1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Fundamental types and constants relating to WPA 4 * 5 * Copyright (C) 1999-2019, Broadcom. 6 * 7 * Unless you and Broadcom execute a separate written software license 8 * agreement governing use of this software, this software is licensed to you 9 * under the terms of the GNU General Public License version 2 (the "GPL"), 10 * available at http://www.broadcom.com/licenses/GPLv2.php, with the 11 * following added to such license: 12 * 13 * As a special exception, the copyright holders of this software give you 14 * permission to link this software with independent modules, and to copy and 15 * distribute the resulting executable under terms of your choice, provided that 16 * you also meet, for each linked independent module, the terms and conditions of 17 * the license of that module. An independent module is a module which is not 18 * derived from this software. The special exception does not apply to any 19 * modifications of the software. 20 * 21 * Notwithstanding the above, under no circumstances may you combine this 22 * software in any way with any other Broadcom software provided under a license 23 * other than the GPL, without Broadcom's express prior written consent. 24 * 25 * 26 * <<Broadcom-WL-IPTag/Open:>> 27 * 28 * $Id: wpa.h 822438 2019-05-29 17:13:44Z $ 29 */ 30 31 #ifndef _proto_wpa_h_ 32 #define _proto_wpa_h_ 33 34 #include <typedefs.h> 35 #include <ethernet.h> 36 37 /* This marks the start of a packed structure section. */ 38 #include <packed_section_start.h> 39 40 /* Reason Codes */ 41 42 /* 13 through 23 taken from IEEE Std 802.11i-2004 */ 43 #define DOT11_RC_INVALID_WPA_IE 13 /* Invalid info. element */ 44 #define DOT11_RC_MIC_FAILURE 14 /* Michael failure */ 45 #define DOT11_RC_4WH_TIMEOUT 15 /* 4-way handshake timeout */ 46 #define DOT11_RC_GTK_UPDATE_TIMEOUT 16 /* Group key update timeout */ 47 #define DOT11_RC_WPA_IE_MISMATCH 17 /* WPA IE in 4-way handshake differs from 48 * (re-)assoc. request/probe response 49 */ 50 #define DOT11_RC_INVALID_MC_CIPHER 18 /* Invalid multicast cipher */ 51 #define DOT11_RC_INVALID_UC_CIPHER 19 /* Invalid unicast cipher */ 52 #define DOT11_RC_INVALID_AKMP 20 /* Invalid authenticated key management protocol */ 53 #define DOT11_RC_BAD_WPA_VERSION 21 /* Unsupported WPA version */ 54 #define DOT11_RC_INVALID_WPA_CAP 22 /* Invalid WPA IE capabilities */ 55 #define DOT11_RC_8021X_AUTH_FAIL 23 /* 802.1X authentication failure */ 56 57 #define WPA2_PMKID_LEN 16 58 59 /* WPA IE fixed portion */ 60 typedef BWL_PRE_PACKED_STRUCT struct 61 { 62 uint8 tag; /* TAG */ 63 uint8 length; /* TAG length */ 64 uint8 oui[3]; /* IE OUI */ 65 uint8 oui_type; /* OUI type */ 66 BWL_PRE_PACKED_STRUCT struct { 67 uint8 low; 68 uint8 high; 69 } BWL_POST_PACKED_STRUCT version; /* IE version */ 70 } BWL_POST_PACKED_STRUCT wpa_ie_fixed_t; 71 #define WPA_IE_OUITYPE_LEN 4 72 #define WPA_IE_FIXED_LEN 8 73 #define WPA_IE_TAG_FIXED_LEN 6 74 75 #define BIP_OUI_TYPE WPA2_OUI "\x06" 76 77 typedef BWL_PRE_PACKED_STRUCT struct { 78 uint8 tag; /* TAG */ 79 uint8 length; /* TAG length */ 80 BWL_PRE_PACKED_STRUCT struct { 81 uint8 low; 82 uint8 high; 83 } BWL_POST_PACKED_STRUCT version; /* IE version */ 84 } BWL_POST_PACKED_STRUCT wpa_rsn_ie_fixed_t; 85 #define WPA_RSN_IE_FIXED_LEN 4 86 #define WPA_RSN_IE_TAG_FIXED_LEN 2 87 typedef uint8 wpa_pmkid_t[WPA2_PMKID_LEN]; 88 89 #define WFA_OSEN_IE_FIXED_LEN 6 90 91 /* WPA suite/multicast suite */ 92 typedef BWL_PRE_PACKED_STRUCT struct 93 { 94 uint8 oui[3]; 95 uint8 type; 96 } BWL_POST_PACKED_STRUCT wpa_suite_t, wpa_suite_mcast_t; 97 #define WPA_SUITE_LEN 4 98 99 /* WPA unicast suite list/key management suite list */ 100 typedef BWL_PRE_PACKED_STRUCT struct 101 { 102 BWL_PRE_PACKED_STRUCT struct { 103 uint8 low; 104 uint8 high; 105 } BWL_POST_PACKED_STRUCT count; 106 wpa_suite_t list[1]; 107 } BWL_POST_PACKED_STRUCT wpa_suite_ucast_t, wpa_suite_auth_key_mgmt_t; 108 #define WPA_IE_SUITE_COUNT_LEN 2 109 typedef BWL_PRE_PACKED_STRUCT struct 110 { 111 BWL_PRE_PACKED_STRUCT struct { 112 uint8 low; 113 uint8 high; 114 } BWL_POST_PACKED_STRUCT count; 115 wpa_pmkid_t list[1]; 116 } BWL_POST_PACKED_STRUCT wpa_pmkid_list_t; 117 118 /* WPA cipher suites */ 119 #define WPA_CIPHER_NONE 0 /* None */ 120 #define WPA_CIPHER_WEP_40 1 /* WEP (40-bit) */ 121 #define WPA_CIPHER_TKIP 2 /* TKIP: default for WPA */ 122 #define WPA_CIPHER_AES_OCB 3 /* AES (OCB) */ 123 #define WPA_CIPHER_AES_CCM 4 /* AES (CCM) */ 124 #define WPA_CIPHER_WEP_104 5 /* WEP (104-bit) */ 125 #define WPA_CIPHER_BIP 6 /* WEP (104-bit) */ 126 #define WPA_CIPHER_TPK 7 /* Group addressed traffic not allowed */ 127 #ifdef BCMCCX 128 #define WPA_CIPHER_CKIP 8 /* KP with no MIC */ 129 #define WPA_CIPHER_CKIP_MMH 9 /* KP with MIC ("CKIP/MMH", "CKIP+CMIC") */ 130 #define WPA_CIPHER_WEP_MMH 10 /* MIC with no KP ("WEP/MMH", "CMIC") */ 131 132 #define IS_CCX_CIPHER(cipher) ((cipher) == WPA_CIPHER_CKIP || \ 133 (cipher) == WPA_CIPHER_CKIP_MMH || \ 134 (cipher) == WPA_CIPHER_WEP_MMH) 135 #endif /* BCMCCX */ 136 137 #define WPA_CIPHER_AES_GCM 8 /* AES (GCM) */ 138 #define WPA_CIPHER_AES_GCM256 9 /* AES (GCM256) */ 139 #define WPA_CIPHER_CCMP_256 10 /* CCMP-256 */ 140 #define WPA_CIPHER_BIP_GMAC_128 11 /* BIP_GMAC_128 */ 141 #define WPA_CIPHER_BIP_GMAC_256 12 /* BIP_GMAC_256 */ 142 #define WPA_CIPHER_BIP_CMAC_256 13 /* BIP_CMAC_256 */ 143 144 #ifdef BCMWAPI_WAI 145 #define WAPI_CIPHER_NONE WPA_CIPHER_NONE 146 #define WAPI_CIPHER_SMS4 11 147 148 #define WAPI_CSE_WPI_SMS4 1 149 #endif /* BCMWAPI_WAI */ 150 151 #define IS_WPA_CIPHER(cipher) ((cipher) == WPA_CIPHER_NONE || \ 152 (cipher) == WPA_CIPHER_WEP_40 || \ 153 (cipher) == WPA_CIPHER_WEP_104 || \ 154 (cipher) == WPA_CIPHER_TKIP || \ 155 (cipher) == WPA_CIPHER_AES_OCB || \ 156 (cipher) == WPA_CIPHER_AES_CCM || \ 157 (cipher) == WPA_CIPHER_AES_GCM || \ 158 (cipher) == WPA_CIPHER_AES_GCM256 || \ 159 (cipher) == WPA_CIPHER_CCMP_256 || \ 160 (cipher) == WPA_CIPHER_TPK) 161 162 #define IS_WPA_BIP_CIPHER(cipher) ((cipher) == WPA_CIPHER_BIP || \ 163 (cipher) == WPA_CIPHER_BIP_GMAC_128 || \ 164 (cipher) == WPA_CIPHER_BIP_GMAC_256 || \ 165 (cipher) == WPA_CIPHER_BIP_CMAC_256) 166 167 #ifdef BCMWAPI_WAI 168 #define IS_WAPI_CIPHER(cipher) ((cipher) == WAPI_CIPHER_NONE || \ 169 (cipher) == WAPI_CSE_WPI_SMS4) 170 171 /* convert WAPI_CSE_WPI_XXX to WAPI_CIPHER_XXX */ 172 #define WAPI_CSE_WPI_2_CIPHER(cse) ((cse) == WAPI_CSE_WPI_SMS4 ? \ 173 WAPI_CIPHER_SMS4 : WAPI_CIPHER_NONE) 174 175 #define WAPI_CIPHER_2_CSE_WPI(cipher) ((cipher) == WAPI_CIPHER_SMS4 ? \ 176 WAPI_CSE_WPI_SMS4 : WAPI_CIPHER_NONE) 177 #endif /* BCMWAPI_WAI */ 178 179 #define IS_VALID_AKM(akm) ((akm) == RSN_AKM_NONE || \ 180 (akm) == RSN_AKM_UNSPECIFIED || \ 181 (akm) == RSN_AKM_PSK || \ 182 (akm) == RSN_AKM_FBT_1X || \ 183 (akm) == RSN_AKM_FBT_PSK || \ 184 (akm) == RSN_AKM_MFP_1X || \ 185 (akm) == RSN_AKM_MFP_PSK || \ 186 (akm) == RSN_AKM_SHA256_1X || \ 187 (akm) == RSN_AKM_SHA256_PSK || \ 188 (akm) == RSN_AKM_TPK || \ 189 (akm) == RSN_AKM_SAE_PSK || \ 190 (akm) == RSN_AKM_SAE_FBT || \ 191 (akm) == RSN_AKM_FILS_SHA256 || \ 192 (akm) == RSN_AKM_FILS_SHA384 || \ 193 (akm) == RSN_AKM_OWE || \ 194 (akm) == RSN_AKM_SUITEB_SHA256_1X || \ 195 (akm) == RSN_AKM_SUITEB_SHA384_1X) 196 197 #define IS_VALID_BIP_CIPHER(cipher) ((cipher) == WPA_CIPHER_BIP || \ 198 (cipher) == WPA_CIPHER_BIP_GMAC_128 || \ 199 (cipher) == WPA_CIPHER_BIP_GMAC_256 || \ 200 (cipher) == WPA_CIPHER_BIP_CMAC_256) 201 202 #define WPA_IS_FT_AKM(akm) ((akm) == RSN_AKM_FBT_SHA256 || \ 203 (akm) == RSN_AKM_FBT_SHA384) 204 205 #define WPA_IS_FILS_AKM(akm) ((akm) == RSN_AKM_FILS_SHA256 || \ 206 (akm) == RSN_AKM_FILS_SHA384) 207 208 #define WPA_IS_FILS_FT_AKM(akm) ((akm) == RSN_AKM_FBT_SHA256_FILS || \ 209 (akm) == RSN_AKM_FBT_SHA384_FILS) 210 211 /* WPA TKIP countermeasures parameters */ 212 #define WPA_TKIP_CM_DETECT 60 /* multiple MIC failure window (seconds) */ 213 #define WPA_TKIP_CM_BLOCK 60 /* countermeasures active window (seconds) */ 214 215 /* RSN IE defines */ 216 #define RSN_CAP_LEN 2 /* Length of RSN capabilities field (2 octets) */ 217 218 /* RSN Capabilities defined in 802.11i */ 219 #define RSN_CAP_PREAUTH 0x0001 220 #define RSN_CAP_NOPAIRWISE 0x0002 221 #define RSN_CAP_PTK_REPLAY_CNTR_MASK 0x000C 222 #define RSN_CAP_PTK_REPLAY_CNTR_SHIFT 2 223 #define RSN_CAP_GTK_REPLAY_CNTR_MASK 0x0030 224 #define RSN_CAP_GTK_REPLAY_CNTR_SHIFT 4 225 #define RSN_CAP_1_REPLAY_CNTR 0 226 #define RSN_CAP_2_REPLAY_CNTRS 1 227 #define RSN_CAP_4_REPLAY_CNTRS 2 228 #define RSN_CAP_16_REPLAY_CNTRS 3 229 #define RSN_CAP_MFPR 0x0040 230 #define RSN_CAP_MFPC 0x0080 231 #define RSN_CAP_SPPC 0x0400 232 #define RSN_CAP_SPPR 0x0800 233 234 /* WPA capabilities defined in 802.11i */ 235 #define WPA_CAP_4_REPLAY_CNTRS RSN_CAP_4_REPLAY_CNTRS 236 #define WPA_CAP_16_REPLAY_CNTRS RSN_CAP_16_REPLAY_CNTRS 237 #define WPA_CAP_REPLAY_CNTR_SHIFT RSN_CAP_PTK_REPLAY_CNTR_SHIFT 238 #define WPA_CAP_REPLAY_CNTR_MASK RSN_CAP_PTK_REPLAY_CNTR_MASK 239 240 /* WPA capabilities defined in 802.11zD9.0 */ 241 #define WPA_CAP_PEER_KEY_ENABLE (0x1 << 1) /* bit 9 */ 242 243 /* WPA Specific defines */ 244 #define WPA_CAP_LEN RSN_CAP_LEN /* Length of RSN capabilities in RSN IE (2 octets) */ 245 #define WPA_PMKID_CNT_LEN 2 /* Length of RSN PMKID count (2 octests) */ 246 247 #define WPA_CAP_WPA2_PREAUTH RSN_CAP_PREAUTH 248 249 #define WPA2_PMKID_COUNT_LEN 2 250 251 /* RSN dev type in rsn_info struct */ 252 typedef enum { 253 DEV_NONE = 0, 254 DEV_STA = 1, 255 DEV_AP = 2 256 } device_type_t; 257 258 typedef uint32 rsn_akm_mask_t; /* RSN_AKM_... see 802.11.h */ 259 typedef uint8 rsn_cipher_t; /* WPA_CIPHER_xxx */ 260 typedef uint32 rsn_ciphers_t; /* mask of rsn_cipher_t */ 261 typedef uint8 rsn_akm_t; 262 typedef uint8 auth_ie_type_mask_t; 263 264 /* Old location for this structure. Moved to bcmwpa.h */ 265 #ifndef RSN_IE_INFO_STRUCT_RELOCATED 266 typedef struct rsn_ie_info { 267 uint8 version; 268 rsn_cipher_t g_cipher; 269 uint8 p_count; 270 uint8 akm_count; 271 uint8 pmkid_count; 272 rsn_akm_t sta_akm; /* single STA akm */ 273 uint16 caps; 274 rsn_ciphers_t p_ciphers; 275 rsn_akm_mask_t akms; 276 uint8 pmkids_offset; /* offset into the IE */ 277 rsn_cipher_t g_mgmt_cipher; 278 device_type_t dev_type; /* AP or STA */ 279 rsn_cipher_t sta_cipher; /* single STA cipher */ 280 uint16 key_desc; /* key descriptor version as STA */ 281 int parse_status; 282 uint16 mic_len; /* unused. keep for ROM compatibility. */ 283 auth_ie_type_mask_t auth_ie_type; /* bit field of WPA, WPA2 and (not yet) CCX WAPI */ 284 uint8 pmk_len; /* EAPOL PMK */ 285 uint8 kck_mic_len; /* EAPOL MIC (by KCK) */ 286 uint8 kck_len; /* EAPOL KCK */ 287 uint8 kek_len; /* EAPOL KEK */ 288 uint8 tk_len; /* EAPOL TK */ 289 uint8 ptk_len; /* EAPOL PTK */ 290 uint8 kck2_len; /* EAPOL KCK2 */ 291 uint8 kek2_len; /* EAPOL KEK2 */ 292 } rsn_ie_info_t; 293 #endif /* RSN_IE_INFO_STRUCT_RELOCATED */ 294 295 #ifdef BCMWAPI_WAI 296 #define WAPI_CAP_PREAUTH RSN_CAP_PREAUTH 297 298 /* Other WAI definition */ 299 #define WAPI_WAI_REQUEST 0x00F1 300 #define WAPI_UNICAST_REKEY 0x00F2 301 #define WAPI_STA_AGING 0x00F3 302 #define WAPI_MUTIL_REKEY 0x00F4 303 #define WAPI_STA_STATS 0x00F5 304 305 #define WAPI_USK_REKEY_COUNT 0x4000000 /* 0xA00000 */ 306 #define WAPI_MSK_REKEY_COUNT 0x4000000 /* 0xA00000 */ 307 #endif /* BCMWAPI_WAI */ 308 309 /* This marks the end of a packed structure section. */ 310 #include <packed_section_end.h> 311 312 #endif /* _proto_wpa_h_ */ 313