1 /****************************************************************************** 2 * 3 * Copyright(c) 2007 - 2019 Realtek Corporation. 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of version 2 of the GNU General Public License as 7 * published by the Free Software Foundation. 8 * 9 * This program is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 12 * more details. 13 * 14 *****************************************************************************/ 15 #ifndef __RTW_SECURITY_H_ 16 #define __RTW_SECURITY_H_ 17 18 enum security_type { 19 /* TYPE */ 20 _NO_PRIVACY_ = 0x00, 21 _WEP40_ = 0x01, 22 _TKIP_ = 0x02, 23 _TKIP_WTMIC_ = 0x03, 24 _AES_ = 0x04, 25 _WEP104_ = 0x05, 26 _SMS4_ = 0x06, 27 _GCMP_ = 0x07, 28 _SEC_TYPE_MAX_, 29 30 /* EXT_SECTYPE=1 */ 31 _SEC_TYPE_256_ = 0x10, 32 _CCMP_256_ = (_AES_ | _SEC_TYPE_256_), 33 _GCMP_256_ = (_GCMP_ | _SEC_TYPE_256_), 34 35 #ifdef CONFIG_IEEE80211W 36 /* EXT_SECTYPE=0, MGNT=1, GK=0/1, KEYID=00/01 */ 37 _SEC_TYPE_BIT_ = 0x20, 38 _BIP_CMAC_128_ = (_SEC_TYPE_BIT_), 39 _BIP_GMAC_128_ = (_SEC_TYPE_BIT_ + 1), 40 _BIP_GMAC_256_ = (_SEC_TYPE_BIT_ + 2), 41 /* EXT_SECTYPE=1, MGNT=1, GK=1, KEYID=00/01 */ 42 _BIP_CMAC_256_ = (_SEC_TYPE_BIT_ + 3), 43 _BIP_MAX_, 44 #endif 45 }; 46 47 48 /* 802.11W use wrong key */ 49 #define IEEE80211W_RIGHT_KEY 0x0 50 #define IEEE80211W_WRONG_KEY 0x1 51 #define IEEE80211W_NO_KEY 0x2 52 53 #define CCMPH_2_PN(ch) ((ch) & 0x000000000000ffff) \ 54 | (((ch) & 0xffffffff00000000) >> 16) 55 56 #define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_)) 57 58 const char *security_type_str(u8 value); 59 #ifdef CONFIG_IEEE80211W 60 u32 security_type_bip_to_gmcs(enum security_type type); 61 #endif 62 63 #define _WPA_IE_ID_ 0xdd 64 #define _WPA2_IE_ID_ 0x30 65 66 #define RTW_KEK_LEN 16 67 #define RTW_KCK_LEN 16 68 #define RTW_TKIP_MIC_LEN 8 69 #define RTW_REPLAY_CTR_LEN 8 70 /* For CCMP-128 only */ 71 #define RTW_PTK_LEN 16 72 /* For BIP-CMAC-128 only */ 73 #define RTW_IGTK_LEN 16 74 75 #define INVALID_SEC_MAC_CAM_ID 0xFF 76 77 typedef enum { 78 ENCRYP_PROTOCOL_OPENSYS, /* open system */ 79 ENCRYP_PROTOCOL_WEP, /* WEP */ 80 ENCRYP_PROTOCOL_WPA, /* WPA */ 81 ENCRYP_PROTOCOL_RSN, /* RSN(WPA2/WPA3) */ 82 ENCRYP_PROTOCOL_WAPI, /* WAPI: Not support in this version */ 83 ENCRYP_PROTOCOL_MAX 84 } ENCRYP_PROTOCOL_E; 85 86 87 #ifndef Ndis802_11AuthModeWPA2 88 #define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1) 89 #endif 90 91 #ifndef Ndis802_11AuthModeWPA2PSK 92 #define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2) 93 #endif 94 95 union pn48 { 96 97 u64 val; 98 99 #ifdef CONFIG_LITTLE_ENDIAN 100 101 struct { 102 u8 TSC0; 103 u8 TSC1; 104 u8 TSC2; 105 u8 TSC3; 106 u8 TSC4; 107 u8 TSC5; 108 u8 TSC6; 109 u8 TSC7; 110 } _byte_; 111 112 #elif defined(CONFIG_BIG_ENDIAN) 113 114 struct { 115 u8 TSC7; 116 u8 TSC6; 117 u8 TSC5; 118 u8 TSC4; 119 u8 TSC3; 120 u8 TSC2; 121 u8 TSC1; 122 u8 TSC0; 123 } _byte_; 124 125 #endif 126 127 }; 128 129 union Keytype { 130 u8 skey[32]; 131 }; 132 133 typedef struct _RT_PMKID_LIST { 134 u8 bUsed; 135 u8 Bssid[6]; 136 u8 PMKID[16]; 137 u8 SsidBuf[33]; 138 u8 *ssid_octet; 139 u16 ssid_length; 140 } RT_PMKID_LIST, *PRT_PMKID_LIST; 141 142 143 struct security_priv { 144 u32 dot11AuthAlgrthm; /* 802.11 auth, could be open, shared, 8021x and authswitch */ 145 u32 dot11PrivacyAlgrthm; /* This specify the privacy for shared auth. algorithm. */ 146 147 /* WEP */ 148 u32 dot11PrivacyKeyIndex; /* this is only valid for legendary wep, 0~3 for key id. (tx key index) */ 149 union Keytype dot11DefKey[6]; /* this is only valid for def. key */ 150 u32 dot11DefKeylen[6]; 151 u8 dot11Def_camid[6]; 152 u8 key_mask; /* use to restore wep key after hal_init */ 153 154 u32 dot118021XGrpPrivacy; /* This specify the privacy algthm. used for Grp key */ 155 u32 dot118021XGrpKeyid; /* key id used for Grp Key ( tx key index) */ 156 union Keytype dot118021XGrpKey[6]; /* 802.1x Group Key, for inx0 and inx1 */ 157 union Keytype dot118021XGrptxmickey[6]; 158 union Keytype dot118021XGrprxmickey[6]; 159 union pn48 dot11Grptxpn; /* PN48 used for Grp Key xmit. */ 160 union pn48 dot11Grprxpn; /* PN48 used for Grp Key recv. */ 161 u8 iv_seq[4][8]; 162 #ifdef CONFIG_IEEE80211W 163 enum security_type dot11wCipher; 164 u32 dot11wBIPKeyid; /* key id used for BIP Key ( tx key index) */ 165 union Keytype dot11wBIPKey[6]; /* BIP Key, for index4 and index5 */ 166 union pn48 dot11wBIPtxpn; /* PN48 used for BIP xmit. */ 167 union pn48 dot11wBIPrxpn; /* PN48 used for BIP recv. */ 168 #endif /* CONFIG_IEEE80211W */ 169 #ifdef CONFIG_AP_MODE 170 /* extend security capabilities for AP_MODE */ 171 unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */ 172 unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */ 173 unsigned int wpa_group_cipher; 174 unsigned int wpa2_group_cipher; 175 unsigned int wpa_pairwise_cipher; 176 unsigned int wpa2_pairwise_cipher; 177 unsigned int akmp; /* An authentication and key management protocol */ 178 u8 mfp_opt; 179 #endif 180 #ifdef CONFIG_CONCURRENT_MODE 181 u8 dot118021x_bmc_cam_id; 182 #endif 183 /*IEEE802.11-2012 Std. Table 8-101 AKM Suite Selectors*/ 184 u32 rsn_akm_suite_type; 185 186 u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */ 187 int wps_ie_len; 188 189 u8 owe_ie[MAX_OWE_IE_LEN];/* added in assoc req */ 190 int owe_ie_len; 191 192 u8 rsnx_ie[MAX_RSNX_IE_LEN]; 193 int rsnx_ie_len; 194 195 u8 binstallGrpkey; 196 #ifdef CONFIG_GTK_OL 197 u8 binstallKCK_KEK; 198 #endif /* CONFIG_GTK_OL */ 199 #ifdef CONFIG_IEEE80211W 200 u8 binstallBIPkey; 201 #endif /* CONFIG_IEEE80211W */ 202 u8 busetkipkey; 203 u8 bcheck_grpkey; 204 u8 bgrpkey_handshake; 205 206 u8 auth_alg; 207 u8 auth_type; 208 u8 extauth_status; 209 /* u8 packet_cnt; */ /* unused, removed */ 210 211 s32 sw_encrypt;/* from registry_priv */ 212 s32 sw_decrypt;/* from registry_priv */ 213 214 s32 hw_decrypted; /* Broadcast HW security is ready or not */ 215 216 217 /* keeps the auth_type & enc_status from upper layer ioctl(wpa_supplicant or wzc) */ 218 u32 ndisauthtype; /* NDIS_802_11_AUTHENTICATION_MODE */ 219 u32 ndisencryptstatus; /* NDIS_802_11_ENCRYPTION_STATUS */ 220 221 NDIS_802_11_WEP ndiswep; 222 223 u8 authenticator_ie[256]; /* store ap security information element */ 224 u8 supplicant_ie[256]; /* store sta security information element */ 225 226 227 /* for tkip countermeasure */ 228 systime last_mic_err_time; 229 u8 btkip_countermeasure; 230 u8 btkip_wait_report; 231 systime btkip_countermeasure_time; 232 233 /* --------------------------------------------------------------------------- */ 234 /* For WPA2 Pre-Authentication. */ 235 /* --------------------------------------------------------------------------- */ 236 /* u8 RegEnablePreAuth; */ /* Default value: Pre-Authentication enabled or not, from registry "EnablePreAuth". Added by Annie, 2005-11-01. */ 237 /* u8 EnablePreAuthentication; */ /* Current Value: Pre-Authentication enabled or not. */ 238 RT_PMKID_LIST PMKIDList[NUM_PMKID_CACHE]; /* Renamed from PreAuthKey[NUM_PRE_AUTH_KEY]. Annie, 2006-10-13. */ 239 u8 PMKIDIndex; 240 /* u32 PMKIDCount; */ /* Added by Annie, 2006-10-13. */ 241 /* u8 szCapability[256]; */ /* For WPA2-PSK using zero-config, by Annie, 2005-09-20. */ 242 243 u8 bWepDefaultKeyIdxSet; 244 245 #define DBG_SW_SEC_CNT 246 #ifdef DBG_SW_SEC_CNT 247 u64 wep_sw_enc_cnt_bc; 248 u64 wep_sw_enc_cnt_mc; 249 u64 wep_sw_enc_cnt_uc; 250 u64 wep_sw_dec_cnt_bc; 251 u64 wep_sw_dec_cnt_mc; 252 u64 wep_sw_dec_cnt_uc; 253 254 u64 tkip_sw_enc_cnt_bc; 255 u64 tkip_sw_enc_cnt_mc; 256 u64 tkip_sw_enc_cnt_uc; 257 u64 tkip_sw_dec_cnt_bc; 258 u64 tkip_sw_dec_cnt_mc; 259 u64 tkip_sw_dec_cnt_uc; 260 261 u64 aes_sw_enc_cnt_bc; 262 u64 aes_sw_enc_cnt_mc; 263 u64 aes_sw_enc_cnt_uc; 264 u64 aes_sw_dec_cnt_bc; 265 u64 aes_sw_dec_cnt_mc; 266 u64 aes_sw_dec_cnt_uc; 267 268 u64 gcmp_sw_enc_cnt_bc; 269 u64 gcmp_sw_enc_cnt_mc; 270 u64 gcmp_sw_enc_cnt_uc; 271 u64 gcmp_sw_dec_cnt_bc; 272 u64 gcmp_sw_dec_cnt_mc; 273 u64 gcmp_sw_dec_cnt_uc; 274 #endif /* DBG_SW_SEC_CNT */ 275 }; 276 277 #ifdef CONFIG_IEEE80211W 278 #define SEC_IS_BIP_KEY_INSTALLED(sec) ((sec)->binstallBIPkey) 279 #else 280 #define SEC_IS_BIP_KEY_INSTALLED(sec) _FALSE 281 #endif 282 283 #define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\ 284 do {\ 285 switch (psecuritypriv->dot11AuthAlgrthm) {\ 286 case dot11AuthAlgrthm_Open:\ 287 case dot11AuthAlgrthm_Shared:\ 288 case dot11AuthAlgrthm_Auto:\ 289 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\ 290 break;\ 291 case dot11AuthAlgrthm_8021X:\ 292 if (bmcst)\ 293 encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\ 294 else\ 295 encry_algo = (u8) psta->dot118021XPrivacy;\ 296 break;\ 297 case dot11AuthAlgrthm_WAPI:\ 298 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\ 299 break;\ 300 } \ 301 } while (0) 302 303 #define _AES_IV_LEN_ 8 304 305 #define SET_ICE_IV_LEN(iv_len, icv_len, encrypt)\ 306 do {\ 307 switch (encrypt) {\ 308 case _WEP40_:\ 309 case _WEP104_:\ 310 iv_len = 4;\ 311 icv_len = 4;\ 312 break;\ 313 case _TKIP_:\ 314 iv_len = 8;\ 315 icv_len = 4;\ 316 break;\ 317 case _AES_:\ 318 iv_len = 8;\ 319 icv_len = 8;\ 320 break;\ 321 case _GCMP_:\ 322 case _GCMP_256_:\ 323 iv_len = 8;\ 324 icv_len = 16;\ 325 break;\ 326 case _CCMP_256_:\ 327 iv_len = 8;\ 328 icv_len = 16;\ 329 break;\ 330 case _SMS4_:\ 331 iv_len = 18;\ 332 icv_len = 16;\ 333 break;\ 334 default:\ 335 iv_len = 0;\ 336 icv_len = 0;\ 337 break;\ 338 } \ 339 } while (0) 340 341 342 #define GET_TKIP_PN(iv, dot11txpn)\ 343 do {\ 344 dot11txpn._byte_.TSC0 = iv[2];\ 345 dot11txpn._byte_.TSC1 = iv[0];\ 346 dot11txpn._byte_.TSC2 = iv[4];\ 347 dot11txpn._byte_.TSC3 = iv[5];\ 348 dot11txpn._byte_.TSC4 = iv[6];\ 349 dot11txpn._byte_.TSC5 = iv[7];\ 350 } while (0) 351 352 353 #define ROL32(A, n) (((A) << (n)) | (((A)>>(32-(n))) & ((1UL << (n)) - 1))) 354 #define ROR32(A, n) ROL32((A), 32-(n)) 355 356 struct mic_data { 357 u32 K0, K1; /* Key */ 358 u32 L, R; /* Current state */ 359 u32 M; /* Message accumulator (single word) */ 360 u32 nBytesInM; /* # bytes in M */ 361 }; 362 363 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key); 364 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b); 365 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nBytes); 366 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst); 367 368 void rtw_seccalctkipmic( 369 u8 *key, 370 u8 *header, 371 u8 *data, 372 u32 data_len, 373 u8 *Miccode, 374 u8 priority); 375 376 u32 rtw_aes_encrypt(_adapter *padapter, u8 *pxmitframe); 377 u32 rtw_tkip_encrypt(_adapter *padapter, u8 *pxmitframe); 378 void rtw_wep_encrypt(_adapter *padapter, u8 *pxmitframe); 379 380 u32 rtw_aes_decrypt(_adapter *padapter, u8 *precvframe); 381 u32 rtw_tkip_decrypt(_adapter *padapter, u8 *precvframe); 382 void rtw_wep_decrypt(_adapter *padapter, u8 *precvframe); 383 384 u32 rtw_gcmp_encrypt(_adapter *padapter, u8 *pxmitframe); 385 u32 rtw_gcmp_decrypt(_adapter *padapter, u8 *precvframe); 386 387 #if 0 //RTW_PHL_TX: mark un-finished codes for reading 388 u32 rtw_core_aes_encrypt(_adapter *padapter, u8 *pxframe); 389 #endif 390 391 #ifdef CONFIG_RTW_MESH_AEK 392 int rtw_aes_siv_encrypt(const u8 *key, size_t key_len, 393 const u8 *pw, size_t pwlen, size_t num_elem, 394 const u8 *addr[], const size_t *len, u8 *out); 395 int rtw_aes_siv_decrypt(const u8 *key, size_t key_len, 396 const u8 *iv_crypt, size_t iv_c_len, size_t num_elem, 397 const u8 *addr[], const size_t *len, u8 *out); 398 #endif /* CONFIG_RTW_MESH_AEK */ 399 400 #ifdef CONFIG_IEEE80211W 401 u8 rtw_calculate_bip_mic(enum security_type gmcs, u8 *whdr_pos, s32 len, 402 const u8 *key, const u8 *data, size_t data_len, u8 *mic); 403 u32 rtw_bip_verify(enum security_type gmcs, u16 pkt_len, 404 u8 *whdr_pos, sint flen, const u8 *key, u16 keyid, u64 *ipn, 405 u8 *precvframe); 406 #endif 407 #ifdef CONFIG_TDLS 408 void wpa_tdls_generate_tpk(_adapter *padapter, void *sta); 409 int wpa_tdls_ftie_mic(u8 *kck, u8 trans_seq, 410 u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie, 411 u8 *mic); 412 int wpa_tdls_teardown_ftie_mic(u8 *kck, u8 *lnkid, u16 reason, 413 u8 dialog_token, u8 trans_seq, u8 *ftie, u8 *mic); 414 int tdls_verify_mic(u8 *kck, u8 trans_seq, 415 u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie); 416 #endif /* CONFIG_TDLS */ 417 418 void rtw_sec_restore_wep_key(_adapter *adapter); 419 u8 rtw_handle_tkip_countermeasure(_adapter *adapter, const char *caller); 420 421 #ifdef CONFIG_WOWLAN 422 u16 rtw_calc_crc(u8 *pdata, int length); 423 #endif /*CONFIG_WOWLAN*/ 424 425 #define rtw_sec_chk_auth_alg(a, s) \ 426 ((a)->securitypriv.auth_alg == (s)) 427 428 #define rtw_sec_chk_auth_type(a, s) \ 429 ((a)->securitypriv.auth_type == (s)) 430 431 #define IV_FMT "0x%02x%02x%02x%02x%02x%02x%02x%02x" 432 #define IV_ARG(iv) iv[7], iv[6], iv[5], iv[4], iv[3], iv[2], iv[1], iv[0] 433 #define PN_FMT "0x%02x%02x%02x%02x%02x%02x" 434 #define PN_ARG(pn) pn[5], pn[4], pn[3], pn[2], pn[1], pn[0] 435 u8 rtw_iv_to_pn(u8 *iv, u8 *pn, u8 *key_id, u32 enc_algo); 436 u8 rtw_pn_to_iv(u8 *pn, u8 *iv, u8 key_id, u32 enc_algo); 437 #endif /* __RTL871X_SECURITY_H_ */ 438 439 u32 rtw_calc_crc32(u8 *data, size_t len); 440