xref: /OK3568_Linux_fs/kernel/drivers/net/wireless/rockchip_wlan/rtl8821cs/include/rtw_security.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /******************************************************************************
3  *
4  * Copyright(c) 2007 - 2017 Realtek Corporation.
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of version 2 of the GNU General Public License as
8  * published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13  * more details.
14  *
15  *****************************************************************************/
16 #ifndef __RTW_SECURITY_H_
17 #define __RTW_SECURITY_H_
18 
19 enum security_type {
20 	/* TYPE */
21 	_NO_PRIVACY_	= 0x00,
22 	_WEP40_		= 0x01,
23 	_TKIP_		= 0x02,
24 	_TKIP_WTMIC_	= 0x03,
25 	_AES_		= 0x04,
26 	_WEP104_	= 0x05,
27 	_SMS4_		= 0x06,
28 	_GCMP_		= 0x07,
29 	_SEC_TYPE_MAX_,
30 
31 	/* EXT_SECTYPE=1 */
32 	_SEC_TYPE_256_	= 0x10,
33 	_CCMP_256_	= (_AES_ | _SEC_TYPE_256_),
34 	_GCMP_256_	= (_GCMP_ | _SEC_TYPE_256_),
35 
36 #ifdef CONFIG_IEEE80211W
37 	/* EXT_SECTYPE=0, MGNT=1, GK=0/1, KEYID=00/01 */
38 	_SEC_TYPE_BIT_	= 0x20,
39 	_BIP_CMAC_128_	= (_SEC_TYPE_BIT_),
40 	_BIP_GMAC_128_	= (_SEC_TYPE_BIT_ + 1),
41 	_BIP_GMAC_256_	= (_SEC_TYPE_BIT_ + 2),
42 	/* EXT_SECTYPE=1, MGNT=1, GK=1, KEYID=00/01 */
43 	_BIP_CMAC_256_	= (_SEC_TYPE_BIT_ + 3),
44 	_BIP_MAX_,
45 #endif
46 };
47 
48 /* 802.11W use wrong key */
49 #define IEEE80211W_RIGHT_KEY	0x0
50 #define IEEE80211W_WRONG_KEY	0x1
51 #define IEEE80211W_NO_KEY		0x2
52 
53 #define CCMPH_2_PN(ch)	((ch) & 0x000000000000ffff) \
54 			| (((ch) & 0xffffffff00000000) >> 16)
55 
56 #define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_))
57 
58 const char *security_type_str(u8 value);
59 #ifdef CONFIG_IEEE80211W
60 u32 security_type_bip_to_gmcs(enum security_type type);
61 #endif
62 
63 #define _WPA_IE_ID_	0xdd
64 #define _WPA2_IE_ID_	0x30
65 
66 #define RTW_KEK_LEN 16
67 #define RTW_KCK_LEN 16
68 #define RTW_TKIP_MIC_LEN 8
69 #define RTW_REPLAY_CTR_LEN 8
70 
71 #define INVALID_SEC_MAC_CAM_ID	0xFF
72 
73 typedef enum {
74 	ENCRYP_PROTOCOL_OPENSYS,   /* open system */
75 	ENCRYP_PROTOCOL_WEP,       /* WEP */
76 	ENCRYP_PROTOCOL_WPA,       /* WPA */
77 	ENCRYP_PROTOCOL_WPA2,      /* WPA2 */
78 	ENCRYP_PROTOCOL_WAPI,      /* WAPI: Not support in this version */
79 	ENCRYP_PROTOCOL_MAX
80 } ENCRYP_PROTOCOL_E;
81 
82 
83 #ifndef Ndis802_11AuthModeWPA2
84 #define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
85 #endif
86 
87 #ifndef Ndis802_11AuthModeWPA2PSK
88 #define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
89 #endif
90 
91 union pn48	{
92 
93 	u64	val;
94 
95 #ifdef CONFIG_LITTLE_ENDIAN
96 
97 struct {
98 	u8 TSC0;
99 	u8 TSC1;
100 	u8 TSC2;
101 	u8 TSC3;
102 	u8 TSC4;
103 	u8 TSC5;
104 	u8 TSC6;
105 	u8 TSC7;
106 } _byte_;
107 
108 #elif defined(CONFIG_BIG_ENDIAN)
109 
110 struct {
111 	u8 TSC7;
112 	u8 TSC6;
113 	u8 TSC5;
114 	u8 TSC4;
115 	u8 TSC3;
116 	u8 TSC2;
117 	u8 TSC1;
118 	u8 TSC0;
119 } _byte_;
120 
121 #endif
122 
123 };
124 
125 union Keytype {
126 	u8 skey[32];
127 };
128 
129 typedef struct _RT_PMKID_LIST {
130 	u8						bUsed;
131 	u8						Bssid[6];
132 	u8						PMKID[16];
133 	u8						SsidBuf[33];
134 	u8						*ssid_octet;
135 	u16						ssid_length;
136 } RT_PMKID_LIST, *PRT_PMKID_LIST;
137 
138 
139 struct security_priv {
140 	u32	  dot11AuthAlgrthm;		/* 802.11 auth, could be open, shared, 8021x and authswitch */
141 	u32	  dot11PrivacyAlgrthm;	/* This specify the privacy for shared auth. algorithm. */
142 
143 	/* WEP */
144 	u32	  dot11PrivacyKeyIndex;	/* this is only valid for legendary wep, 0~3 for key id. (tx key index) */
145 	union Keytype dot11DefKey[6];			/* this is only valid for def. key	 */
146 	u32	dot11DefKeylen[6];
147 	u8	dot11Def_camid[6];
148 	u8 	key_mask; /* use to restore wep key after hal_init */
149 
150 	u32 dot118021XGrpPrivacy;	/* This specify the privacy algthm. used for Grp key */
151 	u32	dot118021XGrpKeyid;		/* key id used for Grp Key ( tx key index) */
152 	union Keytype	dot118021XGrpKey[6];	/* 802.1x Group Key, for inx0 and inx1	 */
153 	union Keytype	dot118021XGrptxmickey[6];
154 	union Keytype	dot118021XGrprxmickey[6];
155 	union pn48		dot11Grptxpn;			/* PN48 used for Grp Key xmit. */
156 	union pn48		dot11Grprxpn;			/* PN48 used for Grp Key recv. */
157 	u8				iv_seq[4][8];
158 #ifdef CONFIG_IEEE80211W
159 	enum security_type dot11wCipher;
160 	u32	dot11wBIPKeyid;						/* key id used for BIP Key ( tx key index) */
161 	union Keytype	dot11wBIPKey[6];		/* BIP Key, for index4 and index5 */
162 	union pn48		dot11wBIPtxpn;			/* PN48 used for BIP xmit. */
163 	union pn48		dot11wBIPrxpn;			/* PN48 used for BIP recv. */
164 #endif /* CONFIG_IEEE80211W */
165 #ifdef CONFIG_AP_MODE
166 	/* extend security capabilities for AP_MODE */
167 	unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
168 	unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
169 	unsigned int wpa_group_cipher;
170 	unsigned int wpa2_group_cipher;
171 	unsigned int wpa_pairwise_cipher;
172 	unsigned int wpa2_pairwise_cipher;
173 	unsigned int akmp; /* An authentication and key management protocol */
174 #endif
175 	u8 mfp_opt;
176 	u8	dot118021x_bmc_cam_id;
177 	/*IEEE802.11-2012 Std. Table 8-101 AKM Suite Selectors*/
178 	u32	rsn_akm_suite_type;
179 
180 	u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
181 	int wps_ie_len;
182 
183 	u8 owe_ie[MAX_OWE_IE_LEN];/* added in assoc req */
184 	int owe_ie_len;
185 
186 	u8	binstallGrpkey;
187 #ifdef CONFIG_GTK_OL
188 	u8	binstallKCK_KEK;
189 #endif /* CONFIG_GTK_OL */
190 #ifdef CONFIG_IEEE80211W
191 	u8	binstallBIPkey;
192 #endif /* CONFIG_IEEE80211W */
193 	u8	busetkipkey;
194 	u8	bcheck_grpkey;
195 	u8	bgrpkey_handshake;
196 
197 	u8	auth_alg;
198 	u8	auth_type;
199 	u8	extauth_status;
200 	/* u8	packet_cnt; */ /* unused, removed */
201 
202 	s32	sw_encrypt;/* from registry_priv */
203 	s32	sw_decrypt;/* from registry_priv */
204 
205 	s32 	hw_decrypted;/* if the rx packets is hw_decrypted==_FALSE, it means the hw has not been ready. */
206 
207 
208 	/* keeps the auth_type & enc_status from upper layer ioctl(wpa_supplicant or wzc) */
209 	u32 ndisauthtype;	/* NDIS_802_11_AUTHENTICATION_MODE */
210 	u32 ndisencryptstatus;	/* NDIS_802_11_ENCRYPTION_STATUS */
211 
212 	NDIS_802_11_WEP ndiswep;
213 
214 	u8 assoc_info[600];
215 	u8 szofcapability[256]; /* for wpa2 usage */
216 	u8 oidassociation[512]; /* for wpa/wpa2 usage */
217 	u8 authenticator_ie[256];  /* store ap security information element */
218 	u8 supplicant_ie[256];  /* store sta security information element */
219 
220 
221 	/* for tkip countermeasure */
222 	systime last_mic_err_time;
223 	u8	btkip_countermeasure;
224 	u8	btkip_wait_report;
225 	systime btkip_countermeasure_time;
226 
227 	/* --------------------------------------------------------------------------- */
228 	/* For WPA2 Pre-Authentication. */
229 	/* --------------------------------------------------------------------------- */
230 	/* u8				RegEnablePreAuth;				 */ /* Default value: Pre-Authentication enabled or not, from registry "EnablePreAuth". Added by Annie, 2005-11-01. */
231 	/* u8				EnablePreAuthentication;			 */ /* Current Value: Pre-Authentication enabled or not. */
232 	RT_PMKID_LIST		PMKIDList[NUM_PMKID_CACHE];	/* Renamed from PreAuthKey[NUM_PRE_AUTH_KEY]. Annie, 2006-10-13. */
233 	u8				PMKIDIndex;
234 	/* u32				PMKIDCount;						 */ /* Added by Annie, 2006-10-13. */
235 	/* u8				szCapability[256];				 */ /* For WPA2-PSK using zero-config, by Annie, 2005-09-20. */
236 
237 	u8 bWepDefaultKeyIdxSet;
238 
239 #define DBG_SW_SEC_CNT
240 #ifdef DBG_SW_SEC_CNT
241 	u64 wep_sw_enc_cnt_bc;
242 	u64 wep_sw_enc_cnt_mc;
243 	u64 wep_sw_enc_cnt_uc;
244 	u64 wep_sw_dec_cnt_bc;
245 	u64 wep_sw_dec_cnt_mc;
246 	u64 wep_sw_dec_cnt_uc;
247 
248 	u64 tkip_sw_enc_cnt_bc;
249 	u64 tkip_sw_enc_cnt_mc;
250 	u64 tkip_sw_enc_cnt_uc;
251 	u64 tkip_sw_dec_cnt_bc;
252 	u64 tkip_sw_dec_cnt_mc;
253 	u64 tkip_sw_dec_cnt_uc;
254 
255 	u64 aes_sw_enc_cnt_bc;
256 	u64 aes_sw_enc_cnt_mc;
257 	u64 aes_sw_enc_cnt_uc;
258 	u64 aes_sw_dec_cnt_bc;
259 	u64 aes_sw_dec_cnt_mc;
260 	u64 aes_sw_dec_cnt_uc;
261 
262 	u64 gcmp_sw_enc_cnt_bc;
263 	u64 gcmp_sw_enc_cnt_mc;
264 	u64 gcmp_sw_enc_cnt_uc;
265 	u64 gcmp_sw_dec_cnt_bc;
266 	u64 gcmp_sw_dec_cnt_mc;
267 	u64 gcmp_sw_dec_cnt_uc;
268 #endif /* DBG_SW_SEC_CNT */
269 };
270 
271 #ifdef CONFIG_IEEE80211W
272 #define SEC_IS_BIP_KEY_INSTALLED(sec) ((sec)->binstallBIPkey)
273 #else
274 #define SEC_IS_BIP_KEY_INSTALLED(sec) _FALSE
275 #endif
276 
277 #define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\
278 	do {\
279 		switch (psecuritypriv->dot11AuthAlgrthm) {\
280 		case dot11AuthAlgrthm_Open:\
281 		case dot11AuthAlgrthm_Shared:\
282 		case dot11AuthAlgrthm_Auto:\
283 			encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
284 			break;\
285 		case dot11AuthAlgrthm_8021X:\
286 			if (bmcst)\
287 				encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\
288 			else\
289 				encry_algo = (u8) psta->dot118021XPrivacy;\
290 			break;\
291 		case dot11AuthAlgrthm_WAPI:\
292 			encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
293 			break;\
294 		} \
295 	} while (0)
296 
297 #define _AES_IV_LEN_ 8
298 
299 #define SET_ICE_IV_LEN(iv_len, icv_len, encrypt)\
300 	do {\
301 		switch (encrypt) {\
302 		case _WEP40_:\
303 		case _WEP104_:\
304 			iv_len = 4;\
305 			icv_len = 4;\
306 			break;\
307 		case _TKIP_:\
308 			iv_len = 8;\
309 			icv_len = 4;\
310 			break;\
311 		case _AES_:\
312 			iv_len = 8;\
313 			icv_len = 8;\
314 			break;\
315 		case _GCMP_:\
316 		case _GCMP_256_:\
317 			iv_len = 8;\
318 			icv_len = 16;\
319 			break;\
320 		case _CCMP_256_:\
321 			iv_len = 8;\
322 			icv_len = 16;\
323 			break;\
324 		case _SMS4_:\
325 			iv_len = 18;\
326 			icv_len = 16;\
327 			break;\
328 		default:\
329 			iv_len = 0;\
330 			icv_len = 0;\
331 			break;\
332 		} \
333 	} while (0)
334 
335 
336 #define GET_TKIP_PN(iv, dot11txpn)\
337 	do {\
338 		dot11txpn._byte_.TSC0 = iv[2];\
339 		dot11txpn._byte_.TSC1 = iv[0];\
340 		dot11txpn._byte_.TSC2 = iv[4];\
341 		dot11txpn._byte_.TSC3 = iv[5];\
342 		dot11txpn._byte_.TSC4 = iv[6];\
343 		dot11txpn._byte_.TSC5 = iv[7];\
344 	} while (0)
345 
346 
347 #define ROL32(A, n)	(((A) << (n)) | (((A)>>(32-(n)))  & ((1UL << (n)) - 1)))
348 #define ROR32(A, n)	ROL32((A), 32-(n))
349 
350 struct mic_data {
351 	u32  K0, K1;         /* Key */
352 	u32  L, R;           /* Current state */
353 	u32  M;              /* Message accumulator (single word) */
354 	u32     nBytesInM;      /*  # bytes in M */
355 };
356 
357 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key);
358 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b);
359 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nBytes);
360 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst);
361 
362 void rtw_seccalctkipmic(
363 	u8 *key,
364 	u8 *header,
365 	u8 *data,
366 	u32 data_len,
367 	u8 *Miccode,
368 	u8   priority);
369 
370 u32 rtw_aes_encrypt(_adapter *padapter, u8 *pxmitframe);
371 u32 rtw_tkip_encrypt(_adapter *padapter, u8 *pxmitframe);
372 void rtw_wep_encrypt(_adapter *padapter, u8  *pxmitframe);
373 
374 u32 rtw_aes_decrypt(_adapter *padapter, u8  *precvframe);
375 u32 rtw_tkip_decrypt(_adapter *padapter, u8  *precvframe);
376 void rtw_wep_decrypt(_adapter *padapter, u8  *precvframe);
377 
378 u32 rtw_gcmp_encrypt(_adapter *padapter, u8 *pxmitframe);
379 u32 rtw_gcmp_decrypt(_adapter *padapter, u8 *precvframe);
380 
381 #ifdef CONFIG_RTW_MESH_AEK
382 int rtw_aes_siv_encrypt(const u8 *key, size_t key_len,
383 	const u8 *pw, size_t pwlen, size_t num_elem,
384 	const u8 *addr[], const size_t *len, u8 *out);
385 int rtw_aes_siv_decrypt(const u8 *key, size_t key_len,
386 	const u8 *iv_crypt, size_t iv_c_len, size_t num_elem,
387 	const u8 *addr[], const size_t *len, u8 *out);
388 #endif /* CONFIG_RTW_MESH_AEK */
389 
390 #ifdef CONFIG_IEEE80211W
391 u8 rtw_calculate_bip_mic(enum security_type gmcs, u8 *whdr_pos, s32 len,
392 	const u8 *key, const u8 *data, size_t data_len, u8 *mic);
393 u32 rtw_bip_verify(enum security_type gmcs, u16 pkt_len,
394 	u8 *whdr_pos, sint flen, const u8 *key, u16 keyid, u64 *ipn);
395 #endif
396 #ifdef CONFIG_TDLS
397 void wpa_tdls_generate_tpk(_adapter *padapter, void *sta);
398 int wpa_tdls_ftie_mic(u8 *kck, u8 trans_seq,
399 			u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie,
400 			u8 *mic);
401 int wpa_tdls_teardown_ftie_mic(u8 *kck, u8 *lnkid, u16 reason,
402 			u8 dialog_token, u8 trans_seq, u8 *ftie, u8 *mic);
403 int tdls_verify_mic(u8 *kck, u8 trans_seq,
404 			u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie);
405 #endif /* CONFIG_TDLS */
406 
407 void rtw_sec_restore_wep_key(_adapter *adapter);
408 u8 rtw_handle_tkip_countermeasure(_adapter *adapter, const char *caller);
409 
410 #ifdef CONFIG_WOWLAN
411 u16 rtw_calc_crc(u8  *pdata, int length);
412 #endif /*CONFIG_WOWLAN*/
413 
414 #define rtw_sec_chk_auth_alg(a, s) \
415 	((a)->securitypriv.auth_alg == (s))
416 
417 #define rtw_sec_chk_auth_type(a, s) \
418 	((a)->securitypriv.auth_type == (s))
419 
420 #endif /* __RTL871X_SECURITY_H_ */
421 
422 u32 rtw_calc_crc32(u8 *data, size_t len);
423