usr/src/uts/common/sys/net80211_crypto.h

   1 /*
   2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5
   6 /*
   7  * Copyright (c) 2001 Atsushi Onoe
   8  * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
   9  * All rights reserved.
  10  *
  11  * Redistribution and use in source and binary forms, with or without
  12  * modification, are permitted provided that the following conditions
  13  * are met:
  14  * 1. Redistributions of source code must retain the above copyright
  15  *    notice, this list of conditions and the following disclaimer.
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *    notice, this list of conditions and the following disclaimer in the
  18  *    documentation and/or other materials provided with the distribution.
  19  * 3. The name of the author may not be used to endorse or promote products
  20  *    derived from this software without specific prior written permission.
  21  *
  22  * Alternatively, this software may be distributed under the terms of the
  23  * GNU General Public License ("GPL") version 2 as published by the Free
  24  * Software Foundation.
  25  *
  26  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  27  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  28  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  29  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  30  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  31  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  32  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  33  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  34  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  35  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36  */
  37
  38 #ifndef _SYS_NET80211_CRYPTO_H
  39 #define _SYS_NET80211_CRYPTO_H
  40
  41 #pragma ident   "%Z%%M% %I%     %E% SMI"
  42
  43 #include <sys/types.h>
  44 #include <sys/mac.h>
  45 #include <sys/net80211_proto.h>
  46
  47 /*
  48  * 802.11 protocol crypto-related definitions.
  49  */
  50
  51 #ifdef  __cplusplus
  52 extern "C" {
  53 #endif
  54
  55 #define IEEE80211_MAX_WPA_IE            40      /* IEEE802.11i */
  56 /*
  57  * Max size of optional information elements.  We artificially
  58  * constrain this; it's limited only by the max frame size (and
  59  * the max parameter size of the wireless extensions).
  60  */
  61 #define IEEE80211_MAX_OPT_IE            256
  62
  63 #define IEEE80211_MLME_ASSOC            1       /* associate station */
  64 #define IEEE80211_MLME_DISASSOC         2       /* disassociate station */
  65 #define IEEE80211_MLME_DEAUTH           3       /* deauthenticate station */
  66 #define IEEE80211_MLME_AUTHORIZE        4       /* authorize station */
  67 #define IEEE80211_MLME_UNAUTHORIZE      5       /* unauthorize station */
  68
  69 /*
  70  * NB: these values are ordered carefully; there are lots of
  71  * of implications in any reordering.
  72  */
  73 #define IEEE80211_CIPHER_WEP            0
  74 #define IEEE80211_CIPHER_TKIP           1
  75 #define IEEE80211_CIPHER_AES_OCB        2
  76 #define IEEE80211_CIPHER_AES_CCM        3
  77 #define IEEE80211_CIPHER_CKIP           4
  78 #define IEEE80211_CIPHER_NONE           5       /* pseudo value */
  79
  80 #define IEEE80211_CIPHER_MAX            (IEEE80211_CIPHER_NONE+1)
  81
  82 /*
  83  * Maxmium length of key in bytes
  84  * WEP key length present in the 802.11 standard is 40-bit.
  85  * Many implementations also support 104-bit WEP keys.
  86  * 802.11i standardize TKIP/CCMP use 128-bit key
  87  */
  88 #define IEEE80211_KEYBUF_SIZE           16
  89 #define IEEE80211_MICBUF_SIZE           (8+8)   /* space for both tx+rx keys */
  90
  91 /* Key Flags */
  92 #define IEEE80211_KEY_XMIT              0x01    /* key used for xmit */
  93 #define IEEE80211_KEY_RECV              0x02    /* key used for recv */
  94 #define IEEE80211_KEY_GROUP             /* key used for WPA group operation */ \
  95                                         0x04
  96 #define IEEE80211_KEY_SWCRYPT           0x10    /* host-based encrypt/decrypt */
  97 #define IEEE80211_KEY_SWMIC             0x20    /* host-based enmic/demic */
  98 #define IEEE80211_KEY_COMMON            /* common flags passed in by apps */ \
  99         (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV | IEEE80211_KEY_GROUP)
 100
 101 #define IEEE80211_KEY_DEFAULT           0x80    /* default xmit key */
 102
 103 /* WEP */
 104 #define IEEE80211_WEP_KEYLEN            5       /* 40bit */
 105 #define IEEE80211_WEP_IVLEN             3       /* 24bit */
 106 #define IEEE80211_WEP_KIDLEN            1       /* 1 octet */
 107 #define IEEE80211_WEP_CRCLEN            4       /* CRC-32 */
 108 #define IEEE80211_WEP_NKID              4       /* number of key ids */
 109
 110 /*
 111  * 802.11i defines an extended IV for use with non-WEP ciphers.
 112  * When the EXTIV bit is set in the key id byte an additional
 113  * 4 bytes immediately follow the IV for TKIP.  For CCMP the
 114  * EXTIV bit is likewise set but the 8 bytes represent the
 115  * CCMP header rather than IV+extended-IV.
 116  */
 117 #define IEEE80211_WEP_EXTIV             0x20
 118 #define IEEE80211_WEP_EXTIVLEN          4       /* extended IV length */
 119 #define IEEE80211_WEP_MICLEN            8       /* trailing MIC */
 120
 121 #define IEEE80211_WEP_HDRLEN                                    \
 122         (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN)
 123 #define IEEE80211_WEP_MINLEN                                    \
 124         (sizeof (struct ieee80211_frame) +                      \
 125         IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN)
 126
 127 /* Maximum number of keys */
 128 #define IEEE80211_KEY_MAX               IEEE80211_WEP_NKID
 129
 130 struct ieee80211com;
 131 struct ieee80211_node;
 132 struct ieee80211_key;
 133 typedef uint16_t        ieee80211_keyix;        /* h/w key index */
 134
 135 #define IEEE80211_KEYIX_NONE    ((ieee80211_keyix) -1)
 136
 137 /*
 138  * Template for a supported cipher.  Ciphers register with the
 139  * crypto code.
 140  *
 141  * ic_attach - Initialize cipher. The return value is set to wk_private
 142  * ic_detach - Destruct a cipher.
 143  * ic_setkey - Validate key contents
 144  * ic_encap  - Encrypt the 802.11 MAC payload
 145  * ic_decap  - Decrypt the 802.11 MAC payload
 146  * ic_enmic  - Add MIC
 147  * ic_demic  - Check and remove MIC
 148  */
 149 struct ieee80211_cipher {
 150         const char      *ic_name;       /* printable name */
 151         uint32_t        ic_cipher;      /* IEEE80211_CIPHER_* */
 152         uint32_t        ic_header;      /* size of privacy header (bytes) */
 153         uint32_t        ic_trailer;     /* size of privacy trailer (bytes) */
 154         uint32_t        ic_miclen;      /* size of mic trailer (bytes) */
 155         void            *(*ic_attach)(struct ieee80211com *,
 156                                 struct ieee80211_key *);
 157         void            (*ic_detach)(struct ieee80211_key *);
 158         int32_t         (*ic_setkey)(struct ieee80211_key *);
 159         int32_t         (*ic_encap)(struct ieee80211_key *, mblk_t *,
 160                                 uint8_t keyid);
 161         int32_t         (*ic_decap)(struct ieee80211_key *, mblk_t *, int);
 162         int32_t         (*ic_enmic)(struct ieee80211_key *, mblk_t *, int);
 163         int32_t         (*ic_demic)(struct ieee80211_key *, mblk_t *, int);
 164 };
 165 extern  const struct ieee80211_cipher ieee80211_cipher_none;
 166
 167 struct ieee80211_key {
 168         uint8_t         wk_keylen;      /* key length in bytes */
 169         uint8_t         wk_pad;
 170         uint16_t        wk_flags;
 171         uint8_t         wk_key[IEEE80211_KEYBUF_SIZE+IEEE80211_MICBUF_SIZE];
 172         ieee80211_keyix wk_keyix;       /* h/w key index */
 173         ieee80211_keyix wk_rxkeyix;     /* optional h/w rx key index */
 174         uint64_t        wk_keyrsc;      /* key receive sequence counter */
 175         uint64_t        wk_keytsc;      /* key transmit sequence counter */
 176         const struct ieee80211_cipher   *wk_cipher;
 177         void            *wk_private;    /* private cipher state */
 178 };
 179 #define wk_txmic        wk_key+IEEE80211_KEYBUF_SIZE+0
 180 #define wk_rxmic        wk_key+IEEE80211_KEYBUF_SIZE+8
 181
 182 /*
 183  * Crypto state kept in each ieee80211com.
 184  */
 185 struct ieee80211_crypto_state {
 186         struct ieee80211_key    cs_nw_keys[IEEE80211_KEY_MAX];
 187         ieee80211_keyix         cs_def_txkey;   /* default/group tx key index */
 188         uint16_t                cs_max_keyix;   /* max h/w key index */
 189
 190         int                     (*cs_key_alloc)(struct ieee80211com *,
 191                                         const struct ieee80211_key *,
 192                                         ieee80211_keyix *, ieee80211_keyix *);
 193         int                     (*cs_key_delete)(struct ieee80211com *,
 194                                         const struct ieee80211_key *);
 195         int                     (*cs_key_set)(struct ieee80211com *,
 196                                         const struct ieee80211_key *,
 197                                         const uint8_t mac[IEEE80211_ADDR_LEN]);
 198         void                    (*cs_key_update_begin)(struct ieee80211com *);
 199         void                    (*cs_key_update_end)(struct ieee80211com *);
 200 };
 201
 202 /*
 203  * Key update synchronization methods.
 204  */
 205 #define KEY_UPDATE_BEGIN(ic)            \
 206         (ic)->ic_crypto.cs_key_update_begin(ic)
 207 #define KEY_UPDATE_END(ic)              \
 208         (ic)->ic_crypto.cs_key_update_end(ic)
 209 #define KEY_UNDEFINED(k)                \
 210         ((k).wk_cipher == &ieee80211_cipher_none)
 211
 212 #define DEV_KEY_ALLOC(ic, k, kix, rkix) \
 213         (ic)->ic_crypto.cs_key_alloc(ic, k, kix, rkix)
 214 #define DEV_KEY_DELETE(ic, k)           \
 215         (ic)->ic_crypto.cs_key_delete(ic, k)
 216 #define DEV_KEY_SET(ic, k, m)           \
 217         (ic)->ic_crypto.cs_key_set(ic, k, m)
 218
 219 #define CIPHER_DETACH(k)                \
 220         (k)->wk_cipher->ic_detach(k)
 221 #define CIPHER_ATTACH(k)                \
 222         (k)->wk_cipher->ic_attach(k)
 223
 224 #define ieee80211_crypto_demic(ic, k, m, force)         \
 225         (((k)->wk_cipher->ic_miclen > 0) ?              \
 226         (k)->wk_cipher->ic_demic(k, m, force) :         \
 227         1)
 228
 229 #define ieee80211_crypto_enmic(ic, k, m, force)         \
 230         ((k)->wk_cipher->ic_miclen > 0 ?                \
 231         (k)->wk_cipher->ic_enmic(k, m, force) :         \
 232         1)
 233
 234 void ieee80211_crypto_attach(struct ieee80211com *ic);
 235 void ieee80211_crypto_detach(struct ieee80211com *ic);
 236 void ieee80211_crypto_register(struct ieee80211com *ic,
 237     const struct ieee80211_cipher *);
 238 void ieee80211_crypto_unregister(struct ieee80211com *ic,
 239     const struct ieee80211_cipher *);
 240 void ieee80211_crypto_resetkey(struct ieee80211com *, struct ieee80211_key *,
 241         ieee80211_keyix);
 242
 243 #ifdef  __cplusplus
 244 }
 245 #endif
 246
 247 #endif  /* _SYS_NET80211_CRYPTO_H */