mirror of
https://github.com/morrownr/8821cu-20210916.git
synced 2024-09-16 03:32:37 +00:00
initial commit
This commit is contained in:
commit
1d6ef930b9
159
8821cu.conf
Normal file
159
8821cu.conf
Normal file
@ -0,0 +1,159 @@
|
||||
# /etc/modprobe.d/8821cu.conf
|
||||
#
|
||||
# Purpose: Allow easy access to specific driver options.
|
||||
#
|
||||
# Warning: Some adapters based on the rtl8821cu chipset may require the
|
||||
# `rtw_RFE_type` option to be set. If wifi or bluetooth does not work
|
||||
# after driver installation, see the appropriate section in the below
|
||||
# documentation.
|
||||
#
|
||||
# Edit the following line to change, add or delete options:
|
||||
options 8821cu rtw_drv_log_level=0 rtw_led_ctrl=1 rtw_vht_enable=1 rtw_power_mgnt=1 rtw_dfs_region_domain=0
|
||||
#
|
||||
# After editing is complete, save this file (if using nano: Ctrl + x, y, Enter)
|
||||
# and reboot to activate the changes.
|
||||
#
|
||||
# Documentation:
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# Log options ( rtw_drv_log_level )
|
||||
#
|
||||
# 0 = NONE (default)
|
||||
# 1 = ALWAYS
|
||||
# 2 = ERROR
|
||||
# 3 = WARNING
|
||||
# 4 = INFO
|
||||
# 5 = DEBUG
|
||||
# 6 = MAX
|
||||
#
|
||||
# Note: You can save a log file that only includes RTW log entries by running
|
||||
# the following in a terminal:
|
||||
#
|
||||
# sudo ./save-log.sh
|
||||
#
|
||||
# Note: The name of the log file will be ```rtw.log```.
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# LED options ( rtw_led_ctrl )
|
||||
#
|
||||
# 0 = Always off
|
||||
# 1 = Normal blink (default)
|
||||
# 2 = Always on
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# VHT options ( rtw_vht_enable )
|
||||
#
|
||||
# 0 = Disable
|
||||
# 1 = Enable (default)
|
||||
# 2 = Force auto enable (use only for 5 GHz AP mode)
|
||||
#
|
||||
# Notes:
|
||||
# - A non-default setting can degrade performance greatly in managed mode.
|
||||
# - Option 2 allows 80 MHz channel width for 5GHz AP mode, such as when
|
||||
# you are using hostapd.
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# Power options ( rtw_power_mgnt )
|
||||
#
|
||||
# 0 = Disable power saving
|
||||
# 1 = Power saving on, minPS (default)
|
||||
# 2 = Power saving on, maxPS (not recommended for AP mode)
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# Country Code options ( rtw_country_code )
|
||||
#
|
||||
# Note: Allows the Country Code to be set in cases where it is unable to
|
||||
# be obtained from the operating system.
|
||||
#
|
||||
# Example for the US: rtw_country_code=US
|
||||
# Example for Panama: rtw_country_code=PA
|
||||
# Example for Norway: rtw_country_code=NO
|
||||
# Example for Kuwait: rtw_country_code=KW
|
||||
# Example for Taiwan: rtw_country_code=TW
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# DFS Options ( rtw_dfs_region_domain )
|
||||
#
|
||||
# 0 = NONE (default)
|
||||
# 1 = FCC
|
||||
# 2 = MKK
|
||||
# 3 = ETSI
|
||||
#
|
||||
# Notes:
|
||||
# - Activates DFS channels in AP mode.
|
||||
# - DFS FCC 80 MHz channels for hostapd: 52(58), 100(106), 116(122) and 132(138)
|
||||
# - For more information: https://en.wikipedia.org/wiki/List_of_WLAN_channels
|
||||
#
|
||||
# Note: An AP needs to listen on a DFS channel for a period of 60 seconds
|
||||
# before transmitting on the channel. If any radar pulses are detected,
|
||||
# the AP cannot use that channel and will have to try a different channel.
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# Select P2P interface in concurrent mode ( rtw_sel_p2p_iface )
|
||||
#
|
||||
# 0 = Sets interface 0 to be p2p interface
|
||||
# 1 = Sets interface 1 to be p2p interface (default)
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# Select RFE type ( rtw_RFE_type )
|
||||
#
|
||||
# 0 = (2-Ant, DPDT), (2G_WLG, iPA, iLNA, iSW), (5G, iPA, iLNA, iSW)
|
||||
# 1 = (1-Ant, SPDT@Ant1), (2G_WLG, iPA, iLNA, iSW), (5G, iPA, iLNA, iSW)
|
||||
# 2 = (1-Ant, SPDT@Ant1) , (2G_BTG, iPA, iLNA, iSW), (5G, iPA, iLNA, iSW)
|
||||
# 3 = (1-Ant, DPDT@Ant2), (2G_WLG, iPA, iLNA, iSW), (5G, iPA, iLNA, iSW)
|
||||
# 4 = (1-Ant, DPDT@Ant2), (2G_BTG, iPA, iLNA, iSW), (5G, iPA, iLNA, iSW)
|
||||
# 5 = (2-Ant), (2G_WLG, iPA, iLNA, iSW), (5G, iPA, iLNA, iSW)
|
||||
# 6 = (2-Ant), (2G_WLG, iPA, iLNA, iSW), (5G, iPA, iLNA, iSW)
|
||||
# 7 = (1-Ant), (2G_BTG, iPA, iLNA, iSW), (5G, iPA, iLNA, iSW) (try this setting first)
|
||||
# 64 = this appears to be the default on adapters that do not support bluetooth
|
||||
#
|
||||
# Note: RFE Type is used to set antenna isolation and the BT coexistence
|
||||
# mechanism. Some adapters require this setting and some do not. If wifi
|
||||
# does not work without this setting, the setting probably needs to be
|
||||
# set. It may be necessary to try different settings to determine
|
||||
# which setting is optimal for your adapter.
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# To see all options that are available:
|
||||
#
|
||||
# $ ls /sys/module/8821cu/parameters/
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# To see the values that are in use:
|
||||
#
|
||||
# $ grep [[:alnum:]] /sys/module/8821cu/parameters/*
|
||||
#
|
||||
# -----
|
||||
#
|
||||
# hostapd setup information for rtl8821cu
|
||||
# Note: The best settings can vary but the following may be a good place to start.
|
||||
#
|
||||
# /etc/modprobe.d/8821cu.conf
|
||||
# options 8821cu rtw_drv_log_level=0 rtw_led_ctrl=0 rtw_vht_enable=2 rtw_power_mgnt=1 rtw_dfs_region_domain=1
|
||||
#
|
||||
# Note: The best setting for `rtw_dfs_region_domain=` will depend on your location.
|
||||
#
|
||||
# /etc/hostapd/hostapd.conf
|
||||
#
|
||||
# hw ht capab: 0x862
|
||||
# ht_capab=[HT40+][HT40-][SHORT-GI-20][SHORT-GI-40][MAX-AMSDU-7935]
|
||||
#
|
||||
# hw vht capab: 0x03c00022
|
||||
# vht_capab=[MAX-MPDU-11454][SHORT-GI-80][HTC-VHT][MAX-A-MPDU-LEN-EXP7]
|
||||
#
|
||||
# -----
|
||||
|
||||
|
||||
|
||||
|
||||
|
27
ARM64_RPI.sh
Executable file
27
ARM64_RPI.sh
Executable file
@ -0,0 +1,27 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Purpose: Change settings in the Makefile to support compiling 64 bit
|
||||
# operating systems for Raspberry Pi Hardware.
|
||||
#
|
||||
# To make this file executable:
|
||||
#
|
||||
# $ chmod +x ARM64_RPI.sh
|
||||
#
|
||||
# To execute this file:
|
||||
#
|
||||
# $ ./ARM64_RPI.sh
|
||||
|
||||
sed -i 's/CONFIG_PLATFORM_I386_PC = y/CONFIG_PLATFORM_I386_PC = n/g' Makefile
|
||||
|
||||
sed -i 's/CONFIG_PLATFORM_ARM_RPI = y/CONFIG_PLATFORM_ARM_RPI = n/g' Makefile
|
||||
|
||||
sed -i 's/CONFIG_PLATFORM_ARM64_RPI = n/CONFIG_PLATFORM_ARM64_RPI = y/g' Makefile
|
||||
RESULT=$?
|
||||
|
||||
if [[ "$RESULT" != "0" ]]; then
|
||||
echo "An error occurred and Raspberry Pi OS (64 bit) support was not turned on in Makefile."
|
||||
exit 1
|
||||
else
|
||||
echo "Raspberry Pi OS (64 bit) support was turned on in Makefile as planned."
|
||||
exit 0
|
||||
fi
|
29
ARM_RPI.sh
Executable file
29
ARM_RPI.sh
Executable file
@ -0,0 +1,29 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Purpose: Change settings in the Makefile to support compiling 32 bit
|
||||
# operating systems for Raspberry Pi Hardware.
|
||||
#
|
||||
# To make this file executable (if necessary):
|
||||
#
|
||||
# $ chmod +x ARM_RPI.sh
|
||||
#
|
||||
# To execute this file:
|
||||
#
|
||||
# $ ./ARM_RPI.sh
|
||||
|
||||
# getconf LONG_BIT (need to work on this)
|
||||
|
||||
sed -i 's/CONFIG_PLATFORM_I386_PC = y/CONFIG_PLATFORM_I386_PC = n/g' Makefile
|
||||
|
||||
sed -i 's/CONFIG_PLATFORM_ARM_RPI = n/CONFIG_PLATFORM_ARM_RPI = y/g' Makefile
|
||||
RESULT=$?
|
||||
|
||||
if [[ "$RESULT" != "0" ]]; then
|
||||
echo "An error occurred and Raspberry Pi OS (32 bit) support was not turned on in Makefile."
|
||||
exit 1
|
||||
else
|
||||
echo "Raspberry Pi OS (32 bit) support was turned on in Makefile as planned."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
sed -i 's/CONFIG_PLATFORM_ARM64_RPI = y/CONFIG_PLATFORM_ARM64_RPI = n/g' Makefile
|
6
Kconfig
Normal file
6
Kconfig
Normal file
@ -0,0 +1,6 @@
|
||||
config RTL8821CU
|
||||
tristate "Realtek 8821C USB WiFi"
|
||||
depends on USB
|
||||
help
|
||||
Help message of RTL8821CU
|
||||
|
14
LICENSE
Normal file
14
LICENSE
Normal file
@ -0,0 +1,14 @@
|
||||
/******************************************************************************
|
||||
*
|
||||
* Copyright(c) 2007 - 2022 Realtek Corporation.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of version 2 of the GNU General Public License as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
*****************************************************************************/
|
642
README.md
Normal file
642
README.md
Normal file
@ -0,0 +1,642 @@
|
||||
## 8821cu ( 8821cu.ko ) :rocket:
|
||||
|
||||
## Linux Driver for USB WiFi Adapters that are based on the RTL8811CU, RTL8821CU and RTL8731AU Chipsets
|
||||
|
||||
- v5.12.0.4 (Realtek) (20210916) plus updates from the Linux community
|
||||
|
||||
### Features
|
||||
|
||||
- IEEE 802.11 b/g/n/ac WiFi compliant
|
||||
- 802.1x, WEP, WPA TKIP and WPA2 AES/Mixed mode for PSK and TLS (Radius)
|
||||
- WPA3 (see FAQ)
|
||||
- IEEE 802.11b/g/n/ac Client mode
|
||||
* Supports wireless security for WEP, WPA TKIP and WPA2 AES PSK
|
||||
* Supports site survey scan and manual connect
|
||||
* Supports WPA/WPA2 TLS client
|
||||
- Power saving modes
|
||||
- Wireshark compatible
|
||||
- Aircrack-ng compatible
|
||||
- Packet injection
|
||||
- hostapd compatible
|
||||
- AP mode DFS channel support
|
||||
- Miracast
|
||||
- Supported interface modes
|
||||
* IBSS
|
||||
* Managed
|
||||
* Monitor (see FAQ)
|
||||
* AP (see FAQ)
|
||||
* P2P-client
|
||||
* P2P-GO
|
||||
* Concurrent (see `Concurrent_Mode.md` in the `docs` folder.)
|
||||
- Log level control
|
||||
- LED control
|
||||
- Power saving control
|
||||
- VHT control (allows 80 MHz channel width in AP mode)
|
||||
- AP mode DFS channel control
|
||||
|
||||
### A FAQ is available at the end of this document.
|
||||
|
||||
### Compatible CPUs
|
||||
|
||||
- x86, amd64
|
||||
- ARM, ARM64
|
||||
- MIPS
|
||||
|
||||
### Compatible Kernels
|
||||
|
||||
- Kernels: 4.19 - 5.11 (Realtek)
|
||||
- Kernels: 5.12 - 6.1 (community support)
|
||||
|
||||
### Tested Linux Distributions
|
||||
|
||||
Note: One of the goals of this project is to provide driver support that
|
||||
is easy to install and works reliably on many distros. Meeting this goal
|
||||
depends on you to report your recommendations and updated information.
|
||||
If you see information that needs to be updated, please report the
|
||||
updated information and if you do not see adequate support for
|
||||
items such as Installation Steps 2, 3 and 9, and you know what updates
|
||||
need to added or you can get that information, please provide it so that
|
||||
the Installation Steps can be improved.
|
||||
|
||||
- Arch Linux (kernels 5.4 and 5.11)
|
||||
|
||||
- Debian 11 (kernels 5.10 and 5.15)
|
||||
|
||||
- Fedora (kernel 5.11)
|
||||
|
||||
- Kali Linux (kernel 5.10)
|
||||
|
||||
- Manjaro 21.1 (kernel 5.13)
|
||||
|
||||
- openSUSE Tumbleweed (rolling) (kernel 5.15)
|
||||
|
||||
- Raspberry Pi OS (2022-09-22) (ARM 32 bit and 64 bit) (kernel 5.15)
|
||||
|
||||
- Raspberry Pi Desktop (2022-07-01) (x86 32 bit) (kernel 5.10)
|
||||
|
||||
- Ubuntu 22.04 (kernel 5.15) and 22.10 (kernel 5.19)
|
||||
|
||||
- Void Linux (kernel 5.18)
|
||||
|
||||
### Download Locations for Tested Linux Distributions
|
||||
|
||||
- [Arch Linux](https://www.archlinux.org)
|
||||
- [Debian](https://www.debian.org/)
|
||||
- [Fedora](https://getfedora.org)
|
||||
- [Kali Linux](https://www.kali.org/)
|
||||
- [Manjaro](https://manjaro.org)
|
||||
- [openSUSE](https://www.opensuse.org/)
|
||||
- [Raspberry Pi OS](https://www.raspberrypi.org)
|
||||
- [Ubuntu](https://www.ubuntu.com)
|
||||
- [Void Linux](https://voidlinux.org/)
|
||||
|
||||
### Tested Hardware
|
||||
|
||||
- EDUP EP-AC1651 USB WiFi Adapter AC650 Dual Band USB 2.0 Nano
|
||||
- EDUP EP-AC1635 USB WiFi Adapter AC600 Dual Band USB 2.0
|
||||
|
||||
### Compatible Devices
|
||||
|
||||
Warning: Adapters listed here are not recommended for purchase as I do
|
||||
not recommend Linux users buy Realtek based USB WiFi adapters due to the
|
||||
lack of mac80211 technology drivers that are supported in-kernel as
|
||||
called for by Linux Wireless Standards. This repo is supported for the
|
||||
benefit of Linux users who already have adapters based on the supported
|
||||
chipsets. If you are looking for information about what adapter to buy,
|
||||
click [here](https://github.com/morrownr/USB-WiFi) for information about
|
||||
and links to recommended adapters.
|
||||
|
||||
* Cudy WU700
|
||||
* EDUP EP-AC1651
|
||||
* EDUP EP-AC1635
|
||||
* TOTOLINK A650UA v3
|
||||
* Mercusys MU6H (multi-state)
|
||||
* Numerous additional products that are based on the supported chipsets
|
||||
|
||||
Note: Please read "supported-device-IDs" for information about how to confirm the correct driver for your adapter.
|
||||
|
||||
### Installation Information
|
||||
|
||||
Warning: Installing multiple drivers for the same hardware usually does
|
||||
not end well. If a previous attempt to install this driver failed or if
|
||||
you have previously installed another driver for chipsets supported by
|
||||
this driver, you MUST remove anything that the previous attempt
|
||||
installed BEFORE attempting to install this driver. This driver can be
|
||||
removed with the script called `./remove-driver.sh`. Information is
|
||||
available in the section called `Removal of the Driver.` You can get a
|
||||
good idea as to whether you need to remove a previously installed
|
||||
driver by running the following command:
|
||||
|
||||
```
|
||||
sudo dkms status
|
||||
```
|
||||
|
||||
Warning: If you decide to upgrade to a new version of kernel such as
|
||||
5.15 to 5.19, you need to remove the driver you have installed and
|
||||
install the newest available before installing the new kernel. Use the
|
||||
following commands in the driver directory:
|
||||
|
||||
```
|
||||
$ sudo ./remove-driver.sh
|
||||
$ git pull
|
||||
$ sudo ./install-driver.sh
|
||||
```
|
||||
|
||||
Temporary internet access is required for installation. There are numerous ways
|
||||
to enable temporary internet access depending on your hardware and situation.
|
||||
[One method is to use tethering from a phone.](https://www.makeuseof.com/tag/how-to-tether-your-smartphone-in-linux).
|
||||
Another method is to keep a [WiFi adapter that uses an in-kernel driver](https://github.com/morrownr/USB-WiFi) in your toolkit.
|
||||
|
||||
You will need to use the terminal interface. The quick way to open a terminal:
|
||||
Ctrl+Alt+T (hold down on the Ctrl and Alt keys then press the T key).
|
||||
|
||||
An alternative terminal is to use SSH (Secure Shell) from the same or from
|
||||
another computer, in which case you will be in a suitable terminal after logging
|
||||
in, but this step requires that an SSH daemon/server has already been
|
||||
configured. (There are lots of SSH guides available, e.g., for the [Raspberry Pi](https://www.raspberrypi.com/documentation/computers/remote-access.html#setting-up-an-ssh-server) and for [Ubuntu](https://linuxconfig.org/ubuntu-20-04-ssh-server). Do not forget [to secure the SSH server](https://www.howtogeek.com/443156/the-best-ways-to-secure-your-ssh-server/).)
|
||||
|
||||
You will need to have sufficient access rights to use `sudo` so that commands
|
||||
can be executed as the `root` user. (If the command `sudo echo Yes` returns
|
||||
"Yes", with or without having to enter your password, you do have sufficient
|
||||
access rights.)
|
||||
|
||||
DKMS is used for the installation. DKMS is a system utility which will
|
||||
automatically recompile and reinstall this driver when a new kernel is
|
||||
installed. DKMS is provided by and maintained by Dell.
|
||||
|
||||
It is recommended that you do not delete the driver directory after installation
|
||||
as the directory contains information and scripts that you may need in the future.
|
||||
|
||||
Secure mode: The primary installation script, `install-driver.sh`, will support
|
||||
secure mode... if your distro supports the method dkms uses. I regularly test the
|
||||
installation script on systems with secure mode on. It works very well on Ubuntu based
|
||||
distros. Some distros, such as Raspberry Pi OS, do not support secure mode because the
|
||||
hardware they support does not support secure mode making it unnecessary. There are
|
||||
distros that do not work with the support currently in use. If you install this driver
|
||||
and, after a reboot, the driver is not working, you can go into the BIOS and temporarily
|
||||
turn secure mode off to see if secure mode is the problem.
|
||||
|
||||
### Installation Steps
|
||||
|
||||
Note: The installation instructions are for the novice user. Experienced users are
|
||||
welcome to alter the installation to meet their needs. Support will be provided based
|
||||
on the steps below.
|
||||
|
||||
#### Step 1: Open a terminal (e.g. Ctrl+Alt+T)
|
||||
|
||||
#### Step 2: Update and upgrade system packages (select the option for the OS you are using)
|
||||
|
||||
Note: If your Linux distro does not fall into one of options listed
|
||||
below, you will need to research how to update and upgrade your system
|
||||
packages.
|
||||
|
||||
- Option for Debian based distributions such as Ubuntu, Kali and Raspberry Pi OS
|
||||
|
||||
```
|
||||
sudo apt update && sudo apt upgrade
|
||||
```
|
||||
|
||||
- Option for Arch based distributions such as Manjaro
|
||||
|
||||
```
|
||||
sudo pacman -Syu
|
||||
```
|
||||
|
||||
- Option for Fedora based distributions
|
||||
|
||||
```
|
||||
sudo dnf upgrade
|
||||
```
|
||||
|
||||
- Option for openSUSE based distributions
|
||||
|
||||
```
|
||||
sudo zypper update
|
||||
```
|
||||
|
||||
- Option for Void Linux
|
||||
|
||||
```
|
||||
sudo xbps-install -Syu
|
||||
```
|
||||
|
||||
Note: It is recommended that you reboot your system at this point. The
|
||||
rest of the installation will appreciate having a fully up to date
|
||||
system to work with. The installation can then be continued with Step 3.
|
||||
|
||||
```
|
||||
sudo reboot
|
||||
```
|
||||
|
||||
#### Step 3: Install the required packages (select the option for the OS you are using)
|
||||
|
||||
- Option for Raspberry Pi OS (ARM/ARM64)
|
||||
|
||||
```
|
||||
sudo apt install -y raspberrypi-kernel-headers build-essential bc dkms git
|
||||
```
|
||||
|
||||
- Option for Debian, Kali, and Raspberry Pi Desktop (x86)
|
||||
|
||||
```
|
||||
sudo apt install -y linux-headers-$(uname -r) build-essential bc dkms git libelf-dev
|
||||
```
|
||||
|
||||
- Option for Ubuntu (all official flavors) and the numerous Ubuntu based distros
|
||||
|
||||
```
|
||||
sudo apt install -y build-essential dkms git
|
||||
```
|
||||
|
||||
- Option for Fedora
|
||||
|
||||
```
|
||||
sudo dnf -y install git dkms kernel-devel kernel-debug-devel
|
||||
```
|
||||
|
||||
- Option for openSUSE
|
||||
|
||||
```
|
||||
sudo zypper install -t pattern devel_kernel dkms
|
||||
```
|
||||
|
||||
- Option for Void Linux
|
||||
|
||||
```
|
||||
sudo xbps-install linux-headers dkms git make
|
||||
```
|
||||
|
||||
- Options for Arch and Manjaro
|
||||
|
||||
If using pacman
|
||||
|
||||
```
|
||||
sudo pacman -S --noconfirm linux-headers dkms git bc
|
||||
```
|
||||
|
||||
Note: If you are asked to choose a provider, make sure to choose the one
|
||||
that corresponds to your version of the linux kernel (for example,
|
||||
"linux510-headers" for Linux kernel version 5.10). If you install the
|
||||
incorrect version, you'll have to uninstall it and install the correct
|
||||
version.
|
||||
|
||||
If using other methods, please follow the instructions provided by those
|
||||
methods.
|
||||
|
||||
#### Step 4: Create a directory to hold the downloaded driver
|
||||
|
||||
```
|
||||
mkdir -p ~/src
|
||||
```
|
||||
|
||||
#### Step 5: Move to the newly created directory
|
||||
|
||||
```
|
||||
cd ~/src
|
||||
```
|
||||
|
||||
#### Step 6: Download the driver
|
||||
|
||||
```
|
||||
git clone https://github.com/morrownr/8821cu-20210916.git
|
||||
```
|
||||
|
||||
#### Step 7: Move to the newly created driver directory
|
||||
|
||||
```
|
||||
cd ~/src/8821cu-20210916
|
||||
```
|
||||
|
||||
#### Step 8: Run a script to reconfigure for ARM or ARM64 based systems
|
||||
|
||||
Warning: This driver defaults to supporting x86 and amd64 based systems
|
||||
and this step should be `skipped` if your system is powered by an x86,
|
||||
amd64 or compatible CPU.
|
||||
|
||||
Note: If your system is powered by an ARM or ARM64 based Raspberry Pi,
|
||||
then one of the following scripts should be executed:
|
||||
|
||||
- Option for the following listed operating systems to be installed to
|
||||
Raspberry Pi hardware
|
||||
|
||||
```
|
||||
* Raspberry Pi OS (32 bit)
|
||||
```
|
||||
|
||||
```
|
||||
./ARM_RPI.sh
|
||||
```
|
||||
|
||||
- Option for the following listed operating systems to be installed to
|
||||
Raspberry Pi hardware
|
||||
|
||||
```
|
||||
* Raspberry Pi OS (64 bit)
|
||||
* Kali Linux RPI ARM64
|
||||
* Ubuntu for Raspberry Pi
|
||||
```
|
||||
|
||||
```
|
||||
./ARM64_RPI.sh
|
||||
```
|
||||
|
||||
Note: ARM or ARM64 based systems not listed above will likely require
|
||||
modifications similar to those provided in the above scripts but the
|
||||
number and variety of different ARM and ARM64 based systems makes
|
||||
supporting each system unpractical so you will need to research the
|
||||
needs of your system and make the appropriate modifications. If you
|
||||
discover the settings and make a new script that works with your ARM or
|
||||
ARM64 based system, you are welcome to submit the script and information
|
||||
to be included here.
|
||||
|
||||
#### Step 9: Run the installation script ( install-driver.sh )
|
||||
|
||||
Note: For automated builds (non-interactive), use _NoPrompt_ as an option.
|
||||
|
||||
```
|
||||
sudo ./install-driver.sh
|
||||
```
|
||||
|
||||
Note: If you elect to skip the reboot at the end of the installation
|
||||
script, the driver may not load immediately and the driver options will
|
||||
not be applied. Rebooting is strongly recommended.
|
||||
|
||||
Manual build instructions: The above script automates the installation
|
||||
process, however, if you want to or need to do a command line
|
||||
installation, use the following:
|
||||
|
||||
```
|
||||
make clean
|
||||
make
|
||||
sudo make install
|
||||
sudo reboot
|
||||
```
|
||||
|
||||
Note: If you use the manual build instructions, you will need to repeat
|
||||
the process each time a new kernel is installed in your distro.
|
||||
|
||||
-----
|
||||
|
||||
### Driver Options ( edit-options.sh )
|
||||
|
||||
A file called `8821cu.conf` will be installed in `/etc/modprobe.d` by
|
||||
default if you use the `./install-driver.sh` script.
|
||||
|
||||
Note: The installation script will prompt you to edit the options.
|
||||
|
||||
Location: `/etc/modprobe.d/8821cu.conf`
|
||||
|
||||
This file will be read and applied to the driver on each system boot.
|
||||
|
||||
To edit the driver options file, run the `edit-options.sh` script
|
||||
|
||||
```
|
||||
sudo ./edit-options.sh
|
||||
```
|
||||
|
||||
Note: Documentation for Driver Options is included in the file `8821cu.conf`.
|
||||
|
||||
-----
|
||||
|
||||
### Removal of the Driver ( remove-driver.sh )
|
||||
|
||||
Note: Removing the driver is advised in the following situations:
|
||||
|
||||
- if driver installation fails
|
||||
- if the driver is no longer needed
|
||||
- if a new or updated version of the driver needs to be installed
|
||||
- if a distro version upgrade is going to be installed (i.e. going from kernel 5.10 to kernel 5.15)
|
||||
|
||||
Note: The following removes everything that has been installed, with the
|
||||
exception of the packages installed in Step 3 and the driver directory.
|
||||
The driver directory can be deleted after running this script.
|
||||
|
||||
#### Step 1: Open a terminal (e.g. Ctrl+Alt+T)
|
||||
|
||||
#### Step 2: Move to the driver directory
|
||||
|
||||
```
|
||||
cd ~/src/8821cu-20210118
|
||||
```
|
||||
|
||||
#### Step 3: Run the removal script
|
||||
|
||||
Note: For automated builds (non-interactive), use _NoPrompt_ as an option.
|
||||
|
||||
```
|
||||
sudo ./remove-driver.sh
|
||||
```
|
||||
|
||||
-----
|
||||
|
||||
### Recommended WiFi Router/ Access Point Settings
|
||||
|
||||
Note: These are general recommendations, some of which may not apply to your specific situation.
|
||||
|
||||
- Security: Set WPA2-AES or WPA2/WPA3 mixed or WPA3. Do not set WPA2 mixed mode or WPA or TKIP.
|
||||
|
||||
- Channel width for 2.4 GHz: Set 20 MHz fixed width. Do not use 40 MHz or 20/40 automatic.
|
||||
|
||||
- Channels for 2.4 GHz: Set channel 1 or 6 or 11 depending on the congestion at your location. Do not set automatic channel selection. As time passes, if you notice poor performance, recheck congestion and set channel appropriately. The environment around you can and does change over time.
|
||||
|
||||
- Mode for 2.4 GHz: For best performance, set "N only" if you no longer use B or G capable devices.
|
||||
|
||||
- Network names: Do not set the 2.4 GHz Network and the 5 GHz Network to the same name. Note: Unfortunately many routers come with both networks set to the same name. You need to be able to control which network that is in use so changing the name of one of the networks is recommended. Since many IoT devices use the 2.4 GHz network, it may be better to change the name of the 5 GHz network.
|
||||
|
||||
- Channels for 5 GHz: Not all devices are capable of using DFS channels (I'm looking at you Roku.) It may be necessary to set a fixed channel in the range of 36 to 48 or 149 to 165 in order for all of your devices to work on 5 GHz. (For US, other countries may vary.)
|
||||
|
||||
- Best location for the WiFi router/access point: Near center of apartment or house, at least a couple of feet away from walls, in an elevated location. You may have to test to see what the best location is in your environment.
|
||||
|
||||
- Check congestion: There are apps available for smart phones that allow you to check the congestion levels on WiFi channels. The apps generally go by the name of ```WiFi Analyzer``` or something similar.
|
||||
|
||||
After making and saving changes, reboot the router.
|
||||
|
||||
-----
|
||||
|
||||
### Recommendations regarding USB
|
||||
|
||||
- Moving your USB WiFi adapter to a different USB port has been known to fix a variety of problems.
|
||||
|
||||
- If connecting your USB WiFi adapter to a desktop computer, use the USB ports on the rear of the computer. Why? The ports on the rear are directly connected to the motherboard which will reduce problems with interference and disconnection.
|
||||
|
||||
- If your USB WiFi adapter is USB 3 capable and you want it to operate in USB3 mode, plug it into a USB 3 port.
|
||||
|
||||
- Avoid USB 3.1 Gen 2 ports if possible as almost all currently available adapters have been tested with USB 3.1 Gen 1 (aka USB 3) and not with USB 3.1 Gen 2.
|
||||
|
||||
- If you use an extension cable and your adapter is USB 3 capable, the cable needs to be USB 3 capable (if not, you will be limited to USB 2 speeds).
|
||||
|
||||
- Extention cables can be problematic. A way to check if the extension cable is the problem is to plug the adapter temporarily into a USB port on the computer.
|
||||
|
||||
- Some USB WiFi adapters require considerable electrical current and push the capabilities of the power available via USB port. One example is adapters that use the Realtek 8814au chipset. Using a powered multiport USB extension can be a good idea in cases like this.
|
||||
|
||||
-----
|
||||
|
||||
### How to disable onboard WiFi on Raspberry Pi 3B, 3B+, 3A+, 4B and Zero W
|
||||
|
||||
Add the following line to /boot/config.txt
|
||||
|
||||
```
|
||||
dtoverlay=disable-wifi
|
||||
```
|
||||
|
||||
-----
|
||||
|
||||
### How to forget a saved WiFi network on a Raspberry Pi
|
||||
|
||||
#### Step 1: Edit wpa_supplicant.conf
|
||||
|
||||
```
|
||||
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
|
||||
```
|
||||
|
||||
#### Step 2: Delete the relevant WiFi network block (including the 'network=' and opening/closing braces.
|
||||
|
||||
#### Step 3: Press ctrl-x followed by 'y' and enter to save the file.
|
||||
|
||||
#### Step 4: Reboot
|
||||
|
||||
-----
|
||||
|
||||
### FAQ:
|
||||
|
||||
Question: Is WPA3 supported?
|
||||
|
||||
Answer: WPA3-SAE support is in this driver according to Realtek and it
|
||||
works well on some Linux distros but not all. Generally the reason for
|
||||
WPA3 not working on Linux distros is that the distro has an old version
|
||||
of wpa_supplicant or Network Manager. Your options are to upgrade to a
|
||||
more modern distro (most distros released after mid 2022) or compile and
|
||||
install new versions of the wpa_supplicant and Network Manager utilities.
|
||||
|
||||
-----
|
||||
|
||||
Question: I bought two rtl8811cu based adapters and am planning to use
|
||||
both in the same computer. How do I set that up?
|
||||
|
||||
Answer: Realtek drivers do not support more than one adapter with the
|
||||
same chipset in the same computer. You can have multiple Realtek based
|
||||
adapters in the same computer as long as the adapters are based on
|
||||
different chipsets.
|
||||
|
||||
-----
|
||||
|
||||
Question: Why do you recommend Mediatek based adapters when you maintain
|
||||
this repo for a Realtek driver?
|
||||
|
||||
Answer: Many new and existing Linux users already have adapters based on
|
||||
Realtek chipsets. This repo is for Linux users to support their existing
|
||||
adapters but my STRONG recommendation is for Linux users to seek out USB
|
||||
WiFi solutions based on Mediatek chipsets:
|
||||
|
||||
https://github.com/morrownr/USB-WiFi
|
||||
|
||||
-----
|
||||
|
||||
Question: Will you put volunteers to work?
|
||||
|
||||
Answer: Yes. Post a message in `Issues` or `Discussions` if interested.
|
||||
|
||||
-----
|
||||
|
||||
Question: I am having problems with my adapter and I use Virtualbox?
|
||||
|
||||
Answer: This [article](https://null-byte.wonderhowto.com/forum/wifi-hacking-attach-usb-wireless-adapter-with-virtual-box-0324433/) may help.
|
||||
|
||||
-----
|
||||
|
||||
Question: The driver installation script completed successfully and the
|
||||
driver is installed but does not seem to be working. What is wrong?
|
||||
|
||||
Answer: Turn secure boot off to see if that allows the driver to work.
|
||||
This driver is primarily tested on Debian based distros such as Ubuntu,
|
||||
Raspberry Pi OS and Kali. In an attempt to make this driver work well on
|
||||
many Linux distros, other distros, including the Arch based Manjaro is
|
||||
used for testing. Currently I do not have installations of Fedora or
|
||||
OpenSUSE available for testing and reply on user reports of success or
|
||||
failure. I have two test systems with secure boot on so as to test secure
|
||||
boot. I have not seen any secure boot problems with Debian based systems
|
||||
and I don't remember problems with Manjaro.
|
||||
|
||||
dkms is used in the installation script. It helps with a lot of issues that
|
||||
will come up if a simple manual installation is used. dkms has the
|
||||
capability to handle the needs of secure boot. dkms was written by and is
|
||||
maintained by Dell. Dell has been offering some Ubuntu pre-loaded systems
|
||||
for years so their devs likely test on Ubuntu. I suspect Fedora and
|
||||
OpenSUSE may be handing their secure boot support differently than Debian
|
||||
based systems and this is leading to problems. This and the other repos
|
||||
I have are VERY heavily used and I am sure there are plenty of non-Debian
|
||||
users that use this driver. Are they all turning off secure boot and not
|
||||
reporting the problem? I don't know. What I do know is that reports like
|
||||
this are rare.
|
||||
|
||||
For the driver to compile and install correctly but not be available
|
||||
tells me there is likely a key issue. Here is an interesting link
|
||||
regarding Debian systems and secure boot:
|
||||
|
||||
https://wiki.debian.org/SecureBoot
|
||||
|
||||
That document contains a lot of information that can help an investigation
|
||||
into what the real problem is and I invite you and other Fedora, OpemSUSE
|
||||
and users of other distros that show this problem to investigate and
|
||||
present what you know to the devs of your distro via their problem
|
||||
reporting system. Turning off secure boot is NOT a fix. A real fix needs
|
||||
to happen.
|
||||
|
||||
-----
|
||||
|
||||
Question: Can you provide additional information about monitor mode?
|
||||
|
||||
Answer: I have a repo that is setup to help with monitor mode:
|
||||
|
||||
https://github.com/morrownr/Monitor_Mode
|
||||
|
||||
Work to improve monitor mode is ongoing with this driver. Your
|
||||
reports of success or failure are needed. If you have yet to buy an
|
||||
adapter to use with monitor mode, there are adapters available that are
|
||||
known to work very well with monitor mode. My recommendation for those
|
||||
looking to buy an adapter for monitor mode is to buy adapters based on
|
||||
the following chipsets: mt7921au, mt7612u, mt7610u, rtl8812au and
|
||||
rtl8811au. My specific recommendations for adapters in order of
|
||||
preference are:
|
||||
|
||||
ALFA AWUS036ACHM - long range - in-kernel driver
|
||||
|
||||
ALFA AWUS036ACM - in-kernel driver
|
||||
|
||||
ALFA AWUS036ACH - long range - [driver](https://github.com/morrownr/8812au-20210629)
|
||||
|
||||
ALFA AWUS036ACS - [driver](https://github.com/morrownr/8821au-20210708)
|
||||
|
||||
To ask questions, go to [USB-WiFi](https://github.com/morrownr/USB-WiFi)
|
||||
and post in `Discussions` or `Issues`.
|
||||
|
||||
-----
|
||||
|
||||
Question: I have an adapter with the 8821cu chipset which means it supports
|
||||
bluetooth. The bluetooth works but the wifi does not. What is wrong?
|
||||
|
||||
Answer: There appears to be a hardware bug in some 8821cu based adapters
|
||||
and the fix is to set the driver option ( `rtw_RFE_type` ) in 8821cu.conf.
|
||||
The easiest way to edit 8821cu.conf is to run the following from the driver
|
||||
directory:
|
||||
|
||||
```
|
||||
sudo ./edit-options.sh
|
||||
```
|
||||
|
||||
Once in the document, you can scroll down to the documentation about
|
||||
`rtw_RFE_type`. You will likely have to experiment to find out what setting
|
||||
works best for your adapter but a good place to start is probably...
|
||||
|
||||
```
|
||||
rtw_RFE_type=7
|
||||
```
|
||||
|
||||
Simply add that option to the end of the `options` line, save and reboot.
|
||||
|
||||
-----
|
||||
|
||||
#### [Go to Main Menu](https://github.com/morrownr/USB-WiFi)
|
||||
|
||||
-----
|
||||
|
5
clean
Normal file
5
clean
Normal file
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
rmmod 8192cu
|
||||
rmmod 8192ce
|
||||
rmmod 8192du
|
||||
rmmod 8192de
|
211
core/crypto/aes-ccm.c
Normal file
211
core/crypto/aes-ccm.c
Normal file
@ -0,0 +1,211 @@
|
||||
/*
|
||||
* Counter with CBC-MAC (CCM) with AES
|
||||
*
|
||||
* Copyright (c) 2010-2012, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#include "rtw_crypto_wrap.h"
|
||||
|
||||
#include "aes.h"
|
||||
#include "aes_wrap.h"
|
||||
|
||||
|
||||
static void xor_aes_block(u8 *dst, const u8 *src)
|
||||
{
|
||||
u32 *d = (u32 *) dst;
|
||||
u32 *s = (u32 *) src;
|
||||
*d++ ^= *s++;
|
||||
*d++ ^= *s++;
|
||||
*d++ ^= *s++;
|
||||
*d++ ^= *s++;
|
||||
}
|
||||
|
||||
|
||||
static void aes_ccm_auth_start(void *aes, size_t M, size_t L, const u8 *nonce,
|
||||
const u8 *aad, size_t aad_len, size_t plain_len,
|
||||
u8 *x)
|
||||
{
|
||||
u8 aad_buf[2 * AES_BLOCK_SIZE];
|
||||
u8 b[AES_BLOCK_SIZE];
|
||||
|
||||
/* Authentication */
|
||||
/* B_0: Flags | Nonce N | l(m) */
|
||||
b[0] = aad_len ? 0x40 : 0 /* Adata */;
|
||||
b[0] |= (((M - 2) / 2) /* M' */ << 3);
|
||||
b[0] |= (L - 1) /* L' */;
|
||||
os_memcpy(&b[1], nonce, 15 - L);
|
||||
WPA_PUT_BE16(&b[AES_BLOCK_SIZE - L], plain_len);
|
||||
|
||||
wpa_hexdump_key(_MSG_EXCESSIVE_, "CCM B_0", b, AES_BLOCK_SIZE);
|
||||
aes_encrypt(aes, b, x); /* X_1 = E(K, B_0) */
|
||||
|
||||
if (!aad_len)
|
||||
return;
|
||||
|
||||
WPA_PUT_BE16(aad_buf, aad_len);
|
||||
os_memcpy(aad_buf + 2, aad, aad_len);
|
||||
os_memset(aad_buf + 2 + aad_len, 0, sizeof(aad_buf) - 2 - aad_len);
|
||||
|
||||
xor_aes_block(aad_buf, x);
|
||||
aes_encrypt(aes, aad_buf, x); /* X_2 = E(K, X_1 XOR B_1) */
|
||||
|
||||
if (aad_len > AES_BLOCK_SIZE - 2) {
|
||||
xor_aes_block(&aad_buf[AES_BLOCK_SIZE], x);
|
||||
/* X_3 = E(K, X_2 XOR B_2) */
|
||||
aes_encrypt(aes, &aad_buf[AES_BLOCK_SIZE], x);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void aes_ccm_auth(void *aes, const u8 *data, size_t len, u8 *x)
|
||||
{
|
||||
size_t last = len % AES_BLOCK_SIZE;
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < len / AES_BLOCK_SIZE; i++) {
|
||||
/* X_i+1 = E(K, X_i XOR B_i) */
|
||||
xor_aes_block(x, data);
|
||||
data += AES_BLOCK_SIZE;
|
||||
aes_encrypt(aes, x, x);
|
||||
}
|
||||
if (last) {
|
||||
/* XOR zero-padded last block */
|
||||
for (i = 0; i < last; i++)
|
||||
x[i] ^= *data++;
|
||||
aes_encrypt(aes, x, x);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void aes_ccm_encr_start(size_t L, const u8 *nonce, u8 *a)
|
||||
{
|
||||
/* A_i = Flags | Nonce N | Counter i */
|
||||
a[0] = L - 1; /* Flags = L' */
|
||||
os_memcpy(&a[1], nonce, 15 - L);
|
||||
}
|
||||
|
||||
|
||||
static void aes_ccm_encr(void *aes, size_t L, const u8 *in, size_t len, u8 *out,
|
||||
u8 *a)
|
||||
{
|
||||
size_t last = len % AES_BLOCK_SIZE;
|
||||
size_t i;
|
||||
|
||||
/* crypt = msg XOR (S_1 | S_2 | ... | S_n) */
|
||||
for (i = 1; i <= len / AES_BLOCK_SIZE; i++) {
|
||||
WPA_PUT_BE16(&a[AES_BLOCK_SIZE - 2], i);
|
||||
/* S_i = E(K, A_i) */
|
||||
aes_encrypt(aes, a, out);
|
||||
xor_aes_block(out, in);
|
||||
out += AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
}
|
||||
if (last) {
|
||||
WPA_PUT_BE16(&a[AES_BLOCK_SIZE - 2], i);
|
||||
aes_encrypt(aes, a, out);
|
||||
/* XOR zero-padded last block */
|
||||
for (i = 0; i < last; i++)
|
||||
*out++ ^= *in++;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void aes_ccm_encr_auth(void *aes, size_t M, u8 *x, u8 *a, u8 *auth)
|
||||
{
|
||||
size_t i;
|
||||
u8 tmp[AES_BLOCK_SIZE];
|
||||
|
||||
wpa_hexdump_key(_MSG_EXCESSIVE_, "CCM T", x, M);
|
||||
/* U = T XOR S_0; S_0 = E(K, A_0) */
|
||||
WPA_PUT_BE16(&a[AES_BLOCK_SIZE - 2], 0);
|
||||
aes_encrypt(aes, a, tmp);
|
||||
for (i = 0; i < M; i++)
|
||||
auth[i] = x[i] ^ tmp[i];
|
||||
wpa_hexdump_key(_MSG_EXCESSIVE_, "CCM U", auth, M);
|
||||
}
|
||||
|
||||
|
||||
static void aes_ccm_decr_auth(void *aes, size_t M, u8 *a, const u8 *auth, u8 *t)
|
||||
{
|
||||
size_t i;
|
||||
u8 tmp[AES_BLOCK_SIZE];
|
||||
|
||||
wpa_hexdump_key(_MSG_EXCESSIVE_, "CCM U", auth, M);
|
||||
/* U = T XOR S_0; S_0 = E(K, A_0) */
|
||||
WPA_PUT_BE16(&a[AES_BLOCK_SIZE - 2], 0);
|
||||
aes_encrypt(aes, a, tmp);
|
||||
for (i = 0; i < M; i++)
|
||||
t[i] = auth[i] ^ tmp[i];
|
||||
wpa_hexdump_key(_MSG_EXCESSIVE_, "CCM T", t, M);
|
||||
}
|
||||
|
||||
|
||||
/* AES-CCM with fixed L=2 and aad_len <= 30 assumption */
|
||||
int aes_ccm_ae(const u8 *key, size_t key_len, const u8 *nonce,
|
||||
size_t M, const u8 *plain, size_t plain_len,
|
||||
const u8 *aad, size_t aad_len, u8 *crypt, u8 *auth)
|
||||
{
|
||||
const size_t L = 2;
|
||||
void *aes;
|
||||
u8 x[AES_BLOCK_SIZE], a[AES_BLOCK_SIZE];
|
||||
|
||||
if (aad_len > 30 || M > AES_BLOCK_SIZE)
|
||||
return -1;
|
||||
|
||||
aes = aes_encrypt_init(key, key_len);
|
||||
if (aes == NULL)
|
||||
return -1;
|
||||
|
||||
aes_ccm_auth_start(aes, M, L, nonce, aad, aad_len, plain_len, x);
|
||||
aes_ccm_auth(aes, plain, plain_len, x);
|
||||
|
||||
/* Encryption */
|
||||
aes_ccm_encr_start(L, nonce, a);
|
||||
aes_ccm_encr(aes, L, plain, plain_len, crypt, a);
|
||||
aes_ccm_encr_auth(aes, M, x, a, auth);
|
||||
|
||||
aes_encrypt_deinit(aes);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* AES-CCM with fixed L=2 and aad_len <= 30 assumption */
|
||||
int aes_ccm_ad(const u8 *key, size_t key_len, const u8 *nonce,
|
||||
size_t M, const u8 *crypt, size_t crypt_len,
|
||||
const u8 *aad, size_t aad_len, const u8 *auth, u8 *plain)
|
||||
{
|
||||
const size_t L = 2;
|
||||
void *aes;
|
||||
u8 x[AES_BLOCK_SIZE], a[AES_BLOCK_SIZE];
|
||||
u8 t[AES_BLOCK_SIZE];
|
||||
|
||||
if (aad_len > 30 || M > AES_BLOCK_SIZE)
|
||||
return -1;
|
||||
|
||||
aes = aes_encrypt_init(key, key_len);
|
||||
if (aes == NULL)
|
||||
return -1;
|
||||
|
||||
/* Decryption */
|
||||
aes_ccm_encr_start(L, nonce, a);
|
||||
aes_ccm_decr_auth(aes, M, a, auth, t);
|
||||
|
||||
/* plaintext = msg XOR (S_1 | S_2 | ... | S_n) */
|
||||
aes_ccm_encr(aes, L, crypt, crypt_len, plain, a);
|
||||
|
||||
aes_ccm_auth_start(aes, M, L, nonce, aad, aad_len, crypt_len, x);
|
||||
aes_ccm_auth(aes, plain, crypt_len, x);
|
||||
|
||||
aes_encrypt_deinit(aes);
|
||||
|
||||
if (os_memcmp_const(x, t, M) != 0) {
|
||||
wpa_printf(_MSG_EXCESSIVE_, "CCM: Auth mismatch");
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
70
core/crypto/aes-ctr.c
Normal file
70
core/crypto/aes-ctr.c
Normal file
@ -0,0 +1,70 @@
|
||||
/*
|
||||
* AES-128/192/256 CTR
|
||||
*
|
||||
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#include "rtw_crypto_wrap.h"
|
||||
|
||||
#include "aes.h"
|
||||
#include "aes_wrap.h"
|
||||
|
||||
/**
|
||||
* aes_ctr_encrypt - AES-128/192/256 CTR mode encryption
|
||||
* @key: Key for encryption (key_len bytes)
|
||||
* @key_len: Length of the key (16, 24, or 32 bytes)
|
||||
* @nonce: Nonce for counter mode (16 bytes)
|
||||
* @data: Data to encrypt in-place
|
||||
* @data_len: Length of data in bytes
|
||||
* Returns: 0 on success, -1 on failure
|
||||
*/
|
||||
int aes_ctr_encrypt(const u8 *key, size_t key_len, const u8 *nonce,
|
||||
u8 *data, size_t data_len)
|
||||
{
|
||||
void *ctx;
|
||||
size_t j, len, left = data_len;
|
||||
int i;
|
||||
u8 *pos = data;
|
||||
u8 counter[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];
|
||||
|
||||
ctx = aes_encrypt_init(key, key_len);
|
||||
if (ctx == NULL)
|
||||
return -1;
|
||||
os_memcpy(counter, nonce, AES_BLOCK_SIZE);
|
||||
|
||||
while (left > 0) {
|
||||
aes_encrypt(ctx, counter, buf);
|
||||
|
||||
len = (left < AES_BLOCK_SIZE) ? left : AES_BLOCK_SIZE;
|
||||
for (j = 0; j < len; j++)
|
||||
pos[j] ^= buf[j];
|
||||
pos += len;
|
||||
left -= len;
|
||||
|
||||
for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
|
||||
counter[i]++;
|
||||
if (counter[i])
|
||||
break;
|
||||
}
|
||||
}
|
||||
aes_encrypt_deinit(ctx);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* aes_128_ctr_encrypt - AES-128 CTR mode encryption
|
||||
* @key: Key for encryption (key_len bytes)
|
||||
* @nonce: Nonce for counter mode (16 bytes)
|
||||
* @data: Data to encrypt in-place
|
||||
* @data_len: Length of data in bytes
|
||||
* Returns: 0 on success, -1 on failure
|
||||
*/
|
||||
int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
|
||||
u8 *data, size_t data_len)
|
||||
{
|
||||
return aes_ctr_encrypt(key, 16, nonce, data, data_len);
|
||||
}
|
326
core/crypto/aes-gcm.c
Normal file
326
core/crypto/aes-gcm.c
Normal file
@ -0,0 +1,326 @@
|
||||
/*
|
||||
* Galois/Counter Mode (GCM) and GMAC with AES
|
||||
*
|
||||
* Copyright (c) 2012, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#include "rtw_crypto_wrap.h"
|
||||
|
||||
#include "aes.h"
|
||||
#include "aes_wrap.h"
|
||||
|
||||
static void inc32(u8 *block)
|
||||
{
|
||||
u32 val;
|
||||
val = WPA_GET_BE32(block + AES_BLOCK_SIZE - 4);
|
||||
val++;
|
||||
WPA_PUT_BE32(block + AES_BLOCK_SIZE - 4, val);
|
||||
}
|
||||
|
||||
|
||||
static void xor_block(u8 *dst, const u8 *src)
|
||||
{
|
||||
u32 *d = (u32 *) dst;
|
||||
u32 *s = (u32 *) src;
|
||||
*d++ ^= *s++;
|
||||
*d++ ^= *s++;
|
||||
*d++ ^= *s++;
|
||||
*d++ ^= *s++;
|
||||
}
|
||||
|
||||
|
||||
static void shift_right_block(u8 *v)
|
||||
{
|
||||
u32 val;
|
||||
|
||||
val = WPA_GET_BE32(v + 12);
|
||||
val >>= 1;
|
||||
if (v[11] & 0x01)
|
||||
val |= 0x80000000;
|
||||
WPA_PUT_BE32(v + 12, val);
|
||||
|
||||
val = WPA_GET_BE32(v + 8);
|
||||
val >>= 1;
|
||||
if (v[7] & 0x01)
|
||||
val |= 0x80000000;
|
||||
WPA_PUT_BE32(v + 8, val);
|
||||
|
||||
val = WPA_GET_BE32(v + 4);
|
||||
val >>= 1;
|
||||
if (v[3] & 0x01)
|
||||
val |= 0x80000000;
|
||||
WPA_PUT_BE32(v + 4, val);
|
||||
|
||||
val = WPA_GET_BE32(v);
|
||||
val >>= 1;
|
||||
WPA_PUT_BE32(v, val);
|
||||
}
|
||||
|
||||
|
||||
/* Multiplication in GF(2^128) */
|
||||
static void gf_mult(const u8 *x, const u8 *y, u8 *z)
|
||||
{
|
||||
u8 v[16];
|
||||
int i, j;
|
||||
|
||||
os_memset(z, 0, 16); /* Z_0 = 0^128 */
|
||||
os_memcpy(v, y, 16); /* V_0 = Y */
|
||||
|
||||
for (i = 0; i < 16; i++) {
|
||||
for (j = 0; j < 8; j++) {
|
||||
if (x[i] & BIT(7 - j)) {
|
||||
/* Z_(i + 1) = Z_i XOR V_i */
|
||||
xor_block(z, v);
|
||||
} else {
|
||||
/* Z_(i + 1) = Z_i */
|
||||
}
|
||||
|
||||
if (v[15] & 0x01) {
|
||||
/* V_(i + 1) = (V_i >> 1) XOR R */
|
||||
shift_right_block(v);
|
||||
/* R = 11100001 || 0^120 */
|
||||
v[0] ^= 0xe1;
|
||||
} else {
|
||||
/* V_(i + 1) = V_i >> 1 */
|
||||
shift_right_block(v);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void ghash_start(u8 *y)
|
||||
{
|
||||
/* Y_0 = 0^128 */
|
||||
os_memset(y, 0, 16);
|
||||
}
|
||||
|
||||
|
||||
static void ghash(const u8 *h, const u8 *x, size_t xlen, u8 *y)
|
||||
{
|
||||
size_t m, i;
|
||||
const u8 *xpos = x;
|
||||
u8 tmp[16];
|
||||
|
||||
m = xlen / 16;
|
||||
|
||||
for (i = 0; i < m; i++) {
|
||||
/* Y_i = (Y^(i-1) XOR X_i) dot H */
|
||||
xor_block(y, xpos);
|
||||
xpos += 16;
|
||||
|
||||
/* dot operation:
|
||||
* multiplication operation for binary Galois (finite) field of
|
||||
* 2^128 elements */
|
||||
gf_mult(y, h, tmp);
|
||||
os_memcpy(y, tmp, 16);
|
||||
}
|
||||
|
||||
if (x + xlen > xpos) {
|
||||
/* Add zero padded last block */
|
||||
size_t last = x + xlen - xpos;
|
||||
os_memcpy(tmp, xpos, last);
|
||||
os_memset(tmp + last, 0, sizeof(tmp) - last);
|
||||
|
||||
/* Y_i = (Y^(i-1) XOR X_i) dot H */
|
||||
xor_block(y, tmp);
|
||||
|
||||
/* dot operation:
|
||||
* multiplication operation for binary Galois (finite) field of
|
||||
* 2^128 elements */
|
||||
gf_mult(y, h, tmp);
|
||||
os_memcpy(y, tmp, 16);
|
||||
}
|
||||
|
||||
/* Return Y_m */
|
||||
}
|
||||
|
||||
|
||||
static void aes_gctr(void *aes, const u8 *icb, const u8 *x, size_t xlen, u8 *y)
|
||||
{
|
||||
size_t i, n, last;
|
||||
u8 cb[AES_BLOCK_SIZE], tmp[AES_BLOCK_SIZE];
|
||||
const u8 *xpos = x;
|
||||
u8 *ypos = y;
|
||||
|
||||
if (xlen == 0)
|
||||
return;
|
||||
|
||||
n = xlen / 16;
|
||||
|
||||
os_memcpy(cb, icb, AES_BLOCK_SIZE);
|
||||
/* Full blocks */
|
||||
for (i = 0; i < n; i++) {
|
||||
aes_encrypt(aes, cb, ypos);
|
||||
xor_block(ypos, xpos);
|
||||
xpos += AES_BLOCK_SIZE;
|
||||
ypos += AES_BLOCK_SIZE;
|
||||
inc32(cb);
|
||||
}
|
||||
|
||||
last = x + xlen - xpos;
|
||||
if (last) {
|
||||
/* Last, partial block */
|
||||
aes_encrypt(aes, cb, tmp);
|
||||
for (i = 0; i < last; i++)
|
||||
*ypos++ = *xpos++ ^ tmp[i];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void * aes_gcm_init_hash_subkey(const u8 *key, size_t key_len, u8 *H)
|
||||
{
|
||||
void *aes;
|
||||
|
||||
aes = aes_encrypt_init(key, key_len);
|
||||
if (aes == NULL)
|
||||
return NULL;
|
||||
|
||||
/* Generate hash subkey H = AES_K(0^128) */
|
||||
os_memset(H, 0, AES_BLOCK_SIZE);
|
||||
aes_encrypt(aes, H, H);
|
||||
wpa_hexdump_key(_MSG_EXCESSIVE_, "Hash subkey H for GHASH",
|
||||
H, AES_BLOCK_SIZE);
|
||||
return aes;
|
||||
}
|
||||
|
||||
|
||||
static void aes_gcm_prepare_j0(const u8 *iv, size_t iv_len, const u8 *H, u8 *J0)
|
||||
{
|
||||
u8 len_buf[16];
|
||||
|
||||
if (iv_len == 12) {
|
||||
/* Prepare block J_0 = IV || 0^31 || 1 [len(IV) = 96] */
|
||||
os_memcpy(J0, iv, iv_len);
|
||||
os_memset(J0 + iv_len, 0, AES_BLOCK_SIZE - iv_len);
|
||||
J0[AES_BLOCK_SIZE - 1] = 0x01;
|
||||
} else {
|
||||
/*
|
||||
* s = 128 * ceil(len(IV)/128) - len(IV)
|
||||
* J_0 = GHASH_H(IV || 0^(s+64) || [len(IV)]_64)
|
||||
*/
|
||||
ghash_start(J0);
|
||||
ghash(H, iv, iv_len, J0);
|
||||
WPA_PUT_BE64(len_buf, 0);
|
||||
WPA_PUT_BE64(len_buf + 8, iv_len * 8);
|
||||
ghash(H, len_buf, sizeof(len_buf), J0);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void aes_gcm_gctr(void *aes, const u8 *J0, const u8 *in, size_t len,
|
||||
u8 *out)
|
||||
{
|
||||
u8 J0inc[AES_BLOCK_SIZE];
|
||||
|
||||
if (len == 0)
|
||||
return;
|
||||
|
||||
os_memcpy(J0inc, J0, AES_BLOCK_SIZE);
|
||||
inc32(J0inc);
|
||||
aes_gctr(aes, J0inc, in, len, out);
|
||||
}
|
||||
|
||||
|
||||
static void aes_gcm_ghash(const u8 *H, const u8 *aad, size_t aad_len,
|
||||
const u8 *crypt, size_t crypt_len, u8 *S)
|
||||
{
|
||||
u8 len_buf[16];
|
||||
|
||||
/*
|
||||
* u = 128 * ceil[len(C)/128] - len(C)
|
||||
* v = 128 * ceil[len(A)/128] - len(A)
|
||||
* S = GHASH_H(A || 0^v || C || 0^u || [len(A)]64 || [len(C)]64)
|
||||
* (i.e., zero padded to block size A || C and lengths of each in bits)
|
||||
*/
|
||||
ghash_start(S);
|
||||
ghash(H, aad, aad_len, S);
|
||||
ghash(H, crypt, crypt_len, S);
|
||||
WPA_PUT_BE64(len_buf, aad_len * 8);
|
||||
WPA_PUT_BE64(len_buf + 8, crypt_len * 8);
|
||||
ghash(H, len_buf, sizeof(len_buf), S);
|
||||
|
||||
wpa_hexdump_key(_MSG_EXCESSIVE_, "S = GHASH_H(...)", S, 16);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* aes_gcm_ae - GCM-AE_K(IV, P, A)
|
||||
*/
|
||||
int aes_gcm_ae(const u8 *key, size_t key_len, const u8 *iv, size_t iv_len,
|
||||
const u8 *plain, size_t plain_len,
|
||||
const u8 *aad, size_t aad_len, u8 *crypt, u8 *tag)
|
||||
{
|
||||
u8 H[AES_BLOCK_SIZE];
|
||||
u8 J0[AES_BLOCK_SIZE];
|
||||
u8 S[16];
|
||||
void *aes;
|
||||
|
||||
aes = aes_gcm_init_hash_subkey(key, key_len, H);
|
||||
if (aes == NULL)
|
||||
return -1;
|
||||
|
||||
aes_gcm_prepare_j0(iv, iv_len, H, J0);
|
||||
|
||||
/* C = GCTR_K(inc_32(J_0), P) */
|
||||
aes_gcm_gctr(aes, J0, plain, plain_len, crypt);
|
||||
|
||||
aes_gcm_ghash(H, aad, aad_len, crypt, plain_len, S);
|
||||
|
||||
/* T = MSB_t(GCTR_K(J_0, S)) */
|
||||
aes_gctr(aes, J0, S, sizeof(S), tag);
|
||||
|
||||
/* Return (C, T) */
|
||||
|
||||
aes_encrypt_deinit(aes);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* aes_gcm_ad - GCM-AD_K(IV, C, A, T)
|
||||
*/
|
||||
int aes_gcm_ad(const u8 *key, size_t key_len, const u8 *iv, size_t iv_len,
|
||||
const u8 *crypt, size_t crypt_len,
|
||||
const u8 *aad, size_t aad_len, const u8 *tag, u8 *plain)
|
||||
{
|
||||
u8 H[AES_BLOCK_SIZE];
|
||||
u8 J0[AES_BLOCK_SIZE];
|
||||
u8 S[16], T[16];
|
||||
void *aes;
|
||||
|
||||
aes = aes_gcm_init_hash_subkey(key, key_len, H);
|
||||
if (aes == NULL)
|
||||
return -1;
|
||||
|
||||
aes_gcm_prepare_j0(iv, iv_len, H, J0);
|
||||
|
||||
/* P = GCTR_K(inc_32(J_0), C) */
|
||||
aes_gcm_gctr(aes, J0, crypt, crypt_len, plain);
|
||||
|
||||
aes_gcm_ghash(H, aad, aad_len, crypt, crypt_len, S);
|
||||
|
||||
/* T' = MSB_t(GCTR_K(J_0, S)) */
|
||||
aes_gctr(aes, J0, S, sizeof(S), T);
|
||||
|
||||
aes_encrypt_deinit(aes);
|
||||
|
||||
if (os_memcmp_const(tag, T, 16) != 0) {
|
||||
wpa_printf(_MSG_EXCESSIVE_, "GCM: Tag mismatch");
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int aes_gmac(const u8 *key, size_t key_len, const u8 *iv, size_t iv_len,
|
||||
const u8 *aad, size_t aad_len, u8 *tag)
|
||||
{
|
||||
return aes_gcm_ae(key, key_len, iv, iv_len, NULL, 0, aad, aad_len, NULL,
|
||||
tag);
|
||||
}
|
129
core/crypto/aes-internal-enc.c
Normal file
129
core/crypto/aes-internal-enc.c
Normal file
@ -0,0 +1,129 @@
|
||||
/*
|
||||
* AES (Rijndael) cipher - encrypt
|
||||
*
|
||||
* Modifications to public domain implementation:
|
||||
* - cleanup
|
||||
* - use C pre-processor to make it easier to change S table access
|
||||
* - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at
|
||||
* cost of reduced throughput (quite small difference on Pentium 4,
|
||||
* 10-25% when using -O1 or -O2 optimization)
|
||||
*
|
||||
* Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#include "rtw_crypto_wrap.h"
|
||||
|
||||
#include "aes_i.h"
|
||||
|
||||
static void rijndaelEncrypt(const u32 rk[], int Nr, const u8 pt[16], u8 ct[16])
|
||||
{
|
||||
u32 s0, s1, s2, s3, t0, t1, t2, t3;
|
||||
#ifndef FULL_UNROLL
|
||||
int r;
|
||||
#endif /* ?FULL_UNROLL */
|
||||
|
||||
/*
|
||||
* map byte array block to cipher state
|
||||
* and add initial round key:
|
||||
*/
|
||||
s0 = GETU32(pt ) ^ rk[0];
|
||||
s1 = GETU32(pt + 4) ^ rk[1];
|
||||
s2 = GETU32(pt + 8) ^ rk[2];
|
||||
s3 = GETU32(pt + 12) ^ rk[3];
|
||||
|
||||
#define ROUND(i,d,s) \
|
||||
d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
|
||||
d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
|
||||
d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
|
||||
d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]
|
||||
|
||||
#ifdef FULL_UNROLL
|
||||
|
||||
ROUND(1,t,s);
|
||||
ROUND(2,s,t);
|
||||
ROUND(3,t,s);
|
||||
ROUND(4,s,t);
|
||||
ROUND(5,t,s);
|
||||
ROUND(6,s,t);
|
||||
ROUND(7,t,s);
|
||||
ROUND(8,s,t);
|
||||
ROUND(9,t,s);
|
||||
if (Nr > 10) {
|
||||
ROUND(10,s,t);
|
||||
ROUND(11,t,s);
|
||||
if (Nr > 12) {
|
||||
ROUND(12,s,t);
|
||||
ROUND(13,t,s);
|
||||
}
|
||||
}
|
||||
|
||||
rk += Nr << 2;
|
||||
|
||||
#else /* !FULL_UNROLL */
|
||||
|
||||
/* Nr - 1 full rounds: */
|
||||
r = Nr >> 1;
|
||||
for (;;) {
|
||||
ROUND(1,t,s);
|
||||
rk += 8;
|
||||
if (--r == 0)
|
||||
break;
|
||||
ROUND(0,s,t);
|
||||
}
|
||||
|
||||
#endif /* ?FULL_UNROLL */
|
||||
|
||||
#undef ROUND
|
||||
|
||||
/*
|
||||
* apply last round and
|
||||
* map cipher state to byte array block:
|
||||
*/
|
||||
s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0];
|
||||
PUTU32(ct , s0);
|
||||
s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1];
|
||||
PUTU32(ct + 4, s1);
|
||||
s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2];
|
||||
PUTU32(ct + 8, s2);
|
||||
s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3];
|
||||
PUTU32(ct + 12, s3);
|
||||
}
|
||||
|
||||
|
||||
void * aes_encrypt_init(const u8 *key, size_t len)
|
||||
{
|
||||
u32 *rk;
|
||||
int res;
|
||||
|
||||
if (TEST_FAIL())
|
||||
return NULL;
|
||||
|
||||
rk = os_malloc(AES_PRIV_SIZE);
|
||||
if (rk == NULL)
|
||||
return NULL;
|
||||
res = rijndaelKeySetupEnc(rk, key, len * 8);
|
||||
if (res < 0) {
|
||||
rtw_mfree(rk, AES_PRIV_SIZE);
|
||||
return NULL;
|
||||
}
|
||||
rk[AES_PRIV_NR_POS] = res;
|
||||