rtw_security.h revision a131aac3b67df908f185402cabbfcb38b891df43
1/****************************************************************************** 2 * 3 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of version 2 of the GNU General Public License as 7 * published by the Free Software Foundation. 8 * 9 * This program is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 12 * more details. 13 * 14 ******************************************************************************/ 15#ifndef __RTW_SECURITY_H_ 16#define __RTW_SECURITY_H_ 17 18#include <osdep_service.h> 19#include <drv_types.h> 20#include <net/lib80211.h> 21 22 23#define is_wep_enc(alg) (alg == WLAN_CIPHER_SUITE_WEP40 || \ 24 alg == WLAN_CIPHER_SUITE_WEP104) 25 26#define SHA256_MAC_LEN 32 27#define AES_BLOCK_SIZE 16 28#define AES_PRIV_SIZE (4 * 44) 29 30enum ENCRYP_PROTOCOL { 31 ENCRYP_PROTOCOL_OPENSYS, /* open system */ 32 ENCRYP_PROTOCOL_WEP, /* WEP */ 33 ENCRYP_PROTOCOL_WPA, /* WPA */ 34 ENCRYP_PROTOCOL_WPA2, /* WPA2 */ 35 ENCRYP_PROTOCOL_MAX 36}; 37 38#ifndef Ndis802_11AuthModeWPA2 39#define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1) 40#endif 41 42#ifndef Ndis802_11AuthModeWPA2PSK 43#define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2) 44#endif 45 46union pn48 { 47 u64 val; 48 49#ifdef __LITTLE_ENDIAN 50 51struct { 52 u8 TSC0; 53 u8 TSC1; 54 u8 TSC2; 55 u8 TSC3; 56 u8 TSC4; 57 u8 TSC5; 58 u8 TSC6; 59 u8 TSC7; 60} _byte_; 61 62#elif defined(__BIG_ENDIAN) 63 64struct { 65 u8 TSC7; 66 u8 TSC6; 67 u8 TSC5; 68 u8 TSC4; 69 u8 TSC3; 70 u8 TSC2; 71 u8 TSC1; 72 u8 TSC0; 73} _byte_; 74#else 75#error Need BIG or LITTLE endian 76 77#endif 78 79}; 80 81union Keytype { 82 u8 skey[16]; 83 u32 lkey[4]; 84}; 85 86struct rtw_wep_key { 87 u8 key[WLAN_KEY_LEN_WEP104 + 1]; /* 14 */ 88 u16 keylen; 89}; 90 91struct rt_pmkid_list { 92 u8 bUsed; 93 u8 Bssid[6]; 94 u8 PMKID[16]; 95 u8 SsidBuf[33]; 96 u8 *ssid_octet; 97 u16 ssid_length; 98}; 99 100struct security_priv { 101 u32 dot11AuthAlgrthm; /* 802.11 auth, could be open, shared, 102 * 8021x and authswitch */ 103 u32 dot11PrivacyAlgrthm; /* This specifies the privacy for 104 * shared auth. algorithm. 105 */ 106 /* WEP */ 107 u32 dot11PrivacyKeyIndex; /* this is only valid for legendary 108 * wep, 0~3 for key id. (tx key index) 109 */ 110 struct rtw_wep_key wep_key[NUM_WEP_KEYS]; 111 112 u32 dot118021XGrpPrivacy; /* specify the privacy algthm. 113 * used for Grp key 114 */ 115 u32 dot118021XGrpKeyid; /* key id used for Grp Key 116 * (tx key index) 117 */ 118 union Keytype dot118021XGrpKey[4];/* 802.1x Grp Key, inx0 and inx1 */ 119 union Keytype dot118021XGrptxmickey[4]; 120 union Keytype dot118021XGrprxmickey[4]; 121 union pn48 dot11Grptxpn; /* PN48 used for Grp Key xmit.*/ 122 union pn48 dot11Grprxpn; /* PN48 used for Grp Key recv.*/ 123 124#ifdef CONFIG_8723AU_AP_MODE 125 /* extend security capabilities for AP_MODE */ 126 unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */ 127 unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */ 128 unsigned int wpa_group_cipher; 129 unsigned int wpa2_group_cipher; 130 unsigned int wpa_pairwise_cipher; 131 unsigned int wpa2_pairwise_cipher; 132#endif 133 134 u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */ 135 int wps_ie_len; 136 unsigned int binstallGrpkey:1; 137 unsigned int busetkipkey:1; 138 unsigned int bcheck_grpkey:1; 139 unsigned int hw_decrypted:1; 140 u32 ndisauthtype; /* enum ndis_802_11_auth_mode */ 141 u32 ndisencryptstatus; /* NDIS_802_11_ENCRYPTION_STATUS */ 142 struct wlan_bssid_ex sec_bss; /* for joinbss (h2c buffer) usage */ 143 u8 assoc_info[600]; 144 u8 szofcapability[256]; /* for wpa2 usage */ 145 u8 oidassociation[512]; /* for wpa/wpa2 usage */ 146 u8 supplicant_ie[256]; /* store sta security information element */ 147 148 /* for tkip countermeasure */ 149 unsigned long last_mic_err_time; 150 u8 btkip_countermeasure; 151 u8 btkip_wait_report; 152 unsigned long btkip_countermeasure_time; 153 154 /* For WPA2 Pre-Authentication. */ 155 struct rt_pmkid_list PMKIDList[NUM_PMKID_CACHE]; 156 u8 PMKIDIndex; 157 u8 bWepDefaultKeyIdxSet; 158}; 159 160struct sha256_state { 161 u64 length; 162 u32 state[8], curlen; 163 u8 buf[64]; 164}; 165 166#define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\ 167do {\ 168 switch (psecuritypriv->dot11AuthAlgrthm) {\ 169 case dot11AuthAlgrthm_Open:\ 170 case dot11AuthAlgrthm_Shared:\ 171 case dot11AuthAlgrthm_Auto:\ 172 encry_algo = psecuritypriv->dot11PrivacyAlgrthm;\ 173 break;\ 174 case dot11AuthAlgrthm_8021X:\ 175 if (bmcst)\ 176 encry_algo = psecuritypriv->dot118021XGrpPrivacy;\ 177 else\ 178 encry_algo = psta->dot118021XPrivacy;\ 179 break;\ 180 } \ 181} while (0) 182 183#define GET_TKIP_PN(iv, dot11txpn)\ 184do {\ 185 dot11txpn._byte_.TSC0 = iv[2];\ 186 dot11txpn._byte_.TSC1 = iv[0];\ 187 dot11txpn._byte_.TSC2 = iv[4];\ 188 dot11txpn._byte_.TSC3 = iv[5];\ 189 dot11txpn._byte_.TSC4 = iv[6];\ 190 dot11txpn._byte_.TSC5 = iv[7];\ 191} while (0) 192 193#define ROL32(A, n) (((A) << (n)) | (((A)>>(32-(n))) & ((1UL << (n)) - 1))) 194#define ROR32(A, n) ROL32((A), 32-(n)) 195 196struct mic_data { 197 u32 K0, K1; /* Key */ 198 u32 L, R; /* Current state */ 199 u32 M; /* Message accumulator (single word) */ 200 u32 nBytesInM; /* # bytes in M */ 201}; 202 203extern const u32 Te0[256]; 204extern const u32 Te1[256]; 205extern const u32 Te2[256]; 206extern const u32 Te3[256]; 207extern const u32 Te4[256]; 208extern const u32 Td0[256]; 209extern const u32 Td1[256]; 210extern const u32 Td2[256]; 211extern const u32 Td3[256]; 212extern const u32 Td4[256]; 213extern const u32 rcon[10]; 214extern const u8 Td4s[256]; 215extern const u8 rcons[10]; 216 217#define RCON(i) (rcons[(i)] << 24) 218 219static inline u32 rotr(u32 val, int bits) 220{ 221 return (val >> bits) | (val << (32 - bits)); 222} 223 224#define TE0(i) Te0[((i) >> 24) & 0xff] 225#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8) 226#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16) 227#define TE3(i) rotr(Te0[(i) & 0xff], 24) 228#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000) 229#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000) 230#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00) 231#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff) 232#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000) 233#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000) 234#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00) 235#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff) 236#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff) 237 238#define TD0(i) Td0[((i) >> 24) & 0xff] 239#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8) 240#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16) 241#define TD3(i) rotr(Td0[(i) & 0xff], 24) 242#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24) 243#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16) 244#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8) 245#define TD44(i) (Td4s[(i) & 0xff]) 246#define TD0_(i) Td0[(i) & 0xff] 247#define TD1_(i) rotr(Td0[(i) & 0xff], 8) 248#define TD2_(i) rotr(Td0[(i) & 0xff], 16) 249#define TD3_(i) rotr(Td0[(i) & 0xff], 24) 250 251#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \ 252 ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) 253 254#define PUTU32(ct, st) { \ 255(ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \ 256(ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } 257 258#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \ 259 (((u32) (a)[2]) << 8) | ((u32) (a)[3])) 260 261#define WPA_PUT_LE16(a, val) \ 262 do { \ 263 (a)[1] = ((u16) (val)) >> 8; \ 264 (a)[0] = ((u16) (val)) & 0xff; \ 265 } while (0) 266 267#define WPA_PUT_BE32(a, val) \ 268 do { \ 269 (a)[0] = (u8) ((((u32) (val)) >> 24) & 0xff); \ 270 (a)[1] = (u8) ((((u32) (val)) >> 16) & 0xff); \ 271 (a)[2] = (u8) ((((u32) (val)) >> 8) & 0xff); \ 272 (a)[3] = (u8) (((u32) (val)) & 0xff); \ 273 } while (0) 274 275#define WPA_PUT_BE64(a, val) \ 276 do { \ 277 (a)[0] = (u8) (((u64) (val)) >> 56); \ 278 (a)[1] = (u8) (((u64) (val)) >> 48); \ 279 (a)[2] = (u8) (((u64) (val)) >> 40); \ 280 (a)[3] = (u8) (((u64) (val)) >> 32); \ 281 (a)[4] = (u8) (((u64) (val)) >> 24); \ 282 (a)[5] = (u8) (((u64) (val)) >> 16); \ 283 (a)[6] = (u8) (((u64) (val)) >> 8); \ 284 (a)[7] = (u8) (((u64) (val)) & 0xff); \ 285 } while (0) 286 287/* ===== start - public domain SHA256 implementation ===== */ 288 289/* This is based on SHA256 implementation in LibTomCrypt that was released into 290 * public domain by Tom St Denis. */ 291 292/* the K array */ 293static const unsigned long K[64] = { 294 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, 295 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, 296 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 297 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 298 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, 299 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, 300 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 301 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 302 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, 303 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, 304 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 305 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 306 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 307}; 308 309void rtw_secmicsetkey23a(struct mic_data *pmicdata, u8 *key); 310void rtw_secmicappend23abyte23a(struct mic_data *pmicdata, u8 b); 311void rtw_secmicappend23a(struct mic_data *pmicdata, u8 *src, u32 nbBytes); 312void rtw_secgetmic23a(struct mic_data *pmicdata, u8 *dst); 313 314void rtw_seccalctkipmic23a(u8 *key, u8 *header, u8 *data, u32 data_len, 315 u8 *Miccode, u8 priorityi); 316 317int rtw_aes_encrypt23a(struct rtw_adapter *padapter, 318 struct xmit_frame *pxmitframe); 319int rtw_tkip_encrypt23a(struct rtw_adapter *padapter, 320 struct xmit_frame *pxmitframe); 321void rtw_wep_encrypt23a(struct rtw_adapter *padapter, 322 struct xmit_frame *pxmitframe); 323int rtw_aes_decrypt23a(struct rtw_adapter *padapter, 324 struct recv_frame *precvframe); 325int rtw_tkip_decrypt23a(struct rtw_adapter *padapter, 326 struct recv_frame *precvframe); 327void rtw_wep_decrypt23a(struct rtw_adapter *padapter, struct recv_frame *precvframe); 328 329void rtw_use_tkipkey_handler23a(void *FunctionContext); 330 331#endif /* __RTL871X_SECURITY_H_ */ 332