2 * Fundamental types and constants relating to WPA
4 * Copyright (C) 1999-2019, Broadcom.
6 * Unless you and Broadcom execute a separate written software license
7 * agreement governing use of this software, this software is licensed to you
8 * under the terms of the GNU General Public License version 2 (the "GPL"),
9 * available at http://www.broadcom.com/licenses/GPLv2.php, with the
10 * following added to such license:
12 * As a special exception, the copyright holders of this software give you
13 * permission to link this software with independent modules, and to copy and
14 * distribute the resulting executable under terms of your choice, provided that
15 * you also meet, for each linked independent module, the terms and conditions of
16 * the license of that module. An independent module is a module which is not
17 * derived from this software. The special exception does not apply to any
18 * modifications of the software.
20 * Notwithstanding the above, under no circumstances may you combine this
21 * software in any way with any other Broadcom software provided under a license
22 * other than the GPL, without Broadcom's express prior written consent.
25 * <<Broadcom-WL-IPTag/Open:>>
27 * $Id: wpa.h 761317 2018-05-07 21:33:58Z $
36 /* This marks the start of a packed structure section. */
37 #include <packed_section_start.h>
41 /* 13 through 23 taken from IEEE Std 802.11i-2004 */
42 #define DOT11_RC_INVALID_WPA_IE 13 /* Invalid info. element */
43 #define DOT11_RC_MIC_FAILURE 14 /* Michael failure */
44 #define DOT11_RC_4WH_TIMEOUT 15 /* 4-way handshake timeout */
45 #define DOT11_RC_GTK_UPDATE_TIMEOUT 16 /* Group key update timeout */
46 #define DOT11_RC_WPA_IE_MISMATCH 17 /* WPA IE in 4-way handshake differs from
47 * (re-)assoc. request/probe response
49 #define DOT11_RC_INVALID_MC_CIPHER 18 /* Invalid multicast cipher */
50 #define DOT11_RC_INVALID_UC_CIPHER 19 /* Invalid unicast cipher */
51 #define DOT11_RC_INVALID_AKMP 20 /* Invalid authenticated key management protocol */
52 #define DOT11_RC_BAD_WPA_VERSION 21 /* Unsupported WPA version */
53 #define DOT11_RC_INVALID_WPA_CAP 22 /* Invalid WPA IE capabilities */
54 #define DOT11_RC_8021X_AUTH_FAIL 23 /* 802.1X authentication failure */
56 #define WPA2_PMKID_LEN 16
58 /* WPA IE fixed portion */
59 typedef BWL_PRE_PACKED_STRUCT
struct
62 uint8 length
; /* TAG length */
63 uint8 oui
[3]; /* IE OUI */
64 uint8 oui_type
; /* OUI type */
65 BWL_PRE_PACKED_STRUCT
struct {
68 } BWL_POST_PACKED_STRUCT version
; /* IE version */
69 } BWL_POST_PACKED_STRUCT wpa_ie_fixed_t
;
70 #define WPA_IE_OUITYPE_LEN 4
71 #define WPA_IE_FIXED_LEN 8
72 #define WPA_IE_TAG_FIXED_LEN 6
74 #define BIP_OUI_TYPE WPA2_OUI "\x06"
76 typedef BWL_PRE_PACKED_STRUCT
struct {
78 uint8 length
; /* TAG length */
79 BWL_PRE_PACKED_STRUCT
struct {
82 } BWL_POST_PACKED_STRUCT version
; /* IE version */
83 } BWL_POST_PACKED_STRUCT wpa_rsn_ie_fixed_t
;
84 #define WPA_RSN_IE_FIXED_LEN 4
85 #define WPA_RSN_IE_TAG_FIXED_LEN 2
86 typedef uint8 wpa_pmkid_t
[WPA2_PMKID_LEN
];
88 #define WFA_OSEN_IE_FIXED_LEN 6
90 /* WPA suite/multicast suite */
91 typedef BWL_PRE_PACKED_STRUCT
struct
95 } BWL_POST_PACKED_STRUCT wpa_suite_t
, wpa_suite_mcast_t
;
96 #define WPA_SUITE_LEN 4
98 /* WPA unicast suite list/key management suite list */
99 typedef BWL_PRE_PACKED_STRUCT
struct
101 BWL_PRE_PACKED_STRUCT
struct {
104 } BWL_POST_PACKED_STRUCT count
;
106 } BWL_POST_PACKED_STRUCT wpa_suite_ucast_t
, wpa_suite_auth_key_mgmt_t
;
107 #define WPA_IE_SUITE_COUNT_LEN 2
108 typedef BWL_PRE_PACKED_STRUCT
struct
110 BWL_PRE_PACKED_STRUCT
struct {
113 } BWL_POST_PACKED_STRUCT count
;
115 } BWL_POST_PACKED_STRUCT wpa_pmkid_list_t
;
117 /* WPA cipher suites */
118 #define WPA_CIPHER_NONE 0 /* None */
119 #define WPA_CIPHER_WEP_40 1 /* WEP (40-bit) */
120 #define WPA_CIPHER_TKIP 2 /* TKIP: default for WPA */
121 #define WPA_CIPHER_AES_OCB 3 /* AES (OCB) */
122 #define WPA_CIPHER_AES_CCM 4 /* AES (CCM) */
123 #define WPA_CIPHER_WEP_104 5 /* WEP (104-bit) */
124 #define WPA_CIPHER_BIP 6 /* WEP (104-bit) */
125 #define WPA_CIPHER_TPK 7 /* Group addressed traffic not allowed */
127 #define WPA_CIPHER_CKIP 8 /* KP with no MIC */
128 #define WPA_CIPHER_CKIP_MMH 9 /* KP with MIC ("CKIP/MMH", "CKIP+CMIC") */
129 #define WPA_CIPHER_WEP_MMH 10 /* MIC with no KP ("WEP/MMH", "CMIC") */
131 #define IS_CCX_CIPHER(cipher) ((cipher) == WPA_CIPHER_CKIP || \
132 (cipher) == WPA_CIPHER_CKIP_MMH || \
133 (cipher) == WPA_CIPHER_WEP_MMH)
136 #define WPA_CIPHER_AES_GCM 8 /* AES (GCM) */
137 #define WPA_CIPHER_AES_GCM256 9 /* AES (GCM256) */
138 #define WPA_CIPHER_CCMP_256 10 /* CCMP-256 */
139 #define WPA_CIPHER_BIP_GMAC_128 11 /* BIP_GMAC_128 */
140 #define WPA_CIPHER_BIP_GMAC_256 12 /* BIP_GMAC_256 */
141 #define WPA_CIPHER_BIP_CMAC_256 13 /* BIP_CMAC_256 */
144 #define WAPI_CIPHER_NONE WPA_CIPHER_NONE
145 #define WAPI_CIPHER_SMS4 11
147 #define WAPI_CSE_WPI_SMS4 1
148 #endif /* BCMWAPI_WAI */
150 #define IS_WPA_CIPHER(cipher) ((cipher) == WPA_CIPHER_NONE || \
151 (cipher) == WPA_CIPHER_WEP_40 || \
152 (cipher) == WPA_CIPHER_WEP_104 || \
153 (cipher) == WPA_CIPHER_TKIP || \
154 (cipher) == WPA_CIPHER_AES_OCB || \
155 (cipher) == WPA_CIPHER_AES_CCM || \
156 (cipher) == WPA_CIPHER_AES_GCM || \
157 (cipher) == WPA_CIPHER_AES_GCM256 || \
158 (cipher) == WPA_CIPHER_TPK)
161 #define IS_WAPI_CIPHER(cipher) ((cipher) == WAPI_CIPHER_NONE || \
162 (cipher) == WAPI_CSE_WPI_SMS4)
164 /* convert WAPI_CSE_WPI_XXX to WAPI_CIPHER_XXX */
165 #define WAPI_CSE_WPI_2_CIPHER(cse) ((cse) == WAPI_CSE_WPI_SMS4 ? \
166 WAPI_CIPHER_SMS4 : WAPI_CIPHER_NONE)
168 #define WAPI_CIPHER_2_CSE_WPI(cipher) ((cipher) == WAPI_CIPHER_SMS4 ? \
169 WAPI_CSE_WPI_SMS4 : WAPI_CIPHER_NONE)
170 #endif /* BCMWAPI_WAI */
172 #define IS_VALID_AKM(akm) ((akm) == RSN_AKM_NONE || \
173 (akm) == RSN_AKM_UNSPECIFIED || \
174 (akm) == RSN_AKM_PSK || \
175 (akm) == RSN_AKM_FBT_1X || \
176 (akm) == RSN_AKM_FBT_PSK || \
177 (akm) == RSN_AKM_MFP_1X || \
178 (akm) == RSN_AKM_MFP_PSK || \
179 (akm) == RSN_AKM_SHA256_1X || \
180 (akm) == RSN_AKM_SHA256_PSK || \
181 (akm) == RSN_AKM_TPK || \
182 (akm) == RSN_AKM_SAE_PSK || \
183 (akm) == RSN_AKM_SAE_FBT || \
184 (akm) == RSN_AKM_FILS_SHA256 || \
185 (akm) == RSN_AKM_FILS_SHA384 || \
186 (akm) == RSN_AKM_OWE || \
187 (akm) == RSN_AKM_SUITEB_SHA256_1X || \
188 (akm) == RSN_AKM_SUITEB_SHA384_1X)
190 #define IS_VALID_BIP_CIPHER(cipher) ((cipher) == WPA_CIPHER_BIP || \
191 (cipher) == WPA_CIPHER_BIP_GMAC_128 || \
192 (cipher) == WPA_CIPHER_BIP_GMAC_256 || \
193 (cipher) == WPA_CIPHER_BIP_CMAC_256)
194 /* WPA TKIP countermeasures parameters */
195 #define WPA_TKIP_CM_DETECT 60 /* multiple MIC failure window (seconds) */
196 #define WPA_TKIP_CM_BLOCK 60 /* countermeasures active window (seconds) */
199 #define RSN_CAP_LEN 2 /* Length of RSN capabilities field (2 octets) */
201 /* RSN Capabilities defined in 802.11i */
202 #define RSN_CAP_PREAUTH 0x0001
203 #define RSN_CAP_NOPAIRWISE 0x0002
204 #define RSN_CAP_PTK_REPLAY_CNTR_MASK 0x000C
205 #define RSN_CAP_PTK_REPLAY_CNTR_SHIFT 2
206 #define RSN_CAP_GTK_REPLAY_CNTR_MASK 0x0030
207 #define RSN_CAP_GTK_REPLAY_CNTR_SHIFT 4
208 #define RSN_CAP_1_REPLAY_CNTR 0
209 #define RSN_CAP_2_REPLAY_CNTRS 1
210 #define RSN_CAP_4_REPLAY_CNTRS 2
211 #define RSN_CAP_16_REPLAY_CNTRS 3
212 #define RSN_CAP_MFPR 0x0040
213 #define RSN_CAP_MFPC 0x0080
214 #define RSN_CAP_SPPC 0x0400
215 #define RSN_CAP_SPPR 0x0800
217 /* WPA capabilities defined in 802.11i */
218 #define WPA_CAP_4_REPLAY_CNTRS RSN_CAP_4_REPLAY_CNTRS
219 #define WPA_CAP_16_REPLAY_CNTRS RSN_CAP_16_REPLAY_CNTRS
220 #define WPA_CAP_REPLAY_CNTR_SHIFT RSN_CAP_PTK_REPLAY_CNTR_SHIFT
221 #define WPA_CAP_REPLAY_CNTR_MASK RSN_CAP_PTK_REPLAY_CNTR_MASK
223 /* WPA capabilities defined in 802.11zD9.0 */
224 #define WPA_CAP_PEER_KEY_ENABLE (0x1 << 1) /* bit 9 */
226 /* WPA Specific defines */
227 #define WPA_CAP_LEN RSN_CAP_LEN /* Length of RSN capabilities in RSN IE (2 octets) */
228 #define WPA_PMKID_CNT_LEN 2 /* Length of RSN PMKID count (2 octests) */
230 #define WPA_CAP_WPA2_PREAUTH RSN_CAP_PREAUTH
232 #define WPA2_PMKID_COUNT_LEN 2
234 /* RSN dev type in rsn_info struct */
241 typedef uint32 rsn_akm_mask_t
; /* RSN_AKM_... see 802.11.h */
242 typedef uint8 rsn_cipher_t
; /* WPA_CIPHER_xxx */
243 typedef uint32 rsn_ciphers_t
; /* mask of rsn_cipher_t */
244 typedef uint8 rsn_akm_t
;
245 typedef uint8 auth_ie_type_mask_t
;
247 typedef struct rsn_ie_info
{
249 rsn_cipher_t g_cipher
;
253 rsn_akm_t sta_akm
; /* single STA akm */
255 rsn_ciphers_t p_ciphers
;
257 uint8 pmkids_offset
; /* offset into the IE */
258 rsn_cipher_t g_mgmt_cipher
;
259 device_type_t dev_type
; /* AP or STA */
260 rsn_cipher_t sta_cipher
; /* single STA cipher */
261 uint16 key_desc
; /* key descriptor version as STA */
263 uint16 mic_len
; /* unused. keep for ROM compatibility. */
264 auth_ie_type_mask_t auth_ie_type
; /* bit field of WPA, WPA2 and (not yet) CCX WAPI */
265 uint8 pmk_len
; /* EAPOL PMK */
266 uint8 kck_mic_len
; /* EAPOL MIC (by KCK) */
267 uint8 kck_len
; /* EAPOL KCK */
268 uint8 kek_len
; /* EAPOL KEK */
269 uint8 tk_len
; /* EAPOL TK */
270 uint8 ptk_len
; /* EAPOL PTK */
274 #define WAPI_CAP_PREAUTH RSN_CAP_PREAUTH
276 /* Other WAI definition */
277 #define WAPI_WAI_REQUEST 0x00F1
278 #define WAPI_UNICAST_REKEY 0x00F2
279 #define WAPI_STA_AGING 0x00F3
280 #define WAPI_MUTIL_REKEY 0x00F4
281 #define WAPI_STA_STATS 0x00F5
283 #define WAPI_USK_REKEY_COUNT 0x4000000 /* 0xA00000 */
284 #define WAPI_MSK_REKEY_COUNT 0x4000000 /* 0xA00000 */
285 #endif /* BCMWAPI_WAI */
287 /* This marks the end of a packed structure section. */
288 #include <packed_section_end.h>
290 #endif /* _proto_wpa_h_ */