1 /*
2 * WPA Supplicant - Common definitions
3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #ifndef DEFS_H
10 #define DEFS_H
11
12 #ifndef BIT
13 #define BIT(x) (1U << (x))
14 #endif
15
16 #define WPA_CIPHER_NONE BIT(0)
17 #define WPA_CIPHER_WEP40 BIT(1)
18 #define WPA_CIPHER_WEP104 BIT(2)
19 #define WPA_CIPHER_TKIP BIT(3)
20 #define WPA_CIPHER_CCMP BIT(4)
21 #define WPA_CIPHER_AES_128_CMAC BIT(5)
22 #define WPA_CIPHER_GCMP BIT(6)
23 #define WPA_CIPHER_SMS4 BIT(7)
24 #define WPA_CIPHER_GCMP_256 BIT(8)
25 #define WPA_CIPHER_CCMP_256 BIT(9)
26 #define WPA_CIPHER_BIP_GMAC_128 BIT(11)
27 #define WPA_CIPHER_BIP_GMAC_256 BIT(12)
28 #define WPA_CIPHER_BIP_CMAC_256 BIT(13)
29 #define WPA_CIPHER_GTK_NOT_USED BIT(14)
30
31 #define WPA_KEY_MGMT_IEEE8021X BIT(0)
32 #define WPA_KEY_MGMT_PSK BIT(1)
33 #define WPA_KEY_MGMT_NONE BIT(2)
34 #define WPA_KEY_MGMT_IEEE8021X_NO_WPA BIT(3)
35 #define WPA_KEY_MGMT_WPA_NONE BIT(4)
36 #define WPA_KEY_MGMT_FT_IEEE8021X BIT(5)
37 #define WPA_KEY_MGMT_FT_PSK BIT(6)
38 #define WPA_KEY_MGMT_IEEE8021X_SHA256 BIT(7)
39 #define WPA_KEY_MGMT_PSK_SHA256 BIT(8)
40 #define WPA_KEY_MGMT_WPS BIT(9)
41 #define WPA_KEY_MGMT_SAE BIT(10)
42 #define WPA_KEY_MGMT_FT_SAE BIT(11)
43 #define WPA_KEY_MGMT_WAPI_PSK BIT(12)
44 #define WPA_KEY_MGMT_WAPI_CERT BIT(13)
45 #define WPA_KEY_MGMT_CCKM BIT(14)
46 #define WPA_KEY_MGMT_OSEN BIT(15)
47 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B BIT(16)
48 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 BIT(17)
49 #define WPA_KEY_MGMT_FILS_SHA256 BIT(18)
50 #define WPA_KEY_MGMT_FILS_SHA384 BIT(19)
51 #define WPA_KEY_MGMT_FT_FILS_SHA256 BIT(20)
52 #define WPA_KEY_MGMT_FT_FILS_SHA384 BIT(21)
53 #define WPA_KEY_MGMT_OWE BIT(22)
54 #define WPA_KEY_MGMT_DPP BIT(23)
55 #define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24)
56 #define WPA_KEY_MGMT_PASN BIT(25)
57
58
59 #define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_PSK | \
60 WPA_KEY_MGMT_FT_IEEE8021X | \
61 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | \
62 WPA_KEY_MGMT_FT_SAE | \
63 WPA_KEY_MGMT_FT_FILS_SHA256 | \
64 WPA_KEY_MGMT_FT_FILS_SHA384)
65
wpa_key_mgmt_wpa_ieee8021x(int akm)66 static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
67 {
68 return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
69 WPA_KEY_MGMT_FT_IEEE8021X |
70 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
71 WPA_KEY_MGMT_CCKM |
72 WPA_KEY_MGMT_OSEN |
73 WPA_KEY_MGMT_IEEE8021X_SHA256 |
74 WPA_KEY_MGMT_IEEE8021X_SUITE_B |
75 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
76 WPA_KEY_MGMT_FILS_SHA256 |
77 WPA_KEY_MGMT_FILS_SHA384 |
78 WPA_KEY_MGMT_FT_FILS_SHA256 |
79 WPA_KEY_MGMT_FT_FILS_SHA384));
80 }
81
wpa_key_mgmt_wpa_psk_no_sae(int akm)82 static inline int wpa_key_mgmt_wpa_psk_no_sae(int akm)
83 {
84 return !!(akm & (WPA_KEY_MGMT_PSK |
85 WPA_KEY_MGMT_FT_PSK |
86 WPA_KEY_MGMT_PSK_SHA256));
87 }
88
wpa_key_mgmt_wpa_psk(int akm)89 static inline int wpa_key_mgmt_wpa_psk(int akm)
90 {
91 return !!(akm & (WPA_KEY_MGMT_PSK |
92 WPA_KEY_MGMT_FT_PSK |
93 WPA_KEY_MGMT_PSK_SHA256 |
94 WPA_KEY_MGMT_SAE |
95 WPA_KEY_MGMT_FT_SAE));
96 }
97
wpa_key_mgmt_ft(int akm)98 static inline int wpa_key_mgmt_ft(int akm)
99 {
100 return !!(akm & WPA_KEY_MGMT_FT);
101 }
102
wpa_key_mgmt_only_ft(int akm)103 static inline int wpa_key_mgmt_only_ft(int akm)
104 {
105 int ft = wpa_key_mgmt_ft(akm);
106 akm &= ~WPA_KEY_MGMT_FT;
107 return ft && !akm;
108 }
109
wpa_key_mgmt_ft_psk(int akm)110 static inline int wpa_key_mgmt_ft_psk(int akm)
111 {
112 return !!(akm & WPA_KEY_MGMT_FT_PSK);
113 }
114
wpa_key_mgmt_sae(int akm)115 static inline int wpa_key_mgmt_sae(int akm)
116 {
117 return !!(akm & (WPA_KEY_MGMT_SAE |
118 WPA_KEY_MGMT_FT_SAE));
119 }
120
wpa_key_mgmt_fils(int akm)121 static inline int wpa_key_mgmt_fils(int akm)
122 {
123 return !!(akm & (WPA_KEY_MGMT_FILS_SHA256 |
124 WPA_KEY_MGMT_FILS_SHA384 |
125 WPA_KEY_MGMT_FT_FILS_SHA256 |
126 WPA_KEY_MGMT_FT_FILS_SHA384));
127 }
128
wpa_key_mgmt_sha256(int akm)129 static inline int wpa_key_mgmt_sha256(int akm)
130 {
131 return !!(akm & (WPA_KEY_MGMT_PSK_SHA256 |
132 WPA_KEY_MGMT_IEEE8021X_SHA256 |
133 WPA_KEY_MGMT_SAE |
134 WPA_KEY_MGMT_FT_SAE |
135 WPA_KEY_MGMT_OSEN |
136 WPA_KEY_MGMT_IEEE8021X_SUITE_B |
137 WPA_KEY_MGMT_FILS_SHA256 |
138 WPA_KEY_MGMT_FT_FILS_SHA256));
139 }
140
wpa_key_mgmt_sha384(int akm)141 static inline int wpa_key_mgmt_sha384(int akm)
142 {
143 return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
144 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
145 WPA_KEY_MGMT_FILS_SHA384 |
146 WPA_KEY_MGMT_FT_FILS_SHA384));
147 }
148
wpa_key_mgmt_suite_b(int akm)149 static inline int wpa_key_mgmt_suite_b(int akm)
150 {
151 return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B |
152 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192));
153 }
154
wpa_key_mgmt_wpa(int akm)155 static inline int wpa_key_mgmt_wpa(int akm)
156 {
157 return wpa_key_mgmt_wpa_ieee8021x(akm) ||
158 wpa_key_mgmt_wpa_psk(akm) ||
159 wpa_key_mgmt_fils(akm) ||
160 wpa_key_mgmt_sae(akm) ||
161 akm == WPA_KEY_MGMT_OWE ||
162 akm == WPA_KEY_MGMT_DPP;
163 }
164
wpa_key_mgmt_wpa_any(int akm)165 static inline int wpa_key_mgmt_wpa_any(int akm)
166 {
167 return wpa_key_mgmt_wpa(akm) || (akm & WPA_KEY_MGMT_WPA_NONE);
168 }
169
wpa_key_mgmt_cckm(int akm)170 static inline int wpa_key_mgmt_cckm(int akm)
171 {
172 return akm == WPA_KEY_MGMT_CCKM;
173 }
174
175
176 #define WPA_PROTO_WPA BIT(0)
177 #define WPA_PROTO_RSN BIT(1)
178 #define WPA_PROTO_WAPI BIT(2)
179 #define WPA_PROTO_OSEN BIT(3)
180
181 #define WPA_AUTH_ALG_OPEN BIT(0)
182 #define WPA_AUTH_ALG_SHARED BIT(1)
183 #define WPA_AUTH_ALG_LEAP BIT(2)
184 #define WPA_AUTH_ALG_FT BIT(3)
185 #define WPA_AUTH_ALG_SAE BIT(4)
186 #define WPA_AUTH_ALG_FILS BIT(5)
187 #define WPA_AUTH_ALG_FILS_SK_PFS BIT(6)
188
wpa_auth_alg_fils(int alg)189 static inline int wpa_auth_alg_fils(int alg)
190 {
191 return !!(alg & (WPA_AUTH_ALG_FILS | WPA_AUTH_ALG_FILS_SK_PFS));
192 }
193
194 enum wpa_alg {
195 WPA_ALG_NONE,
196 WPA_ALG_WEP,
197 WPA_ALG_TKIP,
198 WPA_ALG_CCMP,
199 WPA_ALG_BIP_CMAC_128,
200 WPA_ALG_GCMP,
201 WPA_ALG_SMS4,
202 WPA_ALG_KRK,
203 WPA_ALG_GCMP_256,
204 WPA_ALG_CCMP_256,
205 WPA_ALG_BIP_GMAC_128,
206 WPA_ALG_BIP_GMAC_256,
207 WPA_ALG_BIP_CMAC_256
208 };
209
wpa_alg_bip(enum wpa_alg alg)210 static inline int wpa_alg_bip(enum wpa_alg alg)
211 {
212 return alg == WPA_ALG_BIP_CMAC_128 ||
213 alg == WPA_ALG_BIP_GMAC_128 ||
214 alg == WPA_ALG_BIP_GMAC_256 ||
215 alg == WPA_ALG_BIP_CMAC_256;
216 }
217
218 /**
219 * enum wpa_states - wpa_supplicant state
220 *
221 * These enumeration values are used to indicate the current wpa_supplicant
222 * state (wpa_s->wpa_state). The current state can be retrieved with
223 * wpa_supplicant_get_state() function and the state can be changed by calling
224 * wpa_supplicant_set_state(). In WPA state machine (wpa.c and preauth.c), the
225 * wrapper functions wpa_sm_get_state() and wpa_sm_set_state() should be used
226 * to access the state variable.
227 */
228 enum wpa_states {
229 /**
230 * WPA_DISCONNECTED - Disconnected state
231 *
232 * This state indicates that client is not associated, but is likely to
233 * start looking for an access point. This state is entered when a
234 * connection is lost.
235 */
236 WPA_DISCONNECTED,
237
238 /**
239 * WPA_INTERFACE_DISABLED - Interface disabled
240 *
241 * This state is entered if the network interface is disabled, e.g.,
242 * due to rfkill. wpa_supplicant refuses any new operations that would
243 * use the radio until the interface has been enabled.
244 */
245 WPA_INTERFACE_DISABLED,
246
247 /**
248 * WPA_INACTIVE - Inactive state (wpa_supplicant disabled)
249 *
250 * This state is entered if there are no enabled networks in the
251 * configuration. wpa_supplicant is not trying to associate with a new
252 * network and external interaction (e.g., ctrl_iface call to add or
253 * enable a network) is needed to start association.
254 */
255 WPA_INACTIVE,
256
257 /**
258 * WPA_SCANNING - Scanning for a network
259 *
260 * This state is entered when wpa_supplicant starts scanning for a
261 * network.
262 */
263 WPA_SCANNING,
264
265 /**
266 * WPA_AUTHENTICATING - Trying to authenticate with a BSS/SSID
267 *
268 * This state is entered when wpa_supplicant has found a suitable BSS
269 * to authenticate with and the driver is configured to try to
270 * authenticate with this BSS. This state is used only with drivers
271 * that use wpa_supplicant as the SME.
272 */
273 WPA_AUTHENTICATING,
274
275 /**
276 * WPA_ASSOCIATING - Trying to associate with a BSS/SSID
277 *
278 * This state is entered when wpa_supplicant has found a suitable BSS
279 * to associate with and the driver is configured to try to associate
280 * with this BSS in ap_scan=1 mode. When using ap_scan=2 mode, this
281 * state is entered when the driver is configured to try to associate
282 * with a network using the configured SSID and security policy.
283 */
284 WPA_ASSOCIATING,
285
286 /**
287 * WPA_ASSOCIATED - Association completed
288 *
289 * This state is entered when the driver reports that association has
290 * been successfully completed with an AP. If IEEE 802.1X is used
291 * (with or without WPA/WPA2), wpa_supplicant remains in this state
292 * until the IEEE 802.1X/EAPOL authentication has been completed.
293 */
294 WPA_ASSOCIATED,
295
296 /**
297 * WPA_4WAY_HANDSHAKE - WPA 4-Way Key Handshake in progress
298 *
299 * This state is entered when WPA/WPA2 4-Way Handshake is started. In
300 * case of WPA-PSK, this happens when receiving the first EAPOL-Key
301 * frame after association. In case of WPA-EAP, this state is entered
302 * when the IEEE 802.1X/EAPOL authentication has been completed.
303 */
304 WPA_4WAY_HANDSHAKE,
305
306 /**
307 * WPA_GROUP_HANDSHAKE - WPA Group Key Handshake in progress
308 *
309 * This state is entered when 4-Way Key Handshake has been completed
310 * (i.e., when the supplicant sends out message 4/4) and when Group
311 * Key rekeying is started by the AP (i.e., when supplicant receives
312 * message 1/2).
313 */
314 WPA_GROUP_HANDSHAKE,
315
316 /**
317 * WPA_COMPLETED - All authentication completed
318 *
319 * This state is entered when the full authentication process is
320 * completed. In case of WPA2, this happens when the 4-Way Handshake is
321 * successfully completed. With WPA, this state is entered after the
322 * Group Key Handshake; with IEEE 802.1X (non-WPA) connection is
323 * completed after dynamic keys are received (or if not used, after
324 * the EAP authentication has been completed). With static WEP keys and
325 * plaintext connections, this state is entered when an association
326 * has been completed.
327 *
328 * This state indicates that the supplicant has completed its
329 * processing for the association phase and that data connection is
330 * fully configured.
331 */
332 WPA_COMPLETED
333 };
334
335 #define MLME_SETPROTECTION_PROTECT_TYPE_NONE 0
336 #define MLME_SETPROTECTION_PROTECT_TYPE_RX 1
337 #define MLME_SETPROTECTION_PROTECT_TYPE_TX 2
338 #define MLME_SETPROTECTION_PROTECT_TYPE_RX_TX 3
339
340 #define MLME_SETPROTECTION_KEY_TYPE_GROUP 0
341 #define MLME_SETPROTECTION_KEY_TYPE_PAIRWISE 1
342
343
344 /**
345 * enum mfp_options - Management frame protection (IEEE 802.11w) options
346 */
347 enum mfp_options {
348 NO_MGMT_FRAME_PROTECTION = 0,
349 MGMT_FRAME_PROTECTION_OPTIONAL = 1,
350 MGMT_FRAME_PROTECTION_REQUIRED = 2,
351 };
352 #define MGMT_FRAME_PROTECTION_DEFAULT 3
353
354 /**
355 * enum hostapd_hw_mode - Hardware mode
356 */
357 enum hostapd_hw_mode {
358 HOSTAPD_MODE_IEEE80211B,
359 HOSTAPD_MODE_IEEE80211G,
360 HOSTAPD_MODE_IEEE80211A,
361 HOSTAPD_MODE_IEEE80211AD,
362 HOSTAPD_MODE_IEEE80211ANY,
363 NUM_HOSTAPD_MODES
364 };
365
366 /**
367 * enum wpa_ctrl_req_type - Control interface request types
368 */
369 enum wpa_ctrl_req_type {
370 WPA_CTRL_REQ_UNKNOWN,
371 WPA_CTRL_REQ_EAP_IDENTITY,
372 WPA_CTRL_REQ_EAP_PASSWORD,
373 WPA_CTRL_REQ_EAP_NEW_PASSWORD,
374 WPA_CTRL_REQ_EAP_PIN,
375 WPA_CTRL_REQ_EAP_OTP,
376 WPA_CTRL_REQ_EAP_PASSPHRASE,
377 WPA_CTRL_REQ_SIM,
378 WPA_CTRL_REQ_PSK_PASSPHRASE,
379 WPA_CTRL_REQ_EXT_CERT_CHECK,
380 NUM_WPA_CTRL_REQS
381 };
382
383 /* Maximum number of EAP methods to store for EAP server user information */
384 #define EAP_MAX_METHODS 8
385
386 enum mesh_plink_state {
387 PLINK_IDLE = 1,
388 PLINK_OPN_SNT,
389 PLINK_OPN_RCVD,
390 PLINK_CNF_RCVD,
391 PLINK_ESTAB,
392 PLINK_HOLDING,
393 PLINK_BLOCKED, /* not defined in the IEEE 802.11 standard */
394 };
395
396 enum set_band {
397 WPA_SETBAND_AUTO = 0,
398 WPA_SETBAND_5G = BIT(0),
399 WPA_SETBAND_2G = BIT(1),
400 WPA_SETBAND_6G = BIT(2),
401 };
402
403 enum wpa_radio_work_band {
404 BAND_2_4_GHZ = 1,
405 BAND_5_GHZ = 2,
406 BAND_60_GHZ = 4,
407 };
408
409 enum beacon_rate_type {
410 BEACON_RATE_LEGACY,
411 BEACON_RATE_HT,
412 BEACON_RATE_VHT,
413 BEACON_RATE_HE
414 };
415
416 enum eap_proxy_sim_state {
417 SIM_STATE_ERROR,
418 };
419
420 #define OCE_STA BIT(0)
421 #define OCE_STA_CFON BIT(1)
422 #define OCE_AP BIT(2)
423
424 /* enum chan_width - Channel width definitions */
425 enum chan_width {
426 CHAN_WIDTH_20_NOHT,
427 CHAN_WIDTH_20,
428 CHAN_WIDTH_40,
429 CHAN_WIDTH_80,
430 CHAN_WIDTH_80P80,
431 CHAN_WIDTH_160,
432 CHAN_WIDTH_2160,
433 CHAN_WIDTH_4320,
434 CHAN_WIDTH_6480,
435 CHAN_WIDTH_8640,
436 CHAN_WIDTH_UNKNOWN
437 };
438
439 enum key_flag {
440 KEY_FLAG_MODIFY = BIT(0),
441 KEY_FLAG_DEFAULT = BIT(1),
442 KEY_FLAG_RX = BIT(2),
443 KEY_FLAG_TX = BIT(3),
444 KEY_FLAG_GROUP = BIT(4),
445 KEY_FLAG_PAIRWISE = BIT(5),
446 KEY_FLAG_PMK = BIT(6),
447 /* Used flag combinations */
448 KEY_FLAG_RX_TX = KEY_FLAG_RX | KEY_FLAG_TX,
449 KEY_FLAG_GROUP_RX_TX = KEY_FLAG_GROUP | KEY_FLAG_RX_TX,
450 KEY_FLAG_GROUP_RX_TX_DEFAULT = KEY_FLAG_GROUP_RX_TX |
451 KEY_FLAG_DEFAULT,
452 KEY_FLAG_GROUP_RX = KEY_FLAG_GROUP | KEY_FLAG_RX,
453 KEY_FLAG_GROUP_TX_DEFAULT = KEY_FLAG_GROUP | KEY_FLAG_TX |
454 KEY_FLAG_DEFAULT,
455 KEY_FLAG_PAIRWISE_RX_TX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX_TX,
456 KEY_FLAG_PAIRWISE_RX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX,
457 KEY_FLAG_PAIRWISE_RX_TX_MODIFY = KEY_FLAG_PAIRWISE_RX_TX |
458 KEY_FLAG_MODIFY,
459 /* Max allowed flags for each key type */
460 KEY_FLAG_PAIRWISE_MASK = KEY_FLAG_PAIRWISE_RX_TX_MODIFY,
461 KEY_FLAG_GROUP_MASK = KEY_FLAG_GROUP_RX_TX_DEFAULT,
462 KEY_FLAG_PMK_MASK = KEY_FLAG_PMK,
463 };
464
check_key_flag(enum key_flag key_flag)465 static inline int check_key_flag(enum key_flag key_flag)
466 {
467 return !!(!key_flag ||
468 ((key_flag & (KEY_FLAG_PAIRWISE | KEY_FLAG_MODIFY)) &&
469 (key_flag & ~KEY_FLAG_PAIRWISE_MASK)) ||
470 ((key_flag & KEY_FLAG_GROUP) &&
471 (key_flag & ~KEY_FLAG_GROUP_MASK)) ||
472 ((key_flag & KEY_FLAG_PMK) &&
473 (key_flag & ~KEY_FLAG_PMK_MASK)));
474 }
475
476 enum ptk0_rekey_handling {
477 PTK0_REKEY_ALLOW_ALWAYS,
478 PTK0_REKEY_ALLOW_LOCAL_OK,
479 PTK0_REKEY_ALLOW_NEVER
480 };
481
482 #endif /* DEFS_H */
483