Merge AU_LINUX_QSDK_DATE_4.4_TARGET_ALL.10.0.3115 on remote branch
Change-Id: If4755c8169868cfb5361a6ddeb238f2a9b76dfe9
Signed-off-by: Linux Build Service Account <lnxbuild@localhost>
diff --git a/crypto/inc/wlan_crypto_aes.h b/crypto/inc/wlan_crypto_aes.h
new file mode 100644
index 0000000..911b6a5
--- /dev/null
+++ b/crypto/inc/wlan_crypto_aes.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+/*
+ * AES functions
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef AES_H
+#define AES_H
+
+#define AES_BLOCK_SIZE 16
+
+
+#endif /* AES_H */
diff --git a/crypto/inc/wlan_crypto_aes_ctr_i.h b/crypto/inc/wlan_crypto_aes_ctr_i.h
new file mode 100644
index 0000000..6e408cf
--- /dev/null
+++ b/crypto/inc/wlan_crypto_aes_ctr_i.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+
+/*
+ * AES functions
+ *
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef _WLAN_CRYPTO_AES_CTR_I_H_
+#define _WLAN_CRYPTO_AES_CTR_I_H_
+
+#ifdef WLAN_SUPPORT_FILS
+/**
+ * wlan_crypto_aes_ctr_encrypt - AES-128/192/256 CTR mode encryption
+ * @key: Key for encryption (key_len bytes)
+ * @key_len: Length of the key (16, 24, or 32 bytes)
+ * @nonce: Nonce for counter mode (16 bytes)
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ *
+ * Returns: 0 on success, -1 on failure
+ */
+int32_t wlan_crypto_aes_ctr_encrypt(const uint8_t *key, size_t key_len,
+ const uint8_t *nonce, uint8_t *data,
+ size_t data_len);
+
+/**
+ * wlan_crypto_aes_128_ctr_encrypt - AES-128 CTR mode encryption
+ * @key: Key for encryption (key_len bytes)
+ * @nonce: Nonce for counter mode (16 bytes)
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ *
+ * Returns: 0 on success, -1 on failure
+ */
+int32_t wlan_crypto_aes_128_ctr_encrypt(const uint8_t *key,
+ const uint8_t *nonce, uint8_t *data,
+ size_t data_len);
+#endif /* WLAN_SUPPORT_FILS */
+
+#endif /* end of _WLAN_CRYPTO_AES_CTR_I_H_ */
+
diff --git a/crypto/inc/wlan_crypto_aes_i.h b/crypto/inc/wlan_crypto_aes_i.h
new file mode 100644
index 0000000..6455cf0
--- /dev/null
+++ b/crypto/inc/wlan_crypto_aes_i.h
@@ -0,0 +1,230 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ */
+/*
+ * AES (Rijndael) cipher
+ * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef WLAN_CRYPTO_AES_I_H
+#define WLAN_CRYPTO_AES_I_H
+
+#include <wlan_cmn.h>
+#include <wlan_objmgr_cmn.h>
+#include <wlan_objmgr_global_obj.h>
+#include <wlan_objmgr_psoc_obj.h>
+#include <wlan_objmgr_pdev_obj.h>
+#include <wlan_objmgr_vdev_obj.h>
+#include <wlan_objmgr_peer_obj.h>
+#include "wlan_crypto_global_def.h"
+
+
+#define CCMP_IV_SIZE (WLAN_CRYPTO_IV_LEN + WLAN_CRYPTO_KEYID_LEN \
+ + WLAN_CRYPTO_EXT_IV_LEN)
+
+#define AES_BLOCK_SIZE 16
+#define AAD_LEN_FIELD (2)
+#define wpa_printf(args...) do { } while (0)
+#define wpa_hexdump(l, t, b, le) do { } while (0)
+#define wpa_hexdump_buf(l, t, b) do { } while (0)
+#define wpa_hexdump_key(l, t, b, le) do { } while (0)
+#define wpa_hexdump_buf_key(l, t, b) do { } while (0)
+#define wpa_hexdump_ascii(l, t, b, le) do { } while (0)
+#define wpa_hexdump_ascii_key(l, t, b, le) do { } while (0)
+/* #define FULL_UNROLL */
+#define AES_SMALL_TABLES
+
+extern const uint32_t Te0[256];
+extern const uint32_t Te1[256];
+extern const uint32_t Te2[256];
+extern const uint32_t Te3[256];
+extern const uint32_t Te4[256];
+extern const uint32_t Td0[256];
+extern const uint32_t Td1[256];
+extern const uint32_t Td2[256];
+extern const uint32_t Td3[256];
+extern const uint32_t Td4[256];
+extern const uint32_t rcon[10];
+extern const uint8_t Td4s[256];
+extern const uint8_t rcons[10];
+
+#ifndef AES_SMALL_TABLES
+
+#define RCON(i) rcon[(i)]
+static inline uint32_t rotr(uint32_t val, int bits)
+{
+ return (val >> bits) | (val << (32 - bits));
+}
+
+#define TE0(i) Te0[((i) >> 24) & 0xff]
+#define TE1(i) Te1[((i) >> 16) & 0xff]
+#define TE2(i) Te2[((i) >> 8) & 0xff]
+#define TE3(i) Te3[(i) & 0xff]
+#define TE41(i) (Te4[((i) >> 24) & 0xff] & 0xff000000)
+#define TE42(i) (Te4[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TE43(i) (Te4[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TE44(i) (Te4[(i) & 0xff] & 0x000000ff)
+#define TE421(i) (Te4[((i) >> 16) & 0xff] & 0xff000000)
+#define TE432(i) (Te4[((i) >> 8) & 0xff] & 0x00ff0000)
+#define TE443(i) (Te4[(i) & 0xff] & 0x0000ff00)
+#define TE414(i) (Te4[((i) >> 24) & 0xff] & 0x000000ff)
+#define TE411(i) (Te4[((i) >> 24) & 0xff] & 0xff000000)
+#define TE422(i) (Te4[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TE433(i) (Te4[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TE444(i) (Te4[(i) & 0xff] & 0x000000ff)
+#define TE4(i) (Te4[(i)] & 0x000000ff)
+
+#define TD0(i) Td0[((i) >> 24) & 0xff]
+#define TD1(i) Td1[((i) >> 16) & 0xff]
+#define TD2(i) Td2[((i) >> 8) & 0xff]
+#define TD3(i) Td3[(i) & 0xff]
+#define TD41(i) (Td4[((i) >> 24) & 0xff] & 0xff000000)
+#define TD42(i) (Td4[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TD43(i) (Td4[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TD44(i) (Td4[(i) & 0xff] & 0x000000ff)
+#define TD0_(i) Td0[(i) & 0xff]
+#define TD1_(i) Td1[(i) & 0xff]
+#define TD2_(i) Td2[(i) & 0xff]
+#define TD3_(i) Td3[(i) & 0xff]
+
+#else /* AES_SMALL_TABLES */
+
+#define RCON(i) (rcons[(i)] << 24)
+
+static inline uint32_t rotr(uint32_t val, int bits)
+{
+ return (val >> bits) | (val << (32 - bits));
+}
+
+#define TE0(i) Te0[((i) >> 24) & 0xff]
+#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
+#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
+#define TE3(i) rotr(Te0[(i) & 0xff], 24)
+#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
+#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
+#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000)
+#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000)
+#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00)
+#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff)
+#define TE411(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
+#define TE422(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TE433(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TE444(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
+#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff)
+
+#define TD0(i) Td0[((i) >> 24) & 0xff]
+#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8)
+#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16)
+#define TD3(i) rotr(Td0[(i) & 0xff], 24)
+#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24)
+#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16)
+#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8)
+#define TD44(i) (Td4s[(i) & 0xff])
+#define TD0_(i) Td0[(i) & 0xff]
+#define TD1_(i) rotr(Td0[(i) & 0xff], 8)
+#define TD2_(i) rotr(Td0[(i) & 0xff], 16)
+#define TD3_(i) rotr(Td0[(i) & 0xff], 24)
+
+#endif /* AES_SMALL_TABLES */
+
+#ifdef _MSC_VER
+
+#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+#define GETU32(p) SWAP(*((uint32_t *)(p)))
+#define PUTU32(ct, st) { *((uint32_t *)(ct)) = SWAP((st)); }
+#else
+#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+
+#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^\
+ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
+#define PUTU32(ct, st) {\
+ (ct)[0] = (u8)((st) >> 24);\
+ (ct)[1] = (u8)((st) >> 16);\
+ (ct)[2] = (u8)((st) >> 8);\
+ (ct)[3] = (u8)(st); }
+#endif
+
+#define AES_PRIV_SIZE (4 * 4 * 15 + 4)
+#define AES_PRIV_NR_POS (4 * 15)
+
+struct ieee80211_hdr;
+
+struct ieee80211_hdr_addr4 {
+ uint8_t frame_control[2];
+ uint8_t duration_id[2];
+ uint8_t addr1[QDF_MAC_ADDR_SIZE];
+ uint8_t addr2[QDF_MAC_ADDR_SIZE];
+ uint8_t addr3[QDF_MAC_ADDR_SIZE];
+ uint8_t seq_ctrl[2];
+ uint8_t addr4[QDF_MAC_ADDR_SIZE];
+} __packed;
+
+int wlan_crypto_rijndaelKeySetupEnc(uint32_t rk[], const uint8_t cipherKey[],
+ int keyBits);
+
+uint8_t *wlan_crypto_ccmp_encrypt(const uint8_t *key, uint8_t *frame,
+ size_t len, size_t hdrlen);
+
+uint8_t *wlan_crypto_ccmp_decrypt(const uint8_t *key,
+ const struct wlan_frame_hdr *hdr,
+ uint8_t *data, size_t data_len);
+
+uint8_t *wlan_crypto_tkip_encrypt(const uint8_t *key, uint8_t *frame,
+ size_t len, size_t hdrlen);
+
+uint8_t *wlan_crypto_tkip_decrypt(const uint8_t *key,
+ const struct wlan_frame_hdr *hdr,
+ uint8_t *data, size_t data_len);
+
+uint8_t *wlan_crypto_wep_encrypt(const uint8_t *key, uint16_t key_len,
+ uint8_t *data, size_t data_len);
+uint8_t *wlan_crypto_wep_decrypt(const uint8_t *key, uint16_t key_len,
+ uint8_t *data, size_t data_len);
+
+void wlan_crypto_wep_crypt(uint8_t *key, uint8_t *buf, size_t plen);
+
+uint32_t wlan_crypto_crc32(const uint8_t *frame, size_t frame_len);
+
+int wlan_crypto_aes_gcm_ae(const uint8_t *key, size_t key_len,
+ const uint8_t *iv, size_t iv_len,
+ const uint8_t *plain, size_t plain_len,
+ const uint8_t *aad, size_t aad_len,
+ uint8_t *crypt, uint8_t *tag);
+
+int wlan_crypto_aes_gcm_ad(const uint8_t *key, size_t key_len,
+ const uint8_t *iv, size_t iv_len,
+ const uint8_t *crypt, size_t crypt_len,
+ const uint8_t *aad, size_t aad_len,
+ const uint8_t *tag,
+ uint8_t *plain);
+int wlan_crypto_aes_gmac(const uint8_t *key, size_t key_len,
+ const uint8_t *iv, size_t iv_len,
+ const uint8_t *aad, size_t aad_len, uint8_t *tag);
+int wlan_crypto_aes_ccm_ae(const uint8_t *key, size_t key_len,
+ const uint8_t *nonce, size_t M, const uint8_t *plain,
+ size_t plain_len, const uint8_t *aad, size_t aad_len,
+ uint8_t *crypt, uint8_t *auth);
+
+int wlan_crypto_aes_ccm_ad(const uint8_t *key, size_t key_len,
+ const uint8_t *nonce, size_t M, const uint8_t *crypt,
+ size_t crypt_len, const uint8_t *aad, size_t aad_len,
+ const uint8_t *auth, uint8_t *plain);
+
+void *wlan_crypto_aes_encrypt_init(const uint8_t *key, size_t len);
+void wlan_crypto_aes_encrypt(void *ctx, const uint8_t *plain, uint8_t *crypt);
+void wlan_crypto_aes_encrypt_deinit(void *ctx);
+void *wlan_crypto_aes_decrypt_init(const uint8_t *key, size_t len);
+void wlan_crypto_aes_decrypt(void *ctx, const uint8_t *crypt, uint8_t *plain);
+void wlan_crypto_aes_decrypt_deinit(void *ctx);
+int omac1_aes_128(const uint8_t *key, const uint8_t *data,
+ size_t data_len, uint8_t *mac);
+int omac1_aes_256(const uint8_t *key, const uint8_t *data,
+ size_t data_len, uint8_t *mac);
+int omac1_aes_vector(const uint8_t *key, size_t key_len, size_t num_elem,
+ const uint8_t *addr[], const size_t *len, uint8_t *mac);
+#endif /* WLAN_CRYPTO_AES_I_H */
diff --git a/crypto/inc/wlan_crypto_aes_siv_i.h b/crypto/inc/wlan_crypto_aes_siv_i.h
new file mode 100644
index 0000000..f8192bb
--- /dev/null
+++ b/crypto/inc/wlan_crypto_aes_siv_i.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+
+/*
+ * AES SIV (RFC 5297)
+ * Copyright (c) 2013 Cozybit, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef _WLAN_CRYPTO_AES_SIV_I_H_
+#define _WLAN_CRYPTO_AES_SIV_I_H_
+
+#ifdef WLAN_SUPPORT_FILS
+int32_t wlan_crypto_aes_siv_encrypt(const uint8_t *key, size_t key_len,
+ const uint8_t *pw, size_t pwlen,
+ size_t num_elem, const uint8_t *addr[],
+ const size_t *len, uint8_t *out);
+
+int32_t wlan_crypto_aes_siv_decrypt(const uint8_t *key, size_t key_len,
+ const uint8_t *iv_crypt, size_t iv_c_len,
+ size_t num_elem, const uint8_t *addr[],
+ const size_t *len, uint8_t *out);
+#endif /* WLAN_SUPPORT_FILS */
+
+#endif /* end of _WLAN_CRYPTO_AES_SIV_I_H_ */
+
diff --git a/crypto/inc/wlan_crypto_fils_api.h b/crypto/inc/wlan_crypto_fils_api.h
new file mode 100644
index 0000000..90f2ea0
--- /dev/null
+++ b/crypto/inc/wlan_crypto_fils_api.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for
+ * any purpose with or without fee is hereby granted, provided that the
+ * above copyright notice and this permission notice appear in all
+ * copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _WLAN_CRYPTO_FILS_API_H_
+#define _WLAN_CRYPTO_FILS_API_H_
+
+#ifdef WLAN_SUPPORT_FILS
+/**
+ * wlan_crypto_fils_delkey - Delete fils aad key
+ * @peer: Peer object
+ *
+ * This function delete the peer specific FILS AAD key data.
+ *
+ * Return: None
+ */
+void wlan_crypto_fils_delkey(struct wlan_objmgr_peer *peer);
+#endif /* WLAN_SUPPORT_FILS */
+
+#endif /* End of _WLAN_CRYPTO_FILS_API_H_ */
+
diff --git a/crypto/inc/wlan_crypto_fils_def.h b/crypto/inc/wlan_crypto_fils_def.h
new file mode 100644
index 0000000..72be422
--- /dev/null
+++ b/crypto/inc/wlan_crypto_fils_def.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for
+ * any purpose with or without fee is hereby granted, provided that the
+ * above copyright notice and this permission notice appear in all
+ * copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _WLAN_CRYPTO_FILS_DEF_H_
+#define _WLAN_CRYPTO_FILS_DEF_H_
+
+/* Element ID Extension (EID 255) values */
+#define WLAN_ELEMID_EXT_ASSOC_DELAY_INFO (1)
+#define WLAN_ELEMID_EXT_FILS_REQ_PARAMS (2)
+#define WLAN_ELEMID_EXT_FILS_KEY_CONFIRM (3)
+#define WLAN_ELEMID_EXT_FILS_SESSION (4)
+#define WLAN_ELEMID_EXT_FILS_HLP_CONTAINER (5)
+#define WLAN_ELEMID_EXT_FILS_IP_ADDR_ASSIGN (6)
+#define WLAN_ELEMID_EXT_KEY_DELIVERY (7)
+#define WLAN_ELEMID_EXT_FILS_WRAPPED_DATA (8)
+#define WLAN_ELEMID_EXT_FILS_PUBLIC_KEY (12)
+#define WLAN_ELEMID_EXT_FILS_NONCE (13)
+
+#define WLAN_MAX_WPA_KEK_LEN (64)
+#define WLAN_FILS_NONCE_LEN (16)
+
+/* FILS AAD Crypto key data */
+struct wlan_crypto_fils_aad_key {
+ /* FILS aad ANounce */
+ uint8_t a_nonce[WLAN_FILS_NONCE_LEN];
+ /* FILS aad SNounce */
+ uint8_t s_nonce[WLAN_FILS_NONCE_LEN];
+ /* FILS aad kek */
+ uint8_t kek[WLAN_MAX_WPA_KEK_LEN];
+ /* FILS aad kek length */
+ uint32_t kek_len;
+};
+#endif /* end of _WLAN_CRYPTO_FILS_DEF_H_ */
+
diff --git a/crypto/src/wlan_crypto_aes_ccm.c b/crypto/src/wlan_crypto_aes_ccm.c
new file mode 100644
index 0000000..14e501f
--- /dev/null
+++ b/crypto/src/wlan_crypto_aes_ccm.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ */
+/*
+ * Counter with CBC-MAC (CCM) with AES
+ *
+ * Copyright (c) 2010-2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <qdf_types.h>
+#include <qdf_mem.h>
+#include <qdf_util.h>
+#include "wlan_crypto_aes_i.h"
+#include "wlan_crypto_def_i.h"
+
+static void xor_aes_block(uint8_t *dst, const uint8_t *src)
+{
+ uint32_t *d = (uint32_t *) dst;
+ uint32_t *s = (uint32_t *) src;
+ *d++ ^= *s++;
+ *d++ ^= *s++;
+ *d++ ^= *s++;
+ *d++ ^= *s++;
+}
+
+
+static void aes_ccm_auth_start(void *aes, size_t M, size_t L,
+ const uint8_t *nonce, const uint8_t *aad,
+ size_t aad_len, size_t plain_len,
+ uint8_t *x){
+ uint8_t aad_buf[2 * AES_BLOCK_SIZE];
+ uint8_t b[AES_BLOCK_SIZE];
+
+ /* Authentication */
+ /* B_0: Flags | Nonce N | l(m) */
+ b[0] = aad_len ? 0x40 : 0 /* Adata */;
+ b[0] |= (((M - 2) / 2) /* M' */ << 3);
+ b[0] |= (L - 1) /* L' */;
+ qdf_mem_copy(&b[1], nonce, 15 - L);
+ wlan_crypto_put_be16(&b[AES_BLOCK_SIZE - L], plain_len);
+
+ wpa_hexdump_key(MSG_EXCESSIVE, "CCM B_0", b, AES_BLOCK_SIZE);
+ wlan_crypto_aes_encrypt(aes, b, x); /* X_1 = E(K, B_0) */
+
+ if (!aad_len) {
+ crypto_err("aad length should be non zero");
+ return;
+ }
+
+ wlan_crypto_put_be16(aad_buf, aad_len);
+ qdf_mem_copy(aad_buf + AAD_LEN_FIELD, aad, aad_len);
+ if ((AAD_LEN_FIELD + aad_len) < sizeof(aad_buf))
+ qdf_mem_set(aad_buf + AAD_LEN_FIELD + aad_len,
+ sizeof(aad_buf) - AAD_LEN_FIELD - aad_len, 0);
+
+ xor_aes_block(aad_buf, x);
+ wlan_crypto_aes_encrypt(aes, aad_buf, x); /* X_2 = E(K, X_1 XOR B_1) */
+
+ if (aad_len > AES_BLOCK_SIZE - AAD_LEN_FIELD) {
+ xor_aes_block(&aad_buf[AES_BLOCK_SIZE], x);
+ /* X_3 = E(K, X_2 XOR B_2) */
+ wlan_crypto_aes_encrypt(aes, &aad_buf[AES_BLOCK_SIZE], x);
+ }
+}
+
+
+static void aes_ccm_auth(void *aes, const uint8_t *data, size_t len, uint8_t *x)
+{
+ size_t last = len % AES_BLOCK_SIZE;
+ size_t i;
+
+ for (i = 0; i < len / AES_BLOCK_SIZE; i++) {
+ /* X_i+1 = E(K, X_i XOR B_i) */
+ xor_aes_block(x, data);
+ data += AES_BLOCK_SIZE;
+ wlan_crypto_aes_encrypt(aes, x, x);
+ }
+ if (last) {
+ /* XOR zero-padded last block */
+ for (i = 0; i < last; i++)
+ x[i] ^= *data++;
+ wlan_crypto_aes_encrypt(aes, x, x);
+ }
+}
+
+
+static void aes_ccm_encr_start(size_t L, const uint8_t *nonce, uint8_t *a)
+{
+ /* A_i = Flags | Nonce N | Counter i */
+ a[0] = L - 1; /* Flags = L' */
+ qdf_mem_copy(&a[1], nonce, 15 - L);
+}
+
+
+static void aes_ccm_encr(void *aes, size_t L, const uint8_t *in, size_t len,
+ uint8_t *out, uint8_t *a){
+ size_t last = len % AES_BLOCK_SIZE;
+ size_t i;
+
+ /* crypt = msg XOR (S_1 | S_2 | ... | S_n) */
+ for (i = 1; i <= len / AES_BLOCK_SIZE; i++) {
+ wlan_crypto_put_be16(&a[AES_BLOCK_SIZE - 2], i);
+ /* S_i = E(K, A_i) */
+ wlan_crypto_aes_encrypt(aes, a, out);
+ xor_aes_block(out, in);
+ out += AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ }
+ if (last) {
+ wlan_crypto_put_be16(&a[AES_BLOCK_SIZE - 2], i);
+ wlan_crypto_aes_encrypt(aes, a, out);
+ /* XOR zero-padded last block */
+ for (i = 0; i < last; i++)
+ *out++ ^= *in++;
+ }
+}
+
+
+static void aes_ccm_encr_auth(void *aes, size_t M, uint8_t *x, uint8_t *a,
+ uint8_t *auth){
+ size_t i;
+ uint8_t tmp[AES_BLOCK_SIZE];
+
+ wpa_hexdump_key(MSG_EXCESSIVE, "CCM T", x, M);
+ /* U = T XOR S_0; S_0 = E(K, A_0) */
+ wlan_crypto_put_be16(&a[AES_BLOCK_SIZE - 2], 0);
+ wlan_crypto_aes_encrypt(aes, a, tmp);
+ for (i = 0; i < M; i++)
+ auth[i] = x[i] ^ tmp[i];
+ wpa_hexdump_key(MSG_EXCESSIVE, "CCM U", auth, M);
+}
+
+
+static void aes_ccm_decr_auth(void *aes, size_t M, uint8_t *a,
+ const uint8_t *auth, uint8_t *t){
+ size_t i;
+ uint8_t tmp[AES_BLOCK_SIZE];
+
+ wpa_hexdump_key(MSG_EXCESSIVE, "CCM U", auth, M);
+ /* U = T XOR S_0; S_0 = E(K, A_0) */
+ wlan_crypto_put_be16(&a[AES_BLOCK_SIZE - 2], 0);
+ wlan_crypto_aes_encrypt(aes, a, tmp);
+ for (i = 0; i < M; i++)
+ t[i] = auth[i] ^ tmp[i];
+ wpa_hexdump_key(MSG_EXCESSIVE, "CCM T", t, M);
+}
+
+
+/* AES-CCM with fixed L=2 and aad_len <= 30 assumption */
+int wlan_crypto_aes_ccm_ae(const uint8_t *key, size_t key_len,
+ const uint8_t *nonce, size_t M,
+ const uint8_t *plain, size_t plain_len,
+ const uint8_t *aad, size_t aad_len,
+ uint8_t *crypt, uint8_t *auth){
+ const size_t L = 2;
+ void *aes;
+ uint8_t x[AES_BLOCK_SIZE], a[AES_BLOCK_SIZE];
+ int32_t status = -1;
+
+ if (aad_len > 30 || M > AES_BLOCK_SIZE)
+ return status;
+
+ aes = wlan_crypto_aes_encrypt_init(key, key_len);
+ if (aes == NULL)
+ return status;
+
+ aes_ccm_auth_start(aes, M, L, nonce, aad, aad_len, plain_len, x);
+ aes_ccm_auth(aes, plain, plain_len, x);
+
+ /* Encryption */
+ aes_ccm_encr_start(L, nonce, a);
+ aes_ccm_encr(aes, L, plain, plain_len, crypt, a);
+ aes_ccm_encr_auth(aes, M, x, a, auth);
+
+ wlan_crypto_aes_encrypt_deinit(aes);
+
+ return 0;
+}
+
+
+/* AES-CCM with fixed L=2 and aad_len <= 30 assumption */
+int wlan_crypto_aes_ccm_ad(const uint8_t *key, size_t key_len,
+ const uint8_t *nonce, size_t M, const uint8_t *crypt,
+ size_t crypt_len, const uint8_t *aad, size_t aad_len,
+ const uint8_t *auth, uint8_t *plain){
+ const size_t L = 2;
+ void *aes;
+ uint8_t x[AES_BLOCK_SIZE], a[AES_BLOCK_SIZE];
+ uint8_t t[AES_BLOCK_SIZE];
+ int32_t status = -1;
+
+ if (aad_len > 30 || M > AES_BLOCK_SIZE)
+ return status;
+
+ aes = wlan_crypto_aes_encrypt_init(key, key_len);
+ if (aes == NULL)
+ return status;
+
+ /* Decryption */
+ aes_ccm_encr_start(L, nonce, a);
+ aes_ccm_decr_auth(aes, M, a, auth, t);
+
+ /* plaintext = msg XOR (S_1 | S_2 | ... | S_n) */
+ aes_ccm_encr(aes, L, crypt, crypt_len, plain, a);
+
+ aes_ccm_auth_start(aes, M, L, nonce, aad, aad_len, crypt_len, x);
+ aes_ccm_auth(aes, plain, crypt_len, x);
+
+ wlan_crypto_aes_encrypt_deinit(aes);
+
+ if (qdf_mem_cmp(x, t, M) != 0) {
+ wpa_printf(MSG_EXCESSIVE, "CCM: Auth mismatch");
+ return status;
+ }
+
+ return 0;
+}
diff --git a/crypto/src/wlan_crypto_aes_ctr.c b/crypto/src/wlan_crypto_aes_ctr.c
new file mode 100644
index 0000000..a376a2e
--- /dev/null
+++ b/crypto/src/wlan_crypto_aes_ctr.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+
+/*
+ * AES-128/192/256 CTR
+ *
+ * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifdef WLAN_SUPPORT_FILS
+
+#include <qdf_crypto.h>
+#include "wlan_crypto_aes_i.h"
+
+int32_t wlan_crypto_aes_ctr_encrypt(const uint8_t *key, size_t key_len,
+ const uint8_t *nonce, uint8_t *data,
+ size_t data_len)
+{
+ void *ctx;
+ size_t j, len, left = data_len;
+ int32_t i;
+ uint8_t *pos = data;
+ uint8_t counter[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];
+ int32_t status = -1;
+
+ ctx = wlan_crypto_aes_encrypt_init(key, key_len);
+ if (!ctx)
+ return status;
+
+ qdf_mem_copy(counter, nonce, AES_BLOCK_SIZE);
+
+ while (left > 0) {
+ wlan_crypto_aes_encrypt(ctx, counter, buf);
+
+ len = (left < AES_BLOCK_SIZE) ? left : AES_BLOCK_SIZE;
+ for (j = 0; j < len; j++)
+ pos[j] ^= buf[j];
+ pos += len;
+ left -= len;
+
+ for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+ counter[i]++;
+ if (counter[i])
+ break;
+ }
+ }
+ wlan_crypto_aes_encrypt_deinit(ctx);
+
+ return 0;
+}
+
+int32_t wlan_crypto_aes_128_ctr_encrypt(const uint8_t *key,
+ const uint8_t *nonce, uint8_t *data,
+ size_t data_len)
+{
+ return wlan_crypto_aes_ctr_encrypt(key, 16, nonce, data, data_len);
+}
+
+#endif /* WLAN_SUPPORT_FILS */
diff --git a/crypto/src/wlan_crypto_aes_gcm.c b/crypto/src/wlan_crypto_aes_gcm.c
new file mode 100644
index 0000000..41bc7fd
--- /dev/null
+++ b/crypto/src/wlan_crypto_aes_gcm.c
@@ -0,0 +1,331 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+/*
+ * Galois/Counter Mode (GCM) and GMAC with AES
+ *
+ * Copyright (c) 2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <qdf_types.h>
+#include <qdf_mem.h>
+#include <qdf_util.h>
+#include "wlan_crypto_aes_i.h"
+#include "wlan_crypto_def_i.h"
+
+static void inc32(uint8_t *block)
+{
+ uint32_t val;
+ val = wlan_crypto_get_be32(block + AES_BLOCK_SIZE - 4);
+ val++;
+ wlan_crypto_put_be32(block + AES_BLOCK_SIZE - 4, val);
+}
+
+
+static void xor_block(uint8_t *dst, const uint8_t *src)
+{
+ uint32_t *d = (uint32_t *) dst;
+ uint32_t *s = (uint32_t *) src;
+ *d++ ^= *s++;
+ *d++ ^= *s++;
+ *d++ ^= *s++;
+ *d++ ^= *s++;
+}
+
+
+static void shift_right_block(uint8_t *v)
+{
+ uint32_t val;
+
+ val = wlan_crypto_get_be32(v + 12);
+ val >>= 1;
+ if (v[11] & 0x01)
+ val |= 0x80000000;
+ wlan_crypto_put_be32(v + 12, val);
+
+ val = wlan_crypto_get_be32(v + 8);
+ val >>= 1;
+ if (v[7] & 0x01)
+ val |= 0x80000000;
+ wlan_crypto_put_be32(v + 8, val);
+
+ val = wlan_crypto_get_be32(v + 4);
+ val >>= 1;
+ if (v[3] & 0x01)
+ val |= 0x80000000;
+ wlan_crypto_put_be32(v + 4, val);
+
+ val = wlan_crypto_get_be32(v);
+ val >>= 1;
+ wlan_crypto_put_be32(v, val);
+}
+
+
+/* Multiplication in GF(2^128) */
+static void gf_mult(const uint8_t *x, const uint8_t *y, uint8_t *z)
+{
+ uint8_t v[16];
+ int i, j;
+
+ qdf_mem_set(z, 16, 0); /* Z_0 = 0^128 */
+ qdf_mem_copy(v, y, 16); /* V_0 = Y */
+
+ for (i = 0; i < 16; i++) {
+ for (j = 0; j < 8; j++) {
+ if (x[i] & BIT(7 - j)) {
+ /* Z_(i + 1) = Z_i XOR V_i */
+ xor_block(z, v);
+ } else {
+ /* Z_(i + 1) = Z_i */
+ }
+
+ if (v[15] & 0x01) {
+ /* V_(i + 1) = (V_i >> 1) XOR R */
+ shift_right_block(v);
+ /* R = 11100001 || 0^120 */
+ v[0] ^= 0xe1;
+ } else {
+ /* V_(i + 1) = V_i >> 1 */
+ shift_right_block(v);
+ }
+ }
+ }
+}
+
+
+static void ghash_start(uint8_t *y)
+{
+ /* Y_0 = 0^128 */
+ qdf_mem_set(y, 16, 0);
+}
+
+
+static void ghash(const uint8_t *h, const uint8_t *x, size_t xlen, uint8_t *y)
+{
+ size_t m, i;
+ const uint8_t *xpos = x;
+ uint8_t tmp[16];
+
+ m = xlen / 16;
+
+ for (i = 0; i < m; i++) {
+ /* Y_i = (Y^(i-1) XOR X_i) dot H */
+ xor_block(y, xpos);
+ xpos += 16;
+
+ /* dot operation:
+ * multiplication operation for binary Galois (finite) field of
+ * 2^128 elements */
+ gf_mult(y, h, tmp);
+ qdf_mem_copy(y, tmp, 16);
+ }
+
+ if (x + xlen > xpos) {
+ /* Add zero padded last block */
+ size_t last = x + xlen - xpos;
+ qdf_mem_copy(tmp, xpos, last);
+ qdf_mem_set(tmp + last, sizeof(tmp) - last, 0);
+
+ /* Y_i = (Y^(i-1) XOR X_i) dot H */
+ xor_block(y, tmp);
+
+ /* dot operation:
+ * multiplication operation for binary Galois (finite) field of
+ * 2^128 elements */
+ gf_mult(y, h, tmp);
+ qdf_mem_copy(y, tmp, 16);
+ }
+
+ /* Return Y_m */
+}
+
+
+static void aes_gctr(void *aes, const uint8_t *icb, const uint8_t *x,
+ size_t xlen, uint8_t *y){
+ size_t i, n, last;
+ uint8_t cb[AES_BLOCK_SIZE], tmp[AES_BLOCK_SIZE];
+ const uint8_t *xpos = x;
+ uint8_t *ypos = y;
+
+ if (xlen == 0)
+ return;
+
+ n = xlen / 16;
+
+ qdf_mem_copy(cb, icb, AES_BLOCK_SIZE);
+ /* Full blocks */
+ for (i = 0; i < n; i++) {
+ wlan_crypto_aes_encrypt(aes, cb, ypos);
+ xor_block(ypos, xpos);
+ xpos += AES_BLOCK_SIZE;
+ ypos += AES_BLOCK_SIZE;
+ inc32(cb);
+ }
+
+ last = x + xlen - xpos;
+ if (last) {
+ /* Last, partial block */
+ wlan_crypto_aes_encrypt(aes, cb, tmp);
+ for (i = 0; i < last; i++)
+ *ypos++ = *xpos++ ^ tmp[i];
+ }
+}
+
+
+static void *aes_gcm_init_hash_subkey(const uint8_t *key, size_t key_len,
+ uint8_t *H){
+ void *aes;
+
+ aes = wlan_crypto_aes_encrypt_init(key, key_len);
+ if (aes == NULL)
+ return NULL;
+
+ /* Generate hash subkey H = AES_K(0^128) */
+ qdf_mem_set(H, AES_BLOCK_SIZE, 0);
+ wlan_crypto_aes_encrypt(aes, H, H);
+ wpa_hexdump_key(MSG_EXCESSIVE, "Hash subkey H for GHASH",
+ H, AES_BLOCK_SIZE);
+ return aes;
+}
+
+
+static void aes_gcm_prepare_j0(const uint8_t *iv, size_t iv_len,
+ const uint8_t *H, uint8_t *J0){
+ uint8_t len_buf[16];
+
+ if (iv_len == 12) {
+ /* Prepare block J_0 = IV || 0^31 || 1 [len(IV) = 96] */
+ qdf_mem_copy(J0, iv, iv_len);
+ qdf_mem_set(J0 + iv_len, AES_BLOCK_SIZE - iv_len, 0);
+ J0[AES_BLOCK_SIZE - 1] = 0x01;
+ } else {
+ /*
+ * s = 128 * ceil(len(IV)/128) - len(IV)
+ * J_0 = GHASH_H(IV || 0^(s+64) || [len(IV)]_64)
+ */
+ ghash_start(J0);
+ ghash(H, iv, iv_len, J0);
+ wlan_crypto_put_be64(len_buf, 0);
+ wlan_crypto_put_be64(len_buf + 8, iv_len * 8);
+ ghash(H, len_buf, sizeof(len_buf), J0);
+ }
+}
+
+
+static void aes_gcm_gctr(void *aes, const uint8_t *J0, const uint8_t *in,
+ size_t len, uint8_t *out){
+ uint8_t J0inc[AES_BLOCK_SIZE];
+
+ if (len == 0)
+ return;
+
+ qdf_mem_copy(J0inc, J0, AES_BLOCK_SIZE);
+ inc32(J0inc);
+ aes_gctr(aes, J0inc, in, len, out);
+}
+
+
+static void aes_gcm_ghash(const uint8_t *H, const uint8_t *aad, size_t aad_len,
+ const uint8_t *crypt, size_t crypt_len, uint8_t *S)
+{
+ uint8_t len_buf[16];
+
+ /*
+ * u = 128 * ceil[len(C)/128] - len(C)
+ * v = 128 * ceil[len(A)/128] - len(A)
+ * S = GHASH_H(A || 0^v || C || 0^u || [len(A)]64 || [len(C)]64)
+ * (i.e., zero padded to block size A || C and lengths of each in bits)
+ */
+ ghash_start(S);
+ ghash(H, aad, aad_len, S);
+ ghash(H, crypt, crypt_len, S);
+ wlan_crypto_put_be64(len_buf, aad_len * 8);
+ wlan_crypto_put_be64(len_buf + 8, crypt_len * 8);
+ ghash(H, len_buf, sizeof(len_buf), S);
+
+ wpa_hexdump_key(MSG_EXCESSIVE, "S = GHASH_H(...)", S, 16);
+}
+
+
+/**
+ * aes_gcm_ae - GCM-AE_K(IV, P, A)
+ */
+int wlan_crypto_aes_gcm_ae(const uint8_t *key, size_t key_len,
+ const uint8_t *iv, size_t iv_len, const uint8_t *plain,
+ size_t plain_len, const uint8_t *aad, size_t aad_len,
+ uint8_t *crypt, uint8_t *tag){
+ uint8_t H[AES_BLOCK_SIZE];
+ uint8_t J0[AES_BLOCK_SIZE];
+ uint8_t S[16];
+ void *aes;
+ int32_t status = -1;
+
+ aes = aes_gcm_init_hash_subkey(key, key_len, H);
+ if (aes == NULL)
+ return status;
+
+ aes_gcm_prepare_j0(iv, iv_len, H, J0);
+
+ /* C = GCTR_K(inc_32(J_0), P) */
+ aes_gcm_gctr(aes, J0, plain, plain_len, crypt);
+
+ aes_gcm_ghash(H, aad, aad_len, crypt, plain_len, S);
+
+ /* T = MSB_t(GCTR_K(J_0, S)) */
+ aes_gctr(aes, J0, S, sizeof(S), tag);
+
+ /* Return (C, T) */
+
+ wlan_crypto_aes_encrypt_deinit(aes);
+
+ return 0;
+}
+
+
+/**
+ * aes_gcm_ad - GCM-AD_K(IV, C, A, T)
+ */
+int wlan_crypto_aes_gcm_ad(const uint8_t *key, size_t key_len,
+ const uint8_t *iv, size_t iv_len, const uint8_t *crypt,
+ size_t crypt_len, const uint8_t *aad, size_t aad_len,
+ const uint8_t *tag, uint8_t *plain){
+ uint8_t H[AES_BLOCK_SIZE];
+ uint8_t J0[AES_BLOCK_SIZE];
+ uint8_t S[16], T[16];
+ void *aes;
+ int32_t status = -1;
+
+ aes = aes_gcm_init_hash_subkey(key, key_len, H);
+ if (aes == NULL)
+ return status;
+
+ aes_gcm_prepare_j0(iv, iv_len, H, J0);
+
+ /* P = GCTR_K(inc_32(J_0), C) */
+ aes_gcm_gctr(aes, J0, crypt, crypt_len, plain);
+
+ aes_gcm_ghash(H, aad, aad_len, crypt, crypt_len, S);
+
+ /* T' = MSB_t(GCTR_K(J_0, S)) */
+ aes_gctr(aes, J0, S, sizeof(S), T);
+
+ wlan_crypto_aes_encrypt_deinit(aes);
+
+ if (qdf_mem_cmp(tag, T, 16) != 0) {
+ wpa_printf(MSG_EXCESSIVE, "GCM: Tag mismatch");
+ return status;
+ }
+
+ return 0;
+}
+
+
+int wlan_crypto_aes_gmac(const uint8_t *key, size_t key_len,
+ const uint8_t *iv, size_t iv_len, const uint8_t *aad,
+ size_t aad_len, uint8_t *tag){
+ return wlan_crypto_aes_gcm_ae(key, key_len, iv, iv_len, NULL, 0,
+ aad, aad_len, NULL, tag);
+}
diff --git a/crypto/src/wlan_crypto_aes_internal.c b/crypto/src/wlan_crypto_aes_internal.c
new file mode 100644
index 0000000..d47477b
--- /dev/null
+++ b/crypto/src/wlan_crypto_aes_internal.c
@@ -0,0 +1,853 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+/*
+ * AES (Rijndael) cipher
+ *
+ * Modifications to public domain implementation:
+ * - cleanup
+ * - use C pre-processor to make it easier to change S table access
+ * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at
+ * cost of reduced throughput (quite small difference on Pentium 4,
+ * 10-25% when using -O1 or -O2 optimization)
+ *
+ * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <qdf_types.h>
+#include <qdf_mem.h>
+#include <qdf_util.h>
+#include "wlan_crypto_aes_i.h"
+#include "wlan_crypto_def_i.h"
+
+/*
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01, 01, 01, 01];
+*/
+
+const uint32_t Te0[256] = {
+ 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+ 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+ 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+ 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+ 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+ 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+ 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+ 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+ 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+ 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+ 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+ 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+ 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+ 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+ 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+ 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+ 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+ 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+ 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+ 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+ 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+ 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+ 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+ 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+ 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+ 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+ 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+ 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+ 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+ 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+ 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+ 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+ 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+ 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+ 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+ 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+ 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+ 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+ 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+ 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+ 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+ 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+ 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+ 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+ 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+ 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+ 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+ 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+ 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+ 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+ 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+ 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+ 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+ 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+ 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+ 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+ 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+ 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+ 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+ 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+ 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+ 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+ 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+ 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+#ifndef AES_SMALL_TABLES
+const uint32_t Te1[256] = {
+ 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+ 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+ 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+ 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+ 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+ 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+ 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+ 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+ 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+ 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+ 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+ 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+ 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+ 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+ 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+ 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+ 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+ 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+ 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+ 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+ 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+ 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+ 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+ 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+ 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+ 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+ 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+ 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+ 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+ 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+ 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+ 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+ 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+ 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+ 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+ 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+ 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+ 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+ 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+ 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+ 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+ 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+ 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+ 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+ 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+ 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+ 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+ 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+ 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+ 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+ 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+ 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+ 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+ 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+ 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+ 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+ 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+ 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+ 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+ 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+ 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+ 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+ 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+ 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+const uint32_t Te2[256] = {
+ 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+ 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+ 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+ 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+ 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+ 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+ 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+ 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+ 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+ 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+ 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+ 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+ 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+ 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+ 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+ 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+ 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+ 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+ 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+ 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+ 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+ 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+ 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+ 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+ 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+ 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+ 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+ 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+ 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+ 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+ 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+ 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+ 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+ 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+ 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+ 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+ 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+ 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+ 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+ 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+ 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+ 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+ 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+ 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+ 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+ 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+ 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+ 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+ 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+ 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+ 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+ 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+ 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+ 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+ 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+ 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+ 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+ 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+ 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+ 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+ 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+ 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+ 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+ 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+const uint32_t Te3[256] = {
+
+ 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+ 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+ 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+ 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+ 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+ 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+ 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+ 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+ 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+ 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+ 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+ 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+ 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+ 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+ 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+ 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+ 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+ 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+ 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+ 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+ 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+ 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+ 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+ 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+ 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+ 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+ 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+ 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+ 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+ 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+ 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+ 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+ 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+ 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+ 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+ 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+ 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+ 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+ 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+ 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+ 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+ 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+ 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+ 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+ 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+ 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+ 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+ 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+ 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+ 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+ 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+ 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+ 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+ 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+ 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+ 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+ 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+ 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+ 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+ 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+ 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+ 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+ 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+ 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+const uint32_t Te4[256] = {
+ 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+ 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+ 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+ 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+ 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+ 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+ 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+ 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+ 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+ 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+ 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+ 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+ 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+ 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+ 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+ 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+ 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+ 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+ 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+ 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+ 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+ 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+ 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+ 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+ 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+ 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+ 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+ 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+ 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+ 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+ 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+ 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+ 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+ 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+ 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+ 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+ 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+ 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+ 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+ 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+ 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+ 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+ 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+ 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+ 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+ 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+ 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+ 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+ 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+ 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+ 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+ 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+ 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+ 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+ 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+ 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+ 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+ 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+ 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+ 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+ 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+ 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+ 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+ 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
+#endif /* AES_SMALL_TABLES */
+const uint32_t Td0[256] = {
+ 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+ 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+ 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+ 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+ 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+ 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+ 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+ 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+ 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+ 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+ 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+ 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+ 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+ 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+ 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+ 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+ 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+ 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+ 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+ 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+ 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+ 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+ 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+ 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+ 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+ 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+ 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+ 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+ 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+ 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+ 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+ 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+ 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+ 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+ 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+ 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+ 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+ 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+ 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+ 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+ 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+ 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+ 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+ 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+ 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+ 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+ 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+ 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+ 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+ 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+ 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+ 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+ 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+ 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+ 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+ 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+ 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+ 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+ 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+ 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+ 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+ 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+ 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+ 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+#ifndef AES_SMALL_TABLES
+const uint32_t Td1[256] = {
+ 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+ 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+ 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+ 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+ 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+ 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+ 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+ 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+ 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+ 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+ 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+ 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+ 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+ 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+ 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+ 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+ 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+ 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+ 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+ 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+ 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+ 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+ 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+ 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+ 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+ 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+ 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+ 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+ 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+ 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+ 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+ 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+ 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+ 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+ 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+ 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+ 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+ 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+ 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+ 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+ 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+ 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+ 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+ 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+ 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+ 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+ 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+ 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+ 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+ 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+ 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+ 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+ 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+ 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+ 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+ 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+ 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+ 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+ 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+ 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+ 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+ 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+ 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+ 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+const uint32_t Td2[256] = {
+ 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+ 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+ 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+ 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+ 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+ 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+ 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+ 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+ 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+ 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+ 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+ 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+ 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+ 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+ 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+ 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+ 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+ 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+ 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+ 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+
+ 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+ 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+ 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+ 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+ 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+ 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+ 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+ 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+ 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+ 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+ 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+ 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+ 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+ 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+ 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+ 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+ 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+ 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+ 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+ 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+ 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+ 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+ 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+ 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+ 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+ 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+ 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+ 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+ 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+ 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+ 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+ 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+ 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+ 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+ 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+ 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+ 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+ 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+ 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+ 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+ 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+ 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+ 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+ 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+const uint32_t Td3[256] = {
+ 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+ 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+ 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+ 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+ 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+ 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+ 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+ 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+ 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+ 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+ 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+ 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+ 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+ 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+ 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+ 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+ 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+ 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+ 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+ 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+ 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+ 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+ 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+ 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+ 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+ 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+ 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+ 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+ 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+ 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+ 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+ 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+ 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+ 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+ 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+ 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+ 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+ 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+ 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+ 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+ 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+ 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+ 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+ 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+ 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+ 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+ 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+ 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+ 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+ 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+ 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+ 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+ 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+ 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+ 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+ 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+ 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+ 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+ 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+ 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+ 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+ 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+ 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+ 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+const uint32_t Td4[256] = {
+ 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
+ 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
+ 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
+ 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
+ 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
+ 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
+ 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
+ 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
+ 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
+ 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
+ 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
+ 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
+ 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
+ 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
+ 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
+ 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
+ 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
+ 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
+ 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
+ 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
+ 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
+ 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
+ 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
+ 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
+ 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
+ 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
+ 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
+ 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
+ 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
+ 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
+ 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
+ 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+ 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+ 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+ 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+ 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+ 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+ 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+ 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+ 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+ 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+ 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+ 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+ 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+ 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+ 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+ 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+ 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+ 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+ 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+ 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+ 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+ 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+ 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+ 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+ 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+ 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+ 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+ 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+ 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+ 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+ 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+ 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+ 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+};
+
+
+/* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+const uint32_t rcon[] = {
+ 0x01000000, 0x02000000, 0x04000000, 0x08000000,
+ 0x10000000, 0x20000000, 0x40000000, 0x80000000,
+ 0x1B000000, 0x36000000,
+};
+#else /* AES_SMALL_TABLES */
+const uint8_t Td4s[256] = {
+ 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+ 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+ 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+ 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+ 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+ 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+ 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+ 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+ 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+ 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+ 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+ 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+ 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+ 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+ 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+ 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+ 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+ 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+ 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+ 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+ 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+ 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+ 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+ 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+ 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+ 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+ 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+ 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+ 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+ 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+ 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+ 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+const uint8_t rcons[] = {
+ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36
+ /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+#endif /* AES_SMALL_TABLES */
+/**
+ * Expand the cipher key into the encryption key schedule.
+ *
+ * @return the number of rounds for the given cipher key size.
+ */
+int wlan_crypto_rijndaelKeySetupEnc(uint32_t rk[], const uint8_t cipherKey[],
+ int keyBits)
+{
+ int i;
+ uint32_t temp;
+ int32_t status = -1;
+
+ rk[0] = GETU32(cipherKey);
+ rk[1] = GETU32(cipherKey + 4);
+ rk[2] = GETU32(cipherKey + 8);
+ rk[3] = GETU32(cipherKey + 12);
+
+ if (keyBits == 128) {
+ for (i = 0; i < 10; i++) {
+ temp = rk[3];
+ rk[4] = rk[0] ^ TE421(temp) ^ TE432(temp) ^
+ TE443(temp) ^ TE414(temp) ^ RCON(i);
+ rk[5] = rk[1] ^ rk[4];
+ rk[6] = rk[2] ^ rk[5];
+ rk[7] = rk[3] ^ rk[6];
+ rk += 4;
+ }
+ return 10;
+ }
+
+ rk[4] = GETU32(cipherKey + 16);
+ rk[5] = GETU32(cipherKey + 20);
+
+ if (keyBits == 192) {
+ for (i = 0; i < 8; i++) {
+ temp = rk[5];
+ rk[6] = rk[0] ^ TE421(temp) ^ TE432(temp) ^
+ TE443(temp) ^ TE414(temp) ^ RCON(i);
+ rk[7] = rk[1] ^ rk[6];
+ rk[8] = rk[2] ^ rk[7];
+ rk[9] = rk[3] ^ rk[8];
+ if (i == 7)
+ return 12;
+ rk[10] = rk[4] ^ rk[9];
+ rk[11] = rk[5] ^ rk[10];
+ rk += 6;
+ }
+ }
+
+ rk[6] = GETU32(cipherKey + 24);
+ rk[7] = GETU32(cipherKey + 28);
+
+ if (keyBits == 256) {
+ for (i = 0; i < 7; i++) {
+ temp = rk[7];
+ rk[8] = rk[0] ^ TE421(temp) ^ TE432(temp) ^
+ TE443(temp) ^ TE414(temp) ^ RCON(i);
+ rk[9] = rk[1] ^ rk[8];
+ rk[10] = rk[2] ^ rk[9];
+ rk[11] = rk[3] ^ rk[10];
+ if (i == 6)
+ return 14;
+ temp = rk[11];
+ rk[12] = rk[4] ^ TE411(temp) ^ TE422(temp) ^
+ TE433(temp) ^ TE444(temp);
+ rk[13] = rk[5] ^ rk[12];
+ rk[14] = rk[6] ^ rk[13];
+ rk[15] = rk[7] ^ rk[14];
+ rk += 8;
+ }
+ }
+
+ return status;
+}
diff --git a/crypto/src/wlan_crypto_aes_internal_dec.c b/crypto/src/wlan_crypto_aes_internal_dec.c
new file mode 100644
index 0000000..58d8a49
--- /dev/null
+++ b/crypto/src/wlan_crypto_aes_internal_dec.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+/*
+ * AES (Rijndael) cipher - decrypt
+ *
+ * Modifications to public domain implementation:
+ * - cleanup
+ * - use C pre-processor to make it easier to change S table access
+ * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at
+ * cost of reduced throughput (quite small difference on Pentium 4,
+ * 10-25% when using -O1 or -O2 optimization)
+ *
+ * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+#include <qdf_types.h>
+#include <qdf_mem.h>
+#include <qdf_util.h>
+#include "wlan_crypto_aes_i.h"
+#include "wlan_crypto_def_i.h"
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ *
+ * @return the number of rounds for the given cipher key size.
+ */
+static int rijndaelKeySetupDec(uint32_t rk[], const uint8_t cipherKey[],
+ int keyBits){
+ int Nr, i, j;
+ uint32_t temp;
+
+ /* expand the cipher key: */
+ Nr = wlan_crypto_rijndaelKeySetupEnc(rk, cipherKey, keyBits);
+ if (Nr < 0)
+ return Nr;
+ /* invert the order of the round keys: */
+ for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
+ temp = rk[i]; rk[i] = rk[j]; rk[j] = temp;
+ temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+ temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+ temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+ }
+ /* apply the inverse MixColumn transform to all round keys but the
+ * first and the last: */
+ for (i = 1; i < Nr; i++) {
+ rk += 4;
+ for (j = 0; j < 4; j++) {
+ rk[j] = TD0_(TE4((rk[j] >> 24))) ^
+ TD1_(TE4((rk[j] >> 16) & 0xff)) ^
+ TD2_(TE4((rk[j] >> 8) & 0xff)) ^
+ TD3_(TE4((rk[j]) & 0xff));
+ }
+ }
+
+ return Nr;
+}
+
+void *wlan_crypto_aes_decrypt_init(const uint8_t *key, size_t len)
+{
+ uint32_t *rk;
+ int res;
+ rk = qdf_mem_malloc(AES_PRIV_SIZE);
+ if (rk == NULL)
+ return NULL;
+ res = rijndaelKeySetupDec(rk, key, len * 8);
+ if (res < 0) {
+ qdf_mem_free(rk);
+ return NULL;
+ }
+ rk[AES_PRIV_NR_POS] = res;
+ return rk;
+}
+
+static void rijndaelDecrypt(const uint32_t rk[/*44*/], int Nr,
+ const uint8_t ct[16], uint8_t pt[16]){
+ uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+ int r;
+#endif /* ?FULL_UNROLL */
+
+ /*
+ * map byte array block to cipher state
+ * and add initial round key:
+ */
+ s0 = GETU32(ct) ^ rk[0];
+ s1 = GETU32(ct + 4) ^ rk[1];
+ s2 = GETU32(ct + 8) ^ rk[2];
+ s3 = GETU32(ct + 12) ^ rk[3];
+
+#define ROUND(i, d, s) {\
+d##0 = TD0(s##0) ^ TD1(s##3) ^ TD2(s##2) ^ TD3(s##1) ^ rk[4 * i]; \
+d##1 = TD0(s##1) ^ TD1(s##0) ^ TD2(s##3) ^ TD3(s##2) ^ rk[4 * i + 1]; \
+d##2 = TD0(s##2) ^ TD1(s##1) ^ TD2(s##0) ^ TD3(s##3) ^ rk[4 * i + 2]; \
+d##3 = TD0(s##3) ^ TD1(s##2) ^ TD2(s##1) ^ TD3(s##0) ^ rk[4 * i + 3]; }
+
+#ifdef FULL_UNROLL
+
+ ROUND(1, t, s);
+ ROUND(2, s, t);
+ ROUND(3, t, s);
+ ROUND(4, s, t);
+ ROUND(5, t, s);
+ ROUND(6, s, t);
+ ROUND(7, t, s);
+ ROUND(8, s, t);
+ ROUND(9, t, s);
+ if (Nr > 10) {
+ ROUND(10, s, t);
+ ROUND(11, t, s);
+ if (Nr > 12) {
+ ROUND(12, s, t);
+ ROUND(13, t, s);
+ }
+ }
+
+ rk += Nr << 2;
+
+#else /* !FULL_UNROLL */
+
+ /* Nr - 1 full rounds: */
+ r = Nr >> 1;
+ for (;;) {
+ ROUND(1, t, s);
+ rk += 8;
+ if (--r == 0)
+ break;
+ ROUND(0, s, t);
+ }
+
+#endif /* ?FULL_UNROLL */
+
+#undef ROUND
+
+ /*
+ * apply last round and
+ * map cipher state to byte array block:
+ */
+ s0 = TD41(t0) ^ TD42(t3) ^ TD43(t2) ^ TD44(t1) ^ rk[0];
+ PUTU32(pt, s0);
+ s1 = TD41(t1) ^ TD42(t0) ^ TD43(t3) ^ TD44(t2) ^ rk[1];
+ PUTU32(pt + 4, s1);
+ s2 = TD41(t2) ^ TD42(t1) ^ TD43(t0) ^ TD44(t3) ^ rk[2];
+ PUTU32(pt + 8, s2);
+ s3 = TD41(t3) ^ TD42(t2) ^ TD43(t1) ^ TD44(t0) ^ rk[3];
+ PUTU32(pt + 12, s3);
+}
+
+void wlan_crypto_aes_decrypt(void *ctx, const uint8_t *crypt, uint8_t *plain)
+{
+ uint32_t *rk = ctx;
+ rijndaelDecrypt(ctx, rk[AES_PRIV_NR_POS], crypt, plain);
+}
+
+
+void wlan_crypto_aes_decrypt_deinit(void *ctx)
+{
+ qdf_mem_set(ctx, AES_PRIV_SIZE, 0);
+ qdf_mem_free(ctx);
+}
diff --git a/crypto/src/wlan_crypto_aes_internal_enc.c b/crypto/src/wlan_crypto_aes_internal_enc.c
new file mode 100644
index 0000000..41dfe90
--- /dev/null
+++ b/crypto/src/wlan_crypto_aes_internal_enc.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+/*
+ * AES (Rijndael) cipher - encrypt
+ *
+ * Modifications to public domain implementation:
+ * - cleanup
+ * - use C pre-processor to make it easier to change S table access
+ * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at
+ * cost of reduced throughput (quite small difference on Pentium 4,
+ * 10-25% when using -O1 or -O2 optimization)
+ *
+ * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <qdf_types.h>
+#include <qdf_mem.h>
+#include <qdf_util.h>
+#include "wlan_crypto_aes_i.h"
+#include "wlan_crypto_def_i.h"
+
+static void rijndaelEncrypt(const uint32_t rk[], int Nr, const uint8_t pt[16],
+ uint8_t ct[16]){
+ uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+ int r;
+#endif /* ?FULL_UNROLL */
+
+ /*
+ * map byte array block to cipher state
+ * and add initial round key:
+ */
+ s0 = GETU32(pt) ^ rk[0];
+ s1 = GETU32(pt + 4) ^ rk[1];
+ s2 = GETU32(pt + 8) ^ rk[2];
+ s3 = GETU32(pt + 12) ^ rk[3];
+
+#define ROUND(i, d, s) {\
+d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
+d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
+d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
+d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]; }
+
+#ifdef FULL_UNROLL
+
+ ROUND(1, t, s);
+ ROUND(2, s, t);
+ ROUND(3, t, s);
+ ROUND(4, s, t);
+ ROUND(5, t, s);
+ ROUND(6, s, t);
+ ROUND(7, t, s);
+ ROUND(8, s, t);
+ ROUND(9, t, s);
+ if (Nr > 10) {
+ ROUND(10, s, t);
+ ROUND(11, t, s);
+ if (Nr > 12) {
+ ROUND(12, s, t);
+ ROUND(13, t, s);
+ }
+ }
+
+ rk += Nr << 2;
+
+#else /* !FULL_UNROLL */
+
+ /* Nr - 1 full rounds: */
+ r = Nr >> 1;
+ for (;;) {
+ ROUND(1, t, s);
+ rk += 8;
+ if (--r == 0)
+ break;
+ ROUND(0, s, t);
+ }
+
+#endif /* ?FULL_UNROLL */
+
+#undef ROUND
+
+ /*
+ * apply last round and
+ * map cipher state to byte array block:
+ */
+ s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0];
+ PUTU32(ct, s0);
+ s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1];
+ PUTU32(ct + 4, s1);
+ s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2];
+ PUTU32(ct + 8, s2);
+ s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3];
+ PUTU32(ct + 12, s3);
+}
+
+
+void *wlan_crypto_aes_encrypt_init(const uint8_t *key, size_t len)
+{
+ uint32_t *rk;
+ int res;
+ rk = qdf_mem_malloc(AES_PRIV_SIZE);
+ if (rk == NULL)
+ return NULL;
+ res = wlan_crypto_rijndaelKeySetupEnc(rk, key, len * 8);
+ if (res < 0) {
+ qdf_mem_free(rk);
+ return NULL;
+ }
+ rk[AES_PRIV_NR_POS] = res;
+ return rk;
+}
+
+
+void wlan_crypto_aes_encrypt(void *ctx, const uint8_t *plain, uint8_t *crypt)
+{
+ uint32_t *rk = ctx;
+ rijndaelEncrypt(ctx, rk[AES_PRIV_NR_POS], plain, crypt);
+}
+
+
+void wlan_crypto_aes_encrypt_deinit(void *ctx)
+{
+ qdf_mem_set(ctx, AES_PRIV_SIZE, 0);
+ qdf_mem_free(ctx);
+}
diff --git a/crypto/src/wlan_crypto_aes_omac1.c b/crypto/src/wlan_crypto_aes_omac1.c
new file mode 100644
index 0000000..cf0518d
--- /dev/null
+++ b/crypto/src/wlan_crypto_aes_omac1.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+/*
+ * One-key CBC MAC (OMAC1) hash with AES
+ *
+ * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <qdf_types.h>
+#include <qdf_mem.h>
+#include <qdf_util.h>
+#include "wlan_crypto_aes_i.h"
+#include "wlan_crypto_def_i.h"
+
+static void gf_mulx(uint8_t *pad)
+{
+ int i, carry;
+
+ carry = pad[0] & 0x80;
+ for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
+ pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
+ pad[AES_BLOCK_SIZE - 1] <<= 1;
+ if (carry)
+ pad[AES_BLOCK_SIZE - 1] ^= 0x87;
+}
+
+
+/**
+ * omac1_aes_vector - One-Key CBC MAC (OMAC1) hash with AES
+ * @key: Key for the hash operation
+ * @key_len: Key length in octets
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This is a mode for using block cipher (AES in this case) for authentication.
+ * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
+ * (SP) 800-38B.
+ */
+int omac1_aes_vector(const uint8_t *key, size_t key_len, size_t num_elem,
+ const uint8_t *addr[], const size_t *len, uint8_t *mac)
+{
+ void *ctx;
+ const uint8_t *pos, *end;
+ int32_t status = -1;
+ size_t i, e, left, total_len;
+ uint8_t cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
+
+
+ ctx = wlan_crypto_aes_encrypt_init(key, key_len);
+ if (ctx == NULL)
+ return status;
+
+ total_len = 0;
+ for (e = 0; e < num_elem; e++)
+ total_len += len[e];
+ left = total_len;
+
+ qdf_mem_set(cbc, AES_BLOCK_SIZE, 0);
+
+ e = 0;
+ pos = addr[0];
+ end = pos + len[0];
+
+ while (left >= AES_BLOCK_SIZE) {
+ for (i = 0; i < AES_BLOCK_SIZE; i++) {
+ cbc[i] ^= *pos++;
+ if (pos >= end) {
+ /*
+ * Stop if there are no more bytes to process
+ * since there are no more entries in the array.
+ */
+ if (i + 1 == AES_BLOCK_SIZE &&
+ left == AES_BLOCK_SIZE)
+ break;
+ e++;
+ pos = addr[e];
+ end = pos + len[e];
+ }
+ }
+ if (left > AES_BLOCK_SIZE)
+ wlan_crypto_aes_encrypt(ctx, cbc, cbc);
+ left -= AES_BLOCK_SIZE;
+ }
+
+ qdf_mem_set(pad, AES_BLOCK_SIZE, 0);
+ wlan_crypto_aes_encrypt(ctx, pad, pad);
+ gf_mulx(pad);
+
+ if (left || total_len == 0) {
+ for (i = 0; i < left; i++) {
+ cbc[i] ^= *pos++;
+ if (pos >= end) {
+ /*
+ * Stop if there are no more bytes to process
+ * since there are no more entries in the array.
+ */
+ if (i + 1 == left)
+ break;
+ e++;
+ pos = addr[e];
+ end = pos + len[e];
+ }
+ }
+ cbc[left] ^= 0x80;
+ gf_mulx(pad);
+ }
+
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
+ pad[i] ^= cbc[i];
+ wlan_crypto_aes_encrypt(ctx, pad, mac);
+ wlan_crypto_aes_encrypt_deinit(ctx);
+ return 0;
+}
+
+
+/**
+ * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
+ * @key: 128-bit key for the hash operation
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This is a mode for using block cipher (AES in this case) for authentication.
+ * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
+ * (SP) 800-38B.
+ */
+int omac1_aes_128_vector(const uint8_t *key, size_t num_elem,
+ const uint8_t *addr[], const size_t *len, uint8_t *mac)
+{
+ return omac1_aes_vector(key, 16, num_elem, addr, len, mac);
+}
+
+
+/**
+ * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
+ * @key: 128-bit key for the hash operation
+ * @data: Data buffer for which a MAC is determined
+ * @data_len: Length of data buffer in bytes
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This is a mode for using block cipher (AES in this case) for authentication.
+ * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
+ * (SP) 800-38B.
+ */
+int omac1_aes_128(const uint8_t *key, const uint8_t *data,
+ size_t data_len, uint8_t *mac){
+ return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
+}
+
+
+/**
+ * omac1_aes_256 - One-Key CBC MAC (OMAC1) hash with AES-256 (aka AES-CMAC)
+ * @key: 256-bit key for the hash operation
+ * @data: Data buffer for which a MAC is determined
+ * @data_len: Length of data buffer in bytes
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This is a mode for using block cipher (AES in this case) for authentication.
+ * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
+ * (SP) 800-38B.
+ */
+int omac1_aes_256(const uint8_t *key, const uint8_t *data,
+ size_t data_len, uint8_t *mac){
+ return omac1_aes_vector(key, 32, 1, &data, &data_len, mac);
+}
diff --git a/crypto/src/wlan_crypto_aes_siv.c b/crypto/src/wlan_crypto_aes_siv.c
new file mode 100644
index 0000000..8186b77
--- /dev/null
+++ b/crypto/src/wlan_crypto_aes_siv.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+
+/*
+ * AES SIV (RFC 5297)
+ * Copyright (c) 2013 Cozybit, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifdef WLAN_SUPPORT_FILS
+
+#include <qdf_crypto.h>
+#include <wlan_crypto_aes_i.h>
+#include "wlan_crypto_aes_ctr_i.h"
+
+static const uint8_t zero[AES_BLOCK_SIZE];
+
+static void dbl(uint8_t *pad)
+{
+ int32_t i, carry;
+
+ carry = pad[0] & 0x80;
+ for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
+ pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
+ pad[AES_BLOCK_SIZE - 1] <<= 1;
+ if (carry)
+ pad[AES_BLOCK_SIZE - 1] ^= 0x87;
+}
+
+static void xor(uint8_t *a, const uint8_t *b)
+{
+ int32_t i;
+
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
+ *a++ ^= *b++;
+}
+
+static void xorend(uint8_t *a, int32_t alen, const uint8_t *b, int32_t blen)
+{
+ int32_t i;
+
+ if (alen < blen)
+ return;
+
+ for (i = 0; i < blen; i++)
+ a[alen - blen + i] ^= b[i];
+}
+
+static void pad_block(uint8_t *pad, const uint8_t *addr, size_t len)
+{
+ qdf_mem_zero(pad, AES_BLOCK_SIZE);
+ qdf_mem_copy(pad, addr, len);
+
+ if (len < AES_BLOCK_SIZE)
+ pad[len] = 0x80;
+}
+
+static int32_t
+aes_s2v(const uint8_t *key, size_t key_len, size_t num_elem,
+ const uint8_t *addr[], size_t *len, uint8_t *mac)
+{
+ uint8_t tmp[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
+ uint8_t *buf = NULL;
+ int32_t ret = -1;
+ size_t i;
+ const uint8_t *data[1];
+ size_t data_len[1];
+
+ if (!num_elem) {
+ qdf_mem_copy(tmp, zero, sizeof(zero));
+ tmp[AES_BLOCK_SIZE - 1] = 1;
+ data[0] = tmp;
+ data_len[0] = sizeof(tmp);
+ return omac1_aes_vector(key, key_len, 1, data, data_len, mac);
+ }
+
+ data[0] = zero;
+ data_len[0] = sizeof(zero);
+ ret = omac1_aes_vector(key, key_len, 1, data, data_len, tmp);
+ if (ret)
+ return ret;
+
+ for (i = 0; i < num_elem - 1; i++) {
+ ret = omac1_aes_vector(key, key_len, 1, &addr[i], &len[i],
+ tmp2);
+ if (ret)
+ return ret;
+
+ dbl(tmp);
+ xor(tmp, tmp2);
+ }
+ if (len[i] >= AES_BLOCK_SIZE) {
+ buf = OS_MALLOC(NULL, len[i], GFP_ATOMIC);
+ if (!buf)
+ return -ENOMEM;
+
+ qdf_mem_copy(buf, addr[i], len[i]);
+ xorend(buf, len[i], tmp, AES_BLOCK_SIZE);
+ data[0] = buf;
+ ret = omac1_aes_vector(key, key_len, 1, data, &len[i], mac);
+ memset(buf, 0, len[i]);
+ OS_FREE(buf);
+ return ret;
+ }
+
+ dbl(tmp);
+ pad_block(tmp2, addr[i], len[i]);
+ xor(tmp, tmp2);
+
+ data[0] = tmp;
+ data_len[0] = sizeof(tmp);
+
+ return omac1_aes_vector(key, key_len, 1, data, data_len, mac);
+}
+
+int32_t wlan_crypto_aes_siv_encrypt(const uint8_t *key, size_t key_len,
+ const uint8_t *pw, size_t pwlen,
+ size_t num_elem, const uint8_t *addr[],
+ const size_t *len, uint8_t *out)
+{
+ const uint8_t *_addr[6];
+ size_t _len[6];
+ const uint8_t *k1, *k2;
+ uint8_t v[AES_BLOCK_SIZE];
+ size_t i;
+ uint8_t *iv, *crypt_pw;
+ int32_t status = -1;
+
+ if (num_elem > ARRAY_SIZE(_addr) - 1 ||
+ (key_len != 32 && key_len != 48 && key_len != 64))
+ return status;
+
+ key_len /= 2;
+ k1 = key;
+ k2 = key + key_len;
+
+ for (i = 0; i < num_elem; i++) {
+ _addr[i] = addr[i];
+ _len[i] = len[i];
+ }
+ _addr[num_elem] = pw;
+ _len[num_elem] = pwlen;
+
+ if (aes_s2v(k1, key_len, num_elem + 1, _addr, _len, v))
+ return status;
+
+ iv = out;
+ crypt_pw = out + AES_BLOCK_SIZE;
+
+ qdf_mem_copy(iv, v, AES_BLOCK_SIZE);
+ qdf_mem_copy(crypt_pw, pw, pwlen);
+
+ /* zero out 63rd and 31st bits of ctr (from right) */
+ v[8] &= 0x7f;
+ v[12] &= 0x7f;
+
+ return wlan_crypto_aes_ctr_encrypt(k2, key_len, v, crypt_pw, pwlen);
+}
+
+int32_t wlan_crypto_aes_siv_decrypt(const uint8_t *key, size_t key_len,
+ const uint8_t *iv_crypt, size_t iv_c_len,
+ size_t num_elem, const uint8_t *addr[],
+ const size_t *len, uint8_t *out)
+{
+ const uint8_t *_addr[6];
+ size_t _len[6];
+ const uint8_t *k1, *k2;
+ size_t crypt_len;
+ size_t i;
+ int32_t ret = -1;
+ uint8_t iv[AES_BLOCK_SIZE];
+ uint8_t check[AES_BLOCK_SIZE];
+
+ if (iv_c_len < AES_BLOCK_SIZE || num_elem > ARRAY_SIZE(_addr) - 1 ||
+ (key_len != 32 && key_len != 48 && key_len != 64))
+ return ret;
+
+ crypt_len = iv_c_len - AES_BLOCK_SIZE;
+ key_len /= 2;
+ k1 = key;
+ k2 = key + key_len;
+
+ for (i = 0; i < num_elem; i++) {
+ _addr[i] = addr[i];
+ _len[i] = len[i];
+ }
+ _addr[num_elem] = out;
+ _len[num_elem] = crypt_len;
+
+ qdf_mem_copy(iv, iv_crypt, AES_BLOCK_SIZE);
+ qdf_mem_copy(out, iv_crypt + AES_BLOCK_SIZE, crypt_len);
+
+ iv[8] &= 0x7f;
+ iv[12] &= 0x7f;
+
+ ret = wlan_crypto_aes_ctr_encrypt(k2, key_len, iv, out, crypt_len);
+ if (ret)
+ return ret;
+
+ ret = aes_s2v(k1, key_len, num_elem + 1, _addr, _len, check);
+ if (ret)
+ return ret;
+
+ if (qdf_mem_cmp(check, iv_crypt, AES_BLOCK_SIZE) == 0)
+ return 0;
+
+ return ret;
+}
+
+#endif /* WLAN_SUPPORT_FILS */
diff --git a/crypto/src/wlan_crypto_ccmp.c b/crypto/src/wlan_crypto_ccmp.c
new file mode 100644
index 0000000..2984b9d
--- /dev/null
+++ b/crypto/src/wlan_crypto_ccmp.c
@@ -0,0 +1,319 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for
+ * any purpose with or without fee is hereby granted, provided that the
+ * above copyright notice and this permission notice appear in all
+ * copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+ /**
+ * DOC: Private API for handling CCMP related operations
+ */
+#include <qdf_types.h>
+#include <wlan_cmn.h>
+#include <wlan_objmgr_cmn.h>
+#include <wlan_objmgr_global_obj.h>
+#include <wlan_objmgr_psoc_obj.h>
+#include <wlan_objmgr_pdev_obj.h>
+#include <wlan_objmgr_vdev_obj.h>
+#include <wlan_objmgr_peer_obj.h>
+
+#include "wlan_crypto_global_def.h"
+#include "wlan_crypto_def_i.h"
+#include "wlan_crypto_main_i.h"
+#include "wlan_crypto_obj_mgr_i.h"
+
+#define MAX_CCMP_PN_GAP_ERR_CHECK 0
+
+static QDF_STATUS ccmp_setkey(struct wlan_crypto_key *key)
+{
+ return QDF_STATUS_SUCCESS;
+}
+
+static QDF_STATUS ccmp_encap(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t encapdone,
+ uint8_t hdrlen){
+ uint8_t *ivp;
+ struct ieee80211_hdr *hdr;
+ struct wlan_crypto_cipher *cipher_table;
+
+ cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
+
+ hdr = (struct ieee80211_hdr *)qdf_nbuf_data(wbuf);
+
+ /*
+ * Copy down 802.11 header and add the IV, KeyID, and ExtIV.
+ */
+ if (encapdone) {
+ ivp = (uint8_t *)qdf_nbuf_data(wbuf);
+ } else {
+ uint8_t ivmic_len = cipher_table->header + cipher_table->miclen;
+ ivp = (uint8_t *)qdf_nbuf_push_head(wbuf, ivmic_len);
+ qdf_mem_move(ivp, ivp + ivmic_len, hdrlen);
+
+ qdf_mem_move(ivp + hdrlen + cipher_table->header,
+ ivp + hdrlen + ivmic_len,
+ (qdf_nbuf_len(wbuf) - hdrlen - ivmic_len));
+
+ ivp = (uint8_t *) qdf_nbuf_data(wbuf);
+ }
+
+ ivp += hdrlen;
+ /* XXX wrap at 48 bits */
+ key->keytsc++;
+
+ ivp[0] = key->keytsc >> 0; /* PN0 */
+ ivp[1] = key->keytsc >> 8; /* PN1 */
+ ivp[2] = 0; /* Reserved */
+ ivp[3] = (key->keyix << 6)| WLAN_CRYPTO_EXT_IV_BIT;/* KeyID | ExtID */
+ ivp[4] = key->keytsc >> 16; /* PN2 */
+ ivp[5] = key->keytsc >> 24; /* PN3 */
+ ivp[6] = key->keytsc >> 32; /* PN4 */
+ ivp[7] = key->keytsc >> 40; /* PN5 */
+
+ /*
+ * Finally, do software encrypt if neeed.
+ */
+ if (key->flags & WLAN_CRYPTO_KEY_SWENCRYPT) {
+ if (!wlan_crypto_ccmp_encrypt(key->keyval,
+ qdf_nbuf_data(wbuf),
+ qdf_nbuf_len(wbuf), hdrlen)) {
+ return QDF_STATUS_CRYPTO_ENCRYPT_FAILED;
+ }
+ }
+
+ return QDF_STATUS_SUCCESS;
+}
+
+#define WLAN_CRYPTO_CCMP_PN_MAX(pn) (pn + MAX_CCMP_PN_GAP_ERR_CHECK)
+
+static QDF_STATUS ccmp_decap(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t tid,
+ uint8_t hdrlen){
+ struct ieee80211_hdr *hdr;
+ uint8_t *ivp, *origHdr;
+ uint64_t pn;
+ uint8_t update_keyrsc = 1;
+ struct wlan_crypto_cipher *cipher_table;
+
+ cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
+
+ /*
+ * Header should have extended IV and sequence number;
+ * verify the former and validate the latter.
+ */
+ origHdr = (uint8_t *)qdf_nbuf_data(wbuf);
+ hdr = (struct ieee80211_hdr *)origHdr;
+
+ ivp = origHdr + hdrlen;
+
+ if ((ivp[WLAN_CRYPTO_IV_LEN] & WLAN_CRYPTO_EXT_IV_BIT) == 0) {
+ /*invalid CCMP iv*/
+ return QDF_STATUS_E_INVAL;
+ }
+
+ tid = wlan_get_tid(qdf_nbuf_data(wbuf));
+
+ pn = READ_6(ivp[0], ivp[1], ivp[4], ivp[5], ivp[6], ivp[7]);
+
+ if (pn <= key->keyrsc[tid]) {
+ /*
+ * Replay violation.
+ */
+ return QDF_STATUS_CRYPTO_PN_ERROR;
+ }
+
+ if ((key->flags & WLAN_CRYPTO_KEY_SWDECRYPT)) {
+ if (!wlan_crypto_ccmp_decrypt(key->keyval,
+ (struct wlan_frame_hdr *)origHdr,
+ (origHdr + hdrlen),
+ (qdf_nbuf_len(wbuf) - hdrlen))) {
+ return QDF_STATUS_CRYPTO_DECRYPT_FAILED;
+ }
+ }
+
+ /* we can get corrupted frame that has a bad PN.
+ * The PN upper bits tend to get corrupted.
+ * The PN should be a monotically increasing counter.
+ * if we detected a big jump, then we will throw away this frame.
+ */
+ if ((key->keyrsc[tid] > 1) &&
+ (pn > (WLAN_CRYPTO_CCMP_PN_MAX(key->keyrsc[tid])))) {
+ /* PN jump wrt keyrsc is > MAX_CCMP_PN_GAP_ERR_CHECK -
+ * PN of current frame is suspected
+ */
+ if (key->keyrsc_suspect[tid]) {
+ /* Check whether PN of the current frame
+ * is following prev PN seq or not
+ */
+ if (pn < key->keyrsc_suspect[tid]) {
+ /* PN number of the curr frame < PN no of prev
+ * rxed frame. As we are not sure about prev
+ * suspect PN, to detect replay, check the
+ * current PN with global PN
+ */
+ if (pn < key->keyglobal)
+ /* Replay violation */
+ return QDF_STATUS_CRYPTO_PN_ERROR;
+ else {
+ /* Current PN is following global PN,
+ * so mark this as suspected PN
+ * Don't update keyrsc & keyglobal
+ */
+ key->keyrsc_suspect[tid] = pn;
+ update_keyrsc = 0;
+ }
+ } else if (pn <
+ (WLAN_CRYPTO_CCMP_PN_MAX(key->keyrsc_suspect[tid]))) {
+ /* Current PN is following prev suspected
+ * PN seq Update keyrsc & keyglobal
+ * (update_keyrsc = 1;)
+ */
+ } else {
+ /* Current PN is neither following prev
+ * suspected PN nor prev Keyrsc.
+ * Mark this as new suspect and
+ * don't update keyrsc & keyglobal
+ */
+ key->keyrsc_suspect[tid] = pn;
+ update_keyrsc = 0;
+ }
+ } else {
+ /* New Jump in PN observed
+ * So mark this PN as suspected and
+ * don't update keyrsc/keyglobal */
+ key->keyrsc_suspect[tid] = pn;
+ update_keyrsc = 0;
+ }
+ } else {
+ /* Valid PN, update keyrsc & keyglobal (update_keyrsc = 1;) */
+ }
+
+ /*
+ * Copy up 802.11 header and strip crypto bits.
+ */
+ if (!(key->flags & WLAN_CRYPTO_KEY_SWDECRYPT)) {
+ qdf_mem_move(origHdr + cipher_table->header, origHdr, hdrlen);
+ qdf_nbuf_pull_head(wbuf, cipher_table->header);
+ qdf_nbuf_trim_tail(wbuf, cipher_table->trailer
+ + cipher_table->miclen);
+ } else {
+ qdf_nbuf_trim_tail(wbuf, cipher_table->header
+ + cipher_table->miclen);
+ }
+
+ if (update_keyrsc) {
+ /*
+ * Ok to update rsc now.
+ */
+ key->keyrsc[tid] = pn;
+ key->keyglobal = pn;
+ key->keyrsc_suspect[tid] = 0;
+ }
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS ccmp_enmic(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t keyid,
+ uint8_t hdrlen){
+
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS ccmp_demic(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t keyid,
+ uint8_t hdrlen){
+ return QDF_STATUS_SUCCESS;
+}
+
+
+const struct wlan_crypto_cipher ccmp_cipher_table = {
+ "AES-CCM",
+ WLAN_CRYPTO_CIPHER_AES_CCM,
+ WLAN_CRYPTO_IV_LEN + WLAN_CRYPTO_KEYID_LEN + WLAN_CRYPTO_EXT_IV_LEN,
+ 0,
+ WLAN_CRYPTO_MIC_LEN,
+ 128,
+ ccmp_setkey,
+ ccmp_encap,
+ ccmp_decap,
+ ccmp_enmic,
+ ccmp_demic,
+};
+
+
+const struct wlan_crypto_cipher ccmp256_cipher_table = {
+ "AES-CCM256",
+ WLAN_CRYPTO_CIPHER_AES_CCM_256,
+ WLAN_CRYPTO_IV_LEN + WLAN_CRYPTO_KEYID_LEN + WLAN_CRYPTO_EXT_IV_LEN,
+ 0,
+ WLAN_CRYPTO_MIC256_LEN,
+ 256,
+ ccmp_setkey,
+ ccmp_encap,
+ ccmp_decap,
+ ccmp_enmic,
+ ccmp_demic,
+};
+
+
+const struct wlan_crypto_cipher gcmp_cipher_table = {
+ "AES-GCM",
+ WLAN_CRYPTO_CIPHER_AES_GCM,
+ WLAN_CRYPTO_IV_LEN + WLAN_CRYPTO_KEYID_LEN + WLAN_CRYPTO_EXT_IV_LEN,
+ 0,
+ WLAN_CRYPTO_MIC_LEN,
+ 128,
+ ccmp_setkey,
+ ccmp_encap,
+ ccmp_decap,
+ ccmp_enmic,
+ ccmp_demic,
+};
+
+
+const struct wlan_crypto_cipher gcmp256_cipher_table = {
+ "AES-GCM256",
+ WLAN_CRYPTO_CIPHER_AES_GCM_256,
+ WLAN_CRYPTO_IV_LEN + WLAN_CRYPTO_KEYID_LEN + WLAN_CRYPTO_EXT_IV_LEN,
+ 0,
+ WLAN_CRYPTO_MIC256_LEN,
+ 256,
+ ccmp_setkey,
+ ccmp_encap,
+ ccmp_decap,
+ ccmp_enmic,
+ ccmp_demic,
+};
+
+const struct wlan_crypto_cipher *ccmp_register(void)
+{
+ return &ccmp_cipher_table;
+}
+
+const struct wlan_crypto_cipher *ccmp256_register(void)
+{
+ return &ccmp256_cipher_table;
+}
+
+const struct wlan_crypto_cipher *gcmp_register(void)
+{
+ return &gcmp_cipher_table;
+}
+
+const struct wlan_crypto_cipher *gcmp256_register(void)
+{
+ return &gcmp256_cipher_table;
+}
diff --git a/crypto/src/wlan_crypto_ccmp_sw.c b/crypto/src/wlan_crypto_ccmp_sw.c
new file mode 100644
index 0000000..bcc9906
--- /dev/null
+++ b/crypto/src/wlan_crypto_ccmp_sw.c
@@ -0,0 +1,284 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ */
+/*
+ * CTR with CBC-MAC Protocol (CCMP)
+ * Copyright (c) 2010-2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <qdf_types.h>
+#include <qdf_mem.h>
+#include <qdf_util.h>
+#include "wlan_crypto_aes_i.h"
+#include "wlan_crypto_def_i.h"
+
+static void ccmp_aad_nonce(const struct wlan_frame_hdr *hdr, const uint8_t *data,
+ uint8_t *aad, size_t *aad_len, uint8_t *nonce)
+{
+ uint16_t seq;
+ uint8_t stype;
+ int qos = 0, addr4 = 0;
+ uint8_t *pos;
+
+ nonce[0] = 0;
+
+ stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]);
+ if ((hdr->i_fc[1] & WLAN_FC1_DIR_MASK) ==
+ (WLAN_FC1_DSTODS))
+ addr4 = 1;
+
+ if (WLAN_FC0_GET_TYPE(hdr->i_fc[0]) == WLAN_FC0_TYPE_DATA) {
+ aad[0] &= ~0x70; /* Mask subtype bits */
+ if (stype & 0x08) {
+ const uint8_t *qc;
+ qos = 1;
+ aad[1] &= ~WLAN_FC1_ORDER;
+ qc = (const uint8_t *) (hdr + 1);
+ if (addr4)
+ qc += QDF_MAC_ADDR_SIZE;
+ nonce[0] = qc[0] & 0x0f;
+ }
+ } else if (WLAN_FC0_GET_TYPE(hdr->i_fc[0])
+ == WLAN_FC0_TYPE_MGMT) {
+ nonce[0] |= 0x10; /* Management */
+ }
+
+ aad[1] &= ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT | WLAN_FC1_MOREDATA);
+ aad[1] |= WLAN_FC1_ISWEP;
+ pos = aad + 2;
+ qdf_mem_copy(pos, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE);
+ pos += 3 * QDF_MAC_ADDR_SIZE;
+ seq = qdf_le16_to_cpu(*((uint16_t *)&hdr->i_seq[0]));
+ seq &= ~0xfff0; /* Mask Seq#; do not modify Frag# */
+ wlan_crypto_put_le16(pos, seq);
+ pos += 2;
+
+ qdf_mem_copy(pos, hdr + 1, addr4 * QDF_MAC_ADDR_SIZE + qos * 2);
+ pos += addr4 * QDF_MAC_ADDR_SIZE;
+ if (qos) {
+ pos[0] &= ~0x70;
+ if (1 /* FIX: either device has SPP A-MSDU Capab = 0 */)
+ pos[0] &= ~0x80;
+ pos++;
+ *pos++ = 0x00;
+ }
+
+ *aad_len = pos - aad;
+
+ qdf_mem_copy(nonce + 1, hdr->i_addr2, QDF_MAC_ADDR_SIZE);
+ nonce[7] = data[7]; /* PN5 */
+ nonce[8] = data[6]; /* PN4 */
+ nonce[9] = data[5]; /* PN3 */
+ nonce[10] = data[4]; /* PN2 */
+ nonce[11] = data[1]; /* PN1 */
+ nonce[12] = data[0]; /* PN0 */
+}
+
+
+uint8_t *wlan_crypto_ccmp_decrypt(const uint8_t *tk,
+ const struct wlan_frame_hdr *hdr,
+ uint8_t *data, size_t data_len){
+ uint8_t aad[30], nonce[13];
+ size_t aad_len;
+ size_t mlen;
+ uint8_t *plain;
+
+ if (data_len < CCMP_IV_SIZE + WLAN_CRYPTO_MIC_LEN)
+ return NULL;
+
+ plain = qdf_mem_malloc(data_len + AES_BLOCK_SIZE);
+ if (plain == NULL) {
+ crypto_err("mem alloc failed");
+ return NULL;
+ }
+
+ mlen = data_len - CCMP_IV_SIZE - WLAN_CRYPTO_MIC_LEN;
+
+ qdf_mem_set(aad, sizeof(aad), 0);
+ ccmp_aad_nonce(hdr, data, aad, &aad_len, nonce);
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len);
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13);
+
+ if (wlan_crypto_aes_ccm_ad(tk, 16, nonce,
+ WLAN_CRYPTO_MIC_LEN,
+ data + CCMP_IV_SIZE, mlen,
+ aad, aad_len,
+ data + CCMP_IV_SIZE + mlen,
+ plain) < 0) {
+ /*uint16_t seq_ctrl = qdf_le16_to_cpu(hdr->seq_ctrl);
+ wpa_printf(MSG_INFO, "Invalid CCMP MIC in frame: A1=" MACSTR
+ " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
+ MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
+ MAC2STR(hdr->addr3),
+ WLAN_GET_SEQ_SEQ(seq_ctrl),
+ WLAN_GET_SEQ_FRAG(seq_ctrl));*/
+ qdf_mem_free(plain);
+ return NULL;
+ }
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP decrypted", plain, mlen);
+
+ qdf_mem_copy(data, plain, data_len);
+ qdf_mem_free(plain);
+ return data;
+}
+
+
+void ccmp_get_pn(uint8_t *pn, const uint8_t *data)
+{
+ pn[0] = data[7]; /* PN5 */
+ pn[1] = data[6]; /* PN4 */
+ pn[2] = data[5]; /* PN3 */
+ pn[3] = data[4]; /* PN2 */
+ pn[4] = data[1]; /* PN1 */
+ pn[5] = data[0]; /* PN0 */
+}
+
+
+uint8_t *wlan_crypto_ccmp_encrypt(const uint8_t *tk, uint8_t *frame,
+ size_t len, size_t hdrlen){
+ uint8_t aad[30], nonce[13];
+ size_t aad_len, plen;
+ uint8_t *crypt, *pos;
+ struct wlan_frame_hdr *hdr;
+
+ if (len < hdrlen || hdrlen < 24)
+ return NULL;
+ plen = len - hdrlen - CCMP_IV_SIZE - WLAN_CRYPTO_MIC_LEN;
+
+ crypt = qdf_mem_malloc(hdrlen + CCMP_IV_SIZE + plen
+ + WLAN_CRYPTO_MIC_LEN + AES_BLOCK_SIZE);
+ if (crypt == NULL) {
+ crypto_err("mem alloc failed");
+ return NULL;
+ }
+
+ qdf_mem_copy(crypt, frame, hdrlen + CCMP_IV_SIZE);
+
+ hdr = (struct wlan_frame_hdr *) crypt;
+ hdr->i_fc[1] |= WLAN_FC1_ISWEP;
+ pos = crypt + hdrlen + 8;
+
+ qdf_mem_set(aad, sizeof(aad), 0);
+ ccmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce);
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len);
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13);
+
+ if (wlan_crypto_aes_ccm_ae(tk, 16, nonce, WLAN_CRYPTO_MIC_LEN,
+ frame + hdrlen + CCMP_IV_SIZE,
+ plen, aad, aad_len, pos, pos + plen) < 0) {
+ qdf_mem_free(crypt);
+ return NULL;
+ }
+
+ qdf_mem_copy(frame, crypt, len);
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP encrypted",
+ crypt + hdrlen + CCMP_IV_SIZE, plen);
+ qdf_mem_free(crypt);
+
+ return frame;
+}
+
+
+uint8_t *wlan_crypto_ccmp_256_decrypt(const uint8_t *tk,
+ const struct wlan_frame_hdr *hdr,
+ const uint8_t *data, size_t data_len,
+ size_t *decrypted_len){
+ uint8_t aad[30], nonce[13];
+ size_t aad_len;
+ size_t mlen;
+ uint8_t *plain;
+
+ if (data_len < CCMP_IV_SIZE + WLAN_CRYPTO_MIC256_LEN)
+ return NULL;
+
+ plain = qdf_mem_malloc(data_len + AES_BLOCK_SIZE);
+ if (plain == NULL) {
+ crypto_err("mem alloc failed");
+ return NULL;
+ }
+
+ mlen = data_len - CCMP_IV_SIZE - WLAN_CRYPTO_MIC256_LEN;
+
+ qdf_mem_set(aad, sizeof(aad), 0);
+ ccmp_aad_nonce(hdr, data, aad, &aad_len, nonce);
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 AAD", aad, aad_len);
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 nonce", nonce, 13);
+
+ if (wlan_crypto_aes_ccm_ad(tk, 32, nonce, WLAN_CRYPTO_MIC256_LEN,
+ data + CCMP_IV_SIZE, mlen,
+ aad, aad_len,
+ data + CCMP_IV_SIZE + mlen,
+ plain) < 0) {
+ /*uint16_t seq_ctrl = qdf_le16_to_cpu(hdr->seq_ctrl);
+ wpa_printf(MSG_INFO, "Invalid CCMP-256 MIC in frame: A1=" MACSTR
+ " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
+ MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
+ MAC2STR(hdr->addr3),
+ WLAN_GET_SEQ_SEQ(seq_ctrl),
+ WLAN_GET_SEQ_FRAG(seq_ctrl));*/
+ qdf_mem_free(plain);
+ return NULL;
+ }
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 decrypted", plain, mlen);
+
+ *decrypted_len = mlen;
+ return plain;
+}
+
+
+uint8_t *wlan_crypto_ccmp_256_encrypt(const uint8_t *tk, uint8_t *frame,
+ size_t len, size_t hdrlen, uint8_t *qos,
+ uint8_t *pn, int keyid,
+ size_t *encrypted_len){
+ uint8_t aad[30], nonce[13];
+ size_t aad_len, plen;
+ uint8_t *crypt, *pos;
+ struct wlan_frame_hdr *hdr;
+
+ if (len < hdrlen || hdrlen < 24)
+ return NULL;
+ plen = len - hdrlen;
+
+ crypt = qdf_mem_malloc(hdrlen + CCMP_IV_SIZE + plen
+ + WLAN_CRYPTO_MIC256_LEN + AES_BLOCK_SIZE);
+ if (crypt == NULL) {
+ crypto_err("mem alloc failed");
+ return NULL;
+ }
+
+ qdf_mem_copy(crypt, frame, hdrlen);
+ hdr = (struct wlan_frame_hdr *) crypt;
+ hdr->i_fc[1] |= WLAN_FC1_ISWEP;
+ pos = crypt + hdrlen;
+ *pos++ = pn[5]; /* PN0 */
+ *pos++ = pn[4]; /* PN1 */
+ *pos++ = 0x00; /* Rsvd */
+ *pos++ = 0x20 | (keyid << 6);
+ *pos++ = pn[3]; /* PN2 */
+ *pos++ = pn[2]; /* PN3 */
+ *pos++ = pn[1]; /* PN4 */
+ *pos++ = pn[0]; /* PN5 */
+
+ qdf_mem_set(aad, sizeof(aad), 0);
+ ccmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce);
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 AAD", aad, aad_len);
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 nonce", nonce, 13);
+
+ if (wlan_crypto_aes_ccm_ae(tk, 32, nonce, WLAN_CRYPTO_MIC256_LEN,
+ frame + hdrlen, plen,
+ aad, aad_len, pos, pos + plen) < 0) {
+ qdf_mem_free(crypt);
+ return NULL;
+ }
+
+ wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 encrypted", crypt + hdrlen + 8,
+ plen);
+
+ *encrypted_len = hdrlen + CCMP_IV_SIZE
+ + plen + WLAN_CRYPTO_MIC256_LEN;
+
+ return crypt;
+}
diff --git a/crypto/src/wlan_crypto_crc32.c b/crypto/src/wlan_crypto_crc32.c
new file mode 100644
index 0000000..bdf928f
--- /dev/null
+++ b/crypto/src/wlan_crypto_crc32.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ */
+/*
+ * 32-bit CRC for FCS calculation
+ * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+#include "qdf_types.h"
+/*
+ * IEEE 802.11 FCS CRC32
+ * G(x) = x^32 + x^26 + x^23 + x^22 + x^16 + x^12 + x^11 + x^10 + x^8 + x^7 +
+ * x^5 + x^4 + x^2 + x + 1
+ */
+static const uint32_t crc32_table[256] = {
+ 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
+ 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
+ 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
+ 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+ 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
+ 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+ 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
+ 0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+ 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
+ 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
+ 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
+ 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+ 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
+ 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
+ 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
+ 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+ 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
+ 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+ 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
+ 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+ 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
+ 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
+ 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
+ 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+ 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
+ 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
+ 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
+ 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+ 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
+ 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+ 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
+ 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+ 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
+ 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
+ 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
+ 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+ 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
+ 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
+ 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
+ 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+ 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
+ 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+ 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
+ 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+ 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
+ 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
+ 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
+ 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+ 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
+ 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
+ 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
+ 0x2d02ef8d
+};
+
+
+uint32_t wlan_crypto_crc32(const uint8_t *frame, size_t frame_len)
+{
+ size_t i;
+ uint32_t crc;
+
+ crc = 0xFFFFFFFF;
+ for (i = 0; i < frame_len; i++)
+ crc = crc32_table[(crc ^ frame[i]) & 0xff] ^ (crc >> 8);
+
+ return ~crc;
+}
diff --git a/crypto/src/wlan_crypto_fils.c b/crypto/src/wlan_crypto_fils.c
new file mode 100644
index 0000000..3395416
--- /dev/null
+++ b/crypto/src/wlan_crypto_fils.c
@@ -0,0 +1,477 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for
+ * any purpose with or without fee is hereby granted, provided that the
+ * above copyright notice and this permission notice appear in all
+ * copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/**
+ * DOC: Private API for handling FILS related operations
+ */
+
+#include <qdf_types.h>
+#include <wlan_cmn.h>
+#include <wlan_objmgr_cmn.h>
+
+#include <wlan_objmgr_global_obj.h>
+#include <wlan_objmgr_psoc_obj.h>
+#include <wlan_objmgr_pdev_obj.h>
+#include <wlan_objmgr_vdev_obj.h>
+#include <wlan_objmgr_peer_obj.h>
+
+#include "wlan_crypto_global_def.h"
+#include "wlan_crypto_global_api.h"
+#include "wlan_crypto_def_i.h"
+#include "wlan_crypto_main_i.h"
+#include "wlan_crypto_obj_mgr_i.h"
+#ifdef WLAN_SUPPORT_FILS
+#include "wlan_crypto_aes_siv_i.h"
+#endif /* WLAN_SUPPORT_FILS */
+
+#define ASSOC_RESP_FIXED_FIELDS_LEN 6 /* cap info + status + assoc id */
+#define ASSOC_REQ_FIXED_FIELDS_LEN 4 /* cap info + listen interval */
+#define REASSOC_REQ_FIXED_FIELDS_LEN 10 /* cap info + listen interval + BSSID */
+
+#ifdef WLAN_SUPPORT_FILS
+/**
+ * fils_parse_ie - Parse IEs from (Re-)association Req/Response frames
+ * @wbuf: Packet buffer
+ * @hdrlen: Header length
+ * @cap_info: Pointer to capability Information
+ * @fils_sess: Pointer to the end of Fils session Element
+ * @ie_start: Pointer to the start of Information element
+ *
+ * Parse IE and return required pointers to encrypt/decrypt routines
+ *
+ * Return: QDF_STATUS
+ */
+static QDF_STATUS
+fils_parse_ie(qdf_nbuf_t wbuf, uint8_t hdrlen, uint8_t **cap_info,
+ uint8_t **fils_sess, uint8_t **ie_start)
+{
+ struct wlan_frame_hdr *hdr;
+ uint32_t pktlen_left = 0;
+ bool fils_found = 0;
+ uint8_t subtype = 0;
+ uint8_t *frm = NULL;
+ uint8_t elem_id;
+ uint32_t len;
+
+ frm = (uint8_t *)qdf_nbuf_data(wbuf);
+ hdr = (struct wlan_frame_hdr *)frm;
+ subtype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]);
+
+ pktlen_left = qdf_nbuf_len(wbuf);
+
+ if (pktlen_left < hdrlen) {
+ crypto_err(
+ "Parse error.pktlen_left:%d Framehdr size:%d",
+ pktlen_left, hdrlen);
+ return QDF_STATUS_E_INVAL;
+ }
+
+ frm += hdrlen;
+ pktlen_left -= hdrlen;
+
+ /* pointer to the capability information field */
+ *cap_info = (uint8_t *)frm;
+
+ if (subtype == WLAN_FC0_STYPE_ASSOC_RESP ||
+ subtype == WLAN_FC0_STYPE_REASSOC_RESP) {
+ /* assoc resp frame - capability (2), status (2), associd (2) */
+ if (pktlen_left < ASSOC_RESP_FIXED_FIELDS_LEN) {
+ crypto_err(
+ "Parse error.pktlen_left:%d Fixed Fields len:%d",
+ pktlen_left, ASSOC_RESP_FIXED_FIELDS_LEN);
+ return QDF_STATUS_E_INVAL;
+ }
+
+ frm += ASSOC_RESP_FIXED_FIELDS_LEN;
+ pktlen_left -= ASSOC_RESP_FIXED_FIELDS_LEN;
+ } else if (subtype == WLAN_FC0_STYPE_ASSOC_REQ) {
+ /* assoc req frame - capability(2), listen interval (2) */
+ if (pktlen_left < ASSOC_REQ_FIXED_FIELDS_LEN) {
+ crypto_err(
+ "Parse Error.pktlen_left:%d Fixed Fields len:%d",
+ pktlen_left, ASSOC_REQ_FIXED_FIELDS_LEN);
+ return QDF_STATUS_E_INVAL;
+ }
+
+ frm += ASSOC_REQ_FIXED_FIELDS_LEN;
+ pktlen_left -= ASSOC_REQ_FIXED_FIELDS_LEN;
+ } else if (subtype == WLAN_FC0_STYPE_REASSOC_REQ) {
+ /* assoc req frame - capability(2),
+ * Listen interval(2),
+ * Current AP address(6)
+ */
+ if (pktlen_left < REASSOC_REQ_FIXED_FIELDS_LEN) {
+ crypto_err(
+ "Parse Error.pktlen_left:%d Fixed Fields len:%d",
+ pktlen_left, REASSOC_REQ_FIXED_FIELDS_LEN);
+ return QDF_STATUS_E_INVAL;
+ }
+ frm += REASSOC_REQ_FIXED_FIELDS_LEN;
+ pktlen_left -= REASSOC_REQ_FIXED_FIELDS_LEN;
+ }
+
+ *ie_start = frm;
+ /* 'frm' now pointing to TLVs.
+ * Parse through All IE's till FILS Session Element
+ */
+ while ((pktlen_left >= 2) && frm) {
+ /* element ID & len*/
+ elem_id = *frm++;
+ len = *frm++;
+ pktlen_left -= 2;
+
+ /* for extension element, check the sub element ID */
+ if (elem_id == WLAN_ELEMID_EXTN_ELEM) {
+ if ((len + 1) > pktlen_left) {
+ crypto_err(
+ "Parse Error.pktlen_left:%did:%d",
+ pktlen_left, elem_id);
+ crypto_err("len:%dextid:%d", len, *frm);
+ return QDF_STATUS_E_INVAL;
+ }
+
+ if (*frm == WLAN_ELEMID_EXT_FILS_SESSION) {
+ fils_found = 1;
+ break;
+ }
+ }
+
+ if (len > pktlen_left) {
+ crypto_err(
+ "Parse Error.pktlen_left:%d id:%dlen:%d extid:%d",
+ pktlen_left, elem_id, len, *frm);
+ return QDF_STATUS_E_INVAL;
+ }
+
+ /* switch to the next IE */
+ frm += len;
+ pktlen_left -= len;
+ }
+
+ if (!fils_found) {
+ crypto_err("FILS session element not found. Parse failed");
+ return QDF_STATUS_E_INVAL;
+ }
+
+ /* Points to end of FILS session element */
+ *fils_sess = (frm + len);
+
+ return QDF_STATUS_SUCCESS;
+}
+
+/**
+ * fils_aead_setkey - Setkey function
+ * @key: Pointer to wlan_crypto_key
+ *
+ * Return: QDF_STATUS_SUCCESS
+ */
+static QDF_STATUS fils_aead_setkey(struct wlan_crypto_key *key)
+{
+ struct wlan_crypto_req_key *req_key;
+ struct wlan_crypto_fils_aad_key *fils_key;
+
+ if (!key || !key->private) {
+ crypto_err("Failed to set FILS key");
+ return QDF_STATUS_E_INVAL;
+ }
+ req_key = key->private;
+ fils_key = qdf_mem_malloc(sizeof(struct wlan_crypto_fils_aad_key));
+ if (!fils_key) {
+ crypto_err("FILS key alloc failed");
+ return QDF_STATUS_E_NOMEM;
+ }
+ qdf_mem_copy(fils_key, &req_key->filsaad,
+ sizeof(struct wlan_crypto_fils_aad_key));
+
+ /* Reassign the allocated fils_aad key object */
+ key->private = fils_key;
+
+ return QDF_STATUS_SUCCESS;
+}
+
+/**
+ * fils_aead_encap - FILS AEAD encryption function
+ * @key: Pointer to wlan_crypto_key
+ * @wbuf: Packet buffer
+ * @keyid: Encrypting key ID
+ * @hdrlen: Header length
+ *
+ * This function encrypts FILS Association Response Packet
+ *
+ * Return: QDF_STATUS
+ */
+static QDF_STATUS
+fils_aead_encap(struct wlan_crypto_key *key, qdf_nbuf_t wbuf,
+ uint8_t keyid, uint8_t hdrlen)
+{
+ const uint8_t *address[5 + 1];
+ size_t length[5 + 1];
+ uint8_t *cap_info = NULL, *fils_session = NULL, *ie_start = NULL;
+ uint32_t crypt_len = 0;
+ struct wlan_frame_hdr *hdr = NULL;
+ struct wlan_crypto_fils_aad_key *fils_key = NULL;
+ uint8_t *buf = NULL;
+ uint32_t bufsize = 0;
+ uint8_t subtype = 0;
+
+ if (!key) {
+ crypto_err("Invalid Input");
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ fils_key = (struct wlan_crypto_fils_aad_key *)key->private;
+ if (!fils_key) {
+ crypto_err("Key is not set");
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ if (!fils_key->kek_len) {
+ crypto_err("Key len is zero. Returning error");
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ hdr = (struct wlan_frame_hdr *)qdf_nbuf_data(wbuf);
+ if (!hdr) {
+ crypto_err("Invalid header");
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ subtype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]);
+ if ((subtype != WLAN_FC0_STYPE_ASSOC_RESP) &&
+ (subtype != WLAN_FC0_STYPE_REASSOC_RESP))
+ return QDF_STATUS_E_FAILURE;
+
+ if (fils_parse_ie(wbuf, hdrlen, &cap_info, &fils_session, &ie_start)
+ != QDF_STATUS_SUCCESS) {
+ crypto_err("FILS Parsing failed");
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ /* The AP's BSSID */
+ address[0] = hdr->i_addr2;
+ length[0] = QDF_MAC_ADDR_SIZE;
+ /* The STA's MAC address */
+ address[1] = hdr->i_addr1;
+ length[1] = QDF_MAC_ADDR_SIZE;
+ /* The AP's nonce */
+ address[2] = fils_key->a_nonce;
+ length[2] = WLAN_FILS_NONCE_LEN;
+ /* The STA's nonce */
+ address[3] = fils_key->s_nonce;
+ length[3] = WLAN_FILS_NONCE_LEN;
+ address[4] = cap_info;
+ length[4] = fils_session - cap_info;
+
+ crypt_len = (uint8_t *)hdr + (uint32_t)qdf_nbuf_len(wbuf)
+ - fils_session;
+
+ bufsize = ((uint8_t *)hdr + (uint32_t)qdf_nbuf_len(wbuf) - ie_start)
+ + AES_BLOCK_SIZE;
+ buf = qdf_mem_malloc(bufsize);
+ if (!buf) {
+ crypto_err("temp buf allocation failed");
+ return QDF_STATUS_E_NOMEM;
+ }
+ qdf_mem_copy(buf, ie_start, bufsize);
+
+ if (wlan_crypto_aes_siv_encrypt(fils_key->kek, fils_key->kek_len,
+ fils_session, crypt_len, 5, address,
+ length, buf + (fils_session - ie_start))
+ < 0) {
+ crypto_err("aes siv_encryption failed");
+ qdf_mem_free(buf);
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ if (!qdf_nbuf_put_tail(wbuf, AES_BLOCK_SIZE))
+ crypto_err("Unable to put data in nbuf");
+
+ qdf_mem_copy(ie_start, buf, bufsize);
+ qdf_mem_free(buf);
+
+ return QDF_STATUS_SUCCESS;
+}
+
+/**
+ * fils_aead_decap - FILS AEAD decryption function
+ * @key: Pointer to wlan_crypto_key
+ * @wbuf: Packet buffer
+ * @tid: TID
+ * @hdrlen: Header length
+ *
+ * This function decrypts FILS Association Request Packet
+ *
+ * Return: QDF_STATUS
+ */
+static QDF_STATUS
+fils_aead_decap(struct wlan_crypto_key *key, qdf_nbuf_t wbuf,
+ uint8_t tid, uint8_t hdrlen)
+{
+ const uint8_t *address[5];
+ size_t length[5];
+ uint8_t *cap_info = NULL, *fils_session = NULL, *ie_start = NULL;
+ struct wlan_frame_hdr *hdr = NULL;
+ struct wlan_crypto_fils_aad_key *fils_key = NULL;
+ uint32_t crypt_len = 0;
+ uint8_t *buf = NULL;
+ uint32_t bufsize = 0;
+
+ if (!key) {
+ crypto_err("Invalid Input");
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ fils_key = (struct wlan_crypto_fils_aad_key *)key->private;
+ if (!fils_key) {
+ crypto_err("Key is not set");
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ if (!fils_key->kek_len) {
+ crypto_err("Key len is zero. Returning error");
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ if (fils_parse_ie(wbuf, hdrlen, &cap_info, &fils_session, &ie_start)
+ != QDF_STATUS_SUCCESS) {
+ crypto_err("IE parse failed");
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ hdr = (struct wlan_frame_hdr *)qdf_nbuf_data(wbuf);
+ if (!hdr) {
+ crypto_err("Invalid header");
+ return QDF_STATUS_E_FAILURE;
+ }
+
+ /* The STA's MAC address */
+ address[0] = hdr->i_addr1;
+ length[0] = QDF_MAC_ADDR_SIZE;
+ /* The AP's BSSID */
+ address[1] = hdr->i_addr2;
+ length[1] = QDF_MAC_ADDR_SIZE;
+ /* The STA's nonce */
+ address[2] = fils_key->s_nonce;
+ length[2] = WLAN_FILS_NONCE_LEN;
+ /* The AP's nonce */
+ address[3] = fils_key->a_nonce;
+ length[3] = WLAN_FILS_NONCE_LEN;
+
+ address[4] = cap_info;
+ length[4] = fils_session - cap_info;
+
+ crypt_len = ((uint8_t *)hdr + (uint32_t)qdf_nbuf_len(wbuf))
+ - fils_session;
+ if (crypt_len < AES_BLOCK_SIZE) {
+ crypto_err(
+ "Not enough room for AES-SIV data after FILS Session");
+ crypto_err(
+ " element in (Re)Association Request frame from %pM",
+ hdr->i_addr1);
+ return QDF_STATUS_E_INVAL;
+ }
+
+ /* Allocate temp buf & copy contents */
+ bufsize = (uint8_t *)hdr + (uint32_t)qdf_nbuf_len(wbuf) - ie_start;
+ buf = qdf_mem_malloc(bufsize);
+ if (!buf) {
+ crypto_err("temp buf allocation failed");
+ return QDF_STATUS_E_NOMEM;
+ }
+ qdf_mem_copy(buf, ie_start, bufsize);
+
+ if (wlan_crypto_aes_siv_decrypt(fils_key->kek, fils_key->kek_len,
+ fils_session, crypt_len, 5, address,
+ length, buf + (fils_session - ie_start))
+ < 0) {
+ crypto_err("AES decrypt of assocreq frame from %s failed",
+ ether_sprintf(hdr->i_addr1));
+ qdf_mem_free(buf);
+ return QDF_STATUS_E_FAILURE;
+ }
+ qdf_mem_copy(ie_start, buf, bufsize);
+ qdf_nbuf_trim_tail(wbuf, AES_BLOCK_SIZE);
+ qdf_mem_free(buf);
+
+ return QDF_STATUS_SUCCESS;
+}
+
+void wlan_crypto_fils_delkey(struct wlan_objmgr_peer *peer)
+{
+ struct wlan_crypto_comp_priv *crypto_priv = NULL;
+ struct wlan_crypto_key *key = NULL;
+
+ if (!peer) {
+ crypto_err("Invalid Input");
+ return;
+ }
+
+ crypto_priv = wlan_get_peer_crypto_obj(peer);
+ if (!crypto_priv) {
+ crypto_err("crypto_priv NULL");
+ return;
+ }
+
+ key = crypto_priv->key[0];
+ if (key) {
+ qdf_mem_free(key->private);
+ key->private = NULL;
+ key->valid = 0;
+ }
+}
+#else
+
+static QDF_STATUS fils_aead_setkey(struct wlan_crypto_key *key)
+{
+ return QDF_STATUS_SUCCESS;
+}
+
+static QDF_STATUS
+fils_aead_encap(struct wlan_crypto_key *key, qdf_nbuf_t wbuf,
+ uint8_t keyid, uint8_t hdrlen)
+{
+ return QDF_STATUS_SUCCESS;
+}
+
+static QDF_STATUS
+fils_aead_decap(struct wlan_crypto_key *key, qdf_nbuf_t wbuf,
+ uint8_t tid, uint8_t hdrlen)
+{
+ return QDF_STATUS_SUCCESS;
+}
+#endif /* WLAN_SUPPORT_FILS */
+
+static const struct wlan_crypto_cipher fils_aead_cipher_table = {
+ "FILS AEAD",
+ WLAN_CRYPTO_CIPHER_FILS_AEAD,
+ 0,
+ 0,
+ 0,
+ WLAN_MAX_WPA_KEK_LEN,
+ fils_aead_setkey,
+ fils_aead_encap,
+ fils_aead_decap,
+ 0,
+ 0,
+};
+
+const struct wlan_crypto_cipher *fils_register(void)
+{
+ return &fils_aead_cipher_table;
+}
+
diff --git a/crypto/src/wlan_crypto_gcmp_sw.c b/crypto/src/wlan_crypto_gcmp_sw.c
new file mode 100644
index 0000000..fde6fbb
--- /dev/null
+++ b/crypto/src/wlan_crypto_gcmp_sw.c
@@ -0,0 +1,166 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ */
+/*
+ * GCM with GMAC Protocol (GCMP)
+ * Copyright (c) 2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <qdf_types.h>
+#include <qdf_mem.h>
+#include <qdf_util.h>
+#include "wlan_crypto_aes_i.h"
+#include "wlan_crypto_def_i.h"
+
+static void gcmp_aad_nonce(const struct wlan_frame_hdr *hdr, const uint8_t *data,
+ uint8_t *aad, size_t *aad_len, uint8_t *nonce)
+{
+ uint16_t seq;
+ uint8_t stype;
+ int qos = 0, addr4 = 0;
+ uint8_t *pos;
+
+ stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]);
+ if ((hdr->i_fc[1] & WLAN_FC1_DIR_MASK) ==
+ (WLAN_FC1_DSTODS))
+ addr4 = 1;
+
+ if (WLAN_FC0_GET_TYPE(hdr->i_fc[0]) == WLAN_FC0_TYPE_DATA) {
+ aad[0] &= ~0x0070; /* Mask subtype bits */
+ if (stype & 0x08) {
+ const uint8_t *qc;
+ qos = 1;
+ aad[1] &= ~WLAN_FC1_ORDER;
+ qc = (const uint8_t *) (hdr + 1);
+ if (addr4)
+ qc += QDF_MAC_ADDR_SIZE;
+ }
+ }
+
+ aad[1] &= ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT | WLAN_FC1_MOREDATA);
+ pos = aad + 2;
+ qdf_mem_copy(pos, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE);
+ pos += 3 * QDF_MAC_ADDR_SIZE;
+ seq = qdf_le16_to_cpu(*((uint16_t *)&hdr->i_seq[0]));
+ seq &= ~0xfff0; /* Mask Seq#; do not modify Frag# */
+ wlan_crypto_put_le16(pos, seq);
+ pos += 2;
+
+ qdf_mem_copy(pos, hdr + 1, addr4 * QDF_MAC_ADDR_SIZE + qos * 2);
+ pos += addr4 * QDF_MAC_ADDR_SIZE;
+ if (qos) {
+ pos[0] &= ~0x70;
+ if (1 /* FIX: either device has SPP A-MSDU Capab = 0 */)
+ pos[0] &= ~0x80;
+ pos++;
+ *pos++ = 0x00;
+ }
+
+ *aad_len = pos - aad;
+
+ qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE);
+ nonce[6] = data[7]; /* PN5 */
+ nonce[7] = data[6]; /* PN4 */
+ nonce[8] = data[5]; /* PN3 */
+ nonce[9] = data[4]; /* PN2 */
+ nonce[10] = data[1]; /* PN1 */
+ nonce[11] = data[0]; /* PN0 */
+}
+
+
+uint8_t *wlan_crypto_gcmp_decrypt(const uint8_t *tk, size_t tk_len,
+ const struct wlan_frame_hdr *hdr,
+ const uint8_t *data, size_t data_len,
+ size_t *decrypted_len){
+ uint8_t aad[30], nonce[12], *plain;
+ size_t aad_len, mlen;
+ const uint8_t *m;
+
+ if (data_len < 8 + 16)
+ return NULL;
+
+ plain = qdf_mem_malloc(data_len + AES_BLOCK_SIZE);
+ if (plain == NULL) {
+ crypto_err("mem alloc failed");
+ return NULL;
+ }
+
+ m = data + 8;
+ mlen = data_len - 8 - 16;
+
+ qdf_mem_set(aad, sizeof(aad), 0);
+ gcmp_aad_nonce(hdr, data, aad, &aad_len, nonce);
+ wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len);
+ wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce));
+
+ if (wlan_crypto_aes_gcm_ad(tk, tk_len, nonce, sizeof(nonce), m, mlen,
+ aad, aad_len, m + mlen, plain) < 0) {
+ /*uint16_t seq_ctrl = qdf_le16_to_cpu(hdr->seq_ctrl);
+ wpa_printf(MSG_INFO, "Invalid GCMP frame: A1=" MACSTR
+ " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
+ MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
+ MAC2STR(hdr->addr3),
+ WLAN_GET_SEQ_SEQ(seq_ctrl),
+ WLAN_GET_SEQ_FRAG(seq_ctrl));*/
+ qdf_mem_free(plain);
+ return NULL;
+ }
+
+ *decrypted_len = mlen;
+ return plain;
+}
+
+
+uint8_t *wlan_crypto_gcmp_encrypt(const uint8_t *tk, size_t tk_len,
+ const uint8_t *frame, size_t len,
+ size_t hdrlen, const uint8_t *qos,
+ const uint8_t *pn, int keyid,
+ size_t *encrypted_len){
+ uint8_t aad[30], nonce[12], *crypt, *pos;
+ size_t aad_len, plen;
+ struct wlan_frame_hdr *hdr;
+
+ if (len < hdrlen || hdrlen < 24)
+ return NULL;
+ plen = len - hdrlen;
+
+ crypt = qdf_mem_malloc(hdrlen + 8 + plen + 16 + AES_BLOCK_SIZE);
+ if (crypt == NULL) {
+ crypto_err("mem alloc failed");
+ return NULL;
+ }
+
+ qdf_mem_copy(crypt, frame, hdrlen);
+ hdr = (struct wlan_frame_hdr *) crypt;
+ pos = crypt + hdrlen;
+ *pos++ = pn[5]; /* PN0 */
+ *pos++ = pn[4]; /* PN1 */
+ *pos++ = 0x00; /* Rsvd */
+ *pos++ = 0x20 | (keyid << 6);
+ *pos++ = pn[3]; /* PN2 */
+ *pos++ = pn[2]; /* PN3 */
+ *pos++ = pn[1]; /* PN4 */
+ *pos++ = pn[0]; /* PN5 */
+
+ qdf_mem_set(aad, sizeof(aad), 0);
+ gcmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce);
+ wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len);
+ wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce));
+
+ if (wlan_crypto_aes_gcm_ae(tk, tk_len, nonce, sizeof(nonce),
+ frame + hdrlen, plen, aad, aad_len,
+ pos, pos + plen) < 0) {
+ qdf_mem_free(crypt);
+ return NULL;
+ }
+
+ wpa_hexdump(MSG_EXCESSIVE, "GCMP MIC", pos + plen, 16);
+ wpa_hexdump(MSG_EXCESSIVE, "GCMP encrypted", pos, plen);
+
+ *encrypted_len = hdrlen + 8 + plen + 16;
+
+ return crypt;
+}
diff --git a/crypto/src/wlan_crypto_none.c b/crypto/src/wlan_crypto_none.c
new file mode 100644
index 0000000..cc4a68d
--- /dev/null
+++ b/crypto/src/wlan_crypto_none.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for
+ * any purpose with or without fee is hereby granted, provided that the
+ * above copyright notice and this permission notice appear in all
+ * copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+ /**
+ * DOC: Public API intialization of crypto service with object manager
+ */
+#include <qdf_types.h>
+#include <wlan_cmn.h>
+#include <wlan_objmgr_cmn.h>
+#include <wlan_objmgr_global_obj.h>
+#include <wlan_objmgr_psoc_obj.h>
+#include <wlan_objmgr_pdev_obj.h>
+#include <wlan_objmgr_vdev_obj.h>
+#include <wlan_objmgr_peer_obj.h>
+
+#include "wlan_crypto_global_def.h"
+#include "wlan_crypto_def_i.h"
+#include "wlan_crypto_main_i.h"
+#include "wlan_crypto_obj_mgr_i.h"
+
+
+static QDF_STATUS none_setkey(struct wlan_crypto_key *key)
+{
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS none_encap(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t encapdone,
+ uint8_t hdrlen){
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS none_decap(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t tid,
+ uint8_t hdrlen){
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS none_enmic(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t encapdone,
+ uint8_t hdrlen){
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS none_demic(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t tid,
+ uint8_t hdrlen){
+ return QDF_STATUS_SUCCESS;
+}
+
+const struct wlan_crypto_cipher none_cipher_table = {
+ "NONE",
+ WLAN_CRYPTO_CIPHER_NONE,
+ 0,
+ 0,
+ 0,
+ 0,
+ none_setkey,
+ none_encap,
+ none_decap,
+ none_enmic,
+ none_demic,
+};
+
+const struct wlan_crypto_cipher *none_register(void)
+{
+ return &none_cipher_table;
+}
diff --git a/crypto/src/wlan_crypto_tkip.c b/crypto/src/wlan_crypto_tkip.c
new file mode 100644
index 0000000..503d027
--- /dev/null
+++ b/crypto/src/wlan_crypto_tkip.c
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for
+ * any purpose with or without fee is hereby granted, provided that the
+ * above copyright notice and this permission notice appear in all
+ * copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+ /**
+ * DOC: Public API intialization of crypto service with object manager
+ */
+#include <qdf_types.h>
+#include <wlan_cmn.h>
+#include <wlan_objmgr_cmn.h>
+#include <wlan_objmgr_global_obj.h>
+#include <wlan_objmgr_psoc_obj.h>
+#include <wlan_objmgr_pdev_obj.h>
+#include <wlan_objmgr_vdev_obj.h>
+#include <wlan_objmgr_peer_obj.h>
+
+#include "wlan_crypto_global_def.h"
+#include "wlan_crypto_def_i.h"
+#include "wlan_crypto_main_i.h"
+#include "wlan_crypto_obj_mgr_i.h"
+
+
+static QDF_STATUS tkip_enmic(struct wlan_crypto_key *key, qdf_nbuf_t wbuf,
+ uint8_t encapdone, uint8_t hdrlen);
+static QDF_STATUS tkip_demic(struct wlan_crypto_key *key, qdf_nbuf_t wbuf,
+ uint8_t tid, uint8_t hdrlen);
+
+
+static QDF_STATUS tkip_setkey(struct wlan_crypto_key *key)
+{
+ return QDF_STATUS_SUCCESS;
+}
+
+static QDF_STATUS tkip_encap(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t encapdone,
+ uint8_t hdrlen){
+ uint8_t *ivp;
+ struct wlan_crypto_cipher *cipher_table;
+
+ cipher_table = key->cipher_table;
+
+ /*
+ * Copy down 802.11 header and add the IV, KeyID, and ExtIV.
+ */
+ if (encapdone) {
+ ivp = (uint8_t *)qdf_nbuf_data(wbuf);
+ } else {
+ uint8_t ivmictrailer_len = cipher_table->header +
+ cipher_table->miclen +
+ cipher_table->trailer;
+ ivp = qdf_nbuf_push_head(wbuf, ivmictrailer_len);
+ qdf_mem_move(ivp, (ivp + ivmictrailer_len), hdrlen);
+ qdf_mem_move((ivp + hdrlen + cipher_table->header),
+ (ivp + ivmictrailer_len + hdrlen),
+ (qdf_nbuf_len(wbuf) - hdrlen - ivmictrailer_len));
+ }
+
+ ivp += hdrlen;
+ key->keytsc++; /* XXX wrap at 48 bits */
+
+ ivp[0] = key->keytsc >> 8; /* TSC1 */
+ ivp[1] = (ivp[0] | 0x20) & 0x7f; /* WEP seed */
+ ivp[2] = key->keytsc >> 0; /* TSC0*/
+ ivp[3] = (key->keyix << 6) | WLAN_CRYPTO_EXT_IV_BIT; /* KeyID | ExtID */
+ ivp[4] = key->keytsc >> 16; /* PN2 */
+ ivp[5] = key->keytsc >> 24; /* PN3 */
+ ivp[6] = key->keytsc >> 32; /* PN4 */
+ ivp[7] = key->keytsc >> 40; /* PN5 */
+
+ /*
+ * Finally, do software encrypt if neeed.
+ */
+ if (key->flags & WLAN_CRYPTO_KEY_SWENCRYPT) {
+ qdf_nbuf_realloc_tailroom(wbuf, cipher_table->miclen);
+ if (qdf_nbuf_realloc_tailroom(wbuf, cipher_table->miclen)
+ && (!wlan_crypto_tkip_encrypt(key->keyval,
+ qdf_nbuf_data(wbuf), qdf_nbuf_len(wbuf),
+ hdrlen))){
+ return QDF_STATUS_CRYPTO_ENCRYPT_FAILED;
+ }
+ }
+
+ return QDF_STATUS_SUCCESS;
+}
+
+static QDF_STATUS tkip_decap(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t tid,
+ uint8_t hdrlen){
+ struct ieee80211_hdr *hdr;
+ uint8_t *ivp, *origHdr;
+ uint64_t pn;
+ struct wlan_crypto_cipher *cipher_table;
+
+ cipher_table = key->cipher_table;
+
+ /*
+ * Header should have extended IV and sequence number;
+ * verify the former and validate the latter.
+ */
+ origHdr = (uint8_t *)qdf_nbuf_data(wbuf);
+ hdr = (struct ieee80211_hdr *)origHdr;
+
+ ivp = origHdr + hdrlen;
+
+ if ((ivp[WLAN_CRYPTO_IV_LEN] & WLAN_CRYPTO_EXT_IV_BIT) == 0)
+ return 0;
+
+ tid = wlan_get_tid(qdf_nbuf_data(wbuf));
+
+ pn = READ_6(ivp[0], ivp[1], ivp[4], ivp[5], ivp[6], ivp[7]);
+
+ if (pn <= key->keyrsc[tid]) {
+ /* Replay violation.*/
+ return QDF_STATUS_CRYPTO_DECRYPT_FAILED;
+ }
+
+ if ((key->flags & WLAN_CRYPTO_KEY_SWDECRYPT)) {
+ if (!wlan_crypto_tkip_decrypt(key->keyval,
+ (struct wlan_frame_hdr *)origHdr,
+ (origHdr + hdrlen),
+ (qdf_nbuf_len(wbuf) - hdrlen)))
+ return QDF_STATUS_CRYPTO_DECRYPT_FAILED;
+ }
+
+ /*
+ * Copy up 802.11 header and strip crypto bits.
+ */
+ qdf_mem_move(origHdr + cipher_table->header, origHdr, hdrlen);
+
+ qdf_nbuf_pull_head(wbuf, cipher_table->header);
+ qdf_nbuf_trim_tail(wbuf, cipher_table->trailer);
+
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS tkip_enmic(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t encapdone,
+ uint8_t hdrlen){
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS tkip_demic(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t tid,
+ uint8_t hdrlen){
+ struct wlan_crypto_cipher *cipher_table;
+
+ cipher_table = key->cipher_table;
+ qdf_nbuf_trim_tail(wbuf, cipher_table->miclen);
+ return QDF_STATUS_SUCCESS;
+}
+
+const struct wlan_crypto_cipher tkip_cipher_table = {
+ "TKIP",
+ WLAN_CRYPTO_CIPHER_TKIP,
+ WLAN_CRYPTO_IV_LEN + WLAN_CRYPTO_KEYID_LEN + WLAN_CRYPTO_EXT_IV_LEN,
+ WLAN_CRYPTO_CRC_LEN,
+ WLAN_CRYPTO_MIC_LEN,
+ 256,
+ tkip_setkey,
+ tkip_encap,
+ tkip_decap,
+ tkip_enmic,
+ tkip_demic,
+};
+
+const struct wlan_crypto_cipher *tkip_register(void)
+{
+ return &tkip_cipher_table;
+}
diff --git a/crypto/src/wlan_crypto_tkip_sw.c b/crypto/src/wlan_crypto_tkip_sw.c
new file mode 100644
index 0000000..48293aa
--- /dev/null
+++ b/crypto/src/wlan_crypto_tkip_sw.c
@@ -0,0 +1,402 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ */
+/*
+ * Temporal Key Integrity Protocol (CCMP)
+ * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <qdf_types.h>
+#include <qdf_mem.h>
+#include <qdf_util.h>
+#include "wlan_crypto_aes_i.h"
+#include "wlan_crypto_def_i.h"
+
+
+static inline uint16_t RotR1(uint16_t val)
+{
+ return (val >> 1) | (val << 15);
+}
+
+
+static inline uint8_t Lo8(uint16_t val)
+{
+ return val & 0xff;
+}
+
+
+static inline uint8_t Hi8(uint16_t val)
+{
+ return val >> 8;
+}
+
+
+static inline uint16_t Lo16(uint32_t val)
+{
+ return val & 0xffff;
+}
+
+
+static inline uint16_t Hi16(uint32_t val)
+{
+ return val >> 16;
+}
+
+
+static inline uint16_t Mk16(uint8_t hi, uint8_t lo)
+{
+ return lo | (((u16) hi) << 8);
+}
+
+
+static inline uint16_t Mk16_le(uint16_t *v)
+{
+ return qdf_le16_to_cpu(*v);
+}
+
+
+static const uint16_t Sbox[256] = {
+ 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
+ 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
+ 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
+ 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
+ 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
+ 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
+ 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
+ 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
+ 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
+ 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
+ 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
+ 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
+ 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
+ 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
+ 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
+ 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
+ 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
+ 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
+ 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
+ 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
+ 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
+ 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
+ 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
+ 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
+ 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
+ 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
+ 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
+ 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
+ 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
+ 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
+ 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
+ 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
+};
+
+
+static inline uint16_t _S_(uint16_t v)
+{
+ uint16_t t = Sbox[Hi8(v)];
+ return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
+}
+
+
+#define PHASE1_LOOP_COUNT 8
+
+static void tkip_mixing_phase1(uint16_t *TTAK, const uint8_t *TK,
+ const uint8_t *TA, uint32_t IV32)
+{
+ int i, j;
+
+ /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
+ TTAK[0] = Lo16(IV32);
+ TTAK[1] = Hi16(IV32);
+ TTAK[2] = Mk16(TA[1], TA[0]);
+ TTAK[3] = Mk16(TA[3], TA[2]);
+ TTAK[4] = Mk16(TA[5], TA[4]);
+
+ for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
+ j = 2 * (i & 1);
+ TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
+ TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
+ TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
+ TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
+ TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
+ }
+}
+
+
+static void tkip_mixing_phase2(uint8_t *WEPSeed, const uint8_t *TK,
+ const uint16_t *TTAK, uint16_t IV16){
+ uint16_t PPK[6];
+
+ /* Step 1 - make copy of TTAK and bring in TSC */
+ PPK[0] = TTAK[0];
+ PPK[1] = TTAK[1];
+ PPK[2] = TTAK[2];
+ PPK[3] = TTAK[3];
+ PPK[4] = TTAK[4];
+ PPK[5] = TTAK[4] + IV16;
+
+ /* Step 2 - 96-bit bijective mixing using S-box */
+ PPK[0] += _S_(PPK[5] ^ Mk16_le((uint16_t *) &TK[0]));
+ PPK[1] += _S_(PPK[0] ^ Mk16_le((uint16_t *) &TK[2]));
+ PPK[2] += _S_(PPK[1] ^ Mk16_le((uint16_t *) &TK[4]));
+ PPK[3] += _S_(PPK[2] ^ Mk16_le((uint16_t *) &TK[6]));
+ PPK[4] += _S_(PPK[3] ^ Mk16_le((uint16_t *) &TK[8]));
+ PPK[5] += _S_(PPK[4] ^ Mk16_le((uint16_t *) &TK[10]));
+
+ PPK[0] += RotR1(PPK[5] ^ Mk16_le((uint16_t *) &TK[12]));
+ PPK[1] += RotR1(PPK[0] ^ Mk16_le((uint16_t *) &TK[14]));
+ PPK[2] += RotR1(PPK[1]);
+ PPK[3] += RotR1(PPK[2]);
+ PPK[4] += RotR1(PPK[3]);
+ PPK[5] += RotR1(PPK[4]);
+
+ /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
+ * WEPSeed[0..2] is transmitted as WEP IV */
+ WEPSeed[0] = Hi8(IV16);
+ WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
+ WEPSeed[2] = Lo8(IV16);
+ WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((uint16_t *) &TK[0])) >> 1);
+ wlan_crypto_put_le16(&WEPSeed[4], PPK[0]);
+ wlan_crypto_put_le16(&WEPSeed[6], PPK[1]);
+ wlan_crypto_put_le16(&WEPSeed[8], PPK[2]);
+ wlan_crypto_put_le16(&WEPSeed[10], PPK[3]);
+ wlan_crypto_put_le16(&WEPSeed[12], PPK[4]);
+ wlan_crypto_put_le16(&WEPSeed[14], PPK[5]);
+}
+
+
+static inline uint32_t rotl(uint32_t val, int bits)
+{
+ return (val << bits) | (val >> (32 - bits));
+}
+
+static inline uint32_t xswap(uint32_t val)
+{
+ return ((val & 0x00ff00ff) << 8) | ((val & 0xff00ff00) >> 8);
+}
+
+
+#define michael_block(l, r) \
+do { \
+ r ^= rotl(l, 17); \
+ l += r; \
+ r ^= xswap(l); \
+ l += r; \
+ r ^= rotl(l, 3); \
+ l += r; \
+ r ^= rotr(l, 2); \
+ l += r; \
+} while (0)
+
+
+static void michael_mic(const uint8_t *key, const uint8_t *hdr,
+ const uint8_t *data, size_t data_len, uint8_t *mic){
+ uint32_t l, r;
+ int i, blocks, last;
+
+ l = wlan_crypto_get_le32(key);
+ r = wlan_crypto_get_le32(key + 4);
+
+ /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
+ l ^= wlan_crypto_get_le32(hdr);
+ michael_block(l, r);
+ l ^= wlan_crypto_get_le32(&hdr[4]);
+ michael_block(l, r);
+ l ^= wlan_crypto_get_le32(&hdr[8]);
+ michael_block(l, r);
+ l ^= wlan_crypto_get_le32(&hdr[12]);
+ michael_block(l, r);
+
+ /* 32-bit blocks of data */
+ blocks = data_len / 4;
+ last = data_len % 4;
+ for (i = 0; i < blocks; i++) {
+ l ^= wlan_crypto_get_le32(&data[4 * i]);
+ michael_block(l, r);
+ }
+
+ /* Last block and padding (0x5a, 4..7 x 0) */
+ switch (last) {
+ case 0:
+ l ^= 0x5a;
+ break;
+ case 1:
+ l ^= data[4 * i] | 0x5a00;
+ break;
+ case 2:
+ l ^= data[4 * i] | (data[4 * i + 1] << 8) | 0x5a0000;
+ break;
+ case 3:
+ l ^= data[4 * i] | (data[4 * i + 1] << 8) |
+ (data[4 * i + 2] << 16) | 0x5a000000;
+ break;
+ }
+ michael_block(l, r);
+ /* l ^= 0; */
+ michael_block(l, r);
+
+ wlan_crypto_put_le32(mic, l);
+ wlan_crypto_put_le32(mic + 4, r);
+}
+
+
+static void michael_mic_hdr(const struct wlan_frame_hdr *hdr11, uint8_t *hdr)
+{
+ int hdrlen = 24;
+
+ switch (hdr11->i_fc[1] & (WLAN_FC1_FROMDS | WLAN_FC1_TODS)) {
+ case WLAN_FC1_TODS:
+ qdf_mem_copy(hdr, hdr11->i_addr3, QDF_MAC_ADDR_SIZE); /* DA */
+ qdf_mem_copy(hdr + QDF_MAC_ADDR_SIZE, hdr11->i_addr2,
+ QDF_MAC_ADDR_SIZE); /* SA */
+ break;
+ case WLAN_FC1_FROMDS:
+ qdf_mem_copy(hdr, hdr11->i_addr1, QDF_MAC_ADDR_SIZE); /* DA */
+ qdf_mem_copy(hdr + QDF_MAC_ADDR_SIZE, hdr11->i_addr3,
+ QDF_MAC_ADDR_SIZE); /* SA */
+ break;
+ case WLAN_FC1_FROMDS | WLAN_FC1_TODS:
+ qdf_mem_copy(hdr, hdr11->i_addr3, QDF_MAC_ADDR_SIZE); /* DA */
+ qdf_mem_copy(hdr + QDF_MAC_ADDR_SIZE, hdr11 + 1,
+ QDF_MAC_ADDR_SIZE); /* SA */
+ hdrlen += QDF_MAC_ADDR_SIZE;
+ break;
+ case 0:
+ qdf_mem_copy(hdr, hdr11->i_addr1, QDF_MAC_ADDR_SIZE); /* DA */
+ qdf_mem_copy(hdr + QDF_MAC_ADDR_SIZE, hdr11->i_addr2,
+ QDF_MAC_ADDR_SIZE); /* SA */
+ break;
+ }
+
+ if (WLAN_FC0_GET_TYPE(hdr11->i_fc[0]) == WLAN_FC0_TYPE_DATA &&
+ (WLAN_FC0_GET_STYPE(hdr11->i_fc[0]) & 0x08)) {
+ const uint8_t *qos = ((const uint8_t *) hdr11) + hdrlen;
+ hdr[12] = qos[0] & 0x0f; /* priority */
+ } else
+ hdr[12] = 0; /* priority */
+
+ hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
+}
+
+
+uint8_t *wlan_crypto_tkip_decrypt(const uint8_t *tk,
+ const struct wlan_frame_hdr *hdr,
+ uint8_t *data, size_t data_len){
+ uint16_t iv16;
+ uint32_t iv32;
+ uint16_t ttak[5];
+ uint8_t rc4key[16];
+ uint8_t *plain;
+ size_t plain_len;
+ uint32_t icv, rx_icv;
+ const uint8_t *mic_key;
+ uint8_t michael_hdr[16];
+ uint8_t mic[8];
+
+ if (data_len < 8 + 4)
+ return NULL;
+
+ iv16 = (data[0] << 8) | data[2];
+ iv32 = wlan_crypto_get_le32(&data[4]);
+ wpa_printf(MSG_EXCESSIVE, "TKIP decrypt: iv32=%08x iv16=%04x",
+ iv32, iv16);
+
+ tkip_mixing_phase1(ttak, tk, hdr->i_addr2, iv32);
+ wpa_hexdump(MSG_EXCESSIVE, "TKIP TTAK", (uint8_t *) ttak, sizeof(ttak));
+ tkip_mixing_phase2(rc4key, tk, ttak, iv16);
+ wpa_hexdump(MSG_EXCESSIVE, "TKIP RC4KEY", rc4key, sizeof(rc4key));
+
+ plain_len = data_len - 8;
+ plain = data + 8;
+ wlan_crypto_wep_crypt(rc4key, plain, plain_len);
+
+ icv = wlan_crypto_crc32(plain, plain_len - 4);
+ rx_icv = wlan_crypto_get_le32(plain + plain_len - 4);
+ if (icv != rx_icv) {
+ wpa_printf(MSG_INFO, "TKIP ICV mismatch in frame from " MACSTR,
+ MAC2STR(hdr->addr2));
+ wpa_printf(MSG_DEBUG, "TKIP calculated ICV %08x received ICV "
+ "%08x", icv, rx_icv);
+ qdf_mem_free(plain);
+ return NULL;
+ }
+ plain_len -= 4;
+
+ /* no MSDU reassembly support yet */
+
+ if (plain_len < 8) {
+ wpa_printf(MSG_INFO, "TKIP: Not enough room for Michael MIC "
+ "in a frame from " MACSTR, MAC2STR(hdr->addr2));
+ qdf_mem_free(plain);
+ return NULL;
+ }
+
+ michael_mic_hdr(hdr, michael_hdr);
+ mic_key = tk + ((hdr->i_fc[1] & WLAN_FC1_FROMDS) ? 16 : 24);
+ michael_mic(mic_key, michael_hdr, plain, plain_len - 8, mic);
+ if (qdf_mem_cmp(mic, plain + plain_len - 8, 8) != 0) {
+ wpa_printf(MSG_INFO, "TKIP: Michael MIC mismatch in a frame "
+ "from " MACSTR, MAC2STR(hdr->addr2));
+ wpa_hexdump(MSG_DEBUG, "TKIP: Calculated MIC", mic, 8);
+ wpa_hexdump(MSG_DEBUG, "TKIP: Received MIC",
+ plain + plain_len - 8, 8);
+ return NULL;
+ }
+
+ return data;
+}
+
+
+void tkip_get_pn(uint8_t *pn, const uint8_t *data)
+{
+ pn[0] = data[7]; /* PN5 */
+ pn[1] = data[6]; /* PN4 */
+ pn[2] = data[5]; /* PN3 */
+ pn[3] = data[4]; /* PN2 */
+ pn[4] = data[0]; /* PN1 */
+ pn[5] = data[2]; /* PN0 */
+}
+
+
+uint8_t *wlan_crypto_tkip_encrypt(const uint8_t *tk, uint8_t *frame,
+ size_t len, size_t hdrlen){
+ uint8_t michael_hdr[16];
+ uint8_t mic[8];
+ struct wlan_frame_hdr *hdr;
+ const uint8_t *mic_key;
+ uint8_t *pos;
+ uint16_t iv16;
+ uint32_t iv32;
+ uint16_t ttak[5];
+ uint8_t rc4key[16];
+
+ if (len < sizeof(*hdr) || len < hdrlen)
+ return NULL;
+ hdr = (struct wlan_frame_hdr *) frame;
+
+ michael_mic_hdr(hdr, michael_hdr);
+ mic_key = tk + ((hdr->i_fc[1] & WLAN_FC1_FROMDS) ? 16 : 24);
+ michael_mic(mic_key, michael_hdr, frame + hdrlen, len - hdrlen, mic);
+ wpa_hexdump(MSG_EXCESSIVE, "TKIP: MIC", mic, sizeof(mic));
+ pos = frame + hdrlen;
+
+ iv32 = wlan_crypto_get_be32(pos);
+ iv16 = wlan_crypto_get_be16(pos + 4);
+ tkip_mixing_phase1(ttak, tk, hdr->i_addr2, iv32);
+ wpa_hexdump(MSG_EXCESSIVE, "TKIP TTAK", (uint8_t *) ttak, sizeof(ttak));
+ tkip_mixing_phase2(rc4key, tk, ttak, iv16);
+ wpa_hexdump(MSG_EXCESSIVE, "TKIP RC4KEY", rc4key, sizeof(rc4key));
+
+ qdf_mem_copy(pos, rc4key, 3);
+ pos += 8;
+
+ qdf_mem_copy(pos + len - hdrlen, mic, sizeof(mic));
+ wlan_crypto_put_le32(pos + len - hdrlen + sizeof(mic),
+ wlan_crypto_crc32(pos, len - hdrlen + sizeof(mic)));
+ wlan_crypto_wep_crypt(rc4key, pos, len - hdrlen + sizeof(mic) + 4);
+
+ return frame;
+}
diff --git a/crypto/src/wlan_crypto_wapi.c b/crypto/src/wlan_crypto_wapi.c
new file mode 100644
index 0000000..b42c30b
--- /dev/null
+++ b/crypto/src/wlan_crypto_wapi.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for
+ * any purpose with or without fee is hereby granted, provided that the
+ * above copyright notice and this permission notice appear in all
+ * copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+ /**
+ * DOC: Public API intialization of crypto service with object manager
+ */
+#include <qdf_types.h>
+#include <wlan_cmn.h>
+#include <wlan_objmgr_cmn.h>
+#include <wlan_objmgr_global_obj.h>
+#include <wlan_objmgr_psoc_obj.h>
+#include <wlan_objmgr_pdev_obj.h>
+#include <wlan_objmgr_vdev_obj.h>
+#include <wlan_objmgr_peer_obj.h>
+
+#include "wlan_crypto_global_def.h"
+#include "wlan_crypto_def_i.h"
+#include "wlan_crypto_main_i.h"
+#include "wlan_crypto_obj_mgr_i.h"
+
+
+static QDF_STATUS wapi_setkey(struct wlan_crypto_key *key)
+{
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS wapi_encap(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t encapdone,
+ uint8_t hdrlen){
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS wapi_decap(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t tid,
+ uint8_t hdrlen){
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS wapi_enmic(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t encapdone,
+ uint8_t hdrlen){
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS wapi_demic(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t tid,
+ uint8_t hdrlen){
+ return QDF_STATUS_SUCCESS;
+}
+
+const struct wlan_crypto_cipher wapi_cipher_table = {
+ "WPI_SMS4",
+ WLAN_CRYPTO_CIPHER_WAPI_SMS4,
+ WLAN_CRYPTO_WPI_SMS4_IVLEN + WLAN_CRYPTO_WPI_SMS4_KIDLEN
+ + WLAN_CRYPTO_WPI_SMS4_PADLEN,
+ WLAN_CRYPTO_WPI_SMS4_MICLEN,
+ 0,
+ 256,
+ wapi_setkey,
+ wapi_encap,
+ wapi_decap,
+ wapi_enmic,
+ wapi_demic,
+};
+
+const struct wlan_crypto_cipher *wapi_register(void)
+{
+ return &wapi_cipher_table;
+}
diff --git a/crypto/src/wlan_crypto_wep.c b/crypto/src/wlan_crypto_wep.c
new file mode 100644
index 0000000..b3a5ba7
--- /dev/null
+++ b/crypto/src/wlan_crypto_wep.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for
+ * any purpose with or without fee is hereby granted, provided that the
+ * above copyright notice and this permission notice appear in all
+ * copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+ /**
+ * DOC: Public API intialization of crypto service with object manager
+ */
+#include <qdf_types.h>
+#include <wlan_cmn.h>
+#include <wlan_objmgr_cmn.h>
+#include <wlan_objmgr_global_obj.h>
+#include <wlan_objmgr_psoc_obj.h>
+#include <wlan_objmgr_pdev_obj.h>
+#include <wlan_objmgr_vdev_obj.h>
+#include <wlan_objmgr_peer_obj.h>
+
+#include "wlan_crypto_global_def.h"
+#include "wlan_crypto_def_i.h"
+#include "wlan_crypto_main_i.h"
+#include "wlan_crypto_obj_mgr_i.h"
+
+
+static QDF_STATUS wep_setkey(struct wlan_crypto_key *key)
+{
+ return QDF_STATUS_SUCCESS;
+}
+
+static QDF_STATUS wep_encap(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t encapdone,
+ uint8_t hdrlen)
+{
+ uint8_t *ivp;
+ struct wlan_crypto_cipher *cipher_table;
+
+ cipher_table = key->cipher_table;
+ /*
+ * Copy down 802.11 header and add the IV, KeyID, and ExtIV.
+ */
+
+ if (encapdone) {
+ ivp = (uint8_t *)qdf_nbuf_data(wbuf);
+ } else {
+ ivp = (uint8_t *)qdf_nbuf_push_head(wbuf,
+ cipher_table->header
+ + cipher_table->trailer);
+ qdf_mem_move(ivp,
+ ivp + cipher_table->header + cipher_table->trailer,
+ hdrlen);
+ qdf_mem_move(ivp + hdrlen + cipher_table->header,
+ ivp + hdrlen
+ + cipher_table->header + cipher_table->trailer,
+ (qdf_nbuf_len(wbuf) - hdrlen
+ - cipher_table->header - cipher_table->trailer));
+ ivp = (uint8_t *)qdf_nbuf_data(wbuf);
+ }
+
+ ivp += hdrlen;
+ key->keytsc++;
+#if _BYTE_ORDER == _BIG_ENDIAN
+ ivp[2] = key->keyrsc[0] >> 0;
+ ivp[1] = key->keyrsc[0] >> 8;
+ ivp[0] = key->keyrsc[0] >> 16;
+#else
+ ivp[0] = key->keyrsc[0] >> 0;
+ ivp[1] = key->keyrsc[0] >> 8;
+ ivp[2] = key->keyrsc[0] >> 16;
+#endif
+ ivp[3] = key->keyix << 6;
+
+ /*
+ * Finally, do software encrypt if neeed.
+ */
+ if ((key->flags & WLAN_CRYPTO_KEY_SWENCRYPT) &&
+ !wlan_crypto_wep_encrypt(key->keyval, key->keylen,
+ qdf_nbuf_data(wbuf), qdf_nbuf_len(wbuf))) {
+ return QDF_STATUS_CRYPTO_ENCRYPT_FAILED;
+ }
+
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS wep_decap(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t tid,
+ uint8_t hdrlen)
+{
+ struct wlan_crypto_cipher *cipher_table;
+ uint8_t *origHdr = (uint8_t *)qdf_nbuf_data(wbuf);
+ uint16_t off, data_len;
+
+ cipher_table = key->cipher_table;
+
+ /*
+ * Check if the device handled the decrypt in hardware.
+ * If so we just strip the header; otherwise we need to
+ * handle the decrypt in software.
+ */
+
+ off = hdrlen + cipher_table->header;
+ data_len = qdf_nbuf_len(wbuf) - off - cipher_table->trailer;
+ if ((key->flags & WLAN_CRYPTO_KEY_SWDECRYPT) &&
+ !wlan_crypto_wep_decrypt(key->keyval, key->keylen,
+ qdf_nbuf_data(wbuf), qdf_nbuf_len(wbuf))) {
+ return QDF_STATUS_CRYPTO_DECRYPT_FAILED;
+ }
+ /*
+ * Copy up 802.11 header and strip crypto bits.
+ */
+ qdf_mem_move(origHdr + cipher_table->header, origHdr, hdrlen);
+ qdf_nbuf_pull_head(wbuf, cipher_table->header);
+ qdf_nbuf_trim_tail(wbuf, cipher_table->trailer);
+
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS wep_enmic(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t tid,
+ uint8_t hdrlen){
+
+ return QDF_STATUS_SUCCESS;
+}
+static QDF_STATUS wep_demic(struct wlan_crypto_key *key,
+ qdf_nbuf_t wbuf,
+ uint8_t tid,
+ uint8_t hdrlen){
+
+ return QDF_STATUS_SUCCESS;
+}
+
+const struct wlan_crypto_cipher wep_cipher_table = {
+ "WEP",
+ WLAN_CRYPTO_CIPHER_WEP,
+ WLAN_CRYPTO_IV_LEN + WLAN_CRYPTO_KEYID_LEN,
+ WLAN_CRYPTO_CRC_LEN,
+ 0,
+ 152,
+ wep_setkey,
+ wep_encap,
+ wep_decap,
+ wep_enmic,
+ wep_demic,
+};
+
+const struct wlan_crypto_cipher *wep_register(void)
+{
+ return &wep_cipher_table;
+}
+
diff --git a/crypto/src/wlan_crypto_wep_sw.c b/crypto/src/wlan_crypto_wep_sw.c
new file mode 100644
index 0000000..b065ec7
--- /dev/null
+++ b/crypto/src/wlan_crypto_wep_sw.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ */
+/*
+ * Wired Equivalent Privacy (WEP)
+ * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <qdf_types.h>
+#include <qdf_mem.h>
+#include <qdf_util.h>
+#include "wlan_crypto_aes_i.h"
+#include "wlan_crypto_def_i.h"
+
+void wlan_crypto_wep_crypt(uint8_t *key, uint8_t *buf, size_t plen)
+{
+ uint32_t i, j, k;
+ uint8_t S[256];
+#define S_SWAP(a, b) do { uint8_t t = S[a]; S[a] = S[b]; S[b] = t; } while (0)
+ uint8_t *pos;
+
+ /* Setup RC4 state */
+ for (i = 0; i < 256; i++)
+ S[i] = i;
+ j = 0;
+ for (i = 0; i < 256; i++) {
+ j = (j + S[i] + key[i & 0x0f]) & 0xff;
+ S_SWAP(i, j);
+ }
+
+ /* Apply RC4 to data */
+ pos = buf;
+ i = j = 0;
+ for (k = 0; k < plen; k++) {
+ i = (i + 1) & 0xff;
+ j = (j + S[i]) & 0xff;
+ S_SWAP(i, j);
+ *pos ^= S[(S[i] + S[j]) & 0xff];
+ pos++;
+ }
+}
+
+
+void wlan_crypto_try_wep(const uint8_t *key, size_t key_len,
+ uint8_t *data, size_t data_len,
+ uint32_t *icv){
+ uint8_t k[16];
+ int i, j;
+
+ for (i = 0, j = 0; i < sizeof(k); i++) {
+ k[i] = key[j];
+ j++;
+ if (j >= key_len)
+ j = 0;
+ }
+
+ wlan_crypto_wep_crypt(k, data, data_len);
+ *icv = wlan_crypto_crc32(data, data_len - 4);
+}
+
+uint8_t *wlan_crypto_wep_encrypt(const uint8_t *key, uint16_t key_len,
+ uint8_t *data, size_t data_len){
+ uint8_t k[16];
+ uint32_t icv;
+
+ if (data_len < 4 + 4) {
+ crypto_err("invalid len");
+ return NULL;
+ }
+
+ qdf_mem_copy(k, data, 3);
+ qdf_mem_copy(k + 3, key, key_len);
+ wlan_crypto_try_wep(k, 3 + key_len, data + 4, data_len - 4, &icv);
+
+ return data;
+}
+
+uint8_t *wlan_crypto_wep_decrypt(const uint8_t *key, uint16_t key_len,
+ uint8_t *data, size_t data_len){
+ uint8_t k[16];
+ uint32_t icv, rx_icv;
+
+ if (data_len < 4 + 4) {
+ crypto_err("invalid len");
+ return NULL;
+ }
+
+ qdf_mem_copy(k, data, 3);
+ qdf_mem_copy(k + 3, key, key_len);
+
+ rx_icv = wlan_crypto_get_le32(data + data_len - 4);
+
+ wlan_crypto_try_wep(k, 3 + key_len, data + 4, data_len - 4, &icv);
+
+ if (icv != rx_icv) {
+ crypto_err("iv mismatch");
+ return NULL;
+ }
+
+ return data;
+}