1 /* SPDX-License-Identifier: GPL-2.0 */
2 /******************************************************************************
3 *
4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
5 *
6 ******************************************************************************/
7 #ifndef __RTW_SECURITY_H_
8 #define __RTW_SECURITY_H_
9
10 #include <osdep_service.h>
11 #include <drv_types.h>
12
13 #define _NO_PRIVACY_ 0x0
14 #define _WEP40_ 0x1
15 #define _TKIP_ 0x2
16 #define _TKIP_WTMIC_ 0x3
17 #define _AES_ 0x4
18 #define _WEP104_ 0x5
19 #define _WEP_WPA_MIXED_ 0x07 /* WEP + WPA */
20 #define _SMS4_ 0x06
21
22 #define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_))
23
24 #define _WPA_IE_ID_ 0xdd
25 #define _WPA2_IE_ID_ 0x30
26
27 #define SHA256_MAC_LEN 32
28 #define AES_BLOCK_SIZE 16
29 #define AES_PRIV_SIZE (4 * 44)
30
31 enum {
32 ENCRYP_PROTOCOL_OPENSYS, /* open system */
33 ENCRYP_PROTOCOL_WEP, /* WEP */
34 ENCRYP_PROTOCOL_WPA, /* WPA */
35 ENCRYP_PROTOCOL_WPA2, /* WPA2 */
36 ENCRYP_PROTOCOL_WAPI, /* WAPI: Not support in this version */
37 ENCRYP_PROTOCOL_MAX
38 };
39
40
41 #ifndef Ndis802_11AuthModeWPA2
42 #define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
43 #endif
44
45 #ifndef Ndis802_11AuthModeWPA2PSK
46 #define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
47 #endif
48
49 union pn48 {
50 u64 val;
51
52 #ifdef __LITTLE_ENDIAN
53 struct {
54 u8 TSC0;
55 u8 TSC1;
56 u8 TSC2;
57 u8 TSC3;
58 u8 TSC4;
59 u8 TSC5;
60 u8 TSC6;
61 u8 TSC7;
62 } _byte_;
63
64 #elif defined(__BIG_ENDIAN)
65
66 struct {
67 u8 TSC7;
68 u8 TSC6;
69 u8 TSC5;
70 u8 TSC4;
71 u8 TSC3;
72 u8 TSC2;
73 u8 TSC1;
74 u8 TSC0;
75 } _byte_;
76 #endif
77 };
78
79 union Keytype {
80 u8 skey[16];
81 u32 lkey[4];
82 };
83
84 struct rt_pmkid_list {
85 u8 bUsed;
86 u8 Bssid[6];
87 u8 PMKID[16];
88 u8 SsidBuf[33];
89 u8 *ssid_octet;
90 u16 ssid_length;
91 };
92
93 struct security_priv {
94 u32 dot11AuthAlgrthm; /* 802.11 auth, could be open,
95 * shared, 8021x and authswitch
96 */
97 u32 dot11PrivacyAlgrthm; /* This specify the privacy for
98 * shared auth. algorithm.
99 */
100 /* WEP */
101 u32 dot11PrivacyKeyIndex; /* this is only valid for legendary
102 * wep, 0~3 for key id.(tx key index)
103 */
104 union Keytype dot11DefKey[4]; /* this is only valid for def. key */
105 u32 dot11DefKeylen[4];
106 u32 dot118021XGrpPrivacy; /* This specify the privacy algthm.
107 * used for Grp key
108 */
109 u32 dot118021XGrpKeyid; /* key id used for Grp Key
110 * ( tx key index)
111 */
112 union Keytype dot118021XGrpKey[4]; /* 802.1x Group Key,
113 * for inx0 and inx1
114 */
115 union Keytype dot118021XGrptxmickey[4];
116 union Keytype dot118021XGrprxmickey[4];
117 union pn48 dot11Grptxpn; /* PN48 used for Grp Key xmit.*/
118 union pn48 dot11Grprxpn; /* PN48 used for Grp Key recv.*/
119 #ifdef CONFIG_88EU_AP_MODE
120 /* extend security capabilities for AP_MODE */
121 unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
122 unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
123 unsigned int wpa_group_cipher;
124 unsigned int wpa2_group_cipher;
125 unsigned int wpa_pairwise_cipher;
126 unsigned int wpa2_pairwise_cipher;
127 #endif
128 u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
129 int wps_ie_len;
130 u8 binstallGrpkey;
131 u8 busetkipkey;
132 u8 bcheck_grpkey;
133 u8 bgrpkey_handshake;
134 s32 hw_decrypted;/* if the rx packets is hw_decrypted==false,i
135 * it means the hw has not been ready.
136 */
137
138 /* keeps the auth_type & enc_status from upper layer
139 * ioctl(wpa_supplicant or wzc)
140 */
141 u32 ndisauthtype; /* NDIS_802_11_AUTHENTICATION_MODE */
142 u32 ndisencryptstatus; /* NDIS_802_11_ENCRYPTION_STATUS */
143 struct wlan_bssid_ex sec_bss; /* for joinbss (h2c buffer) usage */
144 struct ndis_802_11_wep ndiswep;
145 u8 assoc_info[600];
146 u8 szofcapability[256]; /* for wpa2 usage */
147 u8 oidassociation[512]; /* for wpa/wpa2 usage */
148 u8 authenticator_ie[256]; /* store ap security information element */
149 u8 supplicant_ie[256]; /* store sta security information element */
150
151 /* for tkip countermeasure */
152 u32 last_mic_err_time;
153 u8 btkip_countermeasure;
154 u8 btkip_wait_report;
155 u32 btkip_countermeasure_time;
156
157 /* */
158 /* For WPA2 Pre-Authentication. */
159 /* */
160 struct rt_pmkid_list PMKIDList[NUM_PMKID_CACHE];
161 u8 PMKIDIndex;
162 u8 bWepDefaultKeyIdxSet;
163 };
164
165 #define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst) \
166 do { \
167 switch (psecuritypriv->dot11AuthAlgrthm) { \
168 case dot11AuthAlgrthm_Open: \
169 case dot11AuthAlgrthm_Shared: \
170 case dot11AuthAlgrthm_Auto: \
171 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm; \
172 break; \
173 case dot11AuthAlgrthm_8021X: \
174 if (bmcst) \
175 encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\
176 else \
177 encry_algo = (u8)psta->dot118021XPrivacy; \
178 break; \
179 case dot11AuthAlgrthm_WAPI: \
180 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm; \
181 break; \
182 } \
183 } while (0)
184
185 #define SET_ICE_IV_LEN(iv_len, icv_len, encrypt) \
186 do { \
187 switch (encrypt) { \
188 case _WEP40_: \
189 case _WEP104_: \
190 iv_len = 4; \
191 icv_len = 4; \
192 break; \
193 case _TKIP_: \
194 iv_len = 8; \
195 icv_len = 4; \
196 break; \
197 case _AES_: \
198 iv_len = 8; \
199 icv_len = 8; \
200 break; \
201 case _SMS4_: \
202 iv_len = 18; \
203 icv_len = 16; \
204 break; \
205 default: \
206 iv_len = 0; \
207 icv_len = 0; \
208 break; \
209 } \
210 } while (0)
211
212
213 #define GET_TKIP_PN(iv, dot11txpn) \
214 do { \
215 dot11txpn._byte_.TSC0 = iv[2]; \
216 dot11txpn._byte_.TSC1 = iv[0]; \
217 dot11txpn._byte_.TSC2 = iv[4]; \
218 dot11txpn._byte_.TSC3 = iv[5]; \
219 dot11txpn._byte_.TSC4 = iv[6]; \
220 dot11txpn._byte_.TSC5 = iv[7]; \
221 } while (0)
222
223
224 #define ROL32(A, n) (((A) << (n)) | (((A)>>(32-(n))) & ((1UL << (n)) - 1)))
225 #define ROR32(A, n) ROL32((A), 32-(n))
226
227 struct mic_data {
228 u32 K0, K1; /* Key */
229 u32 L, R; /* Current state */
230 u32 M; /* Message accumulator (single word) */
231 u32 nBytesInM; /* # bytes in M */
232 };
233
234 extern const u32 Te0[256];
235 extern const u32 Td0[256];
236 extern const u32 Td1[256];
237 extern const u32 Td2[256];
238 extern const u32 Td3[256];
239 extern const u32 Td4[256];
240 extern const u32 rcon[10];
241 extern const u8 Td4s[256];
242 extern const u8 rcons[10];
243
244 #define RCON(i) (rcons[(i)] << 24)
245
rotr(u32 val,int bits)246 static inline u32 rotr(u32 val, int bits)
247 {
248 return (val >> bits) | (val << (32 - bits));
249 }
250
251 #define TE0(i) Te0[((i) >> 24) & 0xff]
252 #define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
253 #define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
254 #define TE3(i) rotr(Te0[(i) & 0xff], 24)
255
256 /* ===== start - public domain SHA256 implementation ===== */
257
258 /* This is based on SHA256 implementation in LibTomCrypt that was released into
259 * public domain by Tom St Denis.
260 */
261
262 /* the K array */
263 static const unsigned long K[64] = {
264 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
265 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
266 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
267 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
268 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
269 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
270 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
271 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
272 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
273 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
274 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
275 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
276 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
277 };
278
279 /* Various logical functions */
280 #define RORc(x, y) \
281 (((((unsigned long)(x) & 0xFFFFFFFFUL) >> (unsigned long)((y)&31)) | \
282 ((unsigned long)(x) << (unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
283 #define Ch(x, y, z) (z ^ (x & (y ^ z)))
284 #define Maj(x, y, z) (((x | y) & z) | (x & y))
285 #define S(x, n) RORc((x), (n))
286 #define R(x, n) (((x)&0xFFFFFFFFUL)>>(n))
287 #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
288 #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
289 #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
290 #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
291
292 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key);
293 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b);
294 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nBytes);
295 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst);
296 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len,
297 u8 *Miccode, u8 priority);
298 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe);
299 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe);
300 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe);
301 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe);
302 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe);
303 int rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe);
304
305 #endif /* __RTL871X_SECURITY_H_ */
306