xref: /OK3568_Linux_fs/kernel/drivers/net/wireless/rockchip_wlan/rtl8723cs/include/rtw_security.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1 /******************************************************************************
2  *
3  * Copyright(c) 2007 - 2017 Realtek Corporation.
4  *
5  * This program is free software; you can redistribute it and/or modify it
6  * under the terms of version 2 of the GNU General Public License as
7  * published by the Free Software Foundation.
8  *
9  * This program is distributed in the hope that it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12  * more details.
13  *
14  *****************************************************************************/
15 #ifndef __RTW_SECURITY_H_
16 #define __RTW_SECURITY_H_
17 
18 enum security_type {
19 	/* TYPE */
20 	_NO_PRIVACY_	= 0x00,
21 	_WEP40_		= 0x01,
22 	_TKIP_		= 0x02,
23 	_TKIP_WTMIC_	= 0x03,
24 	_AES_		= 0x04,
25 	_WEP104_	= 0x05,
26 	_SMS4_		= 0x06,
27 	_GCMP_		= 0x07,
28 	_SEC_TYPE_MAX_,
29 
30 	/* EXT_SECTYPE=1 */
31 	_SEC_TYPE_256_	= 0x10,
32 	_CCMP_256_	= (_AES_ | _SEC_TYPE_256_),
33 	_GCMP_256_	= (_GCMP_ | _SEC_TYPE_256_),
34 
35 #ifdef CONFIG_IEEE80211W
36 	/* EXT_SECTYPE=0, MGNT=1, GK=0/1, KEYID=00/01 */
37 	_SEC_TYPE_BIT_	= 0x20,
38 	_BIP_CMAC_128_	= (_SEC_TYPE_BIT_),
39 	_BIP_GMAC_128_	= (_SEC_TYPE_BIT_ + 1),
40 	_BIP_GMAC_256_	= (_SEC_TYPE_BIT_ + 2),
41 	/* EXT_SECTYPE=1, MGNT=1, GK=1, KEYID=00/01 */
42 	_BIP_CMAC_256_	= (_SEC_TYPE_BIT_ + 3),
43 	_BIP_MAX_,
44 #endif
45 };
46 
47 /* 802.11W use wrong key */
48 #define IEEE80211W_RIGHT_KEY	0x0
49 #define IEEE80211W_WRONG_KEY	0x1
50 #define IEEE80211W_NO_KEY		0x2
51 
52 #define CCMPH_2_PN(ch)	((ch) & 0x000000000000ffff) \
53 			| (((ch) & 0xffffffff00000000) >> 16)
54 
55 #define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_))
56 
57 const char *security_type_str(u8 value);
58 #ifdef CONFIG_IEEE80211W
59 u32 security_type_bip_to_gmcs(enum security_type type);
60 #endif
61 
62 #define _WPA_IE_ID_	0xdd
63 #define _WPA2_IE_ID_	0x30
64 
65 #define RTW_KEK_LEN 16
66 #define RTW_KCK_LEN 16
67 #define RTW_TKIP_MIC_LEN 8
68 #define RTW_REPLAY_CTR_LEN 8
69 
70 #define INVALID_SEC_MAC_CAM_ID	0xFF
71 
72 typedef enum {
73 	ENCRYP_PROTOCOL_OPENSYS,   /* open system */
74 	ENCRYP_PROTOCOL_WEP,       /* WEP */
75 	ENCRYP_PROTOCOL_WPA,       /* WPA */
76 	ENCRYP_PROTOCOL_WPA2,      /* WPA2 */
77 	ENCRYP_PROTOCOL_WAPI,      /* WAPI: Not support in this version */
78 	ENCRYP_PROTOCOL_MAX
79 } ENCRYP_PROTOCOL_E;
80 
81 
82 #ifndef Ndis802_11AuthModeWPA2
83 #define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
84 #endif
85 
86 #ifndef Ndis802_11AuthModeWPA2PSK
87 #define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
88 #endif
89 
90 union pn48	{
91 
92 	u64	val;
93 
94 #ifdef CONFIG_LITTLE_ENDIAN
95 
96 struct {
97 	u8 TSC0;
98 	u8 TSC1;
99 	u8 TSC2;
100 	u8 TSC3;
101 	u8 TSC4;
102 	u8 TSC5;
103 	u8 TSC6;
104 	u8 TSC7;
105 } _byte_;
106 
107 #elif defined(CONFIG_BIG_ENDIAN)
108 
109 struct {
110 	u8 TSC7;
111 	u8 TSC6;
112 	u8 TSC5;
113 	u8 TSC4;
114 	u8 TSC3;
115 	u8 TSC2;
116 	u8 TSC1;
117 	u8 TSC0;
118 } _byte_;
119 
120 #endif
121 
122 };
123 
124 union Keytype {
125 	u8 skey[32];
126 };
127 
128 typedef struct _RT_PMKID_LIST {
129 	u8						bUsed;
130 	u8						Bssid[6];
131 	u8						PMKID[16];
132 	u8						SsidBuf[33];
133 	u8						*ssid_octet;
134 	u16						ssid_length;
135 } RT_PMKID_LIST, *PRT_PMKID_LIST;
136 
137 
138 struct security_priv {
139 	u32	  dot11AuthAlgrthm;		/* 802.11 auth, could be open, shared, 8021x and authswitch */
140 	u32	  dot11PrivacyAlgrthm;	/* This specify the privacy for shared auth. algorithm. */
141 
142 	/* WEP */
143 	u32	  dot11PrivacyKeyIndex;	/* this is only valid for legendary wep, 0~3 for key id. (tx key index) */
144 	union Keytype dot11DefKey[6];			/* this is only valid for def. key	 */
145 	u32	dot11DefKeylen[6];
146 	u8	dot11Def_camid[6];
147 	u8 	key_mask; /* use to restore wep key after hal_init */
148 
149 	u32 dot118021XGrpPrivacy;	/* This specify the privacy algthm. used for Grp key */
150 	u32	dot118021XGrpKeyid;		/* key id used for Grp Key ( tx key index) */
151 	union Keytype	dot118021XGrpKey[6];	/* 802.1x Group Key, for inx0 and inx1	 */
152 	union Keytype	dot118021XGrptxmickey[6];
153 	union Keytype	dot118021XGrprxmickey[6];
154 	union pn48		dot11Grptxpn;			/* PN48 used for Grp Key xmit. */
155 	union pn48		dot11Grprxpn;			/* PN48 used for Grp Key recv. */
156 	u8				iv_seq[4][8];
157 #ifdef CONFIG_IEEE80211W
158 	enum security_type dot11wCipher;
159 	u32	dot11wBIPKeyid;						/* key id used for BIP Key ( tx key index) */
160 	union Keytype	dot11wBIPKey[6];		/* BIP Key, for index4 and index5 */
161 	union pn48		dot11wBIPtxpn;			/* PN48 used for BIP xmit. */
162 	union pn48		dot11wBIPrxpn;			/* PN48 used for BIP recv. */
163 #endif /* CONFIG_IEEE80211W */
164 #ifdef CONFIG_AP_MODE
165 	/* extend security capabilities for AP_MODE */
166 	unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
167 	unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
168 	unsigned int wpa_group_cipher;
169 	unsigned int wpa2_group_cipher;
170 	unsigned int wpa_pairwise_cipher;
171 	unsigned int wpa2_pairwise_cipher;
172 	unsigned int akmp; /* An authentication and key management protocol */
173 #endif
174 	u8 mfp_opt;
175 	u8	dot118021x_bmc_cam_id;
176 	/*IEEE802.11-2012 Std. Table 8-101 AKM Suite Selectors*/
177 	u32	rsn_akm_suite_type;
178 
179 	u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
180 	int wps_ie_len;
181 
182 	u8 owe_ie[MAX_OWE_IE_LEN];/* added in assoc req */
183 	int owe_ie_len;
184 
185 	u8	binstallGrpkey;
186 #ifdef CONFIG_GTK_OL
187 	u8	binstallKCK_KEK;
188 #endif /* CONFIG_GTK_OL */
189 #ifdef CONFIG_IEEE80211W
190 	u8	binstallBIPkey;
191 #endif /* CONFIG_IEEE80211W */
192 	u8	busetkipkey;
193 	u8	bcheck_grpkey;
194 	u8	bgrpkey_handshake;
195 
196 	u8	auth_alg;
197 	u8	auth_type;
198 	u8	extauth_status;
199 	/* u8	packet_cnt; */ /* unused, removed */
200 
201 	s32	sw_encrypt;/* from registry_priv */
202 	s32	sw_decrypt;/* from registry_priv */
203 
204 	s32 	hw_decrypted;/* if the rx packets is hw_decrypted==_FALSE, it means the hw has not been ready. */
205 
206 
207 	/* keeps the auth_type & enc_status from upper layer ioctl(wpa_supplicant or wzc) */
208 	u32 ndisauthtype;	/* NDIS_802_11_AUTHENTICATION_MODE */
209 	u32 ndisencryptstatus;	/* NDIS_802_11_ENCRYPTION_STATUS */
210 
211 	NDIS_802_11_WEP ndiswep;
212 
213 	u8 assoc_info[600];
214 	u8 szofcapability[256]; /* for wpa2 usage */
215 	u8 oidassociation[512]; /* for wpa/wpa2 usage */
216 	u8 authenticator_ie[256];  /* store ap security information element */
217 	u8 supplicant_ie[256];  /* store sta security information element */
218 
219 
220 	/* for tkip countermeasure */
221 	systime last_mic_err_time;
222 	u8	btkip_countermeasure;
223 	u8	btkip_wait_report;
224 	systime btkip_countermeasure_time;
225 
226 	/* --------------------------------------------------------------------------- */
227 	/* For WPA2 Pre-Authentication. */
228 	/* --------------------------------------------------------------------------- */
229 	/* u8				RegEnablePreAuth;				 */ /* Default value: Pre-Authentication enabled or not, from registry "EnablePreAuth". Added by Annie, 2005-11-01. */
230 	/* u8				EnablePreAuthentication;			 */ /* Current Value: Pre-Authentication enabled or not. */
231 	RT_PMKID_LIST		PMKIDList[NUM_PMKID_CACHE];	/* Renamed from PreAuthKey[NUM_PRE_AUTH_KEY]. Annie, 2006-10-13. */
232 	u8				PMKIDIndex;
233 	/* u32				PMKIDCount;						 */ /* Added by Annie, 2006-10-13. */
234 	/* u8				szCapability[256];				 */ /* For WPA2-PSK using zero-config, by Annie, 2005-09-20. */
235 
236 	u8 bWepDefaultKeyIdxSet;
237 
238 #define DBG_SW_SEC_CNT
239 #ifdef DBG_SW_SEC_CNT
240 	u64 wep_sw_enc_cnt_bc;
241 	u64 wep_sw_enc_cnt_mc;
242 	u64 wep_sw_enc_cnt_uc;
243 	u64 wep_sw_dec_cnt_bc;
244 	u64 wep_sw_dec_cnt_mc;
245 	u64 wep_sw_dec_cnt_uc;
246 
247 	u64 tkip_sw_enc_cnt_bc;
248 	u64 tkip_sw_enc_cnt_mc;
249 	u64 tkip_sw_enc_cnt_uc;
250 	u64 tkip_sw_dec_cnt_bc;
251 	u64 tkip_sw_dec_cnt_mc;
252 	u64 tkip_sw_dec_cnt_uc;
253 
254 	u64 aes_sw_enc_cnt_bc;
255 	u64 aes_sw_enc_cnt_mc;
256 	u64 aes_sw_enc_cnt_uc;
257 	u64 aes_sw_dec_cnt_bc;
258 	u64 aes_sw_dec_cnt_mc;
259 	u64 aes_sw_dec_cnt_uc;
260 
261 	u64 gcmp_sw_enc_cnt_bc;
262 	u64 gcmp_sw_enc_cnt_mc;
263 	u64 gcmp_sw_enc_cnt_uc;
264 	u64 gcmp_sw_dec_cnt_bc;
265 	u64 gcmp_sw_dec_cnt_mc;
266 	u64 gcmp_sw_dec_cnt_uc;
267 #endif /* DBG_SW_SEC_CNT */
268 };
269 
270 #ifdef CONFIG_IEEE80211W
271 #define SEC_IS_BIP_KEY_INSTALLED(sec) ((sec)->binstallBIPkey)
272 #else
273 #define SEC_IS_BIP_KEY_INSTALLED(sec) _FALSE
274 #endif
275 
276 #define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\
277 	do {\
278 		switch (psecuritypriv->dot11AuthAlgrthm) {\
279 		case dot11AuthAlgrthm_Open:\
280 		case dot11AuthAlgrthm_Shared:\
281 		case dot11AuthAlgrthm_Auto:\
282 			encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
283 			break;\
284 		case dot11AuthAlgrthm_8021X:\
285 			if (bmcst)\
286 				encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\
287 			else\
288 				encry_algo = (u8) psta->dot118021XPrivacy;\
289 			break;\
290 		case dot11AuthAlgrthm_WAPI:\
291 			encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
292 			break;\
293 		} \
294 	} while (0)
295 
296 #define _AES_IV_LEN_ 8
297 
298 #define SET_ICE_IV_LEN(iv_len, icv_len, encrypt)\
299 	do {\
300 		switch (encrypt) {\
301 		case _WEP40_:\
302 		case _WEP104_:\
303 			iv_len = 4;\
304 			icv_len = 4;\
305 			break;\
306 		case _TKIP_:\
307 			iv_len = 8;\
308 			icv_len = 4;\
309 			break;\
310 		case _AES_:\
311 			iv_len = 8;\
312 			icv_len = 8;\
313 			break;\
314 		case _GCMP_:\
315 		case _GCMP_256_:\
316 			iv_len = 8;\
317 			icv_len = 16;\
318 			break;\
319 		case _CCMP_256_:\
320 			iv_len = 8;\
321 			icv_len = 16;\
322 			break;\
323 		case _SMS4_:\
324 			iv_len = 18;\
325 			icv_len = 16;\
326 			break;\
327 		default:\
328 			iv_len = 0;\
329 			icv_len = 0;\
330 			break;\
331 		} \
332 	} while (0)
333 
334 
335 #define GET_TKIP_PN(iv, dot11txpn)\
336 	do {\
337 		dot11txpn._byte_.TSC0 = iv[2];\
338 		dot11txpn._byte_.TSC1 = iv[0];\
339 		dot11txpn._byte_.TSC2 = iv[4];\
340 		dot11txpn._byte_.TSC3 = iv[5];\
341 		dot11txpn._byte_.TSC4 = iv[6];\
342 		dot11txpn._byte_.TSC5 = iv[7];\
343 	} while (0)
344 
345 
346 #define ROL32(A, n)	(((A) << (n)) | (((A)>>(32-(n)))  & ((1UL << (n)) - 1)))
347 #define ROR32(A, n)	ROL32((A), 32-(n))
348 
349 struct mic_data {
350 	u32  K0, K1;         /* Key */
351 	u32  L, R;           /* Current state */
352 	u32  M;              /* Message accumulator (single word) */
353 	u32     nBytesInM;      /*  # bytes in M */
354 };
355 
356 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key);
357 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b);
358 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nBytes);
359 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst);
360 
361 void rtw_seccalctkipmic(
362 	u8 *key,
363 	u8 *header,
364 	u8 *data,
365 	u32 data_len,
366 	u8 *Miccode,
367 	u8   priority);
368 
369 u32 rtw_aes_encrypt(_adapter *padapter, u8 *pxmitframe);
370 u32 rtw_tkip_encrypt(_adapter *padapter, u8 *pxmitframe);
371 void rtw_wep_encrypt(_adapter *padapter, u8  *pxmitframe);
372 
373 u32 rtw_aes_decrypt(_adapter *padapter, u8  *precvframe);
374 u32 rtw_tkip_decrypt(_adapter *padapter, u8  *precvframe);
375 void rtw_wep_decrypt(_adapter *padapter, u8  *precvframe);
376 
377 u32 rtw_gcmp_encrypt(_adapter *padapter, u8 *pxmitframe);
378 u32 rtw_gcmp_decrypt(_adapter *padapter, u8 *precvframe);
379 
380 #ifdef CONFIG_RTW_MESH_AEK
381 int rtw_aes_siv_encrypt(const u8 *key, size_t key_len,
382 	const u8 *pw, size_t pwlen, size_t num_elem,
383 	const u8 *addr[], const size_t *len, u8 *out);
384 int rtw_aes_siv_decrypt(const u8 *key, size_t key_len,
385 	const u8 *iv_crypt, size_t iv_c_len, size_t num_elem,
386 	const u8 *addr[], const size_t *len, u8 *out);
387 #endif /* CONFIG_RTW_MESH_AEK */
388 
389 #ifdef CONFIG_IEEE80211W
390 u8 rtw_calculate_bip_mic(enum security_type gmcs, u8 *whdr_pos, s32 len,
391 	const u8 *key, const u8 *data, size_t data_len, u8 *mic);
392 u32 rtw_bip_verify(enum security_type gmcs, u16 pkt_len,
393 	u8 *whdr_pos, sint flen, const u8 *key, u16 keyid, u64 *ipn);
394 #endif
395 #ifdef CONFIG_TDLS
396 void wpa_tdls_generate_tpk(_adapter *padapter, void *sta);
397 int wpa_tdls_ftie_mic(u8 *kck, u8 trans_seq,
398 			u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie,
399 			u8 *mic);
400 int wpa_tdls_teardown_ftie_mic(u8 *kck, u8 *lnkid, u16 reason,
401 			u8 dialog_token, u8 trans_seq, u8 *ftie, u8 *mic);
402 int tdls_verify_mic(u8 *kck, u8 trans_seq,
403 			u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie);
404 #endif /* CONFIG_TDLS */
405 
406 void rtw_sec_restore_wep_key(_adapter *adapter);
407 u8 rtw_handle_tkip_countermeasure(_adapter *adapter, const char *caller);
408 
409 #ifdef CONFIG_WOWLAN
410 u16 rtw_calc_crc(u8  *pdata, int length);
411 #endif /*CONFIG_WOWLAN*/
412 
413 #define rtw_sec_chk_auth_alg(a, s) \
414 	((a)->securitypriv.auth_alg == (s))
415 
416 #define rtw_sec_chk_auth_type(a, s) \
417 	((a)->securitypriv.auth_type == (s))
418 
419 #endif /* __RTL871X_SECURITY_H_ */
420 
421 u32 rtw_calc_crc32(u8 *data, size_t len);
422