xref: /OK3568_Linux_fs/external/rkwifibt/drivers/rtl8852bs/include/rtw_security.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1 /******************************************************************************
2  *
3  * Copyright(c) 2007 - 2019 Realtek Corporation.
4  *
5  * This program is free software; you can redistribute it and/or modify it
6  * under the terms of version 2 of the GNU General Public License as
7  * published by the Free Software Foundation.
8  *
9  * This program is distributed in the hope that it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12  * more details.
13  *
14  *****************************************************************************/
15 #ifndef __RTW_SECURITY_H_
16 #define __RTW_SECURITY_H_
17 
18 enum security_type {
19 	/* TYPE */
20 	_NO_PRIVACY_	= 0x00,
21 	_WEP40_		= 0x01,
22 	_TKIP_		= 0x02,
23 	_TKIP_WTMIC_	= 0x03,
24 	_AES_		= 0x04,
25 	_WEP104_	= 0x05,
26 	_SMS4_		= 0x06,
27 	_GCMP_		= 0x07,
28 	_SEC_TYPE_MAX_,
29 
30 	/* EXT_SECTYPE=1 */
31 	_SEC_TYPE_256_	= 0x10,
32 	_CCMP_256_	= (_AES_ | _SEC_TYPE_256_),
33 	_GCMP_256_	= (_GCMP_ | _SEC_TYPE_256_),
34 
35 #ifdef CONFIG_IEEE80211W
36 	/* EXT_SECTYPE=0, MGNT=1, GK=0/1, KEYID=00/01 */
37 	_SEC_TYPE_BIT_	= 0x20,
38 	_BIP_CMAC_128_	= (_SEC_TYPE_BIT_),
39 	_BIP_GMAC_128_	= (_SEC_TYPE_BIT_ + 1),
40 	_BIP_GMAC_256_	= (_SEC_TYPE_BIT_ + 2),
41 	/* EXT_SECTYPE=1, MGNT=1, GK=1, KEYID=00/01 */
42 	_BIP_CMAC_256_	= (_SEC_TYPE_BIT_ + 3),
43 	_BIP_MAX_,
44 #endif
45 };
46 
47 
48 /* 802.11W use wrong key */
49 #define IEEE80211W_RIGHT_KEY	0x0
50 #define IEEE80211W_WRONG_KEY	0x1
51 #define IEEE80211W_NO_KEY		0x2
52 
53 #define CCMPH_2_PN(ch)	((ch) & 0x000000000000ffff) \
54 			| (((ch) & 0xffffffff00000000) >> 16)
55 
56 #define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_))
57 
58 const char *security_type_str(u8 value);
59 #ifdef CONFIG_IEEE80211W
60 u32 security_type_bip_to_gmcs(enum security_type type);
61 #endif
62 
63 #define _WPA_IE_ID_	0xdd
64 #define _WPA2_IE_ID_	0x30
65 
66 #define RTW_KEK_LEN 16
67 #define RTW_KCK_LEN 16
68 #define RTW_TKIP_MIC_LEN 8
69 #define RTW_REPLAY_CTR_LEN 8
70 /* For CCMP-128 only */
71 #define RTW_PTK_LEN 16
72 /* For BIP-CMAC-128 only */
73 #define RTW_IGTK_LEN 16
74 
75 #define INVALID_SEC_MAC_CAM_ID	0xFF
76 
77 typedef enum {
78 	ENCRYP_PROTOCOL_OPENSYS,   /* open system */
79 	ENCRYP_PROTOCOL_WEP,       /* WEP */
80 	ENCRYP_PROTOCOL_WPA,       /* WPA */
81 	ENCRYP_PROTOCOL_RSN,       /* RSN(WPA2/WPA3) */
82 	ENCRYP_PROTOCOL_WAPI,      /* WAPI: Not support in this version */
83 	ENCRYP_PROTOCOL_MAX
84 } ENCRYP_PROTOCOL_E;
85 
86 
87 #ifndef Ndis802_11AuthModeWPA2
88 #define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
89 #endif
90 
91 #ifndef Ndis802_11AuthModeWPA2PSK
92 #define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
93 #endif
94 
95 union pn48	{
96 
97 	u64	val;
98 
99 #ifdef CONFIG_LITTLE_ENDIAN
100 
101 struct {
102 	u8 TSC0;
103 	u8 TSC1;
104 	u8 TSC2;
105 	u8 TSC3;
106 	u8 TSC4;
107 	u8 TSC5;
108 	u8 TSC6;
109 	u8 TSC7;
110 } _byte_;
111 
112 #elif defined(CONFIG_BIG_ENDIAN)
113 
114 struct {
115 	u8 TSC7;
116 	u8 TSC6;
117 	u8 TSC5;
118 	u8 TSC4;
119 	u8 TSC3;
120 	u8 TSC2;
121 	u8 TSC1;
122 	u8 TSC0;
123 } _byte_;
124 
125 #endif
126 
127 };
128 
129 union Keytype {
130 	u8 skey[32];
131 };
132 
133 typedef struct _RT_PMKID_LIST {
134 	u8						bUsed;
135 	u8						Bssid[6];
136 	u8						PMKID[16];
137 	u8						SsidBuf[33];
138 	u8						*ssid_octet;
139 	u16						ssid_length;
140 } RT_PMKID_LIST, *PRT_PMKID_LIST;
141 
142 
143 struct security_priv {
144 	u32	  dot11AuthAlgrthm;		/* 802.11 auth, could be open, shared, 8021x and authswitch */
145 	u32	  dot11PrivacyAlgrthm;	/* This specify the privacy for shared auth. algorithm. */
146 
147 	/* WEP */
148 	u32	  dot11PrivacyKeyIndex;	/* this is only valid for legendary wep, 0~3 for key id. (tx key index) */
149 	union Keytype dot11DefKey[6];			/* this is only valid for def. key	 */
150 	u32	dot11DefKeylen[6];
151 	u8	dot11Def_camid[6];
152 	u8 	key_mask; /* use to restore wep key after hal_init */
153 
154 	u32 dot118021XGrpPrivacy;	/* This specify the privacy algthm. used for Grp key */
155 	u32	dot118021XGrpKeyid;		/* key id used for Grp Key ( tx key index) */
156 	union Keytype	dot118021XGrpKey[6];	/* 802.1x Group Key, for inx0 and inx1	 */
157 	union Keytype	dot118021XGrptxmickey[6];
158 	union Keytype	dot118021XGrprxmickey[6];
159 	union pn48		dot11Grptxpn;			/* PN48 used for Grp Key xmit. */
160 	union pn48		dot11Grprxpn;			/* PN48 used for Grp Key recv. */
161 	u8				iv_seq[4][8];
162 #ifdef CONFIG_IEEE80211W
163 	enum security_type dot11wCipher;
164 	u32	dot11wBIPKeyid;						/* key id used for BIP Key ( tx key index) */
165 	union Keytype	dot11wBIPKey[6];		/* BIP Key, for index4 and index5 */
166 	union pn48		dot11wBIPtxpn;			/* PN48 used for BIP xmit. */
167 	union pn48		dot11wBIPrxpn;			/* PN48 used for BIP recv. */
168 #endif /* CONFIG_IEEE80211W */
169 #ifdef CONFIG_AP_MODE
170 	/* extend security capabilities for AP_MODE */
171 	unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
172 	unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
173 	unsigned int wpa_group_cipher;
174 	unsigned int wpa2_group_cipher;
175 	unsigned int wpa_pairwise_cipher;
176 	unsigned int wpa2_pairwise_cipher;
177 	unsigned int akmp; /* An authentication and key management protocol */
178 	u8 mfp_opt;
179 #endif
180 #ifdef CONFIG_CONCURRENT_MODE
181 	u8	dot118021x_bmc_cam_id;
182 #endif
183 	/*IEEE802.11-2012 Std. Table 8-101 AKM Suite Selectors*/
184 	u32	rsn_akm_suite_type;
185 
186 	u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
187 	int wps_ie_len;
188 
189 	u8 owe_ie[MAX_OWE_IE_LEN];/* added in assoc req */
190 	int owe_ie_len;
191 
192 	u8	binstallGrpkey;
193 #ifdef CONFIG_GTK_OL
194 	u8	binstallKCK_KEK;
195 #endif /* CONFIG_GTK_OL */
196 #ifdef CONFIG_IEEE80211W
197 	u8	binstallBIPkey;
198 #endif /* CONFIG_IEEE80211W */
199 	u8	busetkipkey;
200 	u8	bcheck_grpkey;
201 	u8	bgrpkey_handshake;
202 
203 	u8	auth_alg;
204 	u8	auth_type;
205 	u8	extauth_status;
206 	/* u8	packet_cnt; */ /* unused, removed */
207 
208 	s32	sw_encrypt;/* from registry_priv */
209 	s32	sw_decrypt;/* from registry_priv */
210 
211 	s32 hw_decrypted; /* Broadcast HW security is ready or not */
212 
213 
214 	/* keeps the auth_type & enc_status from upper layer ioctl(wpa_supplicant or wzc) */
215 	u32 ndisauthtype;	/* NDIS_802_11_AUTHENTICATION_MODE */
216 	u32 ndisencryptstatus;	/* NDIS_802_11_ENCRYPTION_STATUS */
217 
218 	NDIS_802_11_WEP ndiswep;
219 
220 	u8 authenticator_ie[256];  /* store ap security information element */
221 	u8 supplicant_ie[256];  /* store sta security information element */
222 
223 
224 	/* for tkip countermeasure */
225 	systime last_mic_err_time;
226 	u8	btkip_countermeasure;
227 	u8	btkip_wait_report;
228 	systime btkip_countermeasure_time;
229 
230 	/* --------------------------------------------------------------------------- */
231 	/* For WPA2 Pre-Authentication. */
232 	/* --------------------------------------------------------------------------- */
233 	/* u8				RegEnablePreAuth;				 */ /* Default value: Pre-Authentication enabled or not, from registry "EnablePreAuth". Added by Annie, 2005-11-01. */
234 	/* u8				EnablePreAuthentication;			 */ /* Current Value: Pre-Authentication enabled or not. */
235 	RT_PMKID_LIST		PMKIDList[NUM_PMKID_CACHE];	/* Renamed from PreAuthKey[NUM_PRE_AUTH_KEY]. Annie, 2006-10-13. */
236 	u8				PMKIDIndex;
237 	/* u32				PMKIDCount;						 */ /* Added by Annie, 2006-10-13. */
238 	/* u8				szCapability[256];				 */ /* For WPA2-PSK using zero-config, by Annie, 2005-09-20. */
239 
240 	u8 bWepDefaultKeyIdxSet;
241 
242 #define DBG_SW_SEC_CNT
243 #ifdef DBG_SW_SEC_CNT
244 	u64 wep_sw_enc_cnt_bc;
245 	u64 wep_sw_enc_cnt_mc;
246 	u64 wep_sw_enc_cnt_uc;
247 	u64 wep_sw_dec_cnt_bc;
248 	u64 wep_sw_dec_cnt_mc;
249 	u64 wep_sw_dec_cnt_uc;
250 
251 	u64 tkip_sw_enc_cnt_bc;
252 	u64 tkip_sw_enc_cnt_mc;
253 	u64 tkip_sw_enc_cnt_uc;
254 	u64 tkip_sw_dec_cnt_bc;
255 	u64 tkip_sw_dec_cnt_mc;
256 	u64 tkip_sw_dec_cnt_uc;
257 
258 	u64 aes_sw_enc_cnt_bc;
259 	u64 aes_sw_enc_cnt_mc;
260 	u64 aes_sw_enc_cnt_uc;
261 	u64 aes_sw_dec_cnt_bc;
262 	u64 aes_sw_dec_cnt_mc;
263 	u64 aes_sw_dec_cnt_uc;
264 
265 	u64 gcmp_sw_enc_cnt_bc;
266 	u64 gcmp_sw_enc_cnt_mc;
267 	u64 gcmp_sw_enc_cnt_uc;
268 	u64 gcmp_sw_dec_cnt_bc;
269 	u64 gcmp_sw_dec_cnt_mc;
270 	u64 gcmp_sw_dec_cnt_uc;
271 #endif /* DBG_SW_SEC_CNT */
272 };
273 
274 #ifdef CONFIG_IEEE80211W
275 #define SEC_IS_BIP_KEY_INSTALLED(sec) ((sec)->binstallBIPkey)
276 #else
277 #define SEC_IS_BIP_KEY_INSTALLED(sec) _FALSE
278 #endif
279 
280 #define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\
281 	do {\
282 		switch (psecuritypriv->dot11AuthAlgrthm) {\
283 		case dot11AuthAlgrthm_Open:\
284 		case dot11AuthAlgrthm_Shared:\
285 		case dot11AuthAlgrthm_Auto:\
286 			encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
287 			break;\
288 		case dot11AuthAlgrthm_8021X:\
289 			if (bmcst)\
290 				encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\
291 			else\
292 				encry_algo = (u8) psta->dot118021XPrivacy;\
293 			break;\
294 		case dot11AuthAlgrthm_WAPI:\
295 			encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
296 			break;\
297 		} \
298 	} while (0)
299 
300 #define _AES_IV_LEN_ 8
301 
302 #define SET_ICE_IV_LEN(iv_len, icv_len, encrypt)\
303 	do {\
304 		switch (encrypt) {\
305 		case _WEP40_:\
306 		case _WEP104_:\
307 			iv_len = 4;\
308 			icv_len = 4;\
309 			break;\
310 		case _TKIP_:\
311 			iv_len = 8;\
312 			icv_len = 4;\
313 			break;\
314 		case _AES_:\
315 			iv_len = 8;\
316 			icv_len = 8;\
317 			break;\
318 		case _GCMP_:\
319 		case _GCMP_256_:\
320 			iv_len = 8;\
321 			icv_len = 16;\
322 			break;\
323 		case _CCMP_256_:\
324 			iv_len = 8;\
325 			icv_len = 16;\
326 			break;\
327 		case _SMS4_:\
328 			iv_len = 18;\
329 			icv_len = 16;\
330 			break;\
331 		default:\
332 			iv_len = 0;\
333 			icv_len = 0;\
334 			break;\
335 		} \
336 	} while (0)
337 
338 
339 #define GET_TKIP_PN(iv, dot11txpn)\
340 	do {\
341 		dot11txpn._byte_.TSC0 = iv[2];\
342 		dot11txpn._byte_.TSC1 = iv[0];\
343 		dot11txpn._byte_.TSC2 = iv[4];\
344 		dot11txpn._byte_.TSC3 = iv[5];\
345 		dot11txpn._byte_.TSC4 = iv[6];\
346 		dot11txpn._byte_.TSC5 = iv[7];\
347 	} while (0)
348 
349 
350 #define ROL32(A, n)	(((A) << (n)) | (((A)>>(32-(n)))  & ((1UL << (n)) - 1)))
351 #define ROR32(A, n)	ROL32((A), 32-(n))
352 
353 struct mic_data {
354 	u32  K0, K1;         /* Key */
355 	u32  L, R;           /* Current state */
356 	u32  M;              /* Message accumulator (single word) */
357 	u32     nBytesInM;      /*  # bytes in M */
358 };
359 
360 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key);
361 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b);
362 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nBytes);
363 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst);
364 
365 void rtw_seccalctkipmic(
366 	u8 *key,
367 	u8 *header,
368 	u8 *data,
369 	u32 data_len,
370 	u8 *Miccode,
371 	u8   priority);
372 
373 u32 rtw_aes_encrypt(_adapter *padapter, u8 *pxmitframe);
374 u32 rtw_tkip_encrypt(_adapter *padapter, u8 *pxmitframe);
375 void rtw_wep_encrypt(_adapter *padapter, u8  *pxmitframe);
376 
377 u32 rtw_aes_decrypt(_adapter *padapter, u8  *precvframe);
378 u32 rtw_tkip_decrypt(_adapter *padapter, u8  *precvframe);
379 void rtw_wep_decrypt(_adapter *padapter, u8  *precvframe);
380 
381 u32 rtw_gcmp_encrypt(_adapter *padapter, u8 *pxmitframe);
382 u32 rtw_gcmp_decrypt(_adapter *padapter, u8 *precvframe);
383 
384 #if 0 //RTW_PHL_TX: mark un-finished codes for reading
385 u32 rtw_core_aes_encrypt(_adapter *padapter, u8 *pxframe);
386 #endif
387 
388 #ifdef CONFIG_RTW_MESH_AEK
389 int rtw_aes_siv_encrypt(const u8 *key, size_t key_len,
390 	const u8 *pw, size_t pwlen, size_t num_elem,
391 	const u8 *addr[], const size_t *len, u8 *out);
392 int rtw_aes_siv_decrypt(const u8 *key, size_t key_len,
393 	const u8 *iv_crypt, size_t iv_c_len, size_t num_elem,
394 	const u8 *addr[], const size_t *len, u8 *out);
395 #endif /* CONFIG_RTW_MESH_AEK */
396 
397 #ifdef CONFIG_IEEE80211W
398 u8 rtw_calculate_bip_mic(enum security_type gmcs, u8 *whdr_pos, s32 len,
399 	const u8 *key, const u8 *data, size_t data_len, u8 *mic);
400 u32 rtw_bip_verify(enum security_type gmcs, u16 pkt_len,
401 	u8 *whdr_pos, sint flen, const u8 *key, u16 keyid, u64 *ipn,
402 	u8 *precvframe);
403 #endif
404 #ifdef CONFIG_TDLS
405 void wpa_tdls_generate_tpk(_adapter *padapter, void *sta);
406 int wpa_tdls_ftie_mic(u8 *kck, u8 trans_seq,
407 			u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie,
408 			u8 *mic);
409 int wpa_tdls_teardown_ftie_mic(u8 *kck, u8 *lnkid, u16 reason,
410 			u8 dialog_token, u8 trans_seq, u8 *ftie, u8 *mic);
411 int tdls_verify_mic(u8 *kck, u8 trans_seq,
412 			u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie);
413 #endif /* CONFIG_TDLS */
414 
415 void rtw_sec_restore_wep_key(_adapter *adapter);
416 u8 rtw_handle_tkip_countermeasure(_adapter *adapter, const char *caller);
417 
418 #ifdef CONFIG_WOWLAN
419 u16 rtw_calc_crc(u8  *pdata, int length);
420 #endif /*CONFIG_WOWLAN*/
421 
422 #define rtw_sec_chk_auth_alg(a, s) \
423 	((a)->securitypriv.auth_alg == (s))
424 
425 #define rtw_sec_chk_auth_type(a, s) \
426 	((a)->securitypriv.auth_type == (s))
427 
428 #define IV_FMT "0x%02x%02x%02x%02x%02x%02x%02x%02x"
429 #define IV_ARG(iv) iv[7], iv[6], iv[5], iv[4], iv[3], iv[2], iv[1], iv[0]
430 #define PN_FMT "0x%02x%02x%02x%02x%02x%02x"
431 #define PN_ARG(pn) pn[5], pn[4], pn[3], pn[2], pn[1], pn[0]
432 u8 rtw_iv_to_pn(u8 *iv, u8 *pn, u8 *key_id, u32 enc_algo);
433 u8 rtw_pn_to_iv(u8 *pn, u8 *iv, u8 key_id, u32 enc_algo);
434 #endif /* __RTL871X_SECURITY_H_ */
435 
436 u32 rtw_calc_crc32(u8 *data, size_t len);
437