1 /* SPDX-License-Identifier: GPL-2.0 */
2 /******************************************************************************
3  *
4  * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
5  *
6  ******************************************************************************/
7 #ifndef __RTW_SECURITY_H_
8 #define __RTW_SECURITY_H_
9 
10 
11 #define _NO_PRIVACY_		0x0
12 #define _WEP40_				0x1
13 #define _TKIP_				0x2
14 #define _TKIP_WTMIC_		0x3
15 #define _AES_				0x4
16 #define _WEP104_			0x5
17 #define _WEP_WPA_MIXED_	0x07  /*  WEP + WPA */
18 #define _SMS4_				0x06
19 #define _BIP_				0x8
20 #define is_wep_enc(alg) (((alg) == _WEP40_) || ((alg) == _WEP104_))
21 
22 const char *security_type_str(u8 value);
23 
24 #define SHA256_MAC_LEN 32
25 #define AES_BLOCK_SIZE 16
26 #define AES_PRIV_SIZE (4 * 44)
27 
28 #define RTW_KEK_LEN 16
29 #define RTW_KCK_LEN 16
30 #define RTW_REPLAY_CTR_LEN 8
31 
32 enum {
33 	ENCRYP_PROTOCOL_OPENSYS,   /* open system */
34 	ENCRYP_PROTOCOL_WEP,       /* WEP */
35 	ENCRYP_PROTOCOL_WPA,       /* WPA */
36 	ENCRYP_PROTOCOL_WPA2,      /* WPA2 */
37 	ENCRYP_PROTOCOL_WAPI,      /* WAPI: Not support in this version */
38 	ENCRYP_PROTOCOL_MAX
39 };
40 
41 
42 #ifndef Ndis802_11AuthModeWPA2
43 #define Ndis802_11AuthModeWPA2 (Ndis802_11AuthModeWPANone + 1)
44 #endif
45 
46 #ifndef Ndis802_11AuthModeWPA2PSK
47 #define Ndis802_11AuthModeWPA2PSK (Ndis802_11AuthModeWPANone + 2)
48 #endif
49 
50 union pn48	{
51 
52 	u64	val;
53 
54 #ifdef __LITTLE_ENDIAN
55 
56 struct {
57   u8 TSC0;
58   u8 TSC1;
59   u8 TSC2;
60   u8 TSC3;
61   u8 TSC4;
62   u8 TSC5;
63   u8 TSC6;
64   u8 TSC7;
65 } _byte_;
66 #else
67 struct {
68   u8 TSC7;
69   u8 TSC6;
70   u8 TSC5;
71   u8 TSC4;
72   u8 TSC3;
73   u8 TSC2;
74   u8 TSC1;
75   u8 TSC0;
76 } _byte_;
77 #endif
78 
79 };
80 
81 union Keytype {
82         u8   skey[16];
83         u32    lkey[4];
84 };
85 
86 
87 typedef struct _RT_PMKID_LIST {
88 	u8 				bUsed;
89 	u8 				Bssid[6];
90 	u8 				PMKID[16];
91 	u8 				SsidBuf[33];
92 	u8 *ssid_octet;
93 	u16 					ssid_length;
94 } RT_PMKID_LIST, *PRT_PMKID_LIST;
95 
96 
97 struct security_priv {
98 	u32   dot11AuthAlgrthm;		/*  802.11 auth, could be open, shared, 8021x and authswitch */
99 	u32   dot11PrivacyAlgrthm;	/*  This specify the privacy for shared auth. algorithm. */
100 
101 	/* WEP */
102 	u32   dot11PrivacyKeyIndex;	/*  this is only valid for legendary wep, 0~3 for key id. (tx key index) */
103 	union Keytype dot11DefKey[4];	/*  this is only valid for def. key */
104 	u32 dot11DefKeylen[4];
105 	u8 key_mask; /* use to restore wep key after hal_init */
106 
107 	u32 dot118021XGrpPrivacy;	/*  This specify the privacy algthm. used for Grp key */
108 	u32 dot118021XGrpKeyid;		/*  key id used for Grp Key (tx key index) */
109 	union Keytype	dot118021XGrpKey[BIP_MAX_KEYID];	/*  802.1x Group Key, for inx0 and inx1 */
110 	union Keytype	dot118021XGrptxmickey[BIP_MAX_KEYID];
111 	union Keytype	dot118021XGrprxmickey[BIP_MAX_KEYID];
112 	union pn48		dot11Grptxpn;			/*  PN48 used for Grp Key xmit. */
113 	union pn48		dot11Grprxpn;			/*  PN48 used for Grp Key recv. */
114 	u32 dot11wBIPKeyid;						/*  key id used for BIP Key (tx key index) */
115 	union Keytype	dot11wBIPKey[6];		/*  BIP Key, for index4 and index5 */
116 	union pn48		dot11wBIPtxpn;			/*  PN48 used for Grp Key xmit. */
117 	union pn48		dot11wBIPrxpn;			/*  PN48 used for Grp Key recv. */
118 
119 	/* extend security capabilities for AP_MODE */
120 	unsigned int dot8021xalg;/* 0:disable, 1:psk, 2:802.1x */
121 	unsigned int wpa_psk;/* 0:disable, bit(0): WPA, bit(1):WPA2 */
122 	unsigned int wpa_group_cipher;
123 	unsigned int wpa2_group_cipher;
124 	unsigned int wpa_pairwise_cipher;
125 	unsigned int wpa2_pairwise_cipher;
126 
127 	u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
128 	int wps_ie_len;
129 
130 
131 	u8 binstallGrpkey;
132 #ifdef CONFIG_GTK_OL
133 	u8 binstallKCK_KEK;
134 #endif /* CONFIG_GTK_OL */
135 	u8 binstallBIPkey;
136 	u8 busetkipkey;
137 	/* _timer tkip_timer; */
138 	u8 bcheck_grpkey;
139 	u8 bgrpkey_handshake;
140 
141 	s32	sw_encrypt;/* from registry_priv */
142 	s32	sw_decrypt;/* from registry_priv */
143 
144 	s32	hw_decrypted;/* if the rx packets is hw_decrypted ==false, it means the hw has not been ready. */
145 
146 
147 	/* keeps the auth_type & enc_status from upper layer ioctl(wpa_supplicant or wzc) */
148 	u32 ndisauthtype;	/*  enum NDIS_802_11_AUTHENTICATION_MODE */
149 	u32 ndisencryptstatus;	/*  NDIS_802_11_ENCRYPTION_STATUS */
150 
151 	struct wlan_bssid_ex sec_bss;  /* for joinbss (h2c buffer) usage */
152 
153 	struct ndis_802_11_wep ndiswep;
154 
155 	u8 assoc_info[600];
156 	u8 szofcapability[256]; /* for wpa2 usage */
157 	u8 oidassociation[512]; /* for wpa/wpa2 usage */
158 	u8 authenticator_ie[256];  /* store ap security information element */
159 	u8 supplicant_ie[256];  /* store sta security information element */
160 
161 
162 	/* for tkip countermeasure */
163 	unsigned long last_mic_err_time;
164 	u8 btkip_countermeasure;
165 	u8 btkip_wait_report;
166 	u32 btkip_countermeasure_time;
167 
168 	/*  For WPA2 Pre-Authentication. */
169 	RT_PMKID_LIST		PMKIDList[NUM_PMKID_CACHE];	/*  Renamed from PreAuthKey[NUM_PRE_AUTH_KEY]. Annie, 2006-10-13. */
170 	u8 		PMKIDIndex;
171 
172 	u8 bWepDefaultKeyIdxSet;
173 
174 #define DBG_SW_SEC_CNT
175 #ifdef DBG_SW_SEC_CNT
176 	u64 wep_sw_enc_cnt_bc;
177 	u64 wep_sw_enc_cnt_mc;
178 	u64 wep_sw_enc_cnt_uc;
179 	u64 wep_sw_dec_cnt_bc;
180 	u64 wep_sw_dec_cnt_mc;
181 	u64 wep_sw_dec_cnt_uc;
182 
183 	u64 tkip_sw_enc_cnt_bc;
184 	u64 tkip_sw_enc_cnt_mc;
185 	u64 tkip_sw_enc_cnt_uc;
186 	u64 tkip_sw_dec_cnt_bc;
187 	u64 tkip_sw_dec_cnt_mc;
188 	u64 tkip_sw_dec_cnt_uc;
189 
190 	u64 aes_sw_enc_cnt_bc;
191 	u64 aes_sw_enc_cnt_mc;
192 	u64 aes_sw_enc_cnt_uc;
193 	u64 aes_sw_dec_cnt_bc;
194 	u64 aes_sw_dec_cnt_mc;
195 	u64 aes_sw_dec_cnt_uc;
196 #endif /* DBG_SW_SEC_CNT */
197 };
198 
199 struct sha256_state {
200 	u64 length;
201 	u32 state[8], curlen;
202 	u8 buf[64];
203 };
204 
205 #define GET_ENCRY_ALGO(psecuritypriv, psta, encry_algo, bmcst)\
206 do {\
207 	switch (psecuritypriv->dot11AuthAlgrthm)\
208 	{\
209 		case dot11AuthAlgrthm_Open:\
210 		case dot11AuthAlgrthm_Shared:\
211 		case dot11AuthAlgrthm_Auto:\
212 			encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
213 			break;\
214 		case dot11AuthAlgrthm_8021X:\
215 			if (bmcst)\
216 				encry_algo = (u8)psecuritypriv->dot118021XGrpPrivacy;\
217 			else\
218 				encry_algo = (u8)psta->dot118021XPrivacy;\
219 			break;\
220 	     case dot11AuthAlgrthm_WAPI:\
221 		     encry_algo = (u8)psecuritypriv->dot11PrivacyAlgrthm;\
222 		     break;\
223 	} \
224 } while (0)
225 
226 #define _AES_IV_LEN_ 8
227 
228 #define SET_ICE_IV_LEN(iv_len, icv_len, encrypt)\
229 do {\
230 	switch (encrypt)\
231 	{\
232 		case _WEP40_:\
233 		case _WEP104_:\
234 			iv_len = 4;\
235 			icv_len = 4;\
236 			break;\
237 		case _TKIP_:\
238 			iv_len = 8;\
239 			icv_len = 4;\
240 			break;\
241 		case _AES_:\
242 			iv_len = 8;\
243 			icv_len = 8;\
244 			break;\
245 		case _SMS4_:\
246 			iv_len = 18;\
247 			icv_len = 16;\
248 			break;\
249 		default:\
250 			iv_len = 0;\
251 			icv_len = 0;\
252 			break;\
253 	} \
254 } while (0)
255 
256 
257 #define GET_TKIP_PN(iv, dot11txpn)\
258 do {\
259 	dot11txpn._byte_.TSC0 = iv[2];\
260 	dot11txpn._byte_.TSC1 = iv[0];\
261 	dot11txpn._byte_.TSC2 = iv[4];\
262 	dot11txpn._byte_.TSC3 = iv[5];\
263 	dot11txpn._byte_.TSC4 = iv[6];\
264 	dot11txpn._byte_.TSC5 = iv[7];\
265 } while (0)
266 
267 
268 #define ROL32(A, n)	(((A) << (n)) | (((A)>>(32-(n)))  & ((1UL << (n)) - 1)))
269 #define ROR32(A, n)	ROL32((A), 32-(n))
270 
271 struct mic_data {
272 	u32  K0, K1;         /*  Key */
273 	u32  L, R;           /*  Current state */
274 	u32  M;              /*  Message accumulator (single word) */
275 	u32     nBytesInM;      /*  # bytes in M */
276 };
277 
278 extern const u32 Te0[256];
279 extern const u32 Te1[256];
280 extern const u32 Te2[256];
281 extern const u32 Te3[256];
282 extern const u32 Te4[256];
283 extern const u32 Td0[256];
284 extern const u32 Td1[256];
285 extern const u32 Td2[256];
286 extern const u32 Td3[256];
287 extern const u32 Td4[256];
288 extern const u32 rcon[10];
289 extern const u8 Td4s[256];
290 extern const u8 rcons[10];
291 
292 #define RCON(i) (rcons[(i)] << 24)
293 
294 static inline u32 rotr(u32 val, int bits)
295 {
296 	return (val >> bits) | (val << (32 - bits));
297 }
298 
299 #define TE0(i) Te0[((i) >> 24) & 0xff]
300 #define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
301 #define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
302 #define TE3(i) rotr(Te0[(i) & 0xff], 24)
303 #define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
304 #define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
305 #define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
306 #define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
307 #define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000)
308 #define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000)
309 #define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00)
310 #define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff)
311 #define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff)
312 
313 #define TD0(i) Td0[((i) >> 24) & 0xff]
314 #define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8)
315 #define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16)
316 #define TD3(i) rotr(Td0[(i) & 0xff], 24)
317 #define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24)
318 #define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16)
319 #define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8)
320 #define TD44(i) (Td4s[(i) & 0xff])
321 #define TD0_(i) Td0[(i) & 0xff]
322 #define TD1_(i) rotr(Td0[(i) & 0xff], 8)
323 #define TD2_(i) rotr(Td0[(i) & 0xff], 16)
324 #define TD3_(i) rotr(Td0[(i) & 0xff], 24)
325 
326 #define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
327 			((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
328 
329 #define PUTU32(ct, st) { \
330 (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
331 (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
332 
333 #define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \
334 			 (((u32) (a)[2]) << 8) | ((u32) (a)[3]))
335 
336 #define WPA_PUT_LE16(a, val)			\
337 	do {					\
338 		(a)[1] = ((u16) (val)) >> 8;	\
339 		(a)[0] = ((u16) (val)) & 0xff;	\
340 	} while (0)
341 
342 #define WPA_PUT_BE32(a, val)					\
343 	do {							\
344 		(a)[0] = (u8) ((((u32) (val)) >> 24) & 0xff);	\
345 		(a)[1] = (u8) ((((u32) (val)) >> 16) & 0xff);	\
346 		(a)[2] = (u8) ((((u32) (val)) >> 8) & 0xff);	\
347 		(a)[3] = (u8) (((u32) (val)) & 0xff);		\
348 	} while (0)
349 
350 #define WPA_PUT_BE64(a, val)				\
351 	do {						\
352 		(a)[0] = (u8) (((u64) (val)) >> 56);	\
353 		(a)[1] = (u8) (((u64) (val)) >> 48);	\
354 		(a)[2] = (u8) (((u64) (val)) >> 40);	\
355 		(a)[3] = (u8) (((u64) (val)) >> 32);	\
356 		(a)[4] = (u8) (((u64) (val)) >> 24);	\
357 		(a)[5] = (u8) (((u64) (val)) >> 16);	\
358 		(a)[6] = (u8) (((u64) (val)) >> 8);	\
359 		(a)[7] = (u8) (((u64) (val)) & 0xff);	\
360 	} while (0)
361 
362 /* ===== start - public domain SHA256 implementation ===== */
363 
364 /* This is based on SHA256 implementation in LibTomCrypt that was released into
365  * public domain by Tom St Denis. */
366 
367 /* the K array */
368 static const unsigned long K[64] = {
369 	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
370 	0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
371 	0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
372 	0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
373 	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
374 	0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
375 	0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
376 	0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
377 	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
378 	0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
379 	0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
380 	0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
381 	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
382 };
383 
384 
385 /* Various logical functions */
386 #define RORc(x, y) \
387 (((((unsigned long) (x) & 0xFFFFFFFFUL) >> (unsigned long) ((y) & 31)) | \
388    ((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL)
389 #define Ch(x, y, z)       (z ^ (x & (y ^ z)))
390 #define Maj(x, y, z)      (((x | y) & z) | (x & y))
391 #define S(x, n)         RORc((x), (n))
392 #define R(x, n)         (((x)&0xFFFFFFFFUL)>>(n))
393 #define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
394 #define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25))
395 #define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3))
396 #define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))
397 #ifndef MIN
398 #define MIN(x, y) (((x) < (y)) ? (x) : (y))
399 #endif
400 int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac);
401 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key);
402 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b);
403 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nBytes);
404 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst);
405 
406 void rtw_seccalctkipmic(
407 	u8 *key,
408 	u8 *header,
409 	u8 *data,
410 	u32 data_len,
411 	u8 *Miccode,
412 	u8   priority);
413 
414 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe);
415 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe);
416 void rtw_wep_encrypt(struct adapter *padapter, u8  *pxmitframe);
417 
418 u32 rtw_aes_decrypt(struct adapter *padapter, u8  *precvframe);
419 u32 rtw_tkip_decrypt(struct adapter *padapter, u8  *precvframe);
420 void rtw_wep_decrypt(struct adapter *padapter, u8  *precvframe);
421 u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe);
422 
423 void rtw_sec_restore_wep_key(struct adapter *adapter);
424 u8 rtw_handle_tkip_countermeasure(struct adapter *adapter, const char *caller);
425 
426 #endif	/* __RTL871X_SECURITY_H_ */
427