Commit | Line | Data |
---|---|---|
1cac41cb MB |
1 | /* |
2 | * Fundamental types and constants relating to WPA | |
3 | * | |
4 | * Copyright (C) 1999-2019, Broadcom. | |
5 | * | |
6 | * Unless you and Broadcom execute a separate written software license | |
7 | * agreement governing use of this software, this software is licensed to you | |
8 | * under the terms of the GNU General Public License version 2 (the "GPL"), | |
9 | * available at http://www.broadcom.com/licenses/GPLv2.php, with the | |
10 | * following added to such license: | |
11 | * | |
12 | * As a special exception, the copyright holders of this software give you | |
13 | * permission to link this software with independent modules, and to copy and | |
14 | * distribute the resulting executable under terms of your choice, provided that | |
15 | * you also meet, for each linked independent module, the terms and conditions of | |
16 | * the license of that module. An independent module is a module which is not | |
17 | * derived from this software. The special exception does not apply to any | |
18 | * modifications of the software. | |
19 | * | |
20 | * Notwithstanding the above, under no circumstances may you combine this | |
21 | * software in any way with any other Broadcom software provided under a license | |
22 | * other than the GPL, without Broadcom's express prior written consent. | |
23 | * | |
24 | * | |
25 | * <<Broadcom-WL-IPTag/Open:>> | |
26 | * | |
5a068558 | 27 | * $Id: wpa.h 761317 2018-05-07 21:33:58Z $ |
1cac41cb MB |
28 | */ |
29 | ||
30 | #ifndef _proto_wpa_h_ | |
31 | #define _proto_wpa_h_ | |
32 | ||
33 | #include <typedefs.h> | |
34 | #include <ethernet.h> | |
35 | ||
36 | /* This marks the start of a packed structure section. */ | |
37 | #include <packed_section_start.h> | |
38 | ||
39 | /* Reason Codes */ | |
40 | ||
41 | /* 13 through 23 taken from IEEE Std 802.11i-2004 */ | |
42 | #define DOT11_RC_INVALID_WPA_IE 13 /* Invalid info. element */ | |
43 | #define DOT11_RC_MIC_FAILURE 14 /* Michael failure */ | |
44 | #define DOT11_RC_4WH_TIMEOUT 15 /* 4-way handshake timeout */ | |
45 | #define DOT11_RC_GTK_UPDATE_TIMEOUT 16 /* Group key update timeout */ | |
46 | #define DOT11_RC_WPA_IE_MISMATCH 17 /* WPA IE in 4-way handshake differs from | |
47 | * (re-)assoc. request/probe response | |
48 | */ | |
49 | #define DOT11_RC_INVALID_MC_CIPHER 18 /* Invalid multicast cipher */ | |
50 | #define DOT11_RC_INVALID_UC_CIPHER 19 /* Invalid unicast cipher */ | |
51 | #define DOT11_RC_INVALID_AKMP 20 /* Invalid authenticated key management protocol */ | |
52 | #define DOT11_RC_BAD_WPA_VERSION 21 /* Unsupported WPA version */ | |
53 | #define DOT11_RC_INVALID_WPA_CAP 22 /* Invalid WPA IE capabilities */ | |
54 | #define DOT11_RC_8021X_AUTH_FAIL 23 /* 802.1X authentication failure */ | |
55 | ||
56 | #define WPA2_PMKID_LEN 16 | |
57 | ||
58 | /* WPA IE fixed portion */ | |
59 | typedef BWL_PRE_PACKED_STRUCT struct | |
60 | { | |
61 | uint8 tag; /* TAG */ | |
62 | uint8 length; /* TAG length */ | |
63 | uint8 oui[3]; /* IE OUI */ | |
64 | uint8 oui_type; /* OUI type */ | |
65 | BWL_PRE_PACKED_STRUCT struct { | |
66 | uint8 low; | |
67 | uint8 high; | |
68 | } BWL_POST_PACKED_STRUCT version; /* IE version */ | |
69 | } BWL_POST_PACKED_STRUCT wpa_ie_fixed_t; | |
70 | #define WPA_IE_OUITYPE_LEN 4 | |
71 | #define WPA_IE_FIXED_LEN 8 | |
72 | #define WPA_IE_TAG_FIXED_LEN 6 | |
73 | ||
74 | #define BIP_OUI_TYPE WPA2_OUI "\x06" | |
75 | ||
76 | typedef BWL_PRE_PACKED_STRUCT struct { | |
77 | uint8 tag; /* TAG */ | |
78 | uint8 length; /* TAG length */ | |
79 | BWL_PRE_PACKED_STRUCT struct { | |
80 | uint8 low; | |
81 | uint8 high; | |
82 | } BWL_POST_PACKED_STRUCT version; /* IE version */ | |
83 | } BWL_POST_PACKED_STRUCT wpa_rsn_ie_fixed_t; | |
84 | #define WPA_RSN_IE_FIXED_LEN 4 | |
85 | #define WPA_RSN_IE_TAG_FIXED_LEN 2 | |
86 | typedef uint8 wpa_pmkid_t[WPA2_PMKID_LEN]; | |
87 | ||
88 | #define WFA_OSEN_IE_FIXED_LEN 6 | |
89 | ||
90 | /* WPA suite/multicast suite */ | |
91 | typedef BWL_PRE_PACKED_STRUCT struct | |
92 | { | |
93 | uint8 oui[3]; | |
94 | uint8 type; | |
95 | } BWL_POST_PACKED_STRUCT wpa_suite_t, wpa_suite_mcast_t; | |
96 | #define WPA_SUITE_LEN 4 | |
97 | ||
98 | /* WPA unicast suite list/key management suite list */ | |
99 | typedef BWL_PRE_PACKED_STRUCT struct | |
100 | { | |
101 | BWL_PRE_PACKED_STRUCT struct { | |
102 | uint8 low; | |
103 | uint8 high; | |
104 | } BWL_POST_PACKED_STRUCT count; | |
105 | wpa_suite_t list[1]; | |
106 | } BWL_POST_PACKED_STRUCT wpa_suite_ucast_t, wpa_suite_auth_key_mgmt_t; | |
107 | #define WPA_IE_SUITE_COUNT_LEN 2 | |
108 | typedef BWL_PRE_PACKED_STRUCT struct | |
109 | { | |
110 | BWL_PRE_PACKED_STRUCT struct { | |
111 | uint8 low; | |
112 | uint8 high; | |
113 | } BWL_POST_PACKED_STRUCT count; | |
114 | wpa_pmkid_t list[1]; | |
115 | } BWL_POST_PACKED_STRUCT wpa_pmkid_list_t; | |
116 | ||
117 | /* WPA cipher suites */ | |
118 | #define WPA_CIPHER_NONE 0 /* None */ | |
119 | #define WPA_CIPHER_WEP_40 1 /* WEP (40-bit) */ | |
120 | #define WPA_CIPHER_TKIP 2 /* TKIP: default for WPA */ | |
121 | #define WPA_CIPHER_AES_OCB 3 /* AES (OCB) */ | |
122 | #define WPA_CIPHER_AES_CCM 4 /* AES (CCM) */ | |
123 | #define WPA_CIPHER_WEP_104 5 /* WEP (104-bit) */ | |
124 | #define WPA_CIPHER_BIP 6 /* WEP (104-bit) */ | |
125 | #define WPA_CIPHER_TPK 7 /* Group addressed traffic not allowed */ | |
126 | #ifdef BCMCCX | |
127 | #define WPA_CIPHER_CKIP 8 /* KP with no MIC */ | |
128 | #define WPA_CIPHER_CKIP_MMH 9 /* KP with MIC ("CKIP/MMH", "CKIP+CMIC") */ | |
129 | #define WPA_CIPHER_WEP_MMH 10 /* MIC with no KP ("WEP/MMH", "CMIC") */ | |
130 | ||
131 | #define IS_CCX_CIPHER(cipher) ((cipher) == WPA_CIPHER_CKIP || \ | |
132 | (cipher) == WPA_CIPHER_CKIP_MMH || \ | |
133 | (cipher) == WPA_CIPHER_WEP_MMH) | |
134 | #endif /* BCMCCX */ | |
135 | ||
136 | #define WPA_CIPHER_AES_GCM 8 /* AES (GCM) */ | |
137 | #define WPA_CIPHER_AES_GCM256 9 /* AES (GCM256) */ | |
138 | #define WPA_CIPHER_CCMP_256 10 /* CCMP-256 */ | |
139 | #define WPA_CIPHER_BIP_GMAC_128 11 /* BIP_GMAC_128 */ | |
140 | #define WPA_CIPHER_BIP_GMAC_256 12 /* BIP_GMAC_256 */ | |
141 | #define WPA_CIPHER_BIP_CMAC_256 13 /* BIP_CMAC_256 */ | |
142 | ||
143 | #ifdef BCMWAPI_WAI | |
144 | #define WAPI_CIPHER_NONE WPA_CIPHER_NONE | |
145 | #define WAPI_CIPHER_SMS4 11 | |
146 | ||
147 | #define WAPI_CSE_WPI_SMS4 1 | |
148 | #endif /* BCMWAPI_WAI */ | |
149 | ||
150 | #define IS_WPA_CIPHER(cipher) ((cipher) == WPA_CIPHER_NONE || \ | |
151 | (cipher) == WPA_CIPHER_WEP_40 || \ | |
152 | (cipher) == WPA_CIPHER_WEP_104 || \ | |
153 | (cipher) == WPA_CIPHER_TKIP || \ | |
154 | (cipher) == WPA_CIPHER_AES_OCB || \ | |
155 | (cipher) == WPA_CIPHER_AES_CCM || \ | |
156 | (cipher) == WPA_CIPHER_AES_GCM || \ | |
157 | (cipher) == WPA_CIPHER_AES_GCM256 || \ | |
158 | (cipher) == WPA_CIPHER_TPK) | |
159 | ||
160 | #ifdef BCMWAPI_WAI | |
161 | #define IS_WAPI_CIPHER(cipher) ((cipher) == WAPI_CIPHER_NONE || \ | |
162 | (cipher) == WAPI_CSE_WPI_SMS4) | |
163 | ||
164 | /* convert WAPI_CSE_WPI_XXX to WAPI_CIPHER_XXX */ | |
165 | #define WAPI_CSE_WPI_2_CIPHER(cse) ((cse) == WAPI_CSE_WPI_SMS4 ? \ | |
166 | WAPI_CIPHER_SMS4 : WAPI_CIPHER_NONE) | |
167 | ||
168 | #define WAPI_CIPHER_2_CSE_WPI(cipher) ((cipher) == WAPI_CIPHER_SMS4 ? \ | |
169 | WAPI_CSE_WPI_SMS4 : WAPI_CIPHER_NONE) | |
170 | #endif /* BCMWAPI_WAI */ | |
171 | ||
172 | #define IS_VALID_AKM(akm) ((akm) == RSN_AKM_NONE || \ | |
173 | (akm) == RSN_AKM_UNSPECIFIED || \ | |
174 | (akm) == RSN_AKM_PSK || \ | |
175 | (akm) == RSN_AKM_FBT_1X || \ | |
176 | (akm) == RSN_AKM_FBT_PSK || \ | |
177 | (akm) == RSN_AKM_MFP_1X || \ | |
178 | (akm) == RSN_AKM_MFP_PSK || \ | |
179 | (akm) == RSN_AKM_SHA256_1X || \ | |
180 | (akm) == RSN_AKM_SHA256_PSK || \ | |
181 | (akm) == RSN_AKM_TPK || \ | |
182 | (akm) == RSN_AKM_SAE_PSK || \ | |
5a068558 | 183 | (akm) == RSN_AKM_SAE_FBT || \ |
1cac41cb MB |
184 | (akm) == RSN_AKM_FILS_SHA256 || \ |
185 | (akm) == RSN_AKM_FILS_SHA384 || \ | |
5a068558 MB |
186 | (akm) == RSN_AKM_OWE || \ |
187 | (akm) == RSN_AKM_SUITEB_SHA256_1X || \ | |
188 | (akm) == RSN_AKM_SUITEB_SHA384_1X) | |
1cac41cb MB |
189 | |
190 | #define IS_VALID_BIP_CIPHER(cipher) ((cipher) == WPA_CIPHER_BIP || \ | |
191 | (cipher) == WPA_CIPHER_BIP_GMAC_128 || \ | |
192 | (cipher) == WPA_CIPHER_BIP_GMAC_256 || \ | |
193 | (cipher) == WPA_CIPHER_BIP_CMAC_256) | |
194 | /* WPA TKIP countermeasures parameters */ | |
195 | #define WPA_TKIP_CM_DETECT 60 /* multiple MIC failure window (seconds) */ | |
196 | #define WPA_TKIP_CM_BLOCK 60 /* countermeasures active window (seconds) */ | |
197 | ||
198 | /* RSN IE defines */ | |
199 | #define RSN_CAP_LEN 2 /* Length of RSN capabilities field (2 octets) */ | |
200 | ||
201 | /* RSN Capabilities defined in 802.11i */ | |
202 | #define RSN_CAP_PREAUTH 0x0001 | |
203 | #define RSN_CAP_NOPAIRWISE 0x0002 | |
204 | #define RSN_CAP_PTK_REPLAY_CNTR_MASK 0x000C | |
205 | #define RSN_CAP_PTK_REPLAY_CNTR_SHIFT 2 | |
206 | #define RSN_CAP_GTK_REPLAY_CNTR_MASK 0x0030 | |
207 | #define RSN_CAP_GTK_REPLAY_CNTR_SHIFT 4 | |
208 | #define RSN_CAP_1_REPLAY_CNTR 0 | |
209 | #define RSN_CAP_2_REPLAY_CNTRS 1 | |
210 | #define RSN_CAP_4_REPLAY_CNTRS 2 | |
211 | #define RSN_CAP_16_REPLAY_CNTRS 3 | |
212 | #define RSN_CAP_MFPR 0x0040 | |
213 | #define RSN_CAP_MFPC 0x0080 | |
214 | #define RSN_CAP_SPPC 0x0400 | |
215 | #define RSN_CAP_SPPR 0x0800 | |
216 | ||
217 | /* WPA capabilities defined in 802.11i */ | |
218 | #define WPA_CAP_4_REPLAY_CNTRS RSN_CAP_4_REPLAY_CNTRS | |
219 | #define WPA_CAP_16_REPLAY_CNTRS RSN_CAP_16_REPLAY_CNTRS | |
220 | #define WPA_CAP_REPLAY_CNTR_SHIFT RSN_CAP_PTK_REPLAY_CNTR_SHIFT | |
221 | #define WPA_CAP_REPLAY_CNTR_MASK RSN_CAP_PTK_REPLAY_CNTR_MASK | |
222 | ||
223 | /* WPA capabilities defined in 802.11zD9.0 */ | |
224 | #define WPA_CAP_PEER_KEY_ENABLE (0x1 << 1) /* bit 9 */ | |
225 | ||
226 | /* WPA Specific defines */ | |
227 | #define WPA_CAP_LEN RSN_CAP_LEN /* Length of RSN capabilities in RSN IE (2 octets) */ | |
228 | #define WPA_PMKID_CNT_LEN 2 /* Length of RSN PMKID count (2 octests) */ | |
229 | ||
230 | #define WPA_CAP_WPA2_PREAUTH RSN_CAP_PREAUTH | |
231 | ||
232 | #define WPA2_PMKID_COUNT_LEN 2 | |
233 | ||
234 | /* RSN dev type in rsn_info struct */ | |
235 | typedef enum { | |
236 | DEV_NONE = 0, | |
237 | DEV_STA = 1, | |
238 | DEV_AP = 2 | |
239 | } device_type_t; | |
240 | ||
241 | typedef uint32 rsn_akm_mask_t; /* RSN_AKM_... see 802.11.h */ | |
242 | typedef uint8 rsn_cipher_t; /* WPA_CIPHER_xxx */ | |
243 | typedef uint32 rsn_ciphers_t; /* mask of rsn_cipher_t */ | |
244 | typedef uint8 rsn_akm_t; | |
245 | typedef uint8 auth_ie_type_mask_t; | |
246 | ||
247 | typedef struct rsn_ie_info { | |
248 | uint8 version; | |
249 | rsn_cipher_t g_cipher; | |
250 | uint8 p_count; | |
251 | uint8 akm_count; | |
252 | uint8 pmkid_count; | |
253 | rsn_akm_t sta_akm; /* single STA akm */ | |
254 | uint16 caps; | |
255 | rsn_ciphers_t p_ciphers; | |
256 | rsn_akm_mask_t akms; | |
257 | uint8 pmkids_offset; /* offset into the IE */ | |
258 | rsn_cipher_t g_mgmt_cipher; | |
259 | device_type_t dev_type; /* AP or STA */ | |
260 | rsn_cipher_t sta_cipher; /* single STA cipher */ | |
261 | uint16 key_desc; /* key descriptor version as STA */ | |
262 | int parse_status; | |
263 | uint16 mic_len; /* unused. keep for ROM compatibility. */ | |
264 | auth_ie_type_mask_t auth_ie_type; /* bit field of WPA, WPA2 and (not yet) CCX WAPI */ | |
265 | uint8 pmk_len; /* EAPOL PMK */ | |
266 | uint8 kck_mic_len; /* EAPOL MIC (by KCK) */ | |
267 | uint8 kck_len; /* EAPOL KCK */ | |
268 | uint8 kek_len; /* EAPOL KEK */ | |
269 | uint8 tk_len; /* EAPOL TK */ | |
270 | uint8 ptk_len; /* EAPOL PTK */ | |
271 | } rsn_ie_info_t; | |
272 | ||
273 | #ifdef BCMWAPI_WAI | |
274 | #define WAPI_CAP_PREAUTH RSN_CAP_PREAUTH | |
275 | ||
276 | /* Other WAI definition */ | |
277 | #define WAPI_WAI_REQUEST 0x00F1 | |
278 | #define WAPI_UNICAST_REKEY 0x00F2 | |
279 | #define WAPI_STA_AGING 0x00F3 | |
280 | #define WAPI_MUTIL_REKEY 0x00F4 | |
281 | #define WAPI_STA_STATS 0x00F5 | |
282 | ||
283 | #define WAPI_USK_REKEY_COUNT 0x4000000 /* 0xA00000 */ | |
284 | #define WAPI_MSK_REKEY_COUNT 0x4000000 /* 0xA00000 */ | |
285 | #endif /* BCMWAPI_WAI */ | |
286 | ||
287 | /* This marks the end of a packed structure section. */ | |
288 | #include <packed_section_end.h> | |
289 | ||
290 | #endif /* _proto_wpa_h_ */ |