rtw_security.h revision 9e3d6df2df8dbc4c2c5fb733dc494dfc82e0e2ae 
1/******************************************************************************
2 *
3 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 ******************************************************************************/
15#ifndef __RTW_SECURITY_H_
16#define __RTW_SECURITY_H_
17
18#include <osdep_service.h>
19#include <drv_types.h>
20
21
22#define is_wep_enc(alg) (alg == WLAN_CIPHER_SUITE_WEP40 || \
23			 alg == WLAN_CIPHER_SUITE_WEP104)
24
25#define _WPA2_IE_ID_	0x30
26
27#define SHA256_MAC_LEN 32
28#define AES_BLOCK_SIZE 16
29#define AES_PRIV_SIZE (4 * 44)
30
31enum ENCRYP_PROTOCOL {
32	ENCRYP_PROTOCOL_OPENSYS,   /* open system */
33	ENCRYP_PROTOCOL_WEP,       /* WEP */
34	ENCRYP_PROTOCOL_WPA,       /* WPA */
35	ENCRYP_PROTOCOL_WPA2,      /* WPA2 */
36	ENCRYP_PROTOCOL_MAX
37};
38
39#ifndef Ndis802_11AuthModeWPA2
40#define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
41#endif
42
43#ifndef Ndis802_11AuthModeWPA2PSK
44#define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
45#endif
46
47union pn48 {
48	u64	val;
49
50#ifdef __LITTLE_ENDIAN
51
52struct {
53	u8 TSC0;
54	u8 TSC1;
55	u8 TSC2;
56	u8 TSC3;
57	u8 TSC4;
58	u8 TSC5;
59	u8 TSC6;
60	u8 TSC7;
61} _byte_;
62
63#elif defined(__BIG_ENDIAN)
64
65struct {
66	u8 TSC7;
67	u8 TSC6;
68	u8 TSC5;
69	u8 TSC4;
70	u8 TSC3;
71	u8 TSC2;
72	u8 TSC1;
73	u8 TSC0;
74} _byte_;
75#else
76#error Need BIG or LITTLE endian
77
78#endif
79
80};
81
82union Keytype {
83	u8   skey[16];
84	u32    lkey[4];
85};
86
87
88struct rt_pmkid_list {
89	u8	bUsed;
90	u8	Bssid[6];
91	u8	PMKID[16];
92	u8	SsidBuf[33];
93	u8	*ssid_octet;
94	u16	ssid_length;
95};
96
97struct security_priv {
98	u32	  dot11AuthAlgrthm;	/*  802.11 auth, could be open, shared,
99					 * 8021x and authswitch */
100	u32	  dot11PrivacyAlgrthm;	/* This specifies the privacy for
101					 * shared auth. algorithm.
102					 */
103	/* WEP */
104	u32	  dot11PrivacyKeyIndex;	/*  this is only valid for legendary
105					 * wep, 0~3 for key id. (tx key index)
106					 */
107	union Keytype dot11DefKey[4];	/*  this is only valid for def. key */
108	u32	dot11DefKeylen[4];
109
110	u32 dot118021XGrpPrivacy;	/* specify the privacy algthm.
111					 * used for Grp key
112					 */
113	u32	dot118021XGrpKeyid;	/*  key id used for Grp Key
114					 * (tx key index)
115					 */
116	union Keytype	dot118021XGrpKey[4];/* 802.1x Grp Key, inx0 and inx1 */
117	union Keytype	dot118021XGrptxmickey[4];
118	union Keytype	dot118021XGrprxmickey[4];
119	union pn48	dot11Grptxpn;		/* PN48 used for Grp Key xmit.*/
120	union pn48	dot11Grprxpn;		/* PN48 used for Grp Key recv.*/
121
122#ifdef CONFIG_8723AU_AP_MODE
123	/* extend security capabilities for AP_MODE */
124	unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
125	unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
126	unsigned int wpa_group_cipher;
127	unsigned int wpa2_group_cipher;
128	unsigned int wpa_pairwise_cipher;
129	unsigned int wpa2_pairwise_cipher;
130#endif
131
132	u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
133	int wps_ie_len;
134	unsigned int binstallGrpkey:1;
135	unsigned int busetkipkey:1;
136	unsigned int bcheck_grpkey:1;
137	unsigned int hw_decrypted:1;
138	u32 ndisauthtype;	/*  enum ndis_802_11_auth_mode */
139	u32 ndisencryptstatus;	/*  NDIS_802_11_ENCRYPTION_STATUS */
140	struct wlan_bssid_ex sec_bss;  /* for joinbss (h2c buffer) usage */
141	struct ndis_802_11_wep ndiswep;
142	u8 assoc_info[600];
143	u8 szofcapability[256]; /* for wpa2 usage */
144	u8 oidassociation[512]; /* for wpa/wpa2 usage */
145	u8 authenticator_ie[256];  /* store ap security information element */
146	u8 supplicant_ie[256];  /* store sta security information element */
147
148	/* for tkip countermeasure */
149	unsigned long last_mic_err_time;
150	u8	btkip_countermeasure;
151	u8	btkip_wait_report;
152	unsigned long btkip_countermeasure_time;
153
154	/*  For WPA2 Pre-Authentication. */
155	struct rt_pmkid_list PMKIDList[NUM_PMKID_CACHE];
156	u8 PMKIDIndex;
157	u8 bWepDefaultKeyIdxSet;
158};
159
160struct sha256_state {
161	u64 length;
162	u32 state[8], curlen;
163	u8 buf[64];
164};
165
166#define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\
167do {\
168	switch (psecuritypriv->dot11AuthAlgrthm) {\
169	case dot11AuthAlgrthm_Open:\
170	case dot11AuthAlgrthm_Shared:\
171	case dot11AuthAlgrthm_Auto:\
172		encry_algo = psecuritypriv->dot11PrivacyAlgrthm;\
173		break;\
174	case dot11AuthAlgrthm_8021X:\
175		if (bmcst)\
176			encry_algo = psecuritypriv->dot118021XGrpPrivacy;\
177		else\
178			encry_algo = psta->dot118021XPrivacy;\
179		break;\
180	}	\
181} while (0)
182
183#define GET_TKIP_PN(iv, dot11txpn)\
184do {\
185	dot11txpn._byte_.TSC0 = iv[2];\
186	dot11txpn._byte_.TSC1 = iv[0];\
187	dot11txpn._byte_.TSC2 = iv[4];\
188	dot11txpn._byte_.TSC3 = iv[5];\
189	dot11txpn._byte_.TSC4 = iv[6];\
190	dot11txpn._byte_.TSC5 = iv[7];\
191} while (0)
192
193#define ROL32(A, n)  (((A) << (n)) | (((A)>>(32-(n)))  & ((1UL << (n)) - 1)))
194#define ROR32(A, n)  ROL32((A), 32-(n))
195
196struct mic_data {
197	u32  K0, K1;         /*  Key */
198	u32  L, R;           /*  Current state */
199	u32  M;              /*  Message accumulator (single word) */
200	u32     nBytesInM;      /*  # bytes in M */
201};
202
203extern const u32 Te0[256];
204extern const u32 Te1[256];
205extern const u32 Te2[256];
206extern const u32 Te3[256];
207extern const u32 Te4[256];
208extern const u32 Td0[256];
209extern const u32 Td1[256];
210extern const u32 Td2[256];
211extern const u32 Td3[256];
212extern const u32 Td4[256];
213extern const u32 rcon[10];
214extern const u8 Td4s[256];
215extern const u8 rcons[10];
216
217#define RCON(i) (rcons[(i)] << 24)
218
219static inline u32 rotr(u32 val, int bits)
220{
221	return (val >> bits) | (val << (32 - bits));
222}
223
224#define TE0(i) Te0[((i) >> 24) & 0xff]
225#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
226#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
227#define TE3(i) rotr(Te0[(i) & 0xff], 24)
228#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
229#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
230#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
231#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
232#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000)
233#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000)
234#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00)
235#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff)
236#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff)
237
238#define TD0(i) Td0[((i) >> 24) & 0xff]
239#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8)
240#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16)
241#define TD3(i) rotr(Td0[(i) & 0xff], 24)
242#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24)
243#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16)
244#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8)
245#define TD44(i) (Td4s[(i) & 0xff])
246#define TD0_(i) Td0[(i) & 0xff]
247#define TD1_(i) rotr(Td0[(i) & 0xff], 8)
248#define TD2_(i) rotr(Td0[(i) & 0xff], 16)
249#define TD3_(i) rotr(Td0[(i) & 0xff], 24)
250
251#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
252			((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
253
254#define PUTU32(ct, st) { \
255(ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
256(ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
257
258#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \
259			 (((u32) (a)[2]) << 8) | ((u32) (a)[3]))
260
261#define WPA_PUT_LE16(a, val)			\
262	do {					\
263		(a)[1] = ((u16) (val)) >> 8;	\
264		(a)[0] = ((u16) (val)) & 0xff;	\
265	} while (0)
266
267#define WPA_PUT_BE32(a, val)					\
268	do {							\
269		(a)[0] = (u8) ((((u32) (val)) >> 24) & 0xff);	\
270		(a)[1] = (u8) ((((u32) (val)) >> 16) & 0xff);	\
271		(a)[2] = (u8) ((((u32) (val)) >> 8) & 0xff);	\
272		(a)[3] = (u8) (((u32) (val)) & 0xff);		\
273	} while (0)
274
275#define WPA_PUT_BE64(a, val)				\
276	do {						\
277		(a)[0] = (u8) (((u64) (val)) >> 56);	\
278		(a)[1] = (u8) (((u64) (val)) >> 48);	\
279		(a)[2] = (u8) (((u64) (val)) >> 40);	\
280		(a)[3] = (u8) (((u64) (val)) >> 32);	\
281		(a)[4] = (u8) (((u64) (val)) >> 24);	\
282		(a)[5] = (u8) (((u64) (val)) >> 16);	\
283		(a)[6] = (u8) (((u64) (val)) >> 8);	\
284		(a)[7] = (u8) (((u64) (val)) & 0xff);	\
285	} while (0)
286
287/* ===== start - public domain SHA256 implementation ===== */
288
289/* This is based on SHA256 implementation in LibTomCrypt that was released into
290 * public domain by Tom St Denis. */
291
292/* the K array */
293static const unsigned long K[64] = {
294	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
295	0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
296	0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
297	0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
298	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
299	0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
300	0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
301	0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
302	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
303	0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
304	0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
305	0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
306	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
307};
308
309void rtw_secmicsetkey23a(struct mic_data *pmicdata, u8 *key);
310void rtw_secmicappend23abyte23a(struct mic_data *pmicdata, u8 b);
311void rtw_secmicappend23a(struct mic_data *pmicdata, u8 *src, u32 nbBytes);
312void rtw_secgetmic23a(struct mic_data *pmicdata, u8 *dst);
313
314void rtw_seccalctkipmic23a(u8 *key, u8 *header, u8 *data, u32 data_len,
315			u8 *Miccode, u8 priorityi);
316
317int rtw_aes_encrypt23a(struct rtw_adapter *padapter,
318		    struct xmit_frame *pxmitframe);
319int rtw_tkip_encrypt23a(struct rtw_adapter *padapter,
320		     struct xmit_frame *pxmitframe);
321void rtw_wep_encrypt23a(struct rtw_adapter *padapter,
322		     struct xmit_frame *pxmitframe);
323int rtw_aes_decrypt23a(struct rtw_adapter *padapter,
324		    struct recv_frame *precvframe);
325int rtw_tkip_decrypt23a(struct rtw_adapter *padapter,
326		     struct recv_frame *precvframe);
327void rtw_wep_decrypt23a(struct rtw_adapter *padapter, struct recv_frame *precvframe);
328
329void rtw_use_tkipkey_handler23a(void *FunctionContext);
330
331#endif	/* __RTL871X_SECURITY_H_ */
332