include/sys/net80211_crypto.h

   1 /*
   2  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5
   6 /*
   7  * Copyright (c) 2001 Atsushi Onoe
   8  * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
   9  * All rights reserved.
  10  *
  11  * Redistribution and use in source and binary forms, with or without
  12  * modification, are permitted provided that the following conditions
  13  * are met:
  14  * 1. Redistributions of source code must retain the above copyright
  15  *    notice, this list of conditions and the following disclaimer.
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *    notice, this list of conditions and the following disclaimer in the
  18  *    documentation and/or other materials provided with the distribution.
  19  * 3. The name of the author may not be used to endorse or promote products
  20  *    derived from this software without specific prior written permission.
  21  *
  22  * Alternatively, this software may be distributed under the terms of the
  23  * GNU General Public License ("GPL") version 2 as published by the Free
  24  * Software Foundation.
  25  *
  26  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  27  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  28  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  29  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  30  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  31  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  32  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  33  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  34  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  35  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36  */
  37
  38 #ifndef _SYS_NET80211_CRYPTO_H
  39 #define _SYS_NET80211_CRYPTO_H
  40
  41 #include <sys/types.h>
  42 #ifdef _KERNEL
  43 #include <sys/stream.h>
  44 #include <sys/mac.h>
  45 #endif
  46 #include <sys/net80211_proto.h>
  47
  48 /*
  49  * 802.11 protocol crypto-related definitions.
  50  */
  51
  52 #ifdef  __cplusplus
  53 extern "C" {
  54 #endif
  55
  56 #define IEEE80211_MAX_WPA_IE            40      /* IEEE802.11i */
  57 /*
  58  * Max size of optional information elements.  We artificially
  59  * constrain this; it's limited only by the max frame size (and
  60  * the max parameter size of the wireless extensions).
  61  */
  62 #define IEEE80211_MAX_OPT_IE            256
  63
  64 #define IEEE80211_MLME_ASSOC            1       /* associate station */
  65 #define IEEE80211_MLME_DISASSOC         2       /* disassociate station */
  66 #define IEEE80211_MLME_DEAUTH           3       /* deauthenticate station */
  67 #define IEEE80211_MLME_AUTHORIZE        4       /* authorize station */
  68 #define IEEE80211_MLME_UNAUTHORIZE      5       /* unauthorize station */
  69
  70 /*
  71  * NB: these values are ordered carefully; there are lots of
  72  * of implications in any reordering.
  73  */
  74 #define IEEE80211_CIPHER_WEP            0
  75 #define IEEE80211_CIPHER_TKIP           1
  76 #define IEEE80211_CIPHER_AES_OCB        2
  77 #define IEEE80211_CIPHER_AES_CCM        3
  78 #define IEEE80211_CIPHER_CKIP           4
  79 #define IEEE80211_CIPHER_NONE           5       /* pseudo value */
  80
  81 #define IEEE80211_CIPHER_MAX            (IEEE80211_CIPHER_NONE+1)
  82
  83 /*
  84  * Maxmium length of key in bytes
  85  * WEP key length present in the 802.11 standard is 40-bit.
  86  * Many implementations also support 104-bit WEP keys.
  87  * 802.11i standardize TKIP/CCMP use 128-bit key
  88  */
  89 #define IEEE80211_KEYBUF_SIZE           16
  90 #define IEEE80211_MICBUF_SIZE           (8+8)   /* space for both tx+rx keys */
  91
  92 /* Key Flags */
  93 #define IEEE80211_KEY_XMIT              0x01    /* key used for xmit */
  94 #define IEEE80211_KEY_RECV              0x02    /* key used for recv */
  95 #define IEEE80211_KEY_GROUP             /* key used for WPA group operation */ \
  96                                         0x04
  97 #define IEEE80211_KEY_SWCRYPT           0x10    /* host-based encrypt/decrypt */
  98 #define IEEE80211_KEY_SWMIC             0x20    /* host-based enmic/demic */
  99 #define IEEE80211_KEY_COMMON            /* common flags passed in by apps */ \
 100         (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV | IEEE80211_KEY_GROUP)
 101
 102 #define IEEE80211_KEY_DEFAULT           0x80    /* default xmit key */
 103
 104 /* WEP */
 105 #define IEEE80211_WEP_KEYLEN            5       /* 40bit */
 106 #define IEEE80211_WEP_IVLEN             3       /* 24bit */
 107 #define IEEE80211_WEP_KIDLEN            1       /* 1 octet */
 108 #define IEEE80211_WEP_CRCLEN            4       /* CRC-32 */
 109 #define IEEE80211_WEP_NKID              4       /* number of key ids */
 110
 111 /*
 112  * 802.11i defines an extended IV for use with non-WEP ciphers.
 113  * When the EXTIV bit is set in the key id byte an additional
 114  * 4 bytes immediately follow the IV for TKIP.  For CCMP the
 115  * EXTIV bit is likewise set but the 8 bytes represent the
 116  * CCMP header rather than IV+extended-IV.
 117  */
 118 #define IEEE80211_WEP_EXTIV             0x20
 119 #define IEEE80211_WEP_EXTIVLEN          4       /* extended IV length */
 120 #define IEEE80211_WEP_MICLEN            8       /* trailing MIC */
 121
 122 #define IEEE80211_WEP_HDRLEN                                    \
 123         (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN)
 124 #define IEEE80211_WEP_MINLEN                                    \
 125         (sizeof (struct ieee80211_frame) +                      \
 126         IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN)
 127
 128 /* Maximum number of keys */
 129 #define IEEE80211_KEY_MAX               IEEE80211_WEP_NKID
 130
 131 typedef uint16_t        ieee80211_keyix;        /* h/w key index */
 132
 133 #define IEEE80211_KEYIX_NONE    ((ieee80211_keyix) -1)
 134
 135 #ifdef _KERNEL
 136
 137 struct ieee80211com;
 138 struct ieee80211_key;
 139
 140 /*
 141  * Template for a supported cipher.  Ciphers register with the
 142  * crypto code.
 143  *
 144  * ic_attach - Initialize cipher. The return value is set to wk_private
 145  * ic_detach - Destruct a cipher.
 146  * ic_setkey - Validate key contents
 147  * ic_encap  - Encrypt the 802.11 MAC payload
 148  * ic_decap  - Decrypt the 802.11 MAC payload
 149  * ic_enmic  - Add MIC
 150  * ic_demic  - Check and remove MIC
 151  */
 152 struct ieee80211_cipher {
 153         const char      *ic_name;       /* printable name */
 154         uint32_t        ic_cipher;      /* IEEE80211_CIPHER_* */
 155         uint32_t        ic_header;      /* size of privacy header (bytes) */
 156         uint32_t        ic_trailer;     /* size of privacy trailer (bytes) */
 157         uint32_t        ic_miclen;      /* size of mic trailer (bytes) */
 158         void            *(*ic_attach)(struct ieee80211com *,
 159                                 struct ieee80211_key *);
 160         void            (*ic_detach)(struct ieee80211_key *);
 161         int32_t         (*ic_setkey)(struct ieee80211_key *);
 162         int32_t         (*ic_encap)(struct ieee80211_key *, mblk_t *,
 163                                 uint8_t keyid);
 164         int32_t         (*ic_decap)(struct ieee80211_key *, mblk_t *, int);
 165         int32_t         (*ic_enmic)(struct ieee80211_key *, mblk_t *, int);
 166         int32_t         (*ic_demic)(struct ieee80211_key *, mblk_t *, int);
 167 };
 168 extern  const struct ieee80211_cipher ieee80211_cipher_none;
 169
 170 struct ieee80211_key {
 171         uint8_t         wk_keylen;      /* key length in bytes */
 172         uint8_t         wk_pad;
 173         uint16_t        wk_flags;
 174         uint8_t         wk_key[IEEE80211_KEYBUF_SIZE+IEEE80211_MICBUF_SIZE];
 175         ieee80211_keyix wk_keyix;       /* h/w key index */
 176         ieee80211_keyix wk_rxkeyix;     /* optional h/w rx key index */
 177         uint64_t        wk_keyrsc;      /* key receive sequence counter */
 178         uint64_t        wk_keytsc;      /* key transmit sequence counter */
 179         const struct ieee80211_cipher   *wk_cipher;
 180         void            *wk_private;    /* private cipher state */
 181 };
 182 #define wk_txmic        wk_key+IEEE80211_KEYBUF_SIZE+0
 183 #define wk_rxmic        wk_key+IEEE80211_KEYBUF_SIZE+8
 184
 185 /*
 186  * Crypto state kept in each ieee80211com.
 187  */
 188 struct ieee80211_crypto_state {
 189         struct ieee80211_key    cs_nw_keys[IEEE80211_KEY_MAX];
 190         ieee80211_keyix         cs_def_txkey;   /* default/group tx key index */
 191         uint16_t                cs_max_keyix;   /* max h/w key index */
 192
 193         int                     (*cs_key_alloc)(struct ieee80211com *,
 194                                         const struct ieee80211_key *,
 195                                         ieee80211_keyix *, ieee80211_keyix *);
 196         int                     (*cs_key_delete)(struct ieee80211com *,
 197                                         const struct ieee80211_key *);
 198         int                     (*cs_key_set)(struct ieee80211com *,
 199                                         const struct ieee80211_key *,
 200                                         const uint8_t mac[IEEE80211_ADDR_LEN]);
 201         void                    (*cs_key_update_begin)(struct ieee80211com *);
 202         void                    (*cs_key_update_end)(struct ieee80211com *);
 203 };
 204
 205 /*
 206  * Key update synchronization methods.
 207  */
 208 #define KEY_UPDATE_BEGIN(ic)            \
 209         (ic)->ic_crypto.cs_key_update_begin(ic)
 210 #define KEY_UPDATE_END(ic)              \
 211         (ic)->ic_crypto.cs_key_update_end(ic)
 212 #define KEY_UNDEFINED(k)                \
 213         ((k).wk_cipher == &ieee80211_cipher_none)
 214
 215 #define DEV_KEY_ALLOC(ic, k, kix, rkix) \
 216         (ic)->ic_crypto.cs_key_alloc(ic, k, kix, rkix)
 217 #define DEV_KEY_DELETE(ic, k)           \
 218         (ic)->ic_crypto.cs_key_delete(ic, k)
 219 #define DEV_KEY_SET(ic, k, m)           \
 220         (ic)->ic_crypto.cs_key_set(ic, k, m)
 221
 222 #define CIPHER_DETACH(k)                \
 223         (k)->wk_cipher->ic_detach(k)
 224 #define CIPHER_ATTACH(k)                \
 225         (k)->wk_cipher->ic_attach(k)
 226
 227 #define ieee80211_crypto_demic(ic, k, m, force)         \
 228         (((k)->wk_cipher->ic_miclen > 0) ?              \
 229         (k)->wk_cipher->ic_demic(k, m, force) :         \
 230         1)
 231
 232 #define ieee80211_crypto_enmic(ic, k, m, force)         \
 233         ((k)->wk_cipher->ic_miclen > 0 ?                \
 234         (k)->wk_cipher->ic_enmic(k, m, force) :         \
 235         1)
 236
 237 void ieee80211_crypto_attach(struct ieee80211com *ic);
 238 void ieee80211_crypto_detach(struct ieee80211com *ic);
 239 void ieee80211_crypto_register(struct ieee80211com *ic,
 240     const struct ieee80211_cipher *);
 241 void ieee80211_crypto_unregister(struct ieee80211com *ic,
 242     const struct ieee80211_cipher *);
 243 void ieee80211_crypto_resetkey(struct ieee80211com *, struct ieee80211_key *,
 244         ieee80211_keyix);
 245
 246 #endif /* _KERNEL */
 247
 248 #ifdef  __cplusplus
 249 }
 250 #endif
 251
 252 #endif  /* _SYS_NET80211_CRYPTO_H */