rtw_security.h revision e0827909a27c5d90bf88f714e108de9419fd8b29 
1/******************************************************************************
2 *
3 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 ******************************************************************************/
15#ifndef __RTW_SECURITY_H_
16#define __RTW_SECURITY_H_
17
18#include <osdep_service.h>
19#include <drv_types.h>
20#include <net/lib80211.h>
21
22
23#define is_wep_enc(alg) (alg == WLAN_CIPHER_SUITE_WEP40 || \
24			 alg == WLAN_CIPHER_SUITE_WEP104)
25
26#define _WPA2_IE_ID_	0x30
27
28#define SHA256_MAC_LEN 32
29#define AES_BLOCK_SIZE 16
30#define AES_PRIV_SIZE (4 * 44)
31
32enum ENCRYP_PROTOCOL {
33	ENCRYP_PROTOCOL_OPENSYS,   /* open system */
34	ENCRYP_PROTOCOL_WEP,       /* WEP */
35	ENCRYP_PROTOCOL_WPA,       /* WPA */
36	ENCRYP_PROTOCOL_WPA2,      /* WPA2 */
37	ENCRYP_PROTOCOL_MAX
38};
39
40#ifndef Ndis802_11AuthModeWPA2
41#define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
42#endif
43
44#ifndef Ndis802_11AuthModeWPA2PSK
45#define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
46#endif
47
48union pn48 {
49	u64	val;
50
51#ifdef __LITTLE_ENDIAN
52
53struct {
54	u8 TSC0;
55	u8 TSC1;
56	u8 TSC2;
57	u8 TSC3;
58	u8 TSC4;
59	u8 TSC5;
60	u8 TSC6;
61	u8 TSC7;
62} _byte_;
63
64#elif defined(__BIG_ENDIAN)
65
66struct {
67	u8 TSC7;
68	u8 TSC6;
69	u8 TSC5;
70	u8 TSC4;
71	u8 TSC3;
72	u8 TSC2;
73	u8 TSC1;
74	u8 TSC0;
75} _byte_;
76#else
77#error Need BIG or LITTLE endian
78
79#endif
80
81};
82
83union Keytype {
84	u8   skey[16];
85	u32    lkey[4];
86};
87
88struct rtw_wep_key {
89	u8 key[WLAN_KEY_LEN_WEP104 + 1]; /* 14 */
90	u16 keylen;
91};
92
93struct rt_pmkid_list {
94	u8	bUsed;
95	u8	Bssid[6];
96	u8	PMKID[16];
97	u8	SsidBuf[33];
98	u8	*ssid_octet;
99	u16	ssid_length;
100};
101
102struct security_priv {
103	u32	  dot11AuthAlgrthm;	/*  802.11 auth, could be open, shared,
104					 * 8021x and authswitch */
105	u32	  dot11PrivacyAlgrthm;	/* This specifies the privacy for
106					 * shared auth. algorithm.
107					 */
108	/* WEP */
109	u32	  dot11PrivacyKeyIndex;	/*  this is only valid for legendary
110					 * wep, 0~3 for key id. (tx key index)
111					 */
112	struct rtw_wep_key wep_key[NUM_WEP_KEYS];
113
114	u32 dot118021XGrpPrivacy;	/* specify the privacy algthm.
115					 * used for Grp key
116					 */
117	u32	dot118021XGrpKeyid;	/*  key id used for Grp Key
118					 * (tx key index)
119					 */
120	union Keytype	dot118021XGrpKey[4];/* 802.1x Grp Key, inx0 and inx1 */
121	union Keytype	dot118021XGrptxmickey[4];
122	union Keytype	dot118021XGrprxmickey[4];
123	union pn48	dot11Grptxpn;		/* PN48 used for Grp Key xmit.*/
124	union pn48	dot11Grprxpn;		/* PN48 used for Grp Key recv.*/
125
126#ifdef CONFIG_8723AU_AP_MODE
127	/* extend security capabilities for AP_MODE */
128	unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
129	unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
130	unsigned int wpa_group_cipher;
131	unsigned int wpa2_group_cipher;
132	unsigned int wpa_pairwise_cipher;
133	unsigned int wpa2_pairwise_cipher;
134#endif
135
136	u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
137	int wps_ie_len;
138	unsigned int binstallGrpkey:1;
139	unsigned int busetkipkey:1;
140	unsigned int bcheck_grpkey:1;
141	unsigned int hw_decrypted:1;
142	u32 ndisauthtype;	/*  enum ndis_802_11_auth_mode */
143	u32 ndisencryptstatus;	/*  NDIS_802_11_ENCRYPTION_STATUS */
144	struct wlan_bssid_ex sec_bss;  /* for joinbss (h2c buffer) usage */
145	struct ndis_802_11_wep ndiswep;
146	u8 assoc_info[600];
147	u8 szofcapability[256]; /* for wpa2 usage */
148	u8 oidassociation[512]; /* for wpa/wpa2 usage */
149	u8 authenticator_ie[256];  /* store ap security information element */
150	u8 supplicant_ie[256];  /* store sta security information element */
151
152	/* for tkip countermeasure */
153	unsigned long last_mic_err_time;
154	u8	btkip_countermeasure;
155	u8	btkip_wait_report;
156	unsigned long btkip_countermeasure_time;
157
158	/*  For WPA2 Pre-Authentication. */
159	struct rt_pmkid_list PMKIDList[NUM_PMKID_CACHE];
160	u8 PMKIDIndex;
161	u8 bWepDefaultKeyIdxSet;
162};
163
164struct sha256_state {
165	u64 length;
166	u32 state[8], curlen;
167	u8 buf[64];
168};
169
170#define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\
171do {\
172	switch (psecuritypriv->dot11AuthAlgrthm) {\
173	case dot11AuthAlgrthm_Open:\
174	case dot11AuthAlgrthm_Shared:\
175	case dot11AuthAlgrthm_Auto:\
176		encry_algo = psecuritypriv->dot11PrivacyAlgrthm;\
177		break;\
178	case dot11AuthAlgrthm_8021X:\
179		if (bmcst)\
180			encry_algo = psecuritypriv->dot118021XGrpPrivacy;\
181		else\
182			encry_algo = psta->dot118021XPrivacy;\
183		break;\
184	}	\
185} while (0)
186
187#define GET_TKIP_PN(iv, dot11txpn)\
188do {\
189	dot11txpn._byte_.TSC0 = iv[2];\
190	dot11txpn._byte_.TSC1 = iv[0];\
191	dot11txpn._byte_.TSC2 = iv[4];\
192	dot11txpn._byte_.TSC3 = iv[5];\
193	dot11txpn._byte_.TSC4 = iv[6];\
194	dot11txpn._byte_.TSC5 = iv[7];\
195} while (0)
196
197#define ROL32(A, n)  (((A) << (n)) | (((A)>>(32-(n)))  & ((1UL << (n)) - 1)))
198#define ROR32(A, n)  ROL32((A), 32-(n))
199
200struct mic_data {
201	u32  K0, K1;         /*  Key */
202	u32  L, R;           /*  Current state */
203	u32  M;              /*  Message accumulator (single word) */
204	u32     nBytesInM;      /*  # bytes in M */
205};
206
207extern const u32 Te0[256];
208extern const u32 Te1[256];
209extern const u32 Te2[256];
210extern const u32 Te3[256];
211extern const u32 Te4[256];
212extern const u32 Td0[256];
213extern const u32 Td1[256];
214extern const u32 Td2[256];
215extern const u32 Td3[256];
216extern const u32 Td4[256];
217extern const u32 rcon[10];
218extern const u8 Td4s[256];
219extern const u8 rcons[10];
220
221#define RCON(i) (rcons[(i)] << 24)
222
223static inline u32 rotr(u32 val, int bits)
224{
225	return (val >> bits) | (val << (32 - bits));
226}
227
228#define TE0(i) Te0[((i) >> 24) & 0xff]
229#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
230#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
231#define TE3(i) rotr(Te0[(i) & 0xff], 24)
232#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
233#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
234#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
235#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
236#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000)
237#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000)
238#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00)
239#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff)
240#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff)
241
242#define TD0(i) Td0[((i) >> 24) & 0xff]
243#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8)
244#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16)
245#define TD3(i) rotr(Td0[(i) & 0xff], 24)
246#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24)
247#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16)
248#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8)
249#define TD44(i) (Td4s[(i) & 0xff])
250#define TD0_(i) Td0[(i) & 0xff]
251#define TD1_(i) rotr(Td0[(i) & 0xff], 8)
252#define TD2_(i) rotr(Td0[(i) & 0xff], 16)
253#define TD3_(i) rotr(Td0[(i) & 0xff], 24)
254
255#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
256			((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
257
258#define PUTU32(ct, st) { \
259(ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
260(ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
261
262#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \
263			 (((u32) (a)[2]) << 8) | ((u32) (a)[3]))
264
265#define WPA_PUT_LE16(a, val)			\
266	do {					\
267		(a)[1] = ((u16) (val)) >> 8;	\
268		(a)[0] = ((u16) (val)) & 0xff;	\
269	} while (0)
270
271#define WPA_PUT_BE32(a, val)					\
272	do {							\
273		(a)[0] = (u8) ((((u32) (val)) >> 24) & 0xff);	\
274		(a)[1] = (u8) ((((u32) (val)) >> 16) & 0xff);	\
275		(a)[2] = (u8) ((((u32) (val)) >> 8) & 0xff);	\
276		(a)[3] = (u8) (((u32) (val)) & 0xff);		\
277	} while (0)
278
279#define WPA_PUT_BE64(a, val)				\
280	do {						\
281		(a)[0] = (u8) (((u64) (val)) >> 56);	\
282		(a)[1] = (u8) (((u64) (val)) >> 48);	\
283		(a)[2] = (u8) (((u64) (val)) >> 40);	\
284		(a)[3] = (u8) (((u64) (val)) >> 32);	\
285		(a)[4] = (u8) (((u64) (val)) >> 24);	\
286		(a)[5] = (u8) (((u64) (val)) >> 16);	\
287		(a)[6] = (u8) (((u64) (val)) >> 8);	\
288		(a)[7] = (u8) (((u64) (val)) & 0xff);	\
289	} while (0)
290
291/* ===== start - public domain SHA256 implementation ===== */
292
293/* This is based on SHA256 implementation in LibTomCrypt that was released into
294 * public domain by Tom St Denis. */
295
296/* the K array */
297static const unsigned long K[64] = {
298	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
299	0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
300	0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
301	0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
302	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
303	0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
304	0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
305	0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
306	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
307	0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
308	0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
309	0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
310	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
311};
312
313void rtw_secmicsetkey23a(struct mic_data *pmicdata, u8 *key);
314void rtw_secmicappend23abyte23a(struct mic_data *pmicdata, u8 b);
315void rtw_secmicappend23a(struct mic_data *pmicdata, u8 *src, u32 nbBytes);
316void rtw_secgetmic23a(struct mic_data *pmicdata, u8 *dst);
317
318void rtw_seccalctkipmic23a(u8 *key, u8 *header, u8 *data, u32 data_len,
319			u8 *Miccode, u8 priorityi);
320
321int rtw_aes_encrypt23a(struct rtw_adapter *padapter,
322		    struct xmit_frame *pxmitframe);
323int rtw_tkip_encrypt23a(struct rtw_adapter *padapter,
324		     struct xmit_frame *pxmitframe);
325void rtw_wep_encrypt23a(struct rtw_adapter *padapter,
326		     struct xmit_frame *pxmitframe);
327int rtw_aes_decrypt23a(struct rtw_adapter *padapter,
328		    struct recv_frame *precvframe);
329int rtw_tkip_decrypt23a(struct rtw_adapter *padapter,
330		     struct recv_frame *precvframe);
331void rtw_wep_decrypt23a(struct rtw_adapter *padapter, struct recv_frame *precvframe);
332
333void rtw_use_tkipkey_handler23a(void *FunctionContext);
334
335#endif	/* __RTL871X_SECURITY_H_ */
336