rtw_security.h revision e0827909a27c5d90bf88f714e108de9419fd8b29
1/****************************************************************************** 2 * 3 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of version 2 of the GNU General Public License as 7 * published by the Free Software Foundation. 8 * 9 * This program is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 12 * more details. 13 * 14 ******************************************************************************/ 15#ifndef __RTW_SECURITY_H_ 16#define __RTW_SECURITY_H_ 17 18#include <osdep_service.h> 19#include <drv_types.h> 20#include <net/lib80211.h> 21 22 23#define is_wep_enc(alg) (alg == WLAN_CIPHER_SUITE_WEP40 || \ 24 alg == WLAN_CIPHER_SUITE_WEP104) 25 26#define _WPA2_IE_ID_ 0x30 27 28#define SHA256_MAC_LEN 32 29#define AES_BLOCK_SIZE 16 30#define AES_PRIV_SIZE (4 * 44) 31 32enum ENCRYP_PROTOCOL { 33 ENCRYP_PROTOCOL_OPENSYS, /* open system */ 34 ENCRYP_PROTOCOL_WEP, /* WEP */ 35 ENCRYP_PROTOCOL_WPA, /* WPA */ 36 ENCRYP_PROTOCOL_WPA2, /* WPA2 */ 37 ENCRYP_PROTOCOL_MAX 38}; 39 40#ifndef Ndis802_11AuthModeWPA2 41#define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1) 42#endif 43 44#ifndef Ndis802_11AuthModeWPA2PSK 45#define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2) 46#endif 47 48union pn48 { 49 u64 val; 50 51#ifdef __LITTLE_ENDIAN 52 53struct { 54 u8 TSC0; 55 u8 TSC1; 56 u8 TSC2; 57 u8 TSC3; 58 u8 TSC4; 59 u8 TSC5; 60 u8 TSC6; 61 u8 TSC7; 62} _byte_; 63 64#elif defined(__BIG_ENDIAN) 65 66struct { 67 u8 TSC7; 68 u8 TSC6; 69 u8 TSC5; 70 u8 TSC4; 71 u8 TSC3; 72 u8 TSC2; 73 u8 TSC1; 74 u8 TSC0; 75} _byte_; 76#else 77#error Need BIG or LITTLE endian 78 79#endif 80 81}; 82 83union Keytype { 84 u8 skey[16]; 85 u32 lkey[4]; 86}; 87 88struct rtw_wep_key { 89 u8 key[WLAN_KEY_LEN_WEP104 + 1]; /* 14 */ 90 u16 keylen; 91}; 92 93struct rt_pmkid_list { 94 u8 bUsed; 95 u8 Bssid[6]; 96 u8 PMKID[16]; 97 u8 SsidBuf[33]; 98 u8 *ssid_octet; 99 u16 ssid_length; 100}; 101 102struct security_priv { 103 u32 dot11AuthAlgrthm; /* 802.11 auth, could be open, shared, 104 * 8021x and authswitch */ 105 u32 dot11PrivacyAlgrthm; /* This specifies the privacy for 106 * shared auth. algorithm. 107 */ 108 /* WEP */ 109 u32 dot11PrivacyKeyIndex; /* this is only valid for legendary 110 * wep, 0~3 for key id. (tx key index) 111 */ 112 struct rtw_wep_key wep_key[NUM_WEP_KEYS]; 113 114 u32 dot118021XGrpPrivacy; /* specify the privacy algthm. 115 * used for Grp key 116 */ 117 u32 dot118021XGrpKeyid; /* key id used for Grp Key 118 * (tx key index) 119 */ 120 union Keytype dot118021XGrpKey[4];/* 802.1x Grp Key, inx0 and inx1 */ 121 union Keytype dot118021XGrptxmickey[4]; 122 union Keytype dot118021XGrprxmickey[4]; 123 union pn48 dot11Grptxpn; /* PN48 used for Grp Key xmit.*/ 124 union pn48 dot11Grprxpn; /* PN48 used for Grp Key recv.*/ 125 126#ifdef CONFIG_8723AU_AP_MODE 127 /* extend security capabilities for AP_MODE */ 128 unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */ 129 unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */ 130 unsigned int wpa_group_cipher; 131 unsigned int wpa2_group_cipher; 132 unsigned int wpa_pairwise_cipher; 133 unsigned int wpa2_pairwise_cipher; 134#endif 135 136 u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */ 137 int wps_ie_len; 138 unsigned int binstallGrpkey:1; 139 unsigned int busetkipkey:1; 140 unsigned int bcheck_grpkey:1; 141 unsigned int hw_decrypted:1; 142 u32 ndisauthtype; /* enum ndis_802_11_auth_mode */ 143 u32 ndisencryptstatus; /* NDIS_802_11_ENCRYPTION_STATUS */ 144 struct wlan_bssid_ex sec_bss; /* for joinbss (h2c buffer) usage */ 145 struct ndis_802_11_wep ndiswep; 146 u8 assoc_info[600]; 147 u8 szofcapability[256]; /* for wpa2 usage */ 148 u8 oidassociation[512]; /* for wpa/wpa2 usage */ 149 u8 authenticator_ie[256]; /* store ap security information element */ 150 u8 supplicant_ie[256]; /* store sta security information element */ 151 152 /* for tkip countermeasure */ 153 unsigned long last_mic_err_time; 154 u8 btkip_countermeasure; 155 u8 btkip_wait_report; 156 unsigned long btkip_countermeasure_time; 157 158 /* For WPA2 Pre-Authentication. */ 159 struct rt_pmkid_list PMKIDList[NUM_PMKID_CACHE]; 160 u8 PMKIDIndex; 161 u8 bWepDefaultKeyIdxSet; 162}; 163 164struct sha256_state { 165 u64 length; 166 u32 state[8], curlen; 167 u8 buf[64]; 168}; 169 170#define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\ 171do {\ 172 switch (psecuritypriv->dot11AuthAlgrthm) {\ 173 case dot11AuthAlgrthm_Open:\ 174 case dot11AuthAlgrthm_Shared:\ 175 case dot11AuthAlgrthm_Auto:\ 176 encry_algo = psecuritypriv->dot11PrivacyAlgrthm;\ 177 break;\ 178 case dot11AuthAlgrthm_8021X:\ 179 if (bmcst)\ 180 encry_algo = psecuritypriv->dot118021XGrpPrivacy;\ 181 else\ 182 encry_algo = psta->dot118021XPrivacy;\ 183 break;\ 184 } \ 185} while (0) 186 187#define GET_TKIP_PN(iv, dot11txpn)\ 188do {\ 189 dot11txpn._byte_.TSC0 = iv[2];\ 190 dot11txpn._byte_.TSC1 = iv[0];\ 191 dot11txpn._byte_.TSC2 = iv[4];\ 192 dot11txpn._byte_.TSC3 = iv[5];\ 193 dot11txpn._byte_.TSC4 = iv[6];\ 194 dot11txpn._byte_.TSC5 = iv[7];\ 195} while (0) 196 197#define ROL32(A, n) (((A) << (n)) | (((A)>>(32-(n))) & ((1UL << (n)) - 1))) 198#define ROR32(A, n) ROL32((A), 32-(n)) 199 200struct mic_data { 201 u32 K0, K1; /* Key */ 202 u32 L, R; /* Current state */ 203 u32 M; /* Message accumulator (single word) */ 204 u32 nBytesInM; /* # bytes in M */ 205}; 206 207extern const u32 Te0[256]; 208extern const u32 Te1[256]; 209extern const u32 Te2[256]; 210extern const u32 Te3[256]; 211extern const u32 Te4[256]; 212extern const u32 Td0[256]; 213extern const u32 Td1[256]; 214extern const u32 Td2[256]; 215extern const u32 Td3[256]; 216extern const u32 Td4[256]; 217extern const u32 rcon[10]; 218extern const u8 Td4s[256]; 219extern const u8 rcons[10]; 220 221#define RCON(i) (rcons[(i)] << 24) 222 223static inline u32 rotr(u32 val, int bits) 224{ 225 return (val >> bits) | (val << (32 - bits)); 226} 227 228#define TE0(i) Te0[((i) >> 24) & 0xff] 229#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8) 230#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16) 231#define TE3(i) rotr(Te0[(i) & 0xff], 24) 232#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000) 233#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000) 234#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00) 235#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff) 236#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000) 237#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000) 238#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00) 239#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff) 240#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff) 241 242#define TD0(i) Td0[((i) >> 24) & 0xff] 243#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8) 244#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16) 245#define TD3(i) rotr(Td0[(i) & 0xff], 24) 246#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24) 247#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16) 248#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8) 249#define TD44(i) (Td4s[(i) & 0xff]) 250#define TD0_(i) Td0[(i) & 0xff] 251#define TD1_(i) rotr(Td0[(i) & 0xff], 8) 252#define TD2_(i) rotr(Td0[(i) & 0xff], 16) 253#define TD3_(i) rotr(Td0[(i) & 0xff], 24) 254 255#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \ 256 ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) 257 258#define PUTU32(ct, st) { \ 259(ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \ 260(ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } 261 262#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \ 263 (((u32) (a)[2]) << 8) | ((u32) (a)[3])) 264 265#define WPA_PUT_LE16(a, val) \ 266 do { \ 267 (a)[1] = ((u16) (val)) >> 8; \ 268 (a)[0] = ((u16) (val)) & 0xff; \ 269 } while (0) 270 271#define WPA_PUT_BE32(a, val) \ 272 do { \ 273 (a)[0] = (u8) ((((u32) (val)) >> 24) & 0xff); \ 274 (a)[1] = (u8) ((((u32) (val)) >> 16) & 0xff); \ 275 (a)[2] = (u8) ((((u32) (val)) >> 8) & 0xff); \ 276 (a)[3] = (u8) (((u32) (val)) & 0xff); \ 277 } while (0) 278 279#define WPA_PUT_BE64(a, val) \ 280 do { \ 281 (a)[0] = (u8) (((u64) (val)) >> 56); \ 282 (a)[1] = (u8) (((u64) (val)) >> 48); \ 283 (a)[2] = (u8) (((u64) (val)) >> 40); \ 284 (a)[3] = (u8) (((u64) (val)) >> 32); \ 285 (a)[4] = (u8) (((u64) (val)) >> 24); \ 286 (a)[5] = (u8) (((u64) (val)) >> 16); \ 287 (a)[6] = (u8) (((u64) (val)) >> 8); \ 288 (a)[7] = (u8) (((u64) (val)) & 0xff); \ 289 } while (0) 290 291/* ===== start - public domain SHA256 implementation ===== */ 292 293/* This is based on SHA256 implementation in LibTomCrypt that was released into 294 * public domain by Tom St Denis. */ 295 296/* the K array */ 297static const unsigned long K[64] = { 298 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, 299 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, 300 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 301 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 302 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, 303 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, 304 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 305 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 306 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, 307 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, 308 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 309 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 310 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 311}; 312 313void rtw_secmicsetkey23a(struct mic_data *pmicdata, u8 *key); 314void rtw_secmicappend23abyte23a(struct mic_data *pmicdata, u8 b); 315void rtw_secmicappend23a(struct mic_data *pmicdata, u8 *src, u32 nbBytes); 316void rtw_secgetmic23a(struct mic_data *pmicdata, u8 *dst); 317 318void rtw_seccalctkipmic23a(u8 *key, u8 *header, u8 *data, u32 data_len, 319 u8 *Miccode, u8 priorityi); 320 321int rtw_aes_encrypt23a(struct rtw_adapter *padapter, 322 struct xmit_frame *pxmitframe); 323int rtw_tkip_encrypt23a(struct rtw_adapter *padapter, 324 struct xmit_frame *pxmitframe); 325void rtw_wep_encrypt23a(struct rtw_adapter *padapter, 326 struct xmit_frame *pxmitframe); 327int rtw_aes_decrypt23a(struct rtw_adapter *padapter, 328 struct recv_frame *precvframe); 329int rtw_tkip_decrypt23a(struct rtw_adapter *padapter, 330 struct recv_frame *precvframe); 331void rtw_wep_decrypt23a(struct rtw_adapter *padapter, struct recv_frame *precvframe); 332 333void rtw_use_tkipkey_handler23a(void *FunctionContext); 334 335#endif /* __RTL871X_SECURITY_H_ */ 336