1/*	$OpenBSD: ieee80211_crypto.h,v 1.27 2020/05/15 14:21:09 stsp Exp $	*/
2
3/*-
4 * Copyright (c) 2007,2008 Damien Bergamini <damien.bergamini@free.fr>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#ifndef _NET80211_IEEE80211_CRYPTO_H_
20#define _NET80211_IEEE80211_CRYPTO_H_
21
22/*
23 * 802.11 protocol crypto-related definitions.
24 */
25
26/*
27 * 802.11 ciphers.
28 */
29enum ieee80211_cipher {
30	IEEE80211_CIPHER_NONE		= 0x00000000,
31	IEEE80211_CIPHER_USEGROUP	= 0x00000001,
32	IEEE80211_CIPHER_WEP40		= 0x00000002,
33	IEEE80211_CIPHER_TKIP		= 0x00000004,
34	IEEE80211_CIPHER_CCMP		= 0x00000008,
35	IEEE80211_CIPHER_WEP104		= 0x00000010,
36	IEEE80211_CIPHER_BIP		= 0x00000020	/* 11w */
37};
38
39/*
40 * 802.11 Authentication and Key Management Protocols.
41 */
42enum ieee80211_akm {
43	IEEE80211_AKM_NONE		= 0x00000000,
44	IEEE80211_AKM_8021X		= 0x00000001,
45	IEEE80211_AKM_PSK		= 0x00000002,
46	IEEE80211_AKM_SHA256_8021X	= 0x00000004,	/* 11w */
47	IEEE80211_AKM_SHA256_PSK	= 0x00000008	/* 11w */
48};
49
50#define IEEE80211_TKIP_HDRLEN	8
51#define IEEE80211_TKIP_MICLEN	8
52#define IEEE80211_TKIP_ICVLEN	4
53#define IEEE80211_CCMP_HDRLEN	8
54#define IEEE80211_CCMP_MICLEN	8
55
56#define IEEE80211_PMK_LEN	32
57
58#ifdef _KERNEL
59
60static __inline int
61ieee80211_is_8021x_akm(enum ieee80211_akm akm)
62{
63	return akm == IEEE80211_AKM_8021X ||
64	    akm == IEEE80211_AKM_SHA256_8021X;
65}
66
67static __inline int
68ieee80211_is_sha256_akm(enum ieee80211_akm akm)
69{
70	return akm == IEEE80211_AKM_SHA256_8021X ||
71	    akm == IEEE80211_AKM_SHA256_PSK;
72}
73
74struct ieee80211_key {
75	u_int8_t		k_id;		/* identifier (0-5) */
76	enum ieee80211_cipher	k_cipher;
77	u_int			k_flags;
78#define IEEE80211_KEY_GROUP	0x00000001	/* group data key */
79#define IEEE80211_KEY_TX	0x00000002	/* Tx+Rx */
80#define IEEE80211_KEY_IGTK	0x00000004	/* integrity group key */
81#define IEEE80211_KEY_SWCRYPTO	0x00000080	/* loaded for software crypto */
82
83	u_int			k_len;
84	u_int64_t		k_rsc[IEEE80211_NUM_TID];
85	u_int64_t		k_mgmt_rsc;
86	u_int64_t		k_tsc;
87	u_int8_t		k_key[32];
88	void			*k_priv;
89};
90
91#define IEEE80211_KEYBUF_SIZE	16
92
93/*
94 * Entry in the PMKSA cache.
95 */
96struct ieee80211_pmk {
97	enum ieee80211_akm	pmk_akm;
98	u_int32_t		pmk_lifetime;
99#define IEEE80211_PMK_INFINITE	0
100
101	u_int8_t		pmk_pmkid[IEEE80211_PMKID_LEN];
102	u_int8_t		pmk_macaddr[IEEE80211_ADDR_LEN];
103	u_int8_t		pmk_key[IEEE80211_PMK_LEN];
104
105	TAILQ_ENTRY(ieee80211_pmk) pmk_next;
106};
107
108/* forward references */
109struct	ieee80211com;
110struct	ieee80211_node;
111
112void	ieee80211_crypto_attach(struct ifnet *);
113void	ieee80211_crypto_detach(struct ifnet *);
114
115void	ieee80211_crypto_clear_groupkeys(struct ieee80211com *);
116struct	ieee80211_key *ieee80211_get_txkey(struct ieee80211com *,
117	    const struct ieee80211_frame *, struct ieee80211_node *);
118struct	ieee80211_key *ieee80211_get_rxkey(struct ieee80211com *,
119	    struct mbuf *, struct ieee80211_node *);
120struct	mbuf *ieee80211_encrypt(struct ieee80211com *, struct mbuf *,
121	    struct ieee80211_key *);
122struct	mbuf *ieee80211_decrypt(struct ieee80211com *, struct mbuf *,
123	    struct ieee80211_node *);
124
125int	ieee80211_set_key(struct ieee80211com *, struct ieee80211_node *,
126	    struct ieee80211_key *);
127void	ieee80211_delete_key(struct ieee80211com *, struct ieee80211_node *,
128	    struct ieee80211_key *);
129
130void	ieee80211_eapol_key_mic(struct ieee80211_eapol_key *,
131	    const u_int8_t *);
132int	ieee80211_eapol_key_check_mic(struct ieee80211_eapol_key *,
133	    const u_int8_t *);
134#ifndef IEEE80211_STA_ONLY
135void	ieee80211_eapol_key_encrypt(struct ieee80211com *,
136	    struct ieee80211_eapol_key *, const u_int8_t *);
137#endif
138int	ieee80211_eapol_key_decrypt(struct ieee80211_eapol_key *,
139	    const u_int8_t *);
140
141struct	ieee80211_pmk *ieee80211_pmksa_add(struct ieee80211com *,
142	    enum ieee80211_akm, const u_int8_t *, const u_int8_t *, u_int32_t);
143struct	ieee80211_pmk *ieee80211_pmksa_find(struct ieee80211com *,
144	    struct ieee80211_node *, const u_int8_t *);
145void	ieee80211_derive_ptk(enum ieee80211_akm, const u_int8_t *,
146	    const u_int8_t *, const u_int8_t *, const u_int8_t *,
147	    const u_int8_t *, struct ieee80211_ptk *);
148int	ieee80211_cipher_keylen(enum ieee80211_cipher);
149
150int	ieee80211_wep_set_key(struct ieee80211com *, struct ieee80211_key *);
151void	ieee80211_wep_delete_key(struct ieee80211com *,
152	    struct ieee80211_key *);
153struct	mbuf *ieee80211_wep_encrypt(struct ieee80211com *, struct mbuf *,
154	    struct ieee80211_key *);
155struct	mbuf *ieee80211_wep_decrypt(struct ieee80211com *, struct mbuf *,
156	    struct ieee80211_key *);
157
158int	ieee80211_tkip_set_key(struct ieee80211com *, struct ieee80211_key *);
159void	ieee80211_tkip_delete_key(struct ieee80211com *,
160	    struct ieee80211_key *);
161struct	mbuf *ieee80211_tkip_encrypt(struct ieee80211com *,
162	    struct mbuf *, struct ieee80211_key *);
163int	ieee80211_tkip_get_tsc(uint64_t *, uint64_t **, struct mbuf *,
164	    struct ieee80211_key *);
165struct	mbuf *ieee80211_tkip_decrypt(struct ieee80211com *,
166	    struct mbuf *, struct ieee80211_key *);
167void	ieee80211_tkip_mic(struct mbuf *, int, const u_int8_t *,
168	    u_int8_t[IEEE80211_TKIP_MICLEN]);
169void	ieee80211_michael_mic_failure(struct ieee80211com *, u_int64_t);
170#ifndef IEEE80211_STA_ONLY
171void	ieee80211_michael_mic_failure_timeout(void *);
172#endif
173
174int	ieee80211_ccmp_set_key(struct ieee80211com *, struct ieee80211_key *);
175void	ieee80211_ccmp_delete_key(struct ieee80211com *,
176	    struct ieee80211_key *);
177struct	mbuf *ieee80211_ccmp_encrypt(struct ieee80211com *, struct mbuf *,
178	    struct ieee80211_key *);
179int	ieee80211_ccmp_get_pn(uint64_t *, uint64_t **, struct mbuf *,
180	    struct ieee80211_key *);
181struct	mbuf *ieee80211_ccmp_decrypt(struct ieee80211com *, struct mbuf *,
182	    struct ieee80211_key *);
183
184int	ieee80211_bip_set_key(struct ieee80211com *, struct ieee80211_key *);
185void	ieee80211_bip_delete_key(struct ieee80211com *,
186	    struct ieee80211_key *);
187struct	mbuf *ieee80211_bip_encap(struct ieee80211com *, struct mbuf *,
188	    struct ieee80211_key *);
189struct	mbuf *ieee80211_bip_decap(struct ieee80211com *, struct mbuf *,
190	    struct ieee80211_key *);
191
192#endif /* _KERNEL */
193#endif /* _NET80211_IEEE80211_CRYPTO_H_ */
194