1 /******************************************************************************
2 *
3 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 ******************************************************************************/
15 #ifndef __RTW_SECURITY_H_
16 #define __RTW_SECURITY_H_
17
18 #include <osdep_service.h>
19 #include <drv_types.h>
20
21 #define _NO_PRIVACY_ 0x0
22 #define _WEP40_ 0x1
23 #define _TKIP_ 0x2
24 #define _TKIP_WTMIC_ 0x3
25 #define _AES_ 0x4
26 #define _WEP104_ 0x5
27 #define _WEP_WPA_MIXED_ 0x07 /* WEP + WPA */
28 #define _SMS4_ 0x06
29
30 #define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_))
31
32 #define _WPA_IE_ID_ 0xdd
33 #define _WPA2_IE_ID_ 0x30
34
35 #define SHA256_MAC_LEN 32
36 #define AES_BLOCK_SIZE 16
37 #define AES_PRIV_SIZE (4 * 44)
38
39 enum {
40 ENCRYP_PROTOCOL_OPENSYS, /* open system */
41 ENCRYP_PROTOCOL_WEP, /* WEP */
42 ENCRYP_PROTOCOL_WPA, /* WPA */
43 ENCRYP_PROTOCOL_WPA2, /* WPA2 */
44 ENCRYP_PROTOCOL_WAPI, /* WAPI: Not support in this version */
45 ENCRYP_PROTOCOL_MAX
46 };
47
48
49 #ifndef Ndis802_11AuthModeWPA2
50 #define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
51 #endif
52
53 #ifndef Ndis802_11AuthModeWPA2PSK
54 #define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
55 #endif
56
57 union pn48 {
58 u64 val;
59
60 #ifdef __LITTLE_ENDIAN
61 struct {
62 u8 TSC0;
63 u8 TSC1;
64 u8 TSC2;
65 u8 TSC3;
66 u8 TSC4;
67 u8 TSC5;
68 u8 TSC6;
69 u8 TSC7;
70 } _byte_;
71
72 #elif defined(__BIG_ENDIAN)
73
74 struct {
75 u8 TSC7;
76 u8 TSC6;
77 u8 TSC5;
78 u8 TSC4;
79 u8 TSC3;
80 u8 TSC2;
81 u8 TSC1;
82 u8 TSC0;
83 } _byte_;
84 #endif
85 };
86
87 union Keytype {
88 u8 skey[16];
89 u32 lkey[4];
90 };
91
92 struct rt_pmkid_list {
93 u8 bUsed;
94 u8 Bssid[6];
95 u8 PMKID[16];
96 u8 SsidBuf[33];
97 u8 *ssid_octet;
98 u16 ssid_length;
99 };
100
101 struct security_priv {
102 u32 dot11AuthAlgrthm; /* 802.11 auth, could be open,
103 * shared, 8021x and authswitch */
104 u32 dot11PrivacyAlgrthm; /* This specify the privacy for
105 * shared auth. algorithm. */
106 /* WEP */
107 u32 dot11PrivacyKeyIndex; /* this is only valid for legendary
108 * wep, 0~3 for key id.(tx key index) */
109 union Keytype dot11DefKey[4]; /* this is only valid for def. key */
110 u32 dot11DefKeylen[4];
111 u32 dot118021XGrpPrivacy; /* This specify the privacy algthm.
112 * used for Grp key */
113 u32 dot118021XGrpKeyid; /* key id used for Grp Key
114 * ( tx key index) */
115 union Keytype dot118021XGrpKey[4]; /* 802.1x Group Key,
116 * for inx0 and inx1 */
117 union Keytype dot118021XGrptxmickey[4];
118 union Keytype dot118021XGrprxmickey[4];
119 union pn48 dot11Grptxpn; /* PN48 used for Grp Key xmit.*/
120 union pn48 dot11Grprxpn; /* PN48 used for Grp Key recv.*/
121 #ifdef CONFIG_88EU_AP_MODE
122 /* extend security capabilities for AP_MODE */
123 unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
124 unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
125 unsigned int wpa_group_cipher;
126 unsigned int wpa2_group_cipher;
127 unsigned int wpa_pairwise_cipher;
128 unsigned int wpa2_pairwise_cipher;
129 #endif
130 u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
131 int wps_ie_len;
132 u8 binstallGrpkey;
133 u8 busetkipkey;
134 u8 bcheck_grpkey;
135 u8 bgrpkey_handshake;
136 s32 sw_encrypt;/* from registry_priv */
137 s32 sw_decrypt;/* from registry_priv */
138 s32 hw_decrypted;/* if the rx packets is hw_decrypted==false,i
139 * it means the hw has not been ready. */
140
141 /* keeps the auth_type & enc_status from upper layer
142 * ioctl(wpa_supplicant or wzc) */
143 u32 ndisauthtype; /* NDIS_802_11_AUTHENTICATION_MODE */
144 u32 ndisencryptstatus; /* NDIS_802_11_ENCRYPTION_STATUS */
145 struct wlan_bssid_ex sec_bss; /* for joinbss (h2c buffer) usage */
146 struct ndis_802_11_wep ndiswep;
147 u8 assoc_info[600];
148 u8 szofcapability[256]; /* for wpa2 usage */
149 u8 oidassociation[512]; /* for wpa/wpa2 usage */
150 u8 authenticator_ie[256]; /* store ap security information element */
151 u8 supplicant_ie[256]; /* store sta security information element */
152
153 /* for tkip countermeasure */
154 u32 last_mic_err_time;
155 u8 btkip_countermeasure;
156 u8 btkip_wait_report;
157 u32 btkip_countermeasure_time;
158
159 /* */
160 /* For WPA2 Pre-Authentication. */
161 /* */
162 struct rt_pmkid_list PMKIDList[NUM_PMKID_CACHE];
163 u8 PMKIDIndex;
164 u8 bWepDefaultKeyIdxSet;
165 };
166
167 #define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst) \
168 do { \
169 switch (psecuritypriv->dot11AuthAlgrthm) { \
170 case dot11AuthAlgrthm_Open: \
171 case dot11AuthAlgrthm_Shared: \
172 case dot11AuthAlgrthm_Auto: \
173 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm; \
174 break; \
175 case dot11AuthAlgrthm_8021X: \
176 if (bmcst) \
177 encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\
178 else \
179 encry_algo = (u8)psta->dot118021XPrivacy; \
180 break; \
181 case dot11AuthAlgrthm_WAPI: \
182 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm; \
183 break; \
184 } \
185 } while (0)
186
187 #define SET_ICE_IV_LEN(iv_len, icv_len, encrypt) \
188 do { \
189 switch (encrypt) { \
190 case _WEP40_: \
191 case _WEP104_: \
192 iv_len = 4; \
193 icv_len = 4; \
194 break; \
195 case _TKIP_: \
196 iv_len = 8; \
197 icv_len = 4; \
198 break; \
199 case _AES_: \
200 iv_len = 8; \
201 icv_len = 8; \
202 break; \
203 case _SMS4_: \
204 iv_len = 18; \
205 icv_len = 16; \
206 break; \
207 default: \
208 iv_len = 0; \
209 icv_len = 0; \
210 break; \
211 } \
212 } while (0)
213
214
215 #define GET_TKIP_PN(iv, dot11txpn) \
216 do { \
217 dot11txpn._byte_.TSC0 = iv[2]; \
218 dot11txpn._byte_.TSC1 = iv[0]; \
219 dot11txpn._byte_.TSC2 = iv[4]; \
220 dot11txpn._byte_.TSC3 = iv[5]; \
221 dot11txpn._byte_.TSC4 = iv[6]; \
222 dot11txpn._byte_.TSC5 = iv[7]; \
223 } while (0)
224
225
226 #define ROL32(A, n) (((A) << (n)) | (((A)>>(32-(n))) & ((1UL << (n)) - 1)))
227 #define ROR32(A, n) ROL32((A), 32-(n))
228
229 struct mic_data {
230 u32 K0, K1; /* Key */
231 u32 L, R; /* Current state */
232 u32 M; /* Message accumulator (single word) */
233 u32 nBytesInM; /* # bytes in M */
234 };
235
236 extern const u32 Te0[256];
237 extern const u32 Td0[256];
238 extern const u32 Td1[256];
239 extern const u32 Td2[256];
240 extern const u32 Td3[256];
241 extern const u32 Td4[256];
242 extern const u32 rcon[10];
243 extern const u8 Td4s[256];
244 extern const u8 rcons[10];
245
246 #define RCON(i) (rcons[(i)] << 24)
247
rotr(u32 val,int bits)248 static inline u32 rotr(u32 val, int bits)
249 {
250 return (val >> bits) | (val << (32 - bits));
251 }
252
253 #define TE0(i) Te0[((i) >> 24) & 0xff]
254 #define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
255 #define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
256 #define TE3(i) rotr(Te0[(i) & 0xff], 24)
257
258 #define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
259 ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
260
261 #define PUTU32(ct, st) { \
262 (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
263 (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
264
265 #define WPA_GET_BE32(a) ((((u32)(a)[0]) << 24) | (((u32)(a)[1]) << 16) | \
266 (((u32)(a)[2]) << 8) | ((u32)(a)[3]))
267
268 #define WPA_PUT_LE16(a, val) \
269 do { \
270 (a)[1] = ((u16)(val)) >> 8; \
271 (a)[0] = ((u16)(val)) & 0xff; \
272 } while (0)
273
274 #define WPA_PUT_BE32(a, val) \
275 do { \
276 (a)[0] = (u8)((((u32)(val)) >> 24) & 0xff); \
277 (a)[1] = (u8)((((u32)(val)) >> 16) & 0xff); \
278 (a)[2] = (u8)((((u32)(val)) >> 8) & 0xff); \
279 (a)[3] = (u8)(((u32)(val)) & 0xff); \
280 } while (0)
281
282 #define WPA_PUT_BE64(a, val) \
283 do { \
284 (a)[0] = (u8)(((u64)(val)) >> 56); \
285 (a)[1] = (u8)(((u64)(val)) >> 48); \
286 (a)[2] = (u8)(((u64)(val)) >> 40); \
287 (a)[3] = (u8)(((u64)(val)) >> 32); \
288 (a)[4] = (u8)(((u64)(val)) >> 24); \
289 (a)[5] = (u8)(((u64)(val)) >> 16); \
290 (a)[6] = (u8)(((u64)(val)) >> 8); \
291 (a)[7] = (u8)(((u64)(val)) & 0xff); \
292 } while (0)
293
294 /* ===== start - public domain SHA256 implementation ===== */
295
296 /* This is based on SHA256 implementation in LibTomCrypt that was released into
297 * public domain by Tom St Denis. */
298
299 /* the K array */
300 static const unsigned long K[64] = {
301 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
302 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
303 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
304 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
305 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
306 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
307 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
308 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
309 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
310 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
311 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
312 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
313 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
314 };
315
316 /* Various logical functions */
317 #define RORc(x, y) \
318 (((((unsigned long)(x) & 0xFFFFFFFFUL) >> (unsigned long)((y)&31)) | \
319 ((unsigned long)(x) << (unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
320 #define Ch(x, y, z) (z ^ (x & (y ^ z)))
321 #define Maj(x, y, z) (((x | y) & z) | (x & y))
322 #define S(x, n) RORc((x), (n))
323 #define R(x, n) (((x)&0xFFFFFFFFUL)>>(n))
324 #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
325 #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
326 #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
327 #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
328
329 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key);
330 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b);
331 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nBytes);
332 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst);
333 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len,
334 u8 *Miccode, u8 priority);
335 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe);
336 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe);
337 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe);
338 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe);
339 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe);
340 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe);
341
342 #endif /* __RTL871X_SECURITY_H_ */
343