1 /******************************************************************************
3 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * You should have received a copy of the GNU General Public License along with
15 * this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
19 ******************************************************************************/
20 #ifndef __RTW_SECURITY_H_
21 #define __RTW_SECURITY_H_
23 #include <osdep_service.h>
24 #include <drv_types.h>
26 #define _NO_PRIVACY_ 0x0
29 #define _TKIP_WTMIC_ 0x3
32 #define _WEP_WPA_MIXED_ 0x07 /* WEP + WPA */
35 #define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_))
37 #define _WPA_IE_ID_ 0xdd
38 #define _WPA2_IE_ID_ 0x30
40 #define SHA256_MAC_LEN 32
41 #define AES_BLOCK_SIZE 16
42 #define AES_PRIV_SIZE (4 * 44)
45 ENCRYP_PROTOCOL_OPENSYS, /* open system */
46 ENCRYP_PROTOCOL_WEP, /* WEP */
47 ENCRYP_PROTOCOL_WPA, /* WPA */
48 ENCRYP_PROTOCOL_WPA2, /* WPA2 */
49 ENCRYP_PROTOCOL_WAPI, /* WAPI: Not support in this version */
54 #ifndef Ndis802_11AuthModeWPA2
55 #define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
58 #ifndef Ndis802_11AuthModeWPA2PSK
59 #define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
65 #ifdef __LITTLE_ENDIAN
77 #elif defined(__BIG_ENDIAN)
97 struct rt_pmkid_list {
106 struct security_priv {
107 u32 dot11AuthAlgrthm; /* 802.11 auth, could be open,
108 * shared, 8021x and authswitch */
109 u32 dot11PrivacyAlgrthm; /* This specify the privacy for
110 * shared auth. algorithm. */
112 u32 dot11PrivacyKeyIndex; /* this is only valid for legendary
113 * wep, 0~3 for key id.(tx key index) */
114 union Keytype dot11DefKey[4]; /* this is only valid for def. key */
115 u32 dot11DefKeylen[4];
116 u32 dot118021XGrpPrivacy; /* This specify the privacy algthm.
117 * used for Grp key */
118 u32 dot118021XGrpKeyid; /* key id used for Grp Key
120 union Keytype dot118021XGrpKey[4]; /* 802.1x Group Key,
121 * for inx0 and inx1 */
122 union Keytype dot118021XGrptxmickey[4];
123 union Keytype dot118021XGrprxmickey[4];
124 union pn48 dot11Grptxpn; /* PN48 used for Grp Key xmit.*/
125 union pn48 dot11Grprxpn; /* PN48 used for Grp Key recv.*/
126 #ifdef CONFIG_88EU_AP_MODE
127 /* extend security capabilities for AP_MODE */
128 unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
129 unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
130 unsigned int wpa_group_cipher;
131 unsigned int wpa2_group_cipher;
132 unsigned int wpa_pairwise_cipher;
133 unsigned int wpa2_pairwise_cipher;
135 u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
140 u8 bgrpkey_handshake;
141 s32 sw_encrypt;/* from registry_priv */
142 s32 sw_decrypt;/* from registry_priv */
143 s32 hw_decrypted;/* if the rx packets is hw_decrypted==false,i
144 * it means the hw has not been ready. */
146 /* keeps the auth_type & enc_status from upper layer
147 * ioctl(wpa_supplicant or wzc) */
148 u32 ndisauthtype; /* NDIS_802_11_AUTHENTICATION_MODE */
149 u32 ndisencryptstatus; /* NDIS_802_11_ENCRYPTION_STATUS */
150 struct wlan_bssid_ex sec_bss; /* for joinbss (h2c buffer) usage */
151 struct ndis_802_11_wep ndiswep;
153 u8 szofcapability[256]; /* for wpa2 usage */
154 u8 oidassociation[512]; /* for wpa/wpa2 usage */
155 u8 authenticator_ie[256]; /* store ap security information element */
156 u8 supplicant_ie[256]; /* store sta security information element */
158 /* for tkip countermeasure */
159 u32 last_mic_err_time;
160 u8 btkip_countermeasure;
161 u8 btkip_wait_report;
162 u32 btkip_countermeasure_time;
165 /* For WPA2 Pre-Authentication. */
167 struct rt_pmkid_list PMKIDList[NUM_PMKID_CACHE];
169 u8 bWepDefaultKeyIdxSet;
172 struct sha256_state {
174 u32 state[8], curlen;
178 #define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst) \
180 switch (psecuritypriv->dot11AuthAlgrthm) { \
181 case dot11AuthAlgrthm_Open: \
182 case dot11AuthAlgrthm_Shared: \
183 case dot11AuthAlgrthm_Auto: \
184 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm; \
186 case dot11AuthAlgrthm_8021X: \
188 encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\
190 encry_algo = (u8)psta->dot118021XPrivacy; \
192 case dot11AuthAlgrthm_WAPI: \
193 encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm; \
198 #define SET_ICE_IV_LEN(iv_len, icv_len, encrypt) \
226 #define GET_TKIP_PN(iv, dot11txpn) \
228 dot11txpn._byte_.TSC0 = iv[2]; \
229 dot11txpn._byte_.TSC1 = iv[0]; \
230 dot11txpn._byte_.TSC2 = iv[4]; \
231 dot11txpn._byte_.TSC3 = iv[5]; \
232 dot11txpn._byte_.TSC4 = iv[6]; \
233 dot11txpn._byte_.TSC5 = iv[7]; \
237 #define ROL32(A, n) (((A) << (n)) | (((A)>>(32-(n))) & ((1UL << (n)) - 1)))
238 #define ROR32(A, n) ROL32((A), 32-(n))
241 u32 K0, K1; /* Key */
242 u32 L, R; /* Current state */
243 u32 M; /* Message accumulator (single word) */
244 u32 nBytesInM; /* # bytes in M */
247 extern const u32 Te0[256];
248 extern const u32 Td0[256];
249 extern const u32 Td1[256];
250 extern const u32 Td2[256];
251 extern const u32 Td3[256];
252 extern const u32 Td4[256];
253 extern const u32 rcon[10];
254 extern const u8 Td4s[256];
255 extern const u8 rcons[10];
257 #define RCON(i) (rcons[(i)] << 24)
259 static inline u32 rotr(u32 val, int bits)
261 return (val >> bits) | (val << (32 - bits));
264 #define TE0(i) Te0[((i) >> 24) & 0xff]
265 #define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
266 #define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
267 #define TE3(i) rotr(Te0[(i) & 0xff], 24)
269 #define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
270 ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
272 #define PUTU32(ct, st) { \
273 (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
274 (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
276 #define WPA_GET_BE32(a) ((((u32)(a)[0]) << 24) | (((u32)(a)[1]) << 16) | \
277 (((u32)(a)[2]) << 8) | ((u32)(a)[3]))
279 #define WPA_PUT_LE16(a, val) \
281 (a)[1] = ((u16)(val)) >> 8; \
282 (a)[0] = ((u16)(val)) & 0xff; \
285 #define WPA_PUT_BE32(a, val) \
287 (a)[0] = (u8)((((u32)(val)) >> 24) & 0xff); \
288 (a)[1] = (u8)((((u32)(val)) >> 16) & 0xff); \
289 (a)[2] = (u8)((((u32)(val)) >> 8) & 0xff); \
290 (a)[3] = (u8)(((u32)(val)) & 0xff); \
293 #define WPA_PUT_BE64(a, val) \
295 (a)[0] = (u8)(((u64)(val)) >> 56); \
296 (a)[1] = (u8)(((u64)(val)) >> 48); \
297 (a)[2] = (u8)(((u64)(val)) >> 40); \
298 (a)[3] = (u8)(((u64)(val)) >> 32); \
299 (a)[4] = (u8)(((u64)(val)) >> 24); \
300 (a)[5] = (u8)(((u64)(val)) >> 16); \
301 (a)[6] = (u8)(((u64)(val)) >> 8); \
302 (a)[7] = (u8)(((u64)(val)) & 0xff); \
305 /* ===== start - public domain SHA256 implementation ===== */
307 /* This is based on SHA256 implementation in LibTomCrypt that was released into
308 * public domain by Tom St Denis. */
311 static const unsigned long K[64] = {
312 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
313 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
314 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
315 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
316 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
317 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
318 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
319 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
320 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
321 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
322 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
323 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
324 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
327 /* Various logical functions */
329 (((((unsigned long)(x) & 0xFFFFFFFFUL) >> (unsigned long)((y)&31)) | \
330 ((unsigned long)(x) << (unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
331 #define Ch(x, y , z) (z ^ (x & (y ^ z)))
332 #define Maj(x, y, z) (((x | y) & z) | (x & y))
333 #define S(x, n) RORc((x), (n))
334 #define R(x, n) (((x)&0xFFFFFFFFUL)>>(n))
335 #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
336 #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
337 #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
338 #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
340 #define MIN(x, y) (((x) < (y)) ? (x) : (y))
343 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key);
344 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b);
345 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nBytes);
346 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst);
347 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len,
348 u8 *Miccode, u8 priority);
349 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe);
350 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe);
351 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe);
352 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe);
353 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe);
354 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe);
356 #endif /* __RTL871X_SECURITY_H_ */