1 /* 2 * bcmwpa.h - interface definitions of shared WPA-related functions 3 * 4 * Broadcom Proprietary and Confidential. Copyright (C) 2020, 5 * All Rights Reserved. 6 * 7 * This is UNPUBLISHED PROPRIETARY SOURCE CODE of Broadcom; 8 * the contents of this file may not be disclosed to third parties, 9 * copied or duplicated in any form, in whole or in part, without 10 * the prior written permission of Broadcom. 11 * 12 * 13 * <<Broadcom-WL-IPTag/Proprietary:>> 14 */ 15 16 #ifndef _BCMWPA_H_ 17 #define _BCMWPA_H_ 18 #ifdef BCM_EXTERNAL_APP 19 typedef int osl_t; 20 #endif 21 #include <wpa.h> 22 #if defined(BCMSUP_PSK) || defined(BCMSUPPL) || \ 23 defined(MFP) || defined(BCMAUTH_PSK) || defined(WLFBT) || \ 24 defined(WL_OKC) || defined(GTKOE) || defined(WL_FILS) 25 #include <eapol.h> 26 #endif 27 #include <802.11.h> 28 #ifdef WLP2P 29 #include <p2p.h> 30 #endif 31 #include <rc4.h> 32 #include <bcmutils.h> 33 #include <wlioctl.h> 34 #include <sha2.h> 35 #ifdef WL_OCV 36 #include <bcm_ocv.h> 37 #endif /* WL_OCV */ 38 39 /* Field sizes for WPA key hierarchy */ 40 #define WPA_TEMP_TX_KEY_LEN 8u 41 #define WPA_TEMP_RX_KEY_LEN 8u 42 43 #define PMK_LEN 32u 44 #define TKIP_PTK_LEN 64u 45 #define TKIP_TK_LEN 32u 46 #define AES_PTK_LEN 48u 47 #define AES_TK_LEN 16u 48 #define AES_GCM_PTK_LEN 48u 49 #define AES_GCM_TK_LEN 16u 50 #define AES_GCM256_PTK_LEN 64u 51 #define AES_GCM256_TK_LEN 32u 52 53 /* limits for pre-shared key lengths */ 54 #define WPA_MIN_PSK_LEN 8u 55 #define WPA_MAX_PSK_LEN 64u 56 57 #define WPA_KEY_DATA_LEN_256 256u /* allocation size of 256 for temp data pointer. */ 58 #define WPA_KEY_DATA_LEN_128 128u /* allocation size of 128 for temp data pointer. */ 59 60 /* Minimum length of WPA2 GTK encapsulation in EAPOL */ 61 #define EAPOL_WPA2_GTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \ 62 TLV_HDR_LEN + EAPOL_WPA2_KEY_GTK_ENCAP_HDR_LEN) 63 64 /* Minimum length of WPA2 IGTK encapsulation in EAPOL */ 65 #define EAPOL_WPA2_IGTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \ 66 TLV_HDR_LEN + EAPOL_WPA2_KEY_IGTK_ENCAP_HDR_LEN) 67 68 /* Minimum length of BIGTK encapsulation in EAPOL */ 69 #define EAPOL_WPA2_BIGTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \ 70 TLV_HDR_LEN + EAPOL_WPA2_KEY_BIGTK_ENCAP_HDR_LEN) 71 72 #ifdef WL_OCV 73 /* Size of the OCI element */ 74 #define WPA_OCV_OCI_IE_SIZE \ 75 (bcm_ocv_get_oci_len() + BCM_TLV_EXT_HDR_SIZE) 76 77 /* Size of the OCI KDE */ 78 #define WPA_OCV_OCI_KDE_SIZE \ 79 (bcm_ocv_get_oci_len() + EAPOL_WPA2_ENCAP_DATA_HDR_LEN) 80 81 /* Size of the OCI subelement */ 82 #define WPA_OCV_OCI_SUBELEM_SIZE \ 83 (bcm_ocv_get_oci_len() + TLV_HDR_LEN) 84 85 /* Minimum length of WPA2 OCI encapsulation in EAPOL */ 86 #define EAPOL_WPA2_OCI_ENCAP_MIN_LEN \ 87 (WPA_OCV_OCI_KDE_SIZE - TLV_HDR_LEN) 88 #endif /* WL_OCV */ 89 90 #ifdef WLFIPS 91 #define WLC_SW_KEYS(wlc, bsscfg) ((((wlc)->wsec_swkeys) || \ 92 ((bsscfg)->wsec & (WSEC_SWFLAG | FIPS_ENABLED)))) 93 #else 94 #define WLC_SW_KEYS(wlc, bsscfg) ((((wlc)->wsec_swkeys) || \ 95 ((bsscfg)->wsec & WSEC_SWFLAG))) 96 #endif /* WLFIPS */ 97 98 /* This doesn't really belong here, but neither does WSEC_CKIP* */ 99 /* per-packet encryption exemption policy */ 100 /* no exemption...follow whatever standard rules apply */ 101 #define WSEC_EXEMPT_NO 0 102 /* send unencrypted */ 103 #define WSEC_EXEMPT_ALWAYS 1 104 /* send unencrypted if no pairwise key */ 105 #define WSEC_EXEMPT_NO_PAIRWISE 2 106 107 #define WPA_CIPHER_UNSPECIFIED 0xff 108 #define WPA_P_CIPHERS_UNSPECIFIED 0x80000000 109 110 #ifdef RSN_IE_INFO_STRUCT_RELOCATED 111 #define WPA_AKMS_UNSPECIFIED 0x80000000 112 #else 113 #define WPA_AKMS_UNSPECIFIED 0 114 #endif 115 116 #ifdef BCMWAPI_WAI 117 #define IS_WAPI_AUTH(auth) ((auth) == WAPI_AUTH_UNSPECIFIED || \ 118 (auth) == WAPI_AUTH_PSK) 119 #define INCLUDES_WAPI_AUTH(auth) \ 120 ((auth) & (WAPI_AUTH_UNSPECIFIED | \ 121 WAPI_AUTH_PSK)) 122 #endif /* BCMWAPI_WAI */ 123 124 #define IS_WPA_AKM(akm) ((akm) == RSN_AKM_NONE || \ 125 (akm) == RSN_AKM_UNSPECIFIED || \ 126 (akm) == RSN_AKM_PSK) 127 128 #define IS_WPA2_AKM(akm) ((akm) == RSN_AKM_UNSPECIFIED || \ 129 (akm) == RSN_AKM_PSK || \ 130 (akm) == RSN_AKM_FILS_SHA256 || \ 131 (akm) == RSN_AKM_FILS_SHA384) 132 133 /* this doesn't mean much. A WPA (not RSN) akm type would match this */ 134 #define RSN_AKM_MASK (\ 135 BCM_BIT(RSN_AKM_UNSPECIFIED) | \ 136 BCM_BIT(RSN_AKM_PSK) | \ 137 BCM_BIT(RSN_AKM_SAE_PSK) | \ 138 BCM_BIT(RSN_AKM_FILS_SHA256) | \ 139 BCM_BIT(RSN_AKM_FILS_SHA384) | \ 140 BCM_BIT(RSN_AKM_OWE) | \ 141 BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ 142 BCM_BIT(RSN_AKM_SUITEB_SHA384_1X)) 143 144 /* verify less than 32 before shifting bits */ 145 #define VALID_AKM_BIT(akm) ((akm) < 32u ? BCM_BIT((akm)) : 0u) 146 147 #define IS_RSN_AKM(akm) (VALID_AKM_BIT((akm)) & RSN_AKM_MASK) 148 149 #define FBT_AKM_MASK (BCM_BIT(RSN_AKM_FBT_1X) | \ 150 BCM_BIT(RSN_AKM_FBT_PSK) | \ 151 BCM_BIT(RSN_AKM_SAE_FBT) | \ 152 BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \ 153 BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \ 154 BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \ 155 BCM_BIT(RSN_AKM_FBT_SHA384_PSK)) 156 157 #define IS_FBT_AKM(akm) (VALID_AKM_BIT((akm)) & FBT_AKM_MASK) 158 159 #define FILS_AKM_MASK (\ 160 BCM_BIT(RSN_AKM_FILS_SHA256) | \ 161 BCM_BIT(RSN_AKM_FILS_SHA384)) 162 163 #define IS_FILS_AKM(akm) (VALID_AKM_BIT((akm)) & FILS_AKM_MASK) 164 165 #define MFP_AKM_MASK (\ 166 BCM_BIT(RSN_AKM_SHA256_1X) | \ 167 BCM_BIT(RSN_AKM_SHA256_PSK)) 168 169 #define IS_MFP_AKM(akm) (MFP_AKM_MASK & VALID_AKM_BIT((akm))) 170 171 #ifdef BCMWAPI_WAI 172 #define IS_WAPI_AKM(akm) ((akm) == RSN_AKM_NONE || \ 173 (akm) == RSN_AKM_UNSPECIFIED || \ 174 (akm) == RSN_AKM_PSK) 175 #endif /* BCMWAPI_WAI */ 176 177 #define IS_TDLS_AKM(akm) ((akm) == RSN_AKM_TPK) 178 179 /* Broadcom(OUI) authenticated key managment suite */ 180 #define BRCM_AKM_NONE 0 181 #define BRCM_AKM_PSK 1u /* Proprietary PSK AKM */ 182 183 #define IS_BRCM_AKM(akm) ((akm) == BRCM_AKM_PSK) 184 185 #define ONE_X_AKM_MASK (BCM_BIT(RSN_AKM_FBT_1X) | \ 186 BCM_BIT(RSN_AKM_MFP_1X) | \ 187 BCM_BIT(RSN_AKM_SHA256_1X) | \ 188 BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ 189 BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \ 190 BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \ 191 BCM_BIT(RSN_AKM_UNSPECIFIED)) 192 193 #define IS_1X_AKM(akm) (VALID_AKM_BIT((akm)) & ONE_X_AKM_MASK) 194 195 #define SUITEB_AKM_MASK (BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ 196 BCM_BIT(RSN_AKM_SUITEB_SHA384_1X)) 197 #define IS_1X_SUITEB_AKM(akm) (VALID_AKM_BIT((akm)) & SUITEB_AKM_MASK) 198 199 #define SAE_AKM_MASK (BCM_BIT(RSN_AKM_SAE_PSK) | BCM_BIT(RSN_AKM_SAE_FBT)) 200 #define IS_SAE_AKM(akm) (VALID_AKM_BIT((akm)) & SAE_AKM_MASK) 201 202 #define SHA256_AKM_MASK (BCM_BIT(RSN_AKM_SHA256_1X) | \ 203 BCM_BIT(RSN_AKM_SHA256_PSK) | \ 204 BCM_BIT(RSN_AKM_SAE_PSK) | \ 205 BCM_BIT(RSN_AKM_SAE_FBT) | \ 206 BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ 207 BCM_BIT(RSN_AKM_FILS_SHA256) | \ 208 BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \ 209 BCM_BIT(RSN_AKM_OWE)) 210 #define IS_SHA256_AKM(akm) (VALID_AKM_BIT((akm)) & SHA256_AKM_MASK) 211 212 #define SHA384_AKM_MASK (BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \ 213 BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \ 214 BCM_BIT(RSN_AKM_FILS_SHA384) | \ 215 BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \ 216 BCM_BIT(RSN_AKM_PSK_SHA384)) 217 #define IS_SHA384_AKM(akm) (VALID_AKM_BIT((akm)) & SHA384_AKM_MASK) 218 219 #define OPEN_AUTH_AKM_MASK (\ 220 BCM_BIT(RSN_AKM_UNSPECIFIED) | \ 221 BCM_BIT(RSN_AKM_PSK) | \ 222 BCM_BIT(RSN_AKM_SHA256_1X) | \ 223 BCM_BIT(RSN_AKM_SHA256_PSK) | \ 224 BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ 225 BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \ 226 BCM_BIT(RSN_AKM_PSK_SHA384)) 227 #define IS_OPEN_AUTH_AKM(akm) (VALID_AKM_BIT((akm)) & OPEN_AUTH_AKM_MASK) 228 229 typedef enum akm_type { 230 WPA_AUTH_IE = 0x01, 231 RSN_AUTH_IE = 0x02, 232 OSEN_AUTH_IE = 0x04 233 } akm_type_t; 234 235 #define MAX_ARRAY 1 236 #define MIN_ARRAY 0 237 238 #define WPS_ATID_SEL_REGISTRAR 0x1041 239 240 /* move these to appropriate file(s) */ 241 #define WPS_IE_FIXED_LEN 6 242 243 /* GTK indices we use - 0-3 valid per IEEE/802.11 2012 */ 244 #define GTK_INDEX_1 1 245 #define GTK_INDEX_2 2 246 247 /* IGTK indices we use - 4-5 are valid per IEEE 802.11 2012 */ 248 #define IGTK_INDEX_1 4 249 #define IGTK_INDEX_2 5 250 251 /* following needed for compatibility for router code because it automerges */ 252 #define IGTK_ID_TO_WSEC_INDEX(_id) (_id) 253 #define WPA_AES_CMAC_CALC aes_cmac_calc 254 255 #define IS_IGTK_INDEX(x) ((x) == IGTK_INDEX_1 || (x) == IGTK_INDEX_2) 256 257 #ifdef RSN_IE_INFO_STRUCT_RELOCATED 258 typedef struct rsn_ie_info { 259 uint8 version; 260 int parse_status; 261 device_type_t dev_type; /* AP or STA */ 262 auth_ie_type_mask_t auth_ie_type; /* bit field of WPA, WPA2 and (not yet) WAPI */ 263 rsn_cipher_t g_cipher; 264 rsn_akm_t sta_akm; /* single STA akm */ 265 uint16 caps; 266 rsn_ciphers_t rsn_p_ciphers; 267 rsn_ciphers_t wpa_p_ciphers; 268 rsn_akm_mask_t rsn_akms; 269 rsn_akm_mask_t wpa_akms; 270 uint8 pmkid_count; 271 uint8 pmkids_offset; /* offset into the IE */ 272 rsn_cipher_t g_mgmt_cipher; 273 rsn_cipher_t sta_cipher; /* single STA cipher */ 274 uint16 key_desc; /* key descriptor version as STA */ 275 uint16 mic_len; /* unused. keep for ROM compatibility. */ 276 uint8 pmk_len; /* EAPOL PMK */ 277 uint8 kck_mic_len; /* EAPOL MIC (by KCK) */ 278 uint8 kck_len; /* EAPOL KCK */ 279 uint8 kek_len; /* EAPOL KEK */ 280 uint8 tk_len; /* EAPOL TK */ 281 uint8 ptk_len; /* EAPOL PTK */ 282 uint8 kck2_len; /* EAPOL KCK2 */ 283 uint8 kek2_len; /* EAPOL KEK2 */ 284 uint8* rsn_ie; /* RSN IE from beacon or assoc request */ 285 uint16 rsn_ie_len; /* RSN IE length */ 286 uint8* wpa_ie; /* WPA IE */ 287 uint16 wpa_ie_len; /* WPA IE length (is it fixed ? */ 288 /* the following are helpers in the AP rsn info to be filled in by the STA 289 * after determination of which IE is being used.in wsec_filter. 290 */ 291 uint32 p_ciphers; /* current ciphers for the chosen auth IE */ 292 uint32 akms; /* current ciphers for the chosen auth IE */ 293 uint8 *auth_ie; /* pointer to current chosen auth IE */ 294 uint16 auth_ie_len; 295 uint8 ref_count; /* external reference count to decide if structure must be freed */ 296 uint8 rsnxe_len; /* RSNXE IE length */ 297 uint8 PAD[3]; 298 uint8* rsnxe; /* RSNXE IE TLV buffer */ 299 uint32 rsnxe_cap; /* RSNXE IE cap flag, refer to 802.11.h */ 300 } rsn_ie_info_t; 301 #endif /* RSN_IE_INFO_STRUCT_RELOCATED */ 302 303 /* WiFi WPS Attribute fixed portion */ 304 typedef struct wps_at_fixed { 305 uint8 at[2]; 306 uint8 len[2]; 307 uint8 data[1]; 308 } wps_at_fixed_t; 309 310 typedef const struct oui_akm_wpa_tbl { 311 const char *oui; /* WPA auth category */ 312 uint16 rsn_akm; 313 uint32 wpa_auth; 314 } oui_akm_wpa_tbl_t; 315 316 #define WPS_AT_FIXED_LEN 4 317 318 #define wps_ie_fixed_t wpa_ie_fixed_t 319 320 /* What should be the multicast mask for AES ? */ 321 #define WPA_UNICAST_AES_MASK (\ 322 BCM_BIT(WPA_CIPHER_AES_CCM) | \ 323 BCM_BIT(WPA_CIPHER_AES_GCM) | \ 324 BCM_BIT(WPA_CIPHER_AES_GCM256)) 325 326 #define WPA_CIPHER_WEP_MASK (\ 327 BCM_BIT(WPA_CIPHER_WEP_104) | \ 328 BCM_BIT(WPA_CIPHER_WEP_40)) 329 330 /* temporary to pass pre-commit */ 331 #ifdef TMP_USE_RSN_INFO 332 /* wsec macros */ 333 #ifdef EXT_STA 334 #define UCAST_NONE(rsn_info) (((rsn_info)->p_ciphers == (1 << WPA_CIPHER_NONE)) && \ 335 (!WLEXTSTA_ENAB(wlc->pub) || wlc->use_group_enabled)) 336 #else 337 #define UCAST_NONE(rsn_info) (rsn_info->p_ciphers == (1 << WPA_CIPHER_NONE)) 338 #endif /* EXT_STA */ 339 340 #define UCAST_AES(rsn_info) (rsn_info->p_ciphers & WPA_UNICAST_AES_MASK) 341 #define UCAST_TKIP(rsn_info) (rsn_info->p_ciphers & (1 << WPA_CIPHER_TKIP)) 342 #define UCAST_WEP(rsn_info) (rsn_info->p_ciphers & WPA_CIPHER_WEP_MASK) 343 344 #define MCAST_NONE(rsn_info) ((rsn_info)->g_cipher == WPA_CIPHER_NONE) 345 #define MCAST_AES(rsn_info) ((1 << rsn_info->g_cipher) & WPA_UNICAST_AES_MASK) 346 #define MCAST_TKIP(rsn_info) (rsn_info->g_cipher == WPA_CIPHER_TKIP) 347 #define MCAST_WEP(rsn_info) ((1 << rsn_info->g_cipher) & WPA_CIPHER_WEP_MASK) 348 349 #endif /* TMP_USE_RSN_INFO */ 350 351 #define AKM_SHA256_MASK (\ 352 BCM_BIT(RSN_AKM_SHA256_1X) | \ 353 BCM_BIT(RSN_AKM_SHA256_PSK) | \ 354 BCM_BIT(RSN_AKM_SAE_PSK) | \ 355 BCM_BIT(RSN_AKM_OWE) | \ 356 BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ 357 BCM_BIT(RSN_AKM_FILS_SHA256) | \ 358 BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \ 359 BCM_BIT(RSN_AKM_SAE_FBT)) 360 361 #define AKM_SHA384_MASK (\ 362 BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \ 363 BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \ 364 BCM_BIT(RSN_AKM_FILS_SHA384) | \ 365 BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \ 366 BCM_BIT(RSN_AKM_FBT_SHA384_PSK) | \ 367 BCM_BIT(RSN_AKM_PSK_SHA384)) 368 369 /* these AKMs require MFP capable set in their IE */ 370 #define RSN_MFPC_AKM_MASK (\ 371 BCM_BIT(RSN_AKM_SAE_PSK) | \ 372 BCM_BIT(RSN_AKM_OWE) | \ 373 BCM_BIT(RSN_AKM_SAE_FBT)) 374 375 /* AKMs that supported by in-driver supplicant. 376 * TODO: have to redesign this to include 1x and other PSK AKMs. 377 */ 378 #define IS_BCMSUP_AKM(akm) \ 379 ((akm == RSN_AKM_PSK) | \ 380 (akm == RSN_AKM_SAE_PSK) | \ 381 (akm == RSN_AKM_OWE) | \ 382 (akm == RSN_AKM_FBT_PSK) | \ 383 (akm == RSN_AKM_SAE_FBT) | \ 384 (akm == RSN_AKM_FBT_SHA384_1X) | \ 385 (akm == RSN_AKM_FBT_SHA384_PSK)) 386 387 /* AKMs use common PSK which identified by broadcast addr */ 388 #define IS_SHARED_PMK_AKM(akm) \ 389 ((akm == RSN_AKM_PSK) | \ 390 (akm == RSN_AKM_FBT_PSK) | \ 391 (akm == RSN_AKM_SHA256_PSK) | \ 392 (akm == RSN_AKM_FBT_SHA384_PSK) | \ 393 (akm == RSN_AKM_PSK_SHA384)) 394 395 #define RSN_AKM_USE_KDF(akm) (akm >= RSN_AKM_FBT_1X ? 1u : 0) 396 397 /* Macro to abstract access to the rsn_ie_info strucuture in case 398 * we want to move it to a cubby or something else. 399 * Gives the rsn_info pointer 400 */ 401 402 #define RSN_INFO_GET(s) (s->rsn_info) 403 /* where the rsn_info resides */ 404 #define RSN_INFO_GET_PTR(s) (&s->rsn_info) 405 406 #define AUTH_AKM_INCLUDED(s) (s->rsn_info != NULL && s->rsn_info->parse_status == BCME_OK && \ 407 s->rsn_info->akms != WPA_AKMS_UNSPECIFIED) 408 409 #define AKM_IS_MEMBER(akm, mask) ((mask) & VALID_AKM_BIT((akm)) || ((akm) == 0 && (mask) == 0)) 410 411 typedef enum eapol_key_type { 412 EAPOL_KEY_NONE = 0, 413 EAPOL_KEY_PMK = 1, 414 EAPOL_KEY_KCK_MIC = 2, 415 EAPOL_KEY_KEK = 3, 416 EAPOL_KEY_TK = 4, 417 EAPOL_KEY_PTK = 5, 418 EAPOL_KEY_KCK = 6, 419 EAPOL_KEY_KCK2 = 7, 420 EAPOL_KEY_KEK2 = 8 421 } eapol_key_type_t; 422 423 /* Return address of max or min array depending first argument. 424 * Return NULL in case of a draw. 425 */ 426 extern const uint8 *wpa_array_cmp(int max_array, const uint8 *x, const uint8 *y, uint len); 427 428 /* Increment the array argument */ 429 extern void wpa_incr_array(uint8 *array, uint len); 430 431 /* Convert WPA IE cipher suite to locally used value */ 432 extern bool wpa_cipher(wpa_suite_t *suite, ushort *cipher, bool wep_ok); 433 434 /* Look for a WPA IE; return it's address if found, NULL otherwise */ 435 extern wpa_ie_fixed_t *bcm_find_wpaie(uint8 *parse, uint len); 436 extern bcm_tlv_t *bcm_find_wmeie(uint8 *parse, uint len, uint8 subtype, uint8 subtype_len); 437 /* Look for a WPS IE; return it's address if found, NULL otherwise */ 438 extern wps_ie_fixed_t *bcm_find_wpsie(const uint8 *parse, uint len); 439 extern wps_at_fixed_t *bcm_wps_find_at(wps_at_fixed_t *at, uint len, uint16 id); 440 int bcm_find_security_ies(uint8 *buf, uint buflen, void **wpa_ie, 441 void **rsn_ie); 442 443 #ifdef WLP2P 444 /* Look for a WiFi P2P IE; return it's address if found, NULL otherwise */ 445 extern wifi_p2p_ie_t *bcm_find_p2pie(const uint8 *parse, uint len); 446 #endif 447 /* Look for a hotspot2.0 IE; return it's address if found, NULL otherwise */ 448 bcm_tlv_t *bcm_find_hs20ie(uint8 *parse, uint len); 449 /* Look for a OSEN IE; return it's address if found, NULL otherwise */ 450 bcm_tlv_t *bcm_find_osenie(uint8 *parse, uint len); 451 452 /* Check whether the given IE has the specific OUI and the specific type. */ 453 extern bool bcm_has_ie(uint8 *ie, uint8 **tlvs, uint *tlvs_len, 454 const uint8 *oui, uint oui_len, uint8 type); 455 456 /* Check whether pointed-to IE looks like WPA. */ 457 #define bcm_is_wpa_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \ 458 (const uint8 *)WPA_OUI, WPA_OUI_LEN, WPA_OUI_TYPE) 459 /* Check whether pointed-to IE looks like WPS. */ 460 #define bcm_is_wps_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \ 461 (const uint8 *)WPS_OUI, WPS_OUI_LEN, WPS_OUI_TYPE) 462 #ifdef WLP2P 463 /* Check whether the given IE looks like WFA P2P IE. */ 464 #define bcm_is_p2p_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \ 465 (const uint8 *)P2P_OUI, P2P_OUI_LEN, P2P_OUI_TYPE) 466 #endif 467 468 /* Convert WPA2 IE cipher suite to locally used value */ 469 extern bool wpa2_cipher(wpa_suite_t *suite, ushort *cipher, bool wep_ok); 470 471 #if defined(BCMSUP_PSK) || defined(BCMSUPPL) || defined(GTKOE) || defined(WL_FILS) 472 /* Look for an encapsulated GTK; return it's address if found, NULL otherwise */ 473 extern eapol_wpa2_encap_data_t *wpa_find_gtk_encap(uint8 *parse, uint len); 474 475 /* Check whether pointed-to IE looks like an encapsulated GTK. */ 476 extern bool wpa_is_gtk_encap(uint8 *ie, uint8 **tlvs, uint *tlvs_len); 477 478 /* Look for encapsulated key data; return it's address if found, NULL otherwise */ 479 extern eapol_wpa2_encap_data_t *wpa_find_kde(const uint8 *parse, uint len, uint8 type); 480 481 /* Find kde data given eapol header. */ 482 extern int wpa_find_eapol_kde_data(eapol_header_t *eapol, uint8 eapol_mic_len, 483 uint8 subtype, eapol_wpa2_encap_data_t **out_data); 484 485 /* Look for kde data in key data. */ 486 extern int wpa_find_kde_data(const uint8 *kde_buf, uint16 buf_len, 487 uint8 subtype, eapol_wpa2_encap_data_t **out_data); 488 489 #ifdef WL_OCV 490 /* Check if both local and remote are OCV capable */ 491 extern bool wpa_check_ocv_caps(uint16 local_caps, uint16 peer_caps); 492 493 /* Write OCI KDE into the buffer */ 494 extern int wpa_add_oci_encap(chanspec_t chspec, uint8* buf, uint buf_len); 495 496 /* Validate OCI KDE */ 497 extern int wpa_validate_oci_encap(chanspec_t chspec, const uint8* buf, uint buf_len); 498 499 /* Write OCI IE into the buffer */ 500 extern int wpa_add_oci_ie(chanspec_t chspec, uint8* buf, uint buf_len); 501 502 /* Validate OCI IE */ 503 extern int wpa_validate_oci_ie(chanspec_t chspec, const uint8* buf, uint buf_len); 504 505 /* Write OCI subelement into the FTE buffer */ 506 extern int wpa_add_oci_ft_subelem(chanspec_t chspec, uint8* buf, uint buf_len); 507 508 /* Validate OCI FTE subelement */ 509 extern int wpa_validate_oci_ft_subelem(chanspec_t chspec, 510 const uint8* buf, uint buf_len); 511 #endif /* WL_OCV */ 512 #endif /* defined(BCMSUP_PSK) || defined(BCMSUPPL) || defined(GTKOE) || defined(WL_FILS) */ 513 514 #if defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK)|| \ 515 defined(WL_OKC) || defined(GTKOE) 516 /* Calculate a pair-wise transient key */ 517 extern int wpa_calc_ptk(rsn_akm_t akm, const struct ether_addr *auth_ea, 518 const struct ether_addr *sta_ea, const uint8 *anonce, uint8 anonce_len, 519 const uint8* snonce, uint8 snonce_len, const uint8 *pmk, 520 uint pmk_len, uint8 *ptk, uint ptk_len); 521 522 /* Compute Message Integrity Code (MIC) over EAPOL message */ 523 extern int wpa_make_mic(eapol_header_t *eapol, uint key_desc, uint8 *mic_key, 524 rsn_ie_info_t *rsn_info, uchar *mic, uint mic_len); 525 526 /* Check MIC of EAPOL message */ 527 extern bool wpa_check_mic(eapol_header_t *eapol, 528 uint key_desc, uint8 *mic_key, rsn_ie_info_t *rsn_info); 529 530 /* Calculate PMKID */ 531 extern void wpa_calc_pmkid(const struct ether_addr *auth_ea, 532 const struct ether_addr *sta_ea, const uint8 *pmk, uint pmk_len, uint8 *pmkid); 533 534 /* Encrypt key data for a WPA key message */ 535 extern bool wpa_encr_key_data(eapol_wpa_key_header_t *body, uint16 key_info, 536 uint8 *ekey, uint8 *gtk, uint8 *data, uint8 *encrkey, rc4_ks_t *rc4key, 537 const rsn_ie_info_t *rsn_info); 538 539 typedef uint8 wpa_rc4_ivkbuf_t[EAPOL_WPA_KEY_IV_LEN + EAPOL_WPA_ENCR_KEY_MAX_LEN]; 540 /* Decrypt key data from a WPA key message */ 541 extern int wpa_decr_key_data(eapol_wpa_key_header_t *body, uint16 key_info, 542 uint8 *ekey, wpa_rc4_ivkbuf_t ivk, rc4_ks_t *rc4key, const rsn_ie_info_t *rsn_info, 543 uint16 *dec_len); 544 #endif /* BCMSUP_PSK || WLFBT || BCMAUTH_PSK || defined(GTKOE) */ 545 546 #if defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK)|| \ 547 defined(WL_OKC) || defined(GTKOE) || defined(WLHOSTFBT) 548 549 /* Calculate PMKR0 for FT association */ 550 extern void wpa_calc_pmkR0(sha2_hash_type_t hash_type, const uint8 *ssid, uint ssid_len, 551 uint16 mdid, const uint8 *r0kh, uint r0kh_len, const struct ether_addr *sta_ea, 552 const uint8 *pmk, uint pmk_len, uint8 *pmkr0, uint8 *pmkr0name); 553 554 /* Calculate PMKR1 for FT association */ 555 extern void wpa_calc_pmkR1(sha2_hash_type_t hash_type, const struct ether_addr *r1kh, 556 const struct ether_addr *sta_ea, const uint8 *pmk, uint pmk_len, 557 const uint8 *pmkr0name, uint8 *pmkr1, uint8 *pmkr1name); 558 559 /* Calculate PTK for FT association */ 560 extern void wpa_calc_ft_ptk(sha2_hash_type_t hash_type, const struct ether_addr *bssid, 561 const struct ether_addr *sta_ea, const uint8 *anonce, const uint8* snonce, 562 const uint8 *pmk, uint pmk_len, uint8 *ptk, uint ptk_len); 563 564 extern void wpa_derive_pmkR1_name(sha2_hash_type_t hash_type, struct ether_addr *r1kh, 565 struct ether_addr *sta_ea, uint8 *pmkr0name, uint8 *pmkr1name); 566 567 #endif /* defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK) || 568 * defined(WL_OKC) || defined(WLTDLS) || defined(GTKOE) || defined(WLHOSTFBT) 569 */ 570 571 #if defined(BCMSUP_PSK) || defined(BCMSUPPL) 572 573 /* Translate RSNE group mgmt cipher to CRYPTO_ALGO_XXX */ 574 extern uint8 bcmwpa_find_group_mgmt_algo(rsn_cipher_t g_mgmt_cipher); 575 576 #endif /* BCMSUP_PSK || BCMSUPPL */ 577 578 extern bool bcmwpa_akm2WPAauth(uint8 *akm, uint32 *auth, bool sta_iswpa); 579 580 extern bool bcmwpa_cipher2wsec(uint8 *cipher, uint32 *wsec); 581 582 #ifdef RSN_IE_INFO_STRUCT_RELOCATED 583 extern uint32 bcmwpa_wpaciphers2wsec(uint32 unicast); 584 extern int bcmwpa_decode_ie_type(const bcm_tlv_t *ie, rsn_ie_info_t *info, 585 uint32 *remaining, uint8 *type); 586 587 /* to be removed after merge to NEWT (changed into bcmwpa_rsn_ie_info_reset) */ 588 void rsn_ie_info_reset(rsn_ie_info_t *rsn_info, osl_t *osh); 589 uint32 wlc_convert_rsn_to_wsec_bitmap(uint32 ap_cipher_mask); 590 #else 591 uint32 bcmwpa_wpaciphers2wsec(uint8 wpacipher); 592 int bcmwpa_decode_ie_type(const bcm_tlv_t *ie, rsn_ie_info_t *info, uint32 *remaining); 593 #endif /* RSN_IE_INFO_STRUCT_RELOCATED */ 594 595 extern int bcmwpa_parse_rsnie(const bcm_tlv_t *ie, rsn_ie_info_t *info, device_type_t dev_type); 596 597 /* Calculate PMKID */ 598 extern void kdf_calc_pmkid(const struct ether_addr *auth_ea, 599 const struct ether_addr *sta_ea, const uint8 *key, uint key_len, uint8 *pmkid, 600 rsn_ie_info_t *rsn_info); 601 602 extern void kdf_calc_ptk(const struct ether_addr *auth_ea, const struct ether_addr *sta_ea, 603 const uint8 *anonce, const uint8 *snonce, const uint8 *pmk, uint pmk_len, 604 uint8 *ptk, uint ptk_len); 605 606 #ifdef WLTDLS 607 /* Calculate TPK for TDLS association */ 608 extern void wpa_calc_tpk(const struct ether_addr *init_ea, 609 const struct ether_addr *resp_ea, const struct ether_addr *bssid, 610 const uint8 *anonce, const uint8* snonce, uint8 *tpk, uint tpk_len); 611 #endif 612 extern bool bcmwpa_is_wpa_auth(uint32 wpa_auth); 613 extern bool bcmwpa_includes_wpa_auth(uint32 wpa_auth); 614 extern bool bcmwpa_is_rsn_auth(uint32 wpa_auth); 615 extern bool bcmwpa_includes_rsn_auth(uint32 wpa_auth); 616 extern int bcmwpa_get_algo_key_len(uint8 algo, uint16 *key_len); 617 618 /* macro to pass precommit on ndis builds */ 619 #define bcmwpa_is_wpa2_auth(wpa_auth) bcmwpa_is_rsn_auth(wpa_auth) 620 extern uint8 bcmwpa_eapol_key_length(eapol_key_type_t key, rsn_akm_t akm, rsn_cipher_t cipher); 621 622 /* rsn info allocation utilities. */ 623 void bcmwpa_rsn_ie_info_reset(rsn_ie_info_t *rsn_info, osl_t *osh); 624 void bcmwpa_rsn_ie_info_rel_ref(rsn_ie_info_t **rsn_info, osl_t *osh); 625 int bcmwpa_rsn_ie_info_add_ref(rsn_ie_info_t *rsn_info); 626 int bcmwpa_rsn_akm_cipher_match(rsn_ie_info_t *rsn_info); 627 int bcmwpa_rsnie_eapol_key_len(rsn_ie_info_t *info); 628 #if defined(WL_BAND6G) 629 /* Return TRUE if any of the akm in akms_bmp is invalid in 6Ghz */ 630 bool bcmwpa_is_invalid_6g_akm(const rsn_akm_mask_t akms_bmp); 631 /* Return TRUE if any of the cipher in ciphers_bmp is invalid in 6Ghz */ 632 bool bcmwpa_is_invalid_6g_cipher(const rsn_ciphers_t ciphers_bmp); 633 #endif /* WL_BAND6G */ 634 #endif /* _BCMWPA_H_ */ 635