LXR linux/drivers/staging/rtl8723bs/include/rtw

   1/* SPDX-License-Identifier: GPL-2.0 */
   2/******************************************************************************
   3 *
   4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
   5 *
   6 ******************************************************************************/
   7#ifndef __RTW_SECURITY_H_
   8#define __RTW_SECURITY_H_
   9
  10
  11#define _NO_PRIVACY_            0x0
  12#define _WEP40_                         0x1
  13#define _TKIP_                          0x2
  14#define _TKIP_WTMIC_            0x3
  15#define _AES_                           0x4
  16#define _WEP104_                        0x5
  17#define _WEP_WPA_MIXED_ 0x07  /*  WEP + WPA */
  18#define _SMS4_                          0x06
  19#define _BIP_                           0x8
  20#define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_))
  21
  22const char *security_type_str(u8 value);
  23
  24#define _WPA_IE_ID_     0xdd
  25#define _WPA2_IE_ID_    0x30
  26
  27#define SHA256_MAC_LEN 32
  28#define AES_BLOCK_SIZE 16
  29#define AES_PRIV_SIZE (4 * 44)
  30
  31#define RTW_KEK_LEN 16
  32#define RTW_KCK_LEN 16
  33#define RTW_REPLAY_CTR_LEN 8
  34
  35enum {
  36        ENCRYP_PROTOCOL_OPENSYS,   /* open system */
  37        ENCRYP_PROTOCOL_WEP,       /* WEP */
  38        ENCRYP_PROTOCOL_WPA,       /* WPA */
  39        ENCRYP_PROTOCOL_WPA2,      /* WPA2 */
  40        ENCRYP_PROTOCOL_WAPI,      /* WAPI: Not support in this version */
  41        ENCRYP_PROTOCOL_MAX
  42};
  43
  44
  45#ifndef Ndis802_11AuthModeWPA2
  46#define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
  47#endif
  48
  49#ifndef Ndis802_11AuthModeWPA2PSK
  50#define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
  51#endif
  52
  53union pn48      {
  54
  55        u64     val;
  56
  57#ifdef __LITTLE_ENDIAN
  58
  59struct {
  60  u8 TSC0;
  61  u8 TSC1;
  62  u8 TSC2;
  63  u8 TSC3;
  64  u8 TSC4;
  65  u8 TSC5;
  66  u8 TSC6;
  67  u8 TSC7;
  68} _byte_;
  69#else
  70struct {
  71  u8 TSC7;
  72  u8 TSC6;
  73  u8 TSC5;
  74  u8 TSC4;
  75  u8 TSC3;
  76  u8 TSC2;
  77  u8 TSC1;
  78  u8 TSC0;
  79} _byte_;
  80#endif
  81
  82};
  83
  84union Keytype {
  85        u8   skey[16];
  86        u32    lkey[4];
  87};
  88
  89
  90typedef struct _RT_PMKID_LIST
  91{
  92        u8                              bUsed;
  93        u8                              Bssid[6];
  94        u8                              PMKID[16];
  95        u8                              SsidBuf[33];
  96        u8*                                     ssid_octet;
  97        u16                                     ssid_length;
  98} RT_PMKID_LIST, *PRT_PMKID_LIST;
  99
 100
 101struct security_priv
 102{
 103        u32   dot11AuthAlgrthm;         /*  802.11 auth, could be open, shared, 8021x and authswitch */
 104        u32   dot11PrivacyAlgrthm;      /*  This specify the privacy for shared auth. algorithm. */
 105
 106        /* WEP */
 107        u32   dot11PrivacyKeyIndex;     /*  this is only valid for legendary wep, 0~3 for key id. (tx key index) */
 108        union Keytype dot11DefKey[4];   /*  this is only valid for def. key */
 109        u32 dot11DefKeylen[4];
 110        u8 key_mask; /* use to restore wep key after hal_init */
 111
 112        u32 dot118021XGrpPrivacy;       /*  This specify the privacy algthm. used for Grp key */
 113        u32 dot118021XGrpKeyid;         /*  key id used for Grp Key (tx key index) */
 114        union Keytype   dot118021XGrpKey[BIP_MAX_KEYID];        /*  802.1x Group Key, for inx0 and inx1 */
 115        union Keytype   dot118021XGrptxmickey[BIP_MAX_KEYID];
 116        union Keytype   dot118021XGrprxmickey[BIP_MAX_KEYID];
 117        union pn48              dot11Grptxpn;                   /*  PN48 used for Grp Key xmit. */
 118        union pn48              dot11Grprxpn;                   /*  PN48 used for Grp Key recv. */
 119        u32 dot11wBIPKeyid;                                             /*  key id used for BIP Key (tx key index) */
 120        union Keytype   dot11wBIPKey[6];                /*  BIP Key, for index4 and index5 */
 121        union pn48              dot11wBIPtxpn;                  /*  PN48 used for Grp Key xmit. */
 122        union pn48              dot11wBIPrxpn;                  /*  PN48 used for Grp Key recv. */
 123
 124        /* extend security capabilities for AP_MODE */
 125        unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
 126        unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
 127        unsigned int wpa_group_cipher;
 128        unsigned int wpa2_group_cipher;
 129        unsigned int wpa_pairwise_cipher;
 130        unsigned int wpa2_pairwise_cipher;
 131
 132        u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
 133        int wps_ie_len;
 134
 135
 136        u8 binstallGrpkey;
 137#ifdef CONFIG_GTK_OL
 138        u8 binstallKCK_KEK;
 139#endif /* CONFIG_GTK_OL */
 140        u8 binstallBIPkey;
 141        u8 busetkipkey;
 142        /* _timer tkip_timer; */
 143        u8 bcheck_grpkey;
 144        u8 bgrpkey_handshake;
 145
 146        s32     sw_encrypt;/* from registry_priv */
 147        s32     sw_decrypt;/* from registry_priv */
 148
 149        s32     hw_decrypted;/* if the rx packets is hw_decrypted ==false, it means the hw has not been ready. */
 150
 151
 152        /* keeps the auth_type & enc_status from upper layer ioctl(wpa_supplicant or wzc) */
 153        u32 ndisauthtype;       /*  enum NDIS_802_11_AUTHENTICATION_MODE */
 154        u32 ndisencryptstatus;  /*  NDIS_802_11_ENCRYPTION_STATUS */
 155
 156        struct wlan_bssid_ex sec_bss;  /* for joinbss (h2c buffer) usage */
 157
 158        struct ndis_802_11_wep ndiswep;
 159
 160        u8 assoc_info[600];
 161        u8 szofcapability[256]; /* for wpa2 usage */
 162        u8 oidassociation[512]; /* for wpa/wpa2 usage */
 163        u8 authenticator_ie[256];  /* store ap security information element */
 164        u8 supplicant_ie[256];  /* store sta security information element */
 165
 166
 167        /* for tkip countermeasure */
 168        unsigned long last_mic_err_time;
 169        u8 btkip_countermeasure;
 170        u8 btkip_wait_report;
 171        u32 btkip_countermeasure_time;
 172
 173        /*  For WPA2 Pre-Authentication. */
 174        RT_PMKID_LIST           PMKIDList[NUM_PMKID_CACHE];     /*  Renamed from PreAuthKey[NUM_PRE_AUTH_KEY]. Annie, 2006-10-13. */
 175        u8              PMKIDIndex;
 176
 177        u8 bWepDefaultKeyIdxSet;
 178
 179#define DBG_SW_SEC_CNT
 180#ifdef DBG_SW_SEC_CNT
 181        u64 wep_sw_enc_cnt_bc;
 182        u64 wep_sw_enc_cnt_mc;
 183        u64 wep_sw_enc_cnt_uc;
 184        u64 wep_sw_dec_cnt_bc;
 185        u64 wep_sw_dec_cnt_mc;
 186        u64 wep_sw_dec_cnt_uc;
 187
 188        u64 tkip_sw_enc_cnt_bc;
 189        u64 tkip_sw_enc_cnt_mc;
 190        u64 tkip_sw_enc_cnt_uc;
 191        u64 tkip_sw_dec_cnt_bc;
 192        u64 tkip_sw_dec_cnt_mc;
 193        u64 tkip_sw_dec_cnt_uc;
 194
 195        u64 aes_sw_enc_cnt_bc;
 196        u64 aes_sw_enc_cnt_mc;
 197        u64 aes_sw_enc_cnt_uc;
 198        u64 aes_sw_dec_cnt_bc;
 199        u64 aes_sw_dec_cnt_mc;
 200        u64 aes_sw_dec_cnt_uc;
 201#endif /* DBG_SW_SEC_CNT */
 202};
 203
 204struct sha256_state {
 205        u64 length;
 206        u32 state[8], curlen;
 207        u8 buf[64];
 208};
 209
 210#define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\
 211do{\
 212        switch (psecuritypriv->dot11AuthAlgrthm)\
 213        {\
 214                case dot11AuthAlgrthm_Open:\
 215                case dot11AuthAlgrthm_Shared:\
 216                case dot11AuthAlgrthm_Auto:\
 217                        encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
 218                        break;\
 219                case dot11AuthAlgrthm_8021X:\
 220                        if (bmcst)\
 221                                encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\
 222                        else\
 223                                encry_algo =(u8) psta->dot118021XPrivacy;\
 224                        break;\
 225             case dot11AuthAlgrthm_WAPI:\
 226                     encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
 227                     break;\
 228        }\
 229}while (0)
 230
 231#define _AES_IV_LEN_ 8
 232
 233#define SET_ICE_IV_LEN(iv_len, icv_len, encrypt)\
 234do{\
 235        switch (encrypt)\
 236        {\
 237                case _WEP40_:\
 238                case _WEP104_:\
 239                        iv_len = 4;\
 240                        icv_len = 4;\
 241                        break;\
 242                case _TKIP_:\
 243                        iv_len = 8;\
 244                        icv_len = 4;\
 245                        break;\
 246                case _AES_:\
 247                        iv_len = 8;\
 248                        icv_len = 8;\
 249                        break;\
 250                case _SMS4_:\
 251                        iv_len = 18;\
 252                        icv_len = 16;\
 253                        break;\
 254                default:\
 255                        iv_len = 0;\
 256                        icv_len = 0;\
 257                        break;\
 258        }\
 259}while (0)
 260
 261
 262#define GET_TKIP_PN(iv, dot11txpn)\
 263do{\
 264        dot11txpn._byte_.TSC0 =iv[2];\
 265        dot11txpn._byte_.TSC1 =iv[0];\
 266        dot11txpn._byte_.TSC2 =iv[4];\
 267        dot11txpn._byte_.TSC3 =iv[5];\
 268        dot11txpn._byte_.TSC4 =iv[6];\
 269        dot11txpn._byte_.TSC5 =iv[7];\
 270}while (0)
 271
 272
 273#define ROL32(A, n)     (((A) << (n)) | (((A)>>(32-(n)))  & ((1UL << (n)) - 1)))
 274#define ROR32(A, n)     ROL32((A), 32-(n))
 275
 276struct mic_data
 277{
 278        u32  K0, K1;         /*  Key */
 279        u32  L, R;           /*  Current state */
 280        u32  M;              /*  Message accumulator (single word) */
 281        u32     nBytesInM;      /*  # bytes in M */
 282};
 283
 284extern const u32 Te0[256];
 285extern const u32 Te1[256];
 286extern const u32 Te2[256];
 287extern const u32 Te3[256];
 288extern const u32 Te4[256];
 289extern const u32 Td0[256];
 290extern const u32 Td1[256];
 291extern const u32 Td2[256];
 292extern const u32 Td3[256];
 293extern const u32 Td4[256];
 294extern const u32 rcon[10];
 295extern const u8 Td4s[256];
 296extern const u8 rcons[10];
 297
 298#define RCON(i) (rcons[(i)] << 24)
 299
 300static inline u32 rotr(u32 val, int bits)
 301{
 302        return (val >> bits) | (val << (32 - bits));
 303}
 304
 305#define TE0(i) Te0[((i) >> 24) & 0xff]
 306#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
 307#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
 308#define TE3(i) rotr(Te0[(i) & 0xff], 24)
 309#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
 310#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
 311#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
 312#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
 313#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000)
 314#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000)
 315#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00)
 316#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff)
 317#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff)
 318
 319#define TD0(i) Td0[((i) >> 24) & 0xff]
 320#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8)
 321#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16)
 322#define TD3(i) rotr(Td0[(i) & 0xff], 24)
 323#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24)
 324#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16)
 325#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8)
 326#define TD44(i) (Td4s[(i) & 0xff])
 327#define TD0_(i) Td0[(i) & 0xff]
 328#define TD1_(i) rotr(Td0[(i) & 0xff], 8)
 329#define TD2_(i) rotr(Td0[(i) & 0xff], 16)
 330#define TD3_(i) rotr(Td0[(i) & 0xff], 24)
 331
 332#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
 333                        ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
 334
 335#define PUTU32(ct, st) { \
 336(ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
 337(ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
 338
 339#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \
 340                         (((u32) (a)[2]) << 8) | ((u32) (a)[3]))
 341
 342#define WPA_PUT_LE16(a, val)                    \
 343        do {                                    \
 344                (a)[1] = ((u16) (val)) >> 8;    \
 345                (a)[0] = ((u16) (val)) & 0xff;  \
 346        } while (0)
 347
 348#define WPA_PUT_BE32(a, val)                                    \
 349        do {                                                    \
 350                (a)[0] = (u8) ((((u32) (val)) >> 24) & 0xff);   \
 351                (a)[1] = (u8) ((((u32) (val)) >> 16) & 0xff);   \
 352                (a)[2] = (u8) ((((u32) (val)) >> 8) & 0xff);    \
 353                (a)[3] = (u8) (((u32) (val)) & 0xff);           \
 354        } while (0)
 355
 356#define WPA_PUT_BE64(a, val)                            \
 357        do {                                            \
 358                (a)[0] = (u8) (((u64) (val)) >> 56);    \
 359                (a)[1] = (u8) (((u64) (val)) >> 48);    \
 360                (a)[2] = (u8) (((u64) (val)) >> 40);    \
 361                (a)[3] = (u8) (((u64) (val)) >> 32);    \
 362                (a)[4] = (u8) (((u64) (val)) >> 24);    \
 363                (a)[5] = (u8) (((u64) (val)) >> 16);    \
 364                (a)[6] = (u8) (((u64) (val)) >> 8);     \
 365                (a)[7] = (u8) (((u64) (val)) & 0xff);   \
 366        } while (0)
 367
 368/* ===== start - public domain SHA256 implementation ===== */
 369
 370/* This is based on SHA256 implementation in LibTomCrypt that was released into
 371 * public domain by Tom St Denis. */
 372
 373/* the K array */
 374static const unsigned long K[64] = {
 375        0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
 376        0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
 377        0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
 378        0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
 379        0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
 380        0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
 381        0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
 382        0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
 383        0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
 384        0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
 385        0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
 386        0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
 387        0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
 388};
 389
 390
 391/* Various logical functions */
 392#define RORc(x, y) \
 393(((((unsigned long) (x) & 0xFFFFFFFFUL) >> (unsigned long) ((y) & 31)) | \
 394   ((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL)
 395#define Ch(x, y, z)       (z ^ (x & (y ^ z)))
 396#define Maj(x, y, z)      (((x | y) & z) | (x & y))
 397#define S(x, n)         RORc((x), (n))
 398#define R(x, n)         (((x)&0xFFFFFFFFUL)>>(n))
 399#define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
 400#define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25))
 401#define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3))
 402#define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))
 403#ifndef MIN
 404#define MIN(x, y) (((x) < (y)) ? (x) : (y))
 405#endif
 406int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac);
 407void rtw_secmicsetkey(struct mic_data *pmicdata, u8 * key);
 408void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b);
 409void rtw_secmicappend(struct mic_data *pmicdata, u8 * src, u32 nBytes);
 410void rtw_secgetmic(struct mic_data *pmicdata, u8 * dst);
 411
 412void rtw_seccalctkipmic(
 413        u8 * key,
 414        u8 *header,
 415        u8 *data,
 416        u32 data_len,
 417        u8 *Miccode,
 418        u8   priority);
 419
 420u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe);
 421u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe);
 422void rtw_wep_encrypt(struct adapter *padapter, u8  *pxmitframe);
 423
 424u32 rtw_aes_decrypt(struct adapter *padapter, u8  *precvframe);
 425u32 rtw_tkip_decrypt(struct adapter *padapter, u8  *precvframe);
 426void rtw_wep_decrypt(struct adapter *padapter, u8  *precvframe);
 427u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe);
 428
 429void rtw_sec_restore_wep_key(struct adapter *adapter);
 430u8 rtw_handle_tkip_countermeasure(struct adapter * adapter, const char *caller);
 431
 432#endif  /* __RTL871X_SECURITY_H_ */
 433