1 /*
2 * WPA Supplicant - Common definitions
3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #ifndef DEFS_H
10 #define DEFS_H
11
12 #define WPA_CIPHER_NONE BIT(0)
13 #define WPA_CIPHER_WEP40 BIT(1)
14 #define WPA_CIPHER_WEP104 BIT(2)
15 #define WPA_CIPHER_TKIP BIT(3)
16 #define WPA_CIPHER_CCMP BIT(4)
17 #define WPA_CIPHER_AES_128_CMAC BIT(5)
18 #define WPA_CIPHER_GCMP BIT(6)
19 #define WPA_CIPHER_SMS4 BIT(7)
20 #define WPA_CIPHER_GCMP_256 BIT(8)
21 #define WPA_CIPHER_CCMP_256 BIT(9)
22 #define WPA_CIPHER_BIP_GMAC_128 BIT(11)
23 #define WPA_CIPHER_BIP_GMAC_256 BIT(12)
24 #define WPA_CIPHER_BIP_CMAC_256 BIT(13)
25 #define WPA_CIPHER_GTK_NOT_USED BIT(14)
26
27 #define WPA_KEY_MGMT_IEEE8021X BIT(0)
28 #define WPA_KEY_MGMT_PSK BIT(1)
29 #define WPA_KEY_MGMT_NONE BIT(2)
30 #define WPA_KEY_MGMT_IEEE8021X_NO_WPA BIT(3)
31 #define WPA_KEY_MGMT_WPA_NONE BIT(4)
32 #define WPA_KEY_MGMT_FT_IEEE8021X BIT(5)
33 #define WPA_KEY_MGMT_FT_PSK BIT(6)
34 #define WPA_KEY_MGMT_IEEE8021X_SHA256 BIT(7)
35 #define WPA_KEY_MGMT_PSK_SHA256 BIT(8)
36 #define WPA_KEY_MGMT_WPS BIT(9)
37 #define WPA_KEY_MGMT_SAE BIT(10)
38 #define WPA_KEY_MGMT_FT_SAE BIT(11)
39 #define WPA_KEY_MGMT_WAPI_PSK BIT(12)
40 #define WPA_KEY_MGMT_WAPI_CERT BIT(13)
41 #define WPA_KEY_MGMT_CCKM BIT(14)
42 #define WPA_KEY_MGMT_OSEN BIT(15)
43 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B BIT(16)
44 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 BIT(17)
45 #define WPA_KEY_MGMT_FILS_SHA256 BIT(18)
46 #define WPA_KEY_MGMT_FILS_SHA384 BIT(19)
47 #define WPA_KEY_MGMT_FT_FILS_SHA256 BIT(20)
48 #define WPA_KEY_MGMT_FT_FILS_SHA384 BIT(21)
49 #define WPA_KEY_MGMT_OWE BIT(22)
50 #define WPA_KEY_MGMT_DPP BIT(23)
51 #define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24)
52
53 #define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_PSK | \
54 WPA_KEY_MGMT_FT_IEEE8021X | \
55 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | \
56 WPA_KEY_MGMT_FT_SAE | \
57 WPA_KEY_MGMT_FT_FILS_SHA256 | \
58 WPA_KEY_MGMT_FT_FILS_SHA384)
59
wpa_key_mgmt_wpa_ieee8021x(int akm)60 static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
61 {
62 return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
63 WPA_KEY_MGMT_FT_IEEE8021X |
64 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
65 WPA_KEY_MGMT_CCKM |
66 WPA_KEY_MGMT_OSEN |
67 WPA_KEY_MGMT_IEEE8021X_SHA256 |
68 WPA_KEY_MGMT_IEEE8021X_SUITE_B |
69 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
70 WPA_KEY_MGMT_FILS_SHA256 |
71 WPA_KEY_MGMT_FILS_SHA384 |
72 WPA_KEY_MGMT_FT_FILS_SHA256 |
73 WPA_KEY_MGMT_FT_FILS_SHA384));
74 }
75
wpa_key_mgmt_wpa_psk_no_sae(int akm)76 static inline int wpa_key_mgmt_wpa_psk_no_sae(int akm)
77 {
78 return !!(akm & (WPA_KEY_MGMT_PSK |
79 WPA_KEY_MGMT_FT_PSK |
80 WPA_KEY_MGMT_PSK_SHA256));
81 }
82
wpa_key_mgmt_wpa_psk(int akm)83 static inline int wpa_key_mgmt_wpa_psk(int akm)
84 {
85 return !!(akm & (WPA_KEY_MGMT_PSK |
86 WPA_KEY_MGMT_FT_PSK |
87 WPA_KEY_MGMT_PSK_SHA256 |
88 WPA_KEY_MGMT_SAE |
89 WPA_KEY_MGMT_FT_SAE));
90 }
91
wpa_key_mgmt_ft(int akm)92 static inline int wpa_key_mgmt_ft(int akm)
93 {
94 return !!(akm & WPA_KEY_MGMT_FT);
95 }
96
wpa_key_mgmt_only_ft(int akm)97 static inline int wpa_key_mgmt_only_ft(int akm)
98 {
99 int ft = wpa_key_mgmt_ft(akm);
100 akm &= ~WPA_KEY_MGMT_FT;
101 return ft && !akm;
102 }
103
wpa_key_mgmt_ft_psk(int akm)104 static inline int wpa_key_mgmt_ft_psk(int akm)
105 {
106 return !!(akm & WPA_KEY_MGMT_FT_PSK);
107 }
108
wpa_key_mgmt_sae(int akm)109 static inline int wpa_key_mgmt_sae(int akm)
110 {
111 return !!(akm & (WPA_KEY_MGMT_SAE |
112 WPA_KEY_MGMT_FT_SAE));
113 }
114
wpa_key_mgmt_fils(int akm)115 static inline int wpa_key_mgmt_fils(int akm)
116 {
117 return !!(akm & (WPA_KEY_MGMT_FILS_SHA256 |
118 WPA_KEY_MGMT_FILS_SHA384 |
119 WPA_KEY_MGMT_FT_FILS_SHA256 |
120 WPA_KEY_MGMT_FT_FILS_SHA384));
121 }
122
wpa_key_mgmt_sha256(int akm)123 static inline int wpa_key_mgmt_sha256(int akm)
124 {
125 return !!(akm & (WPA_KEY_MGMT_PSK_SHA256 |
126 WPA_KEY_MGMT_IEEE8021X_SHA256 |
127 WPA_KEY_MGMT_SAE |
128 WPA_KEY_MGMT_FT_SAE |
129 WPA_KEY_MGMT_OSEN |
130 WPA_KEY_MGMT_IEEE8021X_SUITE_B |
131 WPA_KEY_MGMT_FILS_SHA256 |
132 WPA_KEY_MGMT_FT_FILS_SHA256));
133 }
134
wpa_key_mgmt_sha384(int akm)135 static inline int wpa_key_mgmt_sha384(int akm)
136 {
137 return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
138 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
139 WPA_KEY_MGMT_FILS_SHA384 |
140 WPA_KEY_MGMT_FT_FILS_SHA384));
141 }
142
wpa_key_mgmt_suite_b(int akm)143 static inline int wpa_key_mgmt_suite_b(int akm)
144 {
145 return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B |
146 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192));
147 }
148
wpa_key_mgmt_wpa(int akm)149 static inline int wpa_key_mgmt_wpa(int akm)
150 {
151 return wpa_key_mgmt_wpa_ieee8021x(akm) ||
152 wpa_key_mgmt_wpa_psk(akm) ||
153 wpa_key_mgmt_fils(akm) ||
154 wpa_key_mgmt_sae(akm) ||
155 akm == WPA_KEY_MGMT_OWE ||
156 akm == WPA_KEY_MGMT_DPP;
157 }
158
wpa_key_mgmt_wpa_any(int akm)159 static inline int wpa_key_mgmt_wpa_any(int akm)
160 {
161 return wpa_key_mgmt_wpa(akm) || (akm & WPA_KEY_MGMT_WPA_NONE);
162 }
163
wpa_key_mgmt_cckm(int akm)164 static inline int wpa_key_mgmt_cckm(int akm)
165 {
166 return akm == WPA_KEY_MGMT_CCKM;
167 }
168
169
170 #define WPA_PROTO_WPA BIT(0)
171 #define WPA_PROTO_RSN BIT(1)
172 #define WPA_PROTO_WAPI BIT(2)
173 #define WPA_PROTO_OSEN BIT(3)
174
175 #define WPA_AUTH_ALG_OPEN BIT(0)
176 #define WPA_AUTH_ALG_SHARED BIT(1)
177 #define WPA_AUTH_ALG_LEAP BIT(2)
178 #define WPA_AUTH_ALG_FT BIT(3)
179 #define WPA_AUTH_ALG_SAE BIT(4)
180 #define WPA_AUTH_ALG_FILS BIT(5)
181 #define WPA_AUTH_ALG_FILS_SK_PFS BIT(6)
182
wpa_auth_alg_fils(int alg)183 static inline int wpa_auth_alg_fils(int alg)
184 {
185 return !!(alg & (WPA_AUTH_ALG_FILS | WPA_AUTH_ALG_FILS_SK_PFS));
186 }
187
188 enum wpa_alg {
189 WPA_ALG_NONE,
190 WPA_ALG_WEP,
191 WPA_ALG_TKIP,
192 WPA_ALG_CCMP,
193 WPA_ALG_BIP_CMAC_128,
194 WPA_ALG_GCMP,
195 WPA_ALG_SMS4,
196 WPA_ALG_KRK,
197 WPA_ALG_GCMP_256,
198 WPA_ALG_CCMP_256,
199 WPA_ALG_BIP_GMAC_128,
200 WPA_ALG_BIP_GMAC_256,
201 WPA_ALG_BIP_CMAC_256
202 };
203
wpa_alg_bip(enum wpa_alg alg)204 static inline int wpa_alg_bip(enum wpa_alg alg)
205 {
206 return alg == WPA_ALG_BIP_CMAC_128 ||
207 alg == WPA_ALG_BIP_GMAC_128 ||
208 alg == WPA_ALG_BIP_GMAC_256 ||
209 alg == WPA_ALG_BIP_CMAC_256;
210 }
211
212 /**
213 * enum wpa_states - wpa_supplicant state
214 *
215 * These enumeration values are used to indicate the current wpa_supplicant
216 * state (wpa_s->wpa_state). The current state can be retrieved with
217 * wpa_supplicant_get_state() function and the state can be changed by calling
218 * wpa_supplicant_set_state(). In WPA state machine (wpa.c and preauth.c), the
219 * wrapper functions wpa_sm_get_state() and wpa_sm_set_state() should be used
220 * to access the state variable.
221 */
222 enum wpa_states {
223 /**
224 * WPA_DISCONNECTED - Disconnected state
225 *
226 * This state indicates that client is not associated, but is likely to
227 * start looking for an access point. This state is entered when a
228 * connection is lost.
229 */
230 WPA_DISCONNECTED,
231
232 /**
233 * WPA_INTERFACE_DISABLED - Interface disabled
234 *
235 * This state is entered if the network interface is disabled, e.g.,
236 * due to rfkill. wpa_supplicant refuses any new operations that would
237 * use the radio until the interface has been enabled.
238 */
239 WPA_INTERFACE_DISABLED,
240
241 /**
242 * WPA_INACTIVE - Inactive state (wpa_supplicant disabled)
243 *
244 * This state is entered if there are no enabled networks in the
245 * configuration. wpa_supplicant is not trying to associate with a new
246 * network and external interaction (e.g., ctrl_iface call to add or
247 * enable a network) is needed to start association.
248 */
249 WPA_INACTIVE,
250
251 /**
252 * WPA_SCANNING - Scanning for a network
253 *
254 * This state is entered when wpa_supplicant starts scanning for a
255 * network.
256 */
257 WPA_SCANNING,
258
259 /**
260 * WPA_AUTHENTICATING - Trying to authenticate with a BSS/SSID
261 *
262 * This state is entered when wpa_supplicant has found a suitable BSS
263 * to authenticate with and the driver is configured to try to
264 * authenticate with this BSS. This state is used only with drivers
265 * that use wpa_supplicant as the SME.
266 */
267 WPA_AUTHENTICATING,
268
269 /**
270 * WPA_ASSOCIATING - Trying to associate with a BSS/SSID
271 *
272 * This state is entered when wpa_supplicant has found a suitable BSS
273 * to associate with and the driver is configured to try to associate
274 * with this BSS in ap_scan=1 mode. When using ap_scan=2 mode, this
275 * state is entered when the driver is configured to try to associate
276 * with a network using the configured SSID and security policy.
277 */
278 WPA_ASSOCIATING,
279
280 /**
281 * WPA_ASSOCIATED - Association completed
282 *
283 * This state is entered when the driver reports that association has
284 * been successfully completed with an AP. If IEEE 802.1X is used
285 * (with or without WPA/WPA2), wpa_supplicant remains in this state
286 * until the IEEE 802.1X/EAPOL authentication has been completed.
287 */
288 WPA_ASSOCIATED,
289
290 /**
291 * WPA_4WAY_HANDSHAKE - WPA 4-Way Key Handshake in progress
292 *
293 * This state is entered when WPA/WPA2 4-Way Handshake is started. In
294 * case of WPA-PSK, this happens when receiving the first EAPOL-Key
295 * frame after association. In case of WPA-EAP, this state is entered
296 * when the IEEE 802.1X/EAPOL authentication has been completed.
297 */
298 WPA_4WAY_HANDSHAKE,
299
300 /**
301 * WPA_GROUP_HANDSHAKE - WPA Group Key Handshake in progress
302 *
303 * This state is entered when 4-Way Key Handshake has been completed
304 * (i.e., when the supplicant sends out message 4/4) and when Group
305 * Key rekeying is started by the AP (i.e., when supplicant receives
306 * message 1/2).
307 */
308 WPA_GROUP_HANDSHAKE,
309
310 /**
311 * WPA_COMPLETED - All authentication completed
312 *
313 * This state is entered when the full authentication process is
314 * completed. In case of WPA2, this happens when the 4-Way Handshake is
315 * successfully completed. With WPA, this state is entered after the
316 * Group Key Handshake; with IEEE 802.1X (non-WPA) connection is
317 * completed after dynamic keys are received (or if not used, after
318 * the EAP authentication has been completed). With static WEP keys and
319 * plaintext connections, this state is entered when an association
320 * has been completed.
321 *
322 * This state indicates that the supplicant has completed its
323 * processing for the association phase and that data connection is
324 * fully configured.
325 */
326 WPA_COMPLETED
327 };
328
329 #define MLME_SETPROTECTION_PROTECT_TYPE_NONE 0
330 #define MLME_SETPROTECTION_PROTECT_TYPE_RX 1
331 #define MLME_SETPROTECTION_PROTECT_TYPE_TX 2
332 #define MLME_SETPROTECTION_PROTECT_TYPE_RX_TX 3
333
334 #define MLME_SETPROTECTION_KEY_TYPE_GROUP 0
335 #define MLME_SETPROTECTION_KEY_TYPE_PAIRWISE 1
336
337
338 /**
339 * enum mfp_options - Management frame protection (IEEE 802.11w) options
340 */
341 enum mfp_options {
342 NO_MGMT_FRAME_PROTECTION = 0,
343 MGMT_FRAME_PROTECTION_OPTIONAL = 1,
344 MGMT_FRAME_PROTECTION_REQUIRED = 2,
345 };
346 #define MGMT_FRAME_PROTECTION_DEFAULT 3
347
348 /**
349 * enum hostapd_hw_mode - Hardware mode
350 */
351 enum hostapd_hw_mode {
352 HOSTAPD_MODE_IEEE80211B,
353 HOSTAPD_MODE_IEEE80211G,
354 HOSTAPD_MODE_IEEE80211A,
355 HOSTAPD_MODE_IEEE80211AD,
356 HOSTAPD_MODE_IEEE80211ANY,
357 NUM_HOSTAPD_MODES
358 };
359
360 /**
361 * enum wpa_ctrl_req_type - Control interface request types
362 */
363 enum wpa_ctrl_req_type {
364 WPA_CTRL_REQ_UNKNOWN,
365 WPA_CTRL_REQ_EAP_IDENTITY,
366 WPA_CTRL_REQ_EAP_PASSWORD,
367 WPA_CTRL_REQ_EAP_NEW_PASSWORD,
368 WPA_CTRL_REQ_EAP_PIN,
369 WPA_CTRL_REQ_EAP_OTP,
370 WPA_CTRL_REQ_EAP_PASSPHRASE,
371 WPA_CTRL_REQ_SIM,
372 WPA_CTRL_REQ_PSK_PASSPHRASE,
373 WPA_CTRL_REQ_EXT_CERT_CHECK,
374 NUM_WPA_CTRL_REQS
375 };
376
377 /* Maximum number of EAP methods to store for EAP server user information */
378 #define EAP_MAX_METHODS 8
379
380 enum mesh_plink_state {
381 PLINK_IDLE = 1,
382 PLINK_OPN_SNT,
383 PLINK_OPN_RCVD,
384 PLINK_CNF_RCVD,
385 PLINK_ESTAB,
386 PLINK_HOLDING,
387 PLINK_BLOCKED, /* not defined in the IEEE 802.11 standard */
388 };
389
390 enum set_band {
391 WPA_SETBAND_AUTO,
392 WPA_SETBAND_5G,
393 WPA_SETBAND_2G
394 };
395
396 enum wpa_radio_work_band {
397 BAND_2_4_GHZ = BIT(0),
398 BAND_5_GHZ = BIT(1),
399 BAND_60_GHZ = BIT(2),
400 };
401
402 enum beacon_rate_type {
403 BEACON_RATE_LEGACY,
404 BEACON_RATE_HT,
405 BEACON_RATE_VHT
406 };
407
408 enum eap_proxy_sim_state {
409 SIM_STATE_ERROR,
410 };
411
412 #define OCE_STA BIT(0)
413 #define OCE_STA_CFON BIT(1)
414 #define OCE_AP BIT(2)
415
416 /* enum chan_width - Channel width definitions */
417 enum chan_width {
418 CHAN_WIDTH_20_NOHT,
419 CHAN_WIDTH_20,
420 CHAN_WIDTH_40,
421 CHAN_WIDTH_80,
422 CHAN_WIDTH_80P80,
423 CHAN_WIDTH_160,
424 CHAN_WIDTH_2160,
425 CHAN_WIDTH_4320,
426 CHAN_WIDTH_6480,
427 CHAN_WIDTH_8640,
428 CHAN_WIDTH_UNKNOWN
429 };
430
431 enum key_flag {
432 KEY_FLAG_MODIFY = BIT(0),
433 KEY_FLAG_DEFAULT = BIT(1),
434 KEY_FLAG_RX = BIT(2),
435 KEY_FLAG_TX = BIT(3),
436 KEY_FLAG_GROUP = BIT(4),
437 KEY_FLAG_PAIRWISE = BIT(5),
438 KEY_FLAG_PMK = BIT(6),
439 /* Used flag combinations */
440 KEY_FLAG_RX_TX = KEY_FLAG_RX | KEY_FLAG_TX,
441 KEY_FLAG_GROUP_RX_TX = KEY_FLAG_GROUP | KEY_FLAG_RX_TX,
442 KEY_FLAG_GROUP_RX_TX_DEFAULT = KEY_FLAG_GROUP_RX_TX |
443 KEY_FLAG_DEFAULT,
444 KEY_FLAG_GROUP_RX = KEY_FLAG_GROUP | KEY_FLAG_RX,
445 KEY_FLAG_GROUP_TX_DEFAULT = KEY_FLAG_GROUP | KEY_FLAG_TX |
446 KEY_FLAG_DEFAULT,
447 KEY_FLAG_PAIRWISE_RX_TX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX_TX,
448 KEY_FLAG_PAIRWISE_RX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX,
449 KEY_FLAG_PAIRWISE_RX_TX_MODIFY = KEY_FLAG_PAIRWISE_RX_TX |
450 KEY_FLAG_MODIFY,
451 /* Max allowed flags for each key type */
452 KEY_FLAG_PAIRWISE_MASK = KEY_FLAG_PAIRWISE_RX_TX_MODIFY,
453 KEY_FLAG_GROUP_MASK = KEY_FLAG_GROUP_RX_TX_DEFAULT,
454 KEY_FLAG_PMK_MASK = KEY_FLAG_PMK,
455 };
456
check_key_flag(enum key_flag key_flag)457 static inline int check_key_flag(enum key_flag key_flag)
458 {
459 return !!(!key_flag ||
460 ((key_flag & (KEY_FLAG_PAIRWISE | KEY_FLAG_MODIFY)) &&
461 (key_flag & ~KEY_FLAG_PAIRWISE_MASK)) ||
462 ((key_flag & KEY_FLAG_GROUP) &&
463 (key_flag & ~KEY_FLAG_GROUP_MASK)) ||
464 ((key_flag & KEY_FLAG_PMK) &&
465 (key_flag & ~KEY_FLAG_PMK_MASK)));
466 }
467
468 enum ptk0_rekey_handling {
469 PTK0_REKEY_ALLOW_ALWAYS,
470 PTK0_REKEY_ALLOW_LOCAL_OK,
471 PTK0_REKEY_ALLOW_NEVER
472 };
473
474 #endif /* DEFS_H */
475