiRK); pBlockIn = wapiBlockIn; pBlockOut = wapiTempBlock; for(i=0; i0) { *OutputLength = (i<<4) + remainder; SMS4Crypt((muint8 *)pBlockIn, pBlockOut, wapiRK); for(j=0; j> 4; for(i=0;i<16;i++) wapiBlockIn[i] = IV[15-i]; SMS4KeyExt((muint8 *)Key, wapiRK); SMS4Crypt((muint8 *)wapiBlockIn, BlockOut, wapiRK); for(i=0; i> 4; for(i=0; i>8); TempBuf[TempLen-3] = 0; TempBuf[TempLen-4] = KeyIdx; WapiSMS4CalculateMic(MicKey, IV, TempBuf, TempLen, pData, DataLen, MicBuffer); } #if 1 void SecSWSMS4Encryption(struct rtl8192cd_priv *priv, struct tx_insn* txcfg) { uint16 OutputLength; wapiStaInfo *wapiInfo; uint8 *pHeader; uint8 KeyIdx; uint8 *MicBuffer; uint8 *pMicKey; uint8 *pDataKey; uint8 *pPN; wpiSMS4Hdr *SMS4Hdr; /* uint8 pTemp[SMS4_MIC_LEN]; */ uint8 *pBuf; int32 bPNOverflow; #if defined(CONFIG_RTL_HW_WAPI_SUPPORT) uint32 bHWEncrypt; #endif struct stat_info *pstat; #if 0 if (txcfg->fr_type != _SKB_FRAME_TYPE_) return; #endif pHeader = txcfg->phdr; /* txcfg->hdr_len */ { WAPI_LOCK(&priv->pshare->lock); if ( !txcfg->pstat ) { /* multicast */ //pstat=priv->stainfo_cache.pstat; pstat = priv->pstat_cache; KeyIdx = priv->wapiMCastKeyId; pPN = priv->txMCast; pMicKey = priv->wapiMCastKey[KeyIdx].micKey; pDataKey = priv->wapiMCastKey[KeyIdx].dataKey; bPNOverflow = WapiIncreasePN(pPN, 1); if (bPNOverflow==WAPI_RETURN_SUCCESS) { /* MSK update */ if((priv->wapiMCastKeyUpdate==1) || ((pstat)&&(pstat->wapiInfo)&&(pstat->wapiInfo->wapiUCastKeyUpdate))){ // printk("%s(%d), during msk or usk update, do nothing! =========== \n",__FUNCTION__,__LINE__);//Added for test } else{ wapiUpdateMSK(priv, NULL); } } if (priv->wapiMCastKeyUpdateCnt<=txcfg->fr_len) { priv->wapiMCastKeyUpdateCnt = priv->pmib->wapiInfo.wapiUpdateMCastKeyPktNum; if (priv->pmib->wapiInfo.wapiUpdateMCastKeyType==wapi_pktnum_update|| priv->pmib->wapiInfo.wapiUpdateMCastKeyType==wapi_all_update) { /* MSK update */ if((priv->wapiMCastKeyUpdate==1) || ((pstat)&&(pstat->wapiInfo)&&(pstat->wapiInfo->wapiUCastKeyUpdate))){ // printk("%s(%d), during msk or usk update, do nothing! =========== \n",__FUNCTION__,__LINE__);//Added for test } else{ wapiUpdateMSK(priv, NULL); } } } else priv->wapiMCastKeyUpdateCnt-=txcfg->fr_len; #if defined(CONFIG_RTL_HW_WAPI_SUPPORT) bHWEncrypt = priv->pmib->dot11GroupKeysTable.keyInCam; #endif } else { /* unicast */ wapiAssert(txcfg); wapiAssert(txcfg->pstat); wapiAssert(txcfg->pstat->wapiInfo); wapiInfo = txcfg->pstat->wapiInfo; KeyIdx = wapiInfo->wapiUCastKeyId; pPN = wapiInfo->wapiPN.txUCast; pMicKey = wapiInfo->wapiUCastKey[KeyIdx].micKey; pDataKey = wapiInfo->wapiUCastKey[KeyIdx].dataKey; bPNOverflow = WapiIncreasePN(pPN, 2); if (bPNOverflow==WAPI_RETURN_SUCCESS) { /* USK update */ if((wapiInfo->wapiUCastKeyUpdate==1) || (priv->wapiMCastKeyUpdate==1)){ // printk("%s(%d), during usk or msk update, do nothing! =========== \n",__FUNCTION__,__LINE__);//Added for test } else{ wapiUpdateUSK(priv, txcfg->pstat); } } if (wapiInfo->wapiUCastKeyUpdateCnt<=txcfg->fr_len) { wapiInfo->wapiUCastKeyUpdateCnt = priv->pmib->wapiInfo.wapiUpdateUCastKeyPktNum; if (wapiInfo->priv->pmib->wapiInfo.wapiUpdateUCastKeyType==wapi_pktnum_update|| wapiInfo->priv->pmib->wapiInfo.wapiUpdateUCastKeyType==wapi_all_update) { /* USK update */ if((wapiInfo->wapiUCastKeyUpdate==1) || (priv->wapiMCastKeyUpdate==1)){ // printk("%s(%d), during usk update, do nothing!KeyIdx(0x%x),wapiInfo->wapiUCastKeyId(0x%x),wapiInfo->wapiUCastKeyUpdateCnt(%u), priv->pmib->wapiInfo.wapiUpdateUCastKeyPktNum(%u),txcfg->fr_len(%d)=========== \n", // __FUNCTION__,__LINE__,KeyIdx,wapiInfo->wapiUCastKeyId,wapiInfo->wapiUCastKeyUpdateCnt,priv->pmib->wapiInfo.wapiUpdateUCastKeyPktNum,txcfg->fr_len);//Added for test } else{ wapiUpdateUSK(priv, txcfg->pstat); } } } else wapiInfo->wapiUCastKeyUpdateCnt-=txcfg->fr_len; #if defined(CONFIG_RTL_HW_WAPI_SUPPORT) bHWEncrypt = txcfg->pstat->dot11KeyMapping.keyInCam; #endif } SMS4Hdr = (wpiSMS4Hdr*)(pHeader + txcfg->hdr_len); SMS4Hdr->keyIdx = KeyIdx; SMS4Hdr->reserved = 0; memcpy(SMS4Hdr->pn, pPN, WAPI_PN_LEN); #if defined(CONFIG_RTL_HW_WAPI_SUPPORT) if (bHWEncrypt!=TRUE) #endif { wapiAssert((((struct sk_buff *)txcfg->pframe)->end-((struct sk_buff *)txcfg->pframe)->tail)>SMS4_MIC_LEN); pBuf = ((struct sk_buff *)txcfg->pframe)->data-txcfg->llc; MicBuffer = ((struct sk_buff *)txcfg->pframe)->data+txcfg->fr_len; if (txcfg->llc>0) { memcpy(pBuf, pHeader+txcfg->hdr_len + txcfg->iv, txcfg->llc); } { SecCalculateMicSMS4(KeyIdx, pMicKey, pHeader, pBuf, txcfg->fr_len+txcfg->llc, MicBuffer); /* encryption for data */ WapiSMS4Encryption(pDataKey, pPN, pBuf, txcfg->fr_len+txcfg->llc+SMS4_MIC_LEN, pBuf, &OutputLength); wapiAssert(OutputLength==txcfg->fr_len+txcfg->llc+SMS4_MIC_LEN); } //llc in wlan hdr should be sms4encrypted to deliver *((uint32*)SMS4Hdr->data) = *((uint32*)pBuf); *((uint32*)(SMS4Hdr->data+4)) = *((uint32*)(pBuf+4)); } #if defined(CONFIG_RTL_HW_WAPI_SUPPORT) else txcfg->mic = 0; #endif WAPI_UNLOCK(&priv->pshare->lock); } } int32 SecSWSMS4Decryption( struct rtl8192cd_priv *priv, struct stat_info *pstat, struct rx_frinfo* pfrinfo) { uint8 PNOffset; uint8 DataOffset; uint16 OutputLength; wapiStaInfo *wapiInfo; uint8 *pHeader; uint8 *pRA; uint8 *pTA; uint8 KeyIdx; /* uint8 MicBuffer[SMS4_MIC_LEN]; */ uint8 *pMicKey; uint8 *pDataKey; uint8 *pRecvPN; uint8 *pSecData; uint8 *pRecvMic; uint16 DataLen; uint16 PktLen; wpiSMS4Hdr *SMS4Hdr; uint8 qosIdx; struct stat_info *rxPstat; #if defined(CONFIG_RTL_HW_WAPI_SUPPORT) uint32 bHWEncrypt; #endif WAPI_LOCK(&priv->pshare->lock); wapiInfo = pstat->wapiInfo; pHeader = pfrinfo->pskb->data; #if 0 if (get_tofr_ds(pHeader) == 3) { if( is_qos_data(pHeader) ) { PNOffset = WLAN_HDR_A4_QOS_LEN; } else { PNOffset = WLAN_HDR_A4_LEN; } } else { if( is_qos_data(pHeader) ) { PNOffset = WLAN_HDR_A3_QOS_LEN; } else { PNOffset = WLAN_HDR_A3_LEN; } } printk("rx pn offset %d %d\n", pfrinfo->hdr_len, PNOffset); #else PNOffset = pfrinfo->hdr_len; #endif DataOffset = PNOffset + WAPI_EXT_LEN; SMS4Hdr = (wpiSMS4Hdr*)(pHeader+PNOffset); pRA = pHeader + 4; pTA = pHeader + 10; KeyIdx = SMS4Hdr->keyIdx; pRecvPN = SMS4Hdr->pn; if( (*pRA)&0x1 ) { rxPstat = get_stainfo(priv, pTA); if (rxPstat==NULL || rxPstat->wapiInfo==NULL || rxPstat->wapiInfo->wapiMCastEnable==0 || (KeyIdx!=priv->wapiMCastKeyId&&priv->wapiMCastKeyUpdate==0)) { WAPI_UNLOCK(&priv->pshare->lock); return FAIL; } /* need check the PN increasing, and record the last rx PN */ /* need check the PN increasing, and record the last rx PN */ if (WapiComparePN(pRecvPN, priv->rxMCast)==WAPI_RETURN_FAILED) { WAPI_UNLOCK(&priv->pshare->lock); return FAIL; } memcpy(priv->rxMCast, pRecvPN, WAPI_PN_LEN); pMicKey = priv->wapiMCastKey[KeyIdx].micKey; pDataKey = priv->wapiMCastKey[KeyIdx].dataKey; #if defined(CONFIG_RTL_HW_WAPI_SUPPORT) bHWEncrypt = priv->pmib->dot11GroupKeysTable.keyInCam; #endif } else { if (wapiInfo->wapiUCastRxEnable==0 || (KeyIdx!=wapiInfo->wapiUCastKeyId&&priv->wapiMCastKeyUpdate==0)) { WAPI_UNLOCK(&priv->pshare->lock); return FAIL; } #ifdef WIFI_WMM { if (pfrinfo->tid==0||pfrinfo->tid==3) qosIdx = 0; else if (pfrinfo->tid<3) qosIdx = 1; else if (pfrinfo->tid<6) qosIdx = 2; else qosIdx = 3; } #else qosIdx = 0; #endif /* need check the PN increasing, and record the last rx PN */ if ((pRecvPN[WAPI_PN_LEN-1]&0x1)==0x1) { wapiAssert(0); WAPI_UNLOCK(&priv->pshare->lock); return FAIL; } #if 0 if (WapiComparePN(pRecvPN, &wapiInfo->wapiPN.rxUCast[qosIdx][0])==WAPI_RETURN_FAILED) { memcpy(wapiCryptoTemp, pRecvPN, WAPI_PN_LEN); WapiIncreasePN(wapiCryptoTemp, ((rtl_SMS4_rxSeq[qosIdx]-pfrinfo->seq+1)<<1)); if (WapiComparePN(wapiCryptoTemp, &wapiInfo->wapiPN.rxUCast[qosIdx][0])==WAPI_RETURN_FAILED) { wapiAssert(0); memset(rtl_SMS4_rxSeq, 0, RX_QUEUE_NUM*sizeof(unsigned short)); WAPI_UNLOCK(&priv->pshare->lock); return FAIL; } } memcpy(&wapiInfo->wapiPN.rxUCast[qosIdx][0], pRecvPN, WAPI_PN_LEN); rtl_SMS4_rxSeq[qosIdx]=pfrinfo->seq; #else if (pfrinfo->seq>=wapiInfo->wapiPN.rxSeq[qosIdx]) { if (WapiComparePN(pRecvPN, &wapiInfo->wapiPN.rxUCast[qosIdx][0])==WAPI_RETURN_FAILED) { WAPI_UNLOCK(&priv->pshare->lock); return FAIL; } memcpy(&wapiInfo->wapiPN.rxUCast[qosIdx][0], pRecvPN, WAPI_PN_LEN); wapiInfo->wapiPN.rxSeq[qosIdx]=pfrinfo->seq; } else { memcpy(wapiCryptoTemp, pRecvPN, WAPI_PN_LEN); WapiIncreasePN(wapiCryptoTemp, ((wapiInfo->wapiPN.rxSeq[qosIdx]-pfrinfo->seq+1)<<1)); if (WapiComparePN(wapiCryptoTemp, &wapiInfo->wapiPN.rxUCast[qosIdx][0])==WAPI_RETURN_FAILED) { WAPI_UNLOCK(&priv->pshare->lock); return FAIL; } } #endif pMicKey = wapiInfo->wapiUCastKey[KeyIdx].micKey; pDataKey = wapiInfo->wapiUCastKey[KeyIdx].dataKey; #if defined(CONFIG_RTL_HW_WAPI_SUPPORT) bHWEncrypt = pstat->dot11KeyMapping.keyInCam; #endif } #if defined(CONFIG_RTL_HW_WAPI_SUPPORT) if (bHWEncrypt!=TRUE) #endif { pSecData = pHeader + DataOffset; PktLen = pfrinfo->pktlen; DataLen = PktLen-DataOffset; pRecvMic = pHeader + PktLen - SMS4_MIC_LEN - WAPI_ALIGNMENT_OFFSET; memcpy(wapiDecrytBuf, pSecData, DataLen); memcpy(wapiDecrytHdrBuf, pHeader, DataOffset); WapiSMS4Decryption(pDataKey, pRecvPN, wapiDecrytBuf, DataLen, pSecData-WAPI_ALIGNMENT_OFFSET, &OutputLength); wapiAssert(OutputLength == DataLen); DataLen -= SMS4_MIC_LEN; SecCalculateMicSMS4(KeyIdx, pMicKey, wapiDecrytHdrBuf, pSecData-WAPI_ALIGNMENT_OFFSET, DataLen, wapiCryptoTemp); if (memcmp(wapiCryptoTemp, pRecvMic, SMS4_MIC_LEN)) { wapiAssert(0); WAPI_UNLOCK(&priv->pshare->lock); return FALSE; } } WAPI_UNLOCK(&priv->pshare->lock); return TRUE; } #endif /************************************************************ generate radom number ************************************************************/ #if 0 //Original radom number generator void GenerateRandomData(unsigned char * data, unsigned int len) { unsigned int i, num; unsigned char *pRu8; #ifdef __LINUX_2_6__ srandom32(jiffies); #endif for (i=0; i> 11) #define TEMPERING_SHIFT_S(y) (y << 7) #define TEMPERING_SHIFT_T(y) (y << 15) #define TEMPERING_SHIFT_L(y) (y >> 18) static unsigned long mt[N]; /* the array for the state vector */ static int mti=N+1; /* mti==N+1 means mt[N] is not initialized */ /* initializing the array with a NONZERO seed */ void WapiMTgenSeed(unsigned long seed) { /* setting initial seeds to mt[N] using */ /* the generator Line 25 of Table 1 in */ /* [KNUTH 1981, The Art of Computer Programming */ /* Vol. 2 (2nd Ed.), pp102] */ const unsigned long int factor = 1812433253; mt[0]= seed & 0xffffffff; for (mti=1; mti> 30)) + mti); mt[mti] &= 0xffffffff; } } unsigned long WapiMTgenrand(void) { unsigned long y; static unsigned long mag01[2]={0x0, MATRIX_A}; /* mag01[x] = x * MATRIX_A for x=0,1 */ if (mti >= N) { /* generate N words at one time */ int kk; if (mti == N+1) /* if sgenrand() has not been called, */ WapiMTgenSeed(5489); for (kk=0;kk> 1) ^ mag01[y & 0x1]; } for (;kk> 1) ^ mag01[y & 0x1]; } y = (mt[N-1]&UPPER_MASK)|(mt[0]&LOWER_MASK); mt[N-1] = mt[M-1] ^ (y >> 1) ^ mag01[y & 0x1]; mti = 0; } y = mt[mti++]; y ^= TEMPERING_SHIFT_U(y); y ^= TEMPERING_SHIFT_S(y) & TEMPERING_MASK_B; y ^= TEMPERING_SHIFT_T(y) & TEMPERING_MASK_C; y ^= TEMPERING_SHIFT_L(y); return y; } //Note: here len should be =< 32 void GenerateRandomData(unsigned char * data, unsigned int len) { int num,i; unsigned char tempBuf[32]; unsigned long y,seed; #ifdef __LINUX_2_6__ srandom32(jiffies); #endif #ifdef __LINUX_2_6__ seed = random32(); #else get_random_bytes(&seed, 4); #endif WapiMTgenSeed(seed); if(len % 4 == 0) num = len/4; else num= len/4+1; memset(tempBuf,0,4*num); for(i=0;i