1 /* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */
2 /* Copyright(c) 2007 - 2011 Realtek Corporation. */
4 #ifndef __RTW_SECURITY_H_
5 #define __RTW_SECURITY_H_
7 #include <osdep_service.h>
10 #define _NO_PRIVACY_ 0x0
13 #define _TKIP_WTMIC_ 0x3
16 #define _WEP_WPA_MIXED_ 0x07 /* WEP + WPA */
19 #define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_))
21 #define _WPA_IE_ID_ 0xdd
22 #define _WPA2_IE_ID_ 0x30
24 #define SHA256_MAC_LEN 32
25 #define AES_BLOCK_SIZE 16
26 #define AES_PRIV_SIZE (4 * 44)
29 ENCRYP_PROTOCOL_OPENSYS, /* open system */
30 ENCRYP_PROTOCOL_WEP, /* WEP */
31 ENCRYP_PROTOCOL_WPA, /* WPA */
32 ENCRYP_PROTOCOL_WPA2, /* WPA2 */
33 ENCRYP_PROTOCOL_WAPI, /* WAPI: Not support in this version */
37 #ifndef Ndis802_11AuthModeWPA2
38 #define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
41 #ifndef Ndis802_11AuthModeWPA2PSK
42 #define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
48 #ifdef __LITTLE_ENDIAN
60 #elif defined(__BIG_ENDIAN)
80 struct rt_pmkid_list {
89 struct security_priv {
90 u32 dot11AuthAlgrthm; /* 802.11 auth, could be open,
91 * shared, 8021x and authswitch */
92 u32 dot11PrivacyAlgrthm; /* This specify the privacy for
93 * shared auth. algorithm. */
95 u32 dot11PrivacyKeyIndex; /* this is only valid for legendary
96 * wep, 0~3 for key id.(tx key index) */
97 union Keytype dot11DefKey[4]; /* this is only valid for def. key */
98 u32 dot11DefKeylen[4];
99 u32 dot118021XGrpPrivacy; /* This specify the privacy algthm.
100 * used for Grp key */
101 u32 dot118021XGrpKeyid; /* key id used for Grp Key
103 union Keytype dot118021XGrpKey[4]; /* 802.1x Group Key,
104 * for inx0 and inx1 */
105 union Keytype dot118021XGrptxmickey[4];
106 union Keytype dot118021XGrprxmickey[4];
107 union pn48 dot11Grptxpn; /* PN48 used for Grp Key xmit.*/
108 union pn48 dot11Grprxpn; /* PN48 used for Grp Key recv.*/
109 #ifdef CONFIG_88EU_AP_MODE
110 /* extend security capabilities for AP_MODE */
111 unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
112 unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
113 unsigned int wpa_group_cipher;
114 unsigned int wpa2_group_cipher;
115 unsigned int wpa_pairwise_cipher;
116 unsigned int wpa2_pairwise_cipher;
118 u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
123 u8 bgrpkey_handshake;
124 s32 sw_encrypt;/* from registry_priv */
125 s32 sw_decrypt;/* from registry_priv */
126 s32 hw_decrypted;/* if the rx packets is hw_decrypted==false,i
127 * it means the hw has not been ready. */
129 /* keeps the auth_type & enc_status from upper layer
130 * ioctl(wpa_supplicant or wzc) */
131 u32 ndisauthtype; /* NDIS_802_11_AUTHENTICATION_MODE */
132 u32 ndisencryptstatus; /* NDIS_802_11_ENCRYPTION_STATUS */
133 struct wlan_bssid_ex sec_bss; /* for joinbss (h2c buffer) usage */
134 struct ndis_802_11_wep ndiswep;
136 u8 szofcapability[256]; /* for wpa2 usage */
137 u8 oidassociation[512]; /* for wpa/wpa2 usage */
138 u8 authenticator_ie[256]; /* store ap security information element */
139 u8 supplicant_ie[256]; /* store sta security information element */
141 /* for tkip countermeasure */
142 u32 last_mic_err_time;
143 u8 btkip_countermeasure;
144 u8 btkip_wait_report;
145 u32 btkip_countermeasure_time;
148 /* For WPA2 Pre-Authentication. */
150 struct rt_pmkid_list PMKIDList[NUM_PMKID_CACHE];
152 u8 bWepDefaultKeyIdxSet;
155 #define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst) \
157 switch (psecuritypriv->dot11AuthAlgrthm) { \
158 case dot11AuthAlgrthm_Open: \
159 case dot11AuthAlgrthm_Shared: \
160 case dot11AuthAlgrthm_Auto: \
161 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm; \
163 case dot11AuthAlgrthm_8021X: \
165 encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\
167 encry_algo = (u8)psta->dot118021XPrivacy; \
169 case dot11AuthAlgrthm_WAPI: \
170 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm; \
175 #define SET_ICE_IV_LEN(iv_len, icv_len, encrypt) \
202 #define GET_TKIP_PN(iv, dot11txpn) \
204 dot11txpn._byte_.TSC0 = iv[2]; \
205 dot11txpn._byte_.TSC1 = iv[0]; \
206 dot11txpn._byte_.TSC2 = iv[4]; \
207 dot11txpn._byte_.TSC3 = iv[5]; \
208 dot11txpn._byte_.TSC4 = iv[6]; \
209 dot11txpn._byte_.TSC5 = iv[7]; \
212 #define ROL32(A, n) (((A) << (n)) | (((A)>>(32-(n))) & ((1UL << (n)) - 1)))
213 #define ROR32(A, n) ROL32((A), 32-(n))
216 u32 K0, K1; /* Key */
217 u32 L, R; /* Current state */
218 u32 M; /* Message accumulator (single word) */
219 u32 nBytesInM; /* # bytes in M */
222 extern const u32 Te0[256];
223 extern const u32 Te1[256];
224 extern const u32 Te2[256];
225 extern const u32 Te3[256];
226 extern const u32 Te4[256];
227 extern const u32 Td0[256];
228 extern const u32 Td1[256];
229 extern const u32 Td2[256];
230 extern const u32 Td3[256];
231 extern const u32 Td4[256];
232 extern const u32 rcon[10];
233 extern const u8 Td4s[256];
234 extern const u8 rcons[10];
236 #define RCON(i) (rcons[(i)] << 24)
238 static inline u32 rotr(u32 val, int bits)
240 return (val >> bits) | (val << (32 - bits));
243 #define TE0(i) Te0[((i) >> 24) & 0xff]
244 #define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
245 #define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
246 #define TE3(i) rotr(Te0[(i) & 0xff], 24)
247 #define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
248 #define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
249 #define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
250 #define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
251 #define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000)
252 #define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000)
253 #define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00)
254 #define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff)
255 #define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff)
257 #define TD0(i) Td0[((i) >> 24) & 0xff]
258 #define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8)
259 #define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16)
260 #define TD3(i) rotr(Td0[(i) & 0xff], 24)
261 #define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24)
262 #define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16)
263 #define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8)
264 #define TD44(i) (Td4s[(i) & 0xff])
265 #define TD0_(i) Td0[(i) & 0xff]
266 #define TD1_(i) rotr(Td0[(i) & 0xff], 8)
267 #define TD2_(i) rotr(Td0[(i) & 0xff], 16)
268 #define TD3_(i) rotr(Td0[(i) & 0xff], 24)
270 #define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
271 ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
273 #define PUTU32(ct, st) { \
274 (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
275 (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
277 #define WPA_GET_BE32(a) ((((u32)(a)[0]) << 24) | (((u32)(a)[1]) << 16) | \
278 (((u32)(a)[2]) << 8) | ((u32)(a)[3]))
280 #define WPA_PUT_LE16(a, val) \
282 (a)[1] = ((u16)(val)) >> 8; \
283 (a)[0] = ((u16)(val)) & 0xff; \
286 #define WPA_PUT_BE32(a, val) \
288 (a)[0] = (u8)((((u32)(val)) >> 24) & 0xff); \
289 (a)[1] = (u8)((((u32)(val)) >> 16) & 0xff); \
290 (a)[2] = (u8)((((u32)(val)) >> 8) & 0xff); \
291 (a)[3] = (u8)(((u32)(val)) & 0xff); \
294 #define WPA_PUT_BE64(a, val) \
296 (a)[0] = (u8)(((u64)(val)) >> 56); \
297 (a)[1] = (u8)(((u64)(val)) >> 48); \
298 (a)[2] = (u8)(((u64)(val)) >> 40); \
299 (a)[3] = (u8)(((u64)(val)) >> 32); \
300 (a)[4] = (u8)(((u64)(val)) >> 24); \
301 (a)[5] = (u8)(((u64)(val)) >> 16); \
302 (a)[6] = (u8)(((u64)(val)) >> 8); \
303 (a)[7] = (u8)(((u64)(val)) & 0xff); \
306 /* ===== start - public domain SHA256 implementation ===== */
308 /* This is based on SHA256 implementation in LibTomCrypt that was released into
309 * public domain by Tom St Denis. */
312 static const unsigned long K[64] = {
313 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
314 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
315 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
316 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
317 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
318 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
319 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
320 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
321 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
322 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
323 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
324 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
325 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
328 /* Various logical functions */
330 (((((unsigned long)(x) & 0xFFFFFFFFUL) >> (unsigned long)((y)&31)) | \
331 ((unsigned long)(x) << (unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
332 #define Ch(x, y ,z) (z ^ (x & (y ^ z)))
333 #define Maj(x, y, z) (((x | y) & z) | (x & y))
334 #define S(x, n) RORc((x), (n))
335 #define R(x, n) (((x)&0xFFFFFFFFUL)>>(n))
336 #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
337 #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
338 #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
339 #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
341 #define MIN(x, y) (((x) < (y)) ? (x) : (y))
344 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key);
345 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b);
346 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nBytes);
347 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst);
348 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len,
349 u8 *Miccode, u8 priority);
350 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe);
351 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe);
352 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe);
353 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe);
354 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe);
355 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe);
356 void rtw_use_tkipkey_handler(void *FunctionContext);
358 #endif /* __RTL871X_SECURITY_H_ */