1 /******************************************************************************
2 *
3 * Copyright(c) 2007 - 2017 Realtek Corporation.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 *****************************************************************************/
15 #ifndef __RTW_SECURITY_H_
16 #define __RTW_SECURITY_H_
17
18
19 #define _NO_PRIVACY_ 0x0
20 #define _WEP40_ 0x1
21 #define _TKIP_ 0x2
22 #define _TKIP_WTMIC_ 0x3
23 #define _AES_ 0x4
24 #define _WEP104_ 0x5
25 #define _WEP_WPA_MIXED_ 0x07 /* WEP + WPA */
26 #define _SMS4_ 0x06
27 #ifdef CONFIG_IEEE80211W
28 #define _BIP_ 0x8
29 #endif /* CONFIG_IEEE80211W */
30 /* 802.11W use wrong key */
31 #define IEEE80211W_RIGHT_KEY 0x0
32 #define IEEE80211W_WRONG_KEY 0x1
33 #define IEEE80211W_NO_KEY 0x2
34
35 #define CCMPH_2_PN(ch) ((ch) & 0x000000000000ffff) \
36 | (((ch) & 0xffffffff00000000) >> 16)
37
38 #define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_))
39
40 const char *security_type_str(u8 value);
41
42 #define _WPA_IE_ID_ 0xdd
43 #define _WPA2_IE_ID_ 0x30
44
45 #define SHA256_MAC_LEN 32
46 #define AES_BLOCK_SIZE 16
47 #define AES_PRIV_SIZE (4 * 44)
48
49 #define RTW_KEK_LEN 16
50 #define RTW_KCK_LEN 16
51 #define RTW_TKIP_MIC_LEN 8
52 #define RTW_REPLAY_CTR_LEN 8
53
54 #define INVALID_SEC_MAC_CAM_ID 0xFF
55
56 typedef enum {
57 ENCRYP_PROTOCOL_OPENSYS, /* open system */
58 ENCRYP_PROTOCOL_WEP, /* WEP */
59 ENCRYP_PROTOCOL_WPA, /* WPA */
60 ENCRYP_PROTOCOL_WPA2, /* WPA2 */
61 ENCRYP_PROTOCOL_WAPI, /* WAPI: Not support in this version */
62 ENCRYP_PROTOCOL_MAX
63 } ENCRYP_PROTOCOL_E;
64
65
66 #ifndef Ndis802_11AuthModeWPA2
67 #define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
68 #endif
69
70 #ifndef Ndis802_11AuthModeWPA2PSK
71 #define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
72 #endif
73
74 union pn48 {
75
76 u64 val;
77
78 #ifdef CONFIG_LITTLE_ENDIAN
79
80 struct {
81 u8 TSC0;
82 u8 TSC1;
83 u8 TSC2;
84 u8 TSC3;
85 u8 TSC4;
86 u8 TSC5;
87 u8 TSC6;
88 u8 TSC7;
89 } _byte_;
90
91 #elif defined(CONFIG_BIG_ENDIAN)
92
93 struct {
94 u8 TSC7;
95 u8 TSC6;
96 u8 TSC5;
97 u8 TSC4;
98 u8 TSC3;
99 u8 TSC2;
100 u8 TSC1;
101 u8 TSC0;
102 } _byte_;
103
104 #endif
105
106 };
107
108 union Keytype {
109 u8 skey[16];
110 u32 lkey[4];
111 };
112
113
114 typedef struct _RT_PMKID_LIST {
115 u8 bUsed;
116 u8 Bssid[6];
117 u8 PMKID[16];
118 u8 SsidBuf[33];
119 u8 *ssid_octet;
120 u16 ssid_length;
121 } RT_PMKID_LIST, *PRT_PMKID_LIST;
122
123
124 struct security_priv {
125 u32 dot11AuthAlgrthm; /* 802.11 auth, could be open, shared, 8021x and authswitch */
126 u32 dot11PrivacyAlgrthm; /* This specify the privacy for shared auth. algorithm. */
127
128 /* WEP */
129 u32 dot11PrivacyKeyIndex; /* this is only valid for legendary wep, 0~3 for key id. (tx key index) */
130 union Keytype dot11DefKey[4]; /* this is only valid for def. key */
131 u32 dot11DefKeylen[4];
132 u8 dot11Def_camid[4];
133 u8 key_mask; /* use to restore wep key after hal_init */
134
135 u32 dot118021XGrpPrivacy; /* This specify the privacy algthm. used for Grp key */
136 u32 dot118021XGrpKeyid; /* key id used for Grp Key ( tx key index) */
137 union Keytype dot118021XGrpKey[4]; /* 802.1x Group Key, for inx0 and inx1 */
138 union Keytype dot118021XGrptxmickey[4];
139 union Keytype dot118021XGrprxmickey[4];
140 union pn48 dot11Grptxpn; /* PN48 used for Grp Key xmit. */
141 union pn48 dot11Grprxpn; /* PN48 used for Grp Key recv. */
142 u8 iv_seq[4][8];
143 #ifdef CONFIG_IEEE80211W
144 u32 dot11wBIPKeyid; /* key id used for BIP Key ( tx key index) */
145 union Keytype dot11wBIPKey[6]; /* BIP Key, for index4 and index5 */
146 union pn48 dot11wBIPtxpn; /* PN48 used for Grp Key xmit. */
147 union pn48 dot11wBIPrxpn; /* PN48 used for Grp Key recv. */
148 #endif /* CONFIG_IEEE80211W */
149 #ifdef CONFIG_AP_MODE
150 /* extend security capabilities for AP_MODE */
151 unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
152 unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
153 unsigned int wpa_group_cipher;
154 unsigned int wpa2_group_cipher;
155 unsigned int wpa_pairwise_cipher;
156 unsigned int wpa2_pairwise_cipher;
157 #endif
158 #ifdef CONFIG_CONCURRENT_MODE
159 u8 dot118021x_bmc_cam_id;
160 #endif
161 /*IEEE802.11-2012 Std. Table 8-101 AKM Suite Selectors*/
162 u32 rsn_akm_suite_type;
163
164 u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
165 int wps_ie_len;
166
167
168 u8 binstallGrpkey;
169 #ifdef CONFIG_GTK_OL
170 u8 binstallKCK_KEK;
171 #endif /* CONFIG_GTK_OL */
172 #ifdef CONFIG_IEEE80211W
173 u8 binstallBIPkey;
174 #endif /* CONFIG_IEEE80211W */
175 u8 busetkipkey;
176 u8 bcheck_grpkey;
177 u8 bgrpkey_handshake;
178
179 /* u8 packet_cnt; */ /* unused, removed */
180
181 s32 sw_encrypt;/* from registry_priv */
182 s32 sw_decrypt;/* from registry_priv */
183
184 s32 hw_decrypted;/* if the rx packets is hw_decrypted==_FALSE, it means the hw has not been ready. */
185
186
187 /* keeps the auth_type & enc_status from upper layer ioctl(wpa_supplicant or wzc) */
188 u32 ndisauthtype; /* NDIS_802_11_AUTHENTICATION_MODE */
189 u32 ndisencryptstatus; /* NDIS_802_11_ENCRYPTION_STATUS */
190
191 NDIS_802_11_WEP ndiswep;
192 #ifdef PLATFORM_WINDOWS
193 u8 KeyMaterial[16];/* variable length depending on above field. */
194 #endif
195
196 u8 assoc_info[600];
197 u8 szofcapability[256]; /* for wpa2 usage */
198 u8 oidassociation[512]; /* for wpa/wpa2 usage */
199 u8 authenticator_ie[256]; /* store ap security information element */
200 u8 supplicant_ie[256]; /* store sta security information element */
201
202
203 /* for tkip countermeasure */
204 systime last_mic_err_time;
205 u8 btkip_countermeasure;
206 u8 btkip_wait_report;
207 systime btkip_countermeasure_time;
208
209 /* --------------------------------------------------------------------------- */
210 /* For WPA2 Pre-Authentication. */
211 /* --------------------------------------------------------------------------- */
212 /* u8 RegEnablePreAuth; */ /* Default value: Pre-Authentication enabled or not, from registry "EnablePreAuth". Added by Annie, 2005-11-01. */
213 /* u8 EnablePreAuthentication; */ /* Current Value: Pre-Authentication enabled or not. */
214 RT_PMKID_LIST PMKIDList[NUM_PMKID_CACHE]; /* Renamed from PreAuthKey[NUM_PRE_AUTH_KEY]. Annie, 2006-10-13. */
215 u8 PMKIDIndex;
216 /* u32 PMKIDCount; */ /* Added by Annie, 2006-10-13. */
217 /* u8 szCapability[256]; */ /* For WPA2-PSK using zero-config, by Annie, 2005-09-20. */
218
219 u8 bWepDefaultKeyIdxSet;
220
221 #define DBG_SW_SEC_CNT
222 #ifdef DBG_SW_SEC_CNT
223 u64 wep_sw_enc_cnt_bc;
224 u64 wep_sw_enc_cnt_mc;
225 u64 wep_sw_enc_cnt_uc;
226 u64 wep_sw_dec_cnt_bc;
227 u64 wep_sw_dec_cnt_mc;
228 u64 wep_sw_dec_cnt_uc;
229
230 u64 tkip_sw_enc_cnt_bc;
231 u64 tkip_sw_enc_cnt_mc;
232 u64 tkip_sw_enc_cnt_uc;
233 u64 tkip_sw_dec_cnt_bc;
234 u64 tkip_sw_dec_cnt_mc;
235 u64 tkip_sw_dec_cnt_uc;
236
237 u64 aes_sw_enc_cnt_bc;
238 u64 aes_sw_enc_cnt_mc;
239 u64 aes_sw_enc_cnt_uc;
240 u64 aes_sw_dec_cnt_bc;
241 u64 aes_sw_dec_cnt_mc;
242 u64 aes_sw_dec_cnt_uc;
243 #endif /* DBG_SW_SEC_CNT */
244 };
245
246 struct sha256_state {
247 u64 length;
248 u32 state[8], curlen;
249 u8 buf[64];
250 };
251
252 #define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\
253 do {\
254 switch (psecuritypriv->dot11AuthAlgrthm) {\
255 case dot11AuthAlgrthm_Open:\
256 case dot11AuthAlgrthm_Shared:\
257 case dot11AuthAlgrthm_Auto:\
258 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
259 break;\
260 case dot11AuthAlgrthm_8021X:\
261 if (bmcst)\
262 encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\
263 else\
264 encry_algo = (u8) psta->dot118021XPrivacy;\
265 break;\
266 case dot11AuthAlgrthm_WAPI:\
267 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
268 break;\
269 } \
270 } while (0)
271
272 #define _AES_IV_LEN_ 8
273
274 #define SET_ICE_IV_LEN(iv_len, icv_len, encrypt)\
275 do {\
276 switch (encrypt) {\
277 case _WEP40_:\
278 case _WEP104_:\
279 iv_len = 4;\
280 icv_len = 4;\
281 break;\
282 case _TKIP_:\
283 iv_len = 8;\
284 icv_len = 4;\
285 break;\
286 case _AES_:\
287 iv_len = 8;\
288 icv_len = 8;\
289 break;\
290 case _SMS4_:\
291 iv_len = 18;\
292 icv_len = 16;\
293 break;\
294 default:\
295 iv_len = 0;\
296 icv_len = 0;\
297 break;\
298 } \
299 } while (0)
300
301
302 #define GET_TKIP_PN(iv, dot11txpn)\
303 do {\
304 dot11txpn._byte_.TSC0 = iv[2];\
305 dot11txpn._byte_.TSC1 = iv[0];\
306 dot11txpn._byte_.TSC2 = iv[4];\
307 dot11txpn._byte_.TSC3 = iv[5];\
308 dot11txpn._byte_.TSC4 = iv[6];\
309 dot11txpn._byte_.TSC5 = iv[7];\
310 } while (0)
311
312
313 #define ROL32(A, n) (((A) << (n)) | (((A)>>(32-(n))) & ((1UL << (n)) - 1)))
314 #define ROR32(A, n) ROL32((A), 32-(n))
315
316 struct mic_data {
317 u32 K0, K1; /* Key */
318 u32 L, R; /* Current state */
319 u32 M; /* Message accumulator (single word) */
320 u32 nBytesInM; /* # bytes in M */
321 };
322
323 extern const u32 Te0[256];
324 extern const u32 Te1[256];
325 extern const u32 Te2[256];
326 extern const u32 Te3[256];
327 extern const u32 Te4[256];
328 extern const u32 Td0[256];
329 extern const u32 Td1[256];
330 extern const u32 Td2[256];
331 extern const u32 Td3[256];
332 extern const u32 Td4[256];
333 extern const u32 rcon[10];
334 extern const u8 Td4s[256];
335 extern const u8 rcons[10];
336
337 #define RCON(i) (rcons[(i)] << 24)
338
rotr(u32 val,int bits)339 static inline u32 rotr(u32 val, int bits)
340 {
341 return (val >> bits) | (val << (32 - bits));
342 }
343
344 #define TE0(i) Te0[((i) >> 24) & 0xff]
345 #define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
346 #define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
347 #define TE3(i) rotr(Te0[(i) & 0xff], 24)
348 #define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
349 #define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
350 #define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
351 #define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
352 #define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000)
353 #define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000)
354 #define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00)
355 #define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff)
356 #define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff)
357
358 #define TD0(i) Td0[((i) >> 24) & 0xff]
359 #define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8)
360 #define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16)
361 #define TD3(i) rotr(Td0[(i) & 0xff], 24)
362 #define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24)
363 #define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16)
364 #define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8)
365 #define TD44(i) (Td4s[(i) & 0xff])
366 #define TD0_(i) Td0[(i) & 0xff]
367 #define TD1_(i) rotr(Td0[(i) & 0xff], 8)
368 #define TD2_(i) rotr(Td0[(i) & 0xff], 16)
369 #define TD3_(i) rotr(Td0[(i) & 0xff], 24)
370
371 #define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
372 ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
373
374 #define PUTU32(ct, st) { \
375 (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
376 (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
377
378 #define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \
379 (((u32) (a)[2]) << 8) | ((u32) (a)[3]))
380
381 #define WPA_PUT_LE16(a, val) \
382 do { \
383 (a)[1] = ((u16) (val)) >> 8; \
384 (a)[0] = ((u16) (val)) & 0xff; \
385 } while (0)
386
387 #define WPA_PUT_BE32(a, val) \
388 do { \
389 (a)[0] = (u8) ((((u32) (val)) >> 24) & 0xff); \
390 (a)[1] = (u8) ((((u32) (val)) >> 16) & 0xff); \
391 (a)[2] = (u8) ((((u32) (val)) >> 8) & 0xff); \
392 (a)[3] = (u8) (((u32) (val)) & 0xff); \
393 } while (0)
394
395 #define WPA_PUT_BE64(a, val) \
396 do { \
397 (a)[0] = (u8) (((u64) (val)) >> 56); \
398 (a)[1] = (u8) (((u64) (val)) >> 48); \
399 (a)[2] = (u8) (((u64) (val)) >> 40); \
400 (a)[3] = (u8) (((u64) (val)) >> 32); \
401 (a)[4] = (u8) (((u64) (val)) >> 24); \
402 (a)[5] = (u8) (((u64) (val)) >> 16); \
403 (a)[6] = (u8) (((u64) (val)) >> 8); \
404 (a)[7] = (u8) (((u64) (val)) & 0xff); \
405 } while (0)
406
407 /* the K array */
408 static const unsigned long K[64] = {
409 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
410 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
411 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
412 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
413 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
414 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
415 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
416 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
417 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
418 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
419 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
420 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
421 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
422 };
423
424
425 /* Various logical functions */
426 #define RORc(x, y) \
427 (((((unsigned long) (x) & 0xFFFFFFFFUL) >> (unsigned long) ((y) & 31)) | \
428 ((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL)
429 #define Ch(x, y, z) (z ^ (x & (y ^ z)))
430 #define Maj(x, y, z) (((x | y) & z) | (x & y))
431 #define S(x, n) RORc((x), (n))
432 #define R(x, n) (((x) & 0xFFFFFFFFUL)>>(n))
433 #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
434 #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
435 #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
436 #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
437 #ifndef MIN
438 #define MIN(x, y) (((x) < (y)) ? (x) : (y))
439 #endif
440 #ifdef CONFIG_IEEE80211W
441 int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac);
442 #endif /* CONFIG_IEEE80211W */
443 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key);
444 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b);
445 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nBytes);
446 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst);
447
448 void rtw_seccalctkipmic(
449 u8 *key,
450 u8 *header,
451 u8 *data,
452 u32 data_len,
453 u8 *Miccode,
454 u8 priority);
455
456 u32 rtw_aes_encrypt(_adapter *padapter, u8 *pxmitframe);
457 u32 rtw_tkip_encrypt(_adapter *padapter, u8 *pxmitframe);
458 void rtw_wep_encrypt(_adapter *padapter, u8 *pxmitframe);
459
460 u32 rtw_aes_decrypt(_adapter *padapter, u8 *precvframe);
461 u32 rtw_tkip_decrypt(_adapter *padapter, u8 *precvframe);
462 void rtw_wep_decrypt(_adapter *padapter, u8 *precvframe);
463 #ifdef CONFIG_IEEE80211W
464 u32 rtw_BIP_verify(_adapter *padapter, u8 *precvframe);
465 #endif /* CONFIG_IEEE80211W */
466 #ifdef CONFIG_TDLS
467 void wpa_tdls_generate_tpk(_adapter *padapter, PVOID sta);
468 int wpa_tdls_ftie_mic(u8 *kck, u8 trans_seq,
469 u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie,
470 u8 *mic);
471 int wpa_tdls_teardown_ftie_mic(u8 *kck, u8 *lnkid, u16 reason,
472 u8 dialog_token, u8 trans_seq, u8 *ftie, u8 *mic);
473 int tdls_verify_mic(u8 *kck, u8 trans_seq,
474 u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie);
475 #endif /* CONFIG_TDLS */
476
477 void rtw_sec_restore_wep_key(_adapter *adapter);
478 u8 rtw_handle_tkip_countermeasure(_adapter *adapter, const char *caller);
479
480 #ifdef CONFIG_WOWLAN
481 u16 rtw_calc_crc(u8 *pdata, int length);
482 #endif /*CONFIG_WOWLAN*/
483
484 #endif /* __RTL871X_SECURITY_H_ */
485