1*4882a593Smuzhiyun /* 2*4882a593Smuzhiyun * Fundamental types and constants relating to WPA 3*4882a593Smuzhiyun * 4*4882a593Smuzhiyun * Portions of this code are copyright (c) 2021 Cypress Semiconductor Corporation 5*4882a593Smuzhiyun * 6*4882a593Smuzhiyun * Copyright (C) 1999-2017, Broadcom Corporation 7*4882a593Smuzhiyun * 8*4882a593Smuzhiyun * Unless you and Broadcom execute a separate written software license 9*4882a593Smuzhiyun * agreement governing use of this software, this software is licensed to you 10*4882a593Smuzhiyun * under the terms of the GNU General Public License version 2 (the "GPL"), 11*4882a593Smuzhiyun * available at http://www.broadcom.com/licenses/GPLv2.php, with the 12*4882a593Smuzhiyun * following added to such license: 13*4882a593Smuzhiyun * 14*4882a593Smuzhiyun * As a special exception, the copyright holders of this software give you 15*4882a593Smuzhiyun * permission to link this software with independent modules, and to copy and 16*4882a593Smuzhiyun * distribute the resulting executable under terms of your choice, provided that 17*4882a593Smuzhiyun * you also meet, for each linked independent module, the terms and conditions of 18*4882a593Smuzhiyun * the license of that module. An independent module is a module which is not 19*4882a593Smuzhiyun * derived from this software. The special exception does not apply to any 20*4882a593Smuzhiyun * modifications of the software. 21*4882a593Smuzhiyun * 22*4882a593Smuzhiyun * Notwithstanding the above, under no circumstances may you combine this 23*4882a593Smuzhiyun * software in any way with any other Broadcom software provided under a license 24*4882a593Smuzhiyun * other than the GPL, without Broadcom's express prior written consent. 25*4882a593Smuzhiyun * 26*4882a593Smuzhiyun * 27*4882a593Smuzhiyun * <<Broadcom-WL-IPTag/Open:>> 28*4882a593Smuzhiyun * 29*4882a593Smuzhiyun * $Id$ 30*4882a593Smuzhiyun */ 31*4882a593Smuzhiyun 32*4882a593Smuzhiyun #ifndef _proto_wpa_h_ 33*4882a593Smuzhiyun #define _proto_wpa_h_ 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun #include <typedefs.h> 36*4882a593Smuzhiyun #include <ethernet.h> 37*4882a593Smuzhiyun 38*4882a593Smuzhiyun /* This marks the start of a packed structure section. */ 39*4882a593Smuzhiyun #include <packed_section_start.h> 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun /* Reason Codes */ 42*4882a593Smuzhiyun 43*4882a593Smuzhiyun /* 13 through 23 taken from IEEE Std 802.11i-2004 */ 44*4882a593Smuzhiyun #define DOT11_RC_INVALID_WPA_IE 13 /* Invalid info. element */ 45*4882a593Smuzhiyun #define DOT11_RC_MIC_FAILURE 14 /* Michael failure */ 46*4882a593Smuzhiyun #define DOT11_RC_4WH_TIMEOUT 15 /* 4-way handshake timeout */ 47*4882a593Smuzhiyun #define DOT11_RC_GTK_UPDATE_TIMEOUT 16 /* Group key update timeout */ 48*4882a593Smuzhiyun #define DOT11_RC_WPA_IE_MISMATCH 17 /* WPA IE in 4-way handshake differs from 49*4882a593Smuzhiyun * (re-)assoc. request/probe response 50*4882a593Smuzhiyun */ 51*4882a593Smuzhiyun #define DOT11_RC_INVALID_MC_CIPHER 18 /* Invalid multicast cipher */ 52*4882a593Smuzhiyun #define DOT11_RC_INVALID_UC_CIPHER 19 /* Invalid unicast cipher */ 53*4882a593Smuzhiyun #define DOT11_RC_INVALID_AKMP 20 /* Invalid authenticated key management protocol */ 54*4882a593Smuzhiyun #define DOT11_RC_BAD_WPA_VERSION 21 /* Unsupported WPA version */ 55*4882a593Smuzhiyun #define DOT11_RC_INVALID_WPA_CAP 22 /* Invalid WPA IE capabilities */ 56*4882a593Smuzhiyun #define DOT11_RC_8021X_AUTH_FAIL 23 /* 802.1X authentication failure */ 57*4882a593Smuzhiyun 58*4882a593Smuzhiyun #define WPA2_PMKID_LEN 16 59*4882a593Smuzhiyun 60*4882a593Smuzhiyun /* WPA IE fixed portion */ 61*4882a593Smuzhiyun typedef BWL_PRE_PACKED_STRUCT struct 62*4882a593Smuzhiyun { 63*4882a593Smuzhiyun uint8 tag; /* TAG */ 64*4882a593Smuzhiyun uint8 length; /* TAG length */ 65*4882a593Smuzhiyun uint8 oui[3]; /* IE OUI */ 66*4882a593Smuzhiyun uint8 oui_type; /* OUI type */ 67*4882a593Smuzhiyun BWL_PRE_PACKED_STRUCT struct { 68*4882a593Smuzhiyun uint8 low; 69*4882a593Smuzhiyun uint8 high; 70*4882a593Smuzhiyun } BWL_POST_PACKED_STRUCT version; /* IE version */ 71*4882a593Smuzhiyun } BWL_POST_PACKED_STRUCT wpa_ie_fixed_t; 72*4882a593Smuzhiyun #define WPA_IE_OUITYPE_LEN 4 73*4882a593Smuzhiyun #define WPA_IE_FIXED_LEN 8 74*4882a593Smuzhiyun #define WPA_IE_TAG_FIXED_LEN 6 75*4882a593Smuzhiyun 76*4882a593Smuzhiyun #define BIP_OUI_TYPE WPA2_OUI "\x06" 77*4882a593Smuzhiyun 78*4882a593Smuzhiyun typedef BWL_PRE_PACKED_STRUCT struct { 79*4882a593Smuzhiyun uint8 tag; /* TAG */ 80*4882a593Smuzhiyun uint8 length; /* TAG length */ 81*4882a593Smuzhiyun BWL_PRE_PACKED_STRUCT struct { 82*4882a593Smuzhiyun uint8 low; 83*4882a593Smuzhiyun uint8 high; 84*4882a593Smuzhiyun } BWL_POST_PACKED_STRUCT version; /* IE version */ 85*4882a593Smuzhiyun } BWL_POST_PACKED_STRUCT wpa_rsn_ie_fixed_t; 86*4882a593Smuzhiyun #define WPA_RSN_IE_FIXED_LEN 4 87*4882a593Smuzhiyun #define WPA_RSN_IE_TAG_FIXED_LEN 2 88*4882a593Smuzhiyun typedef uint8 wpa_pmkid_t[WPA2_PMKID_LEN]; 89*4882a593Smuzhiyun 90*4882a593Smuzhiyun #define WFA_OSEN_IE_FIXED_LEN 6 91*4882a593Smuzhiyun 92*4882a593Smuzhiyun /* WPA suite/multicast suite */ 93*4882a593Smuzhiyun typedef BWL_PRE_PACKED_STRUCT struct 94*4882a593Smuzhiyun { 95*4882a593Smuzhiyun uint8 oui[3]; 96*4882a593Smuzhiyun uint8 type; 97*4882a593Smuzhiyun } BWL_POST_PACKED_STRUCT wpa_suite_t, wpa_suite_mcast_t; 98*4882a593Smuzhiyun #define WPA_SUITE_LEN 4 99*4882a593Smuzhiyun 100*4882a593Smuzhiyun /* WPA unicast suite list/key management suite list */ 101*4882a593Smuzhiyun typedef BWL_PRE_PACKED_STRUCT struct 102*4882a593Smuzhiyun { 103*4882a593Smuzhiyun BWL_PRE_PACKED_STRUCT struct { 104*4882a593Smuzhiyun uint8 low; 105*4882a593Smuzhiyun uint8 high; 106*4882a593Smuzhiyun } BWL_POST_PACKED_STRUCT count; 107*4882a593Smuzhiyun wpa_suite_t list[1]; 108*4882a593Smuzhiyun } BWL_POST_PACKED_STRUCT wpa_suite_ucast_t, wpa_suite_auth_key_mgmt_t; 109*4882a593Smuzhiyun #define WPA_IE_SUITE_COUNT_LEN 2 110*4882a593Smuzhiyun typedef BWL_PRE_PACKED_STRUCT struct 111*4882a593Smuzhiyun { 112*4882a593Smuzhiyun BWL_PRE_PACKED_STRUCT struct { 113*4882a593Smuzhiyun uint8 low; 114*4882a593Smuzhiyun uint8 high; 115*4882a593Smuzhiyun } BWL_POST_PACKED_STRUCT count; 116*4882a593Smuzhiyun wpa_pmkid_t list[1]; 117*4882a593Smuzhiyun } BWL_POST_PACKED_STRUCT wpa_pmkid_list_t; 118*4882a593Smuzhiyun 119*4882a593Smuzhiyun /* WPA cipher suites */ 120*4882a593Smuzhiyun #define WPA_CIPHER_NONE 0 /* None */ 121*4882a593Smuzhiyun #define WPA_CIPHER_WEP_40 1 /* WEP (40-bit) */ 122*4882a593Smuzhiyun #define WPA_CIPHER_TKIP 2 /* TKIP: default for WPA */ 123*4882a593Smuzhiyun #define WPA_CIPHER_AES_OCB 3 /* AES (OCB) */ 124*4882a593Smuzhiyun #define WPA_CIPHER_AES_CCM 4 /* AES (CCM) */ 125*4882a593Smuzhiyun #define WPA_CIPHER_WEP_104 5 /* WEP (104-bit) */ 126*4882a593Smuzhiyun #define WPA_CIPHER_BIP 6 /* WEP (104-bit) */ 127*4882a593Smuzhiyun #define WPA_CIPHER_TPK 7 /* Group addressed traffic not allowed */ 128*4882a593Smuzhiyun #ifdef BCMCCX 129*4882a593Smuzhiyun #define WPA_CIPHER_CKIP 8 /* KP with no MIC */ 130*4882a593Smuzhiyun #define WPA_CIPHER_CKIP_MMH 9 /* KP with MIC ("CKIP/MMH", "CKIP+CMIC") */ 131*4882a593Smuzhiyun #define WPA_CIPHER_WEP_MMH 10 /* MIC with no KP ("WEP/MMH", "CMIC") */ 132*4882a593Smuzhiyun 133*4882a593Smuzhiyun #define IS_CCX_CIPHER(cipher) ((cipher) == WPA_CIPHER_CKIP || \ 134*4882a593Smuzhiyun (cipher) == WPA_CIPHER_CKIP_MMH || \ 135*4882a593Smuzhiyun (cipher) == WPA_CIPHER_WEP_MMH) 136*4882a593Smuzhiyun #endif /* BCMCCX */ 137*4882a593Smuzhiyun 138*4882a593Smuzhiyun #define WPA_CIPHER_AES_GCM 8 /* AES (GCM) */ 139*4882a593Smuzhiyun #define WPA_CIPHER_AES_GCM256 9 /* AES (GCM256) */ 140*4882a593Smuzhiyun #define WPA_CIPHER_CCMP_256 10 /* CCMP-256 */ 141*4882a593Smuzhiyun #define WPA_CIPHER_BIP_GMAC_128 11 /* BIP_GMAC_128 */ 142*4882a593Smuzhiyun #define WPA_CIPHER_BIP_GMAC_256 12 /* BIP_GMAC_256 */ 143*4882a593Smuzhiyun #define WPA_CIPHER_BIP_CMAC_256 13 /* BIP_CMAC_256 */ 144*4882a593Smuzhiyun 145*4882a593Smuzhiyun #define WAPI_CIPHER_NONE WPA_CIPHER_NONE 146*4882a593Smuzhiyun #define WAPI_CIPHER_SMS4 11 147*4882a593Smuzhiyun 148*4882a593Smuzhiyun #define WAPI_CSE_WPI_SMS4 1 149*4882a593Smuzhiyun 150*4882a593Smuzhiyun #define IS_WPA_CIPHER(cipher) ((cipher) == WPA_CIPHER_NONE || \ 151*4882a593Smuzhiyun (cipher) == WPA_CIPHER_WEP_40 || \ 152*4882a593Smuzhiyun (cipher) == WPA_CIPHER_WEP_104 || \ 153*4882a593Smuzhiyun (cipher) == WPA_CIPHER_TKIP || \ 154*4882a593Smuzhiyun (cipher) == WPA_CIPHER_AES_OCB || \ 155*4882a593Smuzhiyun (cipher) == WPA_CIPHER_AES_CCM || \ 156*4882a593Smuzhiyun (cipher) == WPA_CIPHER_AES_GCM || \ 157*4882a593Smuzhiyun (cipher) == WPA_CIPHER_AES_GCM256 || \ 158*4882a593Smuzhiyun (cipher) == WPA_CIPHER_TPK) 159*4882a593Smuzhiyun 160*4882a593Smuzhiyun #define IS_WAPI_CIPHER(cipher) ((cipher) == WAPI_CIPHER_NONE || \ 161*4882a593Smuzhiyun (cipher) == WAPI_CSE_WPI_SMS4) 162*4882a593Smuzhiyun 163*4882a593Smuzhiyun /* convert WAPI_CSE_WPI_XXX to WAPI_CIPHER_XXX */ 164*4882a593Smuzhiyun #define WAPI_CSE_WPI_2_CIPHER(cse) ((cse) == WAPI_CSE_WPI_SMS4 ? \ 165*4882a593Smuzhiyun WAPI_CIPHER_SMS4 : WAPI_CIPHER_NONE) 166*4882a593Smuzhiyun 167*4882a593Smuzhiyun #define WAPI_CIPHER_2_CSE_WPI(cipher) ((cipher) == WAPI_CIPHER_SMS4 ? \ 168*4882a593Smuzhiyun WAPI_CSE_WPI_SMS4 : WAPI_CIPHER_NONE) 169*4882a593Smuzhiyun 170*4882a593Smuzhiyun #define IS_VALID_AKM(akm) ((akm) == RSN_AKM_NONE || \ 171*4882a593Smuzhiyun (akm) == RSN_AKM_UNSPECIFIED || \ 172*4882a593Smuzhiyun (akm) == RSN_AKM_PSK || \ 173*4882a593Smuzhiyun (akm) == RSN_AKM_FBT_1X || \ 174*4882a593Smuzhiyun (akm) == RSN_AKM_FBT_PSK || \ 175*4882a593Smuzhiyun (akm) == RSN_AKM_MFP_1X || \ 176*4882a593Smuzhiyun (akm) == RSN_AKM_MFP_PSK || \ 177*4882a593Smuzhiyun (akm) == RSN_AKM_SHA256_1X || \ 178*4882a593Smuzhiyun (akm) == RSN_AKM_SHA256_PSK || \ 179*4882a593Smuzhiyun (akm) == RSN_AKM_TPK || \ 180*4882a593Smuzhiyun (akm) == RSN_AKM_SAE_PSK || \ 181*4882a593Smuzhiyun (akm) == RSN_AKM_SAE_FBT || \ 182*4882a593Smuzhiyun (akm) == RSN_AKM_FILS_SHA256 || \ 183*4882a593Smuzhiyun (akm) == RSN_AKM_FILS_SHA384 || \ 184*4882a593Smuzhiyun (akm) == RSN_AKM_OWE || \ 185*4882a593Smuzhiyun (akm) == RSN_AKM_SUITEB_SHA256_1X || \ 186*4882a593Smuzhiyun (akm) == RSN_AKM_SUITEB_SHA384_1X) 187*4882a593Smuzhiyun 188*4882a593Smuzhiyun #define IS_VALID_BIP_CIPHER(cipher) ((cipher) == WPA_CIPHER_BIP || \ 189*4882a593Smuzhiyun (cipher) == WPA_CIPHER_BIP_GMAC_128 || \ 190*4882a593Smuzhiyun (cipher) == WPA_CIPHER_BIP_GMAC_256 || \ 191*4882a593Smuzhiyun (cipher) == WPA_CIPHER_BIP_CMAC_256) 192*4882a593Smuzhiyun /* WPA TKIP countermeasures parameters */ 193*4882a593Smuzhiyun #define WPA_TKIP_CM_DETECT 60 /* multiple MIC failure window (seconds) */ 194*4882a593Smuzhiyun #define WPA_TKIP_CM_BLOCK 60 /* countermeasures active window (seconds) */ 195*4882a593Smuzhiyun 196*4882a593Smuzhiyun /* RSN IE defines */ 197*4882a593Smuzhiyun #define RSN_CAP_LEN 2 /* Length of RSN capabilities field (2 octets) */ 198*4882a593Smuzhiyun 199*4882a593Smuzhiyun /* RSN Capabilities defined in 802.11i */ 200*4882a593Smuzhiyun #define RSN_CAP_PREAUTH 0x0001 201*4882a593Smuzhiyun #define RSN_CAP_NOPAIRWISE 0x0002 202*4882a593Smuzhiyun #define RSN_CAP_PTK_REPLAY_CNTR_MASK 0x000C 203*4882a593Smuzhiyun #define RSN_CAP_PTK_REPLAY_CNTR_SHIFT 2 204*4882a593Smuzhiyun #define RSN_CAP_GTK_REPLAY_CNTR_MASK 0x0030 205*4882a593Smuzhiyun #define RSN_CAP_GTK_REPLAY_CNTR_SHIFT 4 206*4882a593Smuzhiyun #define RSN_CAP_1_REPLAY_CNTR 0 207*4882a593Smuzhiyun #define RSN_CAP_2_REPLAY_CNTRS 1 208*4882a593Smuzhiyun #define RSN_CAP_4_REPLAY_CNTRS 2 209*4882a593Smuzhiyun #define RSN_CAP_16_REPLAY_CNTRS 3 210*4882a593Smuzhiyun #define RSN_CAP_MFPR 0x0040 211*4882a593Smuzhiyun #define RSN_CAP_MFPC 0x0080 212*4882a593Smuzhiyun #define RSN_CAP_SPPC 0x0400 213*4882a593Smuzhiyun #define RSN_CAP_SPPR 0x0800 214*4882a593Smuzhiyun 215*4882a593Smuzhiyun /* WPA capabilities defined in 802.11i */ 216*4882a593Smuzhiyun #define WPA_CAP_4_REPLAY_CNTRS RSN_CAP_4_REPLAY_CNTRS 217*4882a593Smuzhiyun #define WPA_CAP_16_REPLAY_CNTRS RSN_CAP_16_REPLAY_CNTRS 218*4882a593Smuzhiyun #define WPA_CAP_REPLAY_CNTR_SHIFT RSN_CAP_PTK_REPLAY_CNTR_SHIFT 219*4882a593Smuzhiyun #define WPA_CAP_REPLAY_CNTR_MASK RSN_CAP_PTK_REPLAY_CNTR_MASK 220*4882a593Smuzhiyun 221*4882a593Smuzhiyun /* WPA capabilities defined in 802.11zD9.0 */ 222*4882a593Smuzhiyun #define WPA_CAP_PEER_KEY_ENABLE (0x1 << 1) /* bit 9 */ 223*4882a593Smuzhiyun 224*4882a593Smuzhiyun /* WPA Specific defines */ 225*4882a593Smuzhiyun #define WPA_CAP_LEN RSN_CAP_LEN /* Length of RSN capabilities in RSN IE (2 octets) */ 226*4882a593Smuzhiyun #define WPA_PMKID_CNT_LEN 2 /* Length of RSN PMKID count (2 octests) */ 227*4882a593Smuzhiyun 228*4882a593Smuzhiyun #define WPA_CAP_WPA2_PREAUTH RSN_CAP_PREAUTH 229*4882a593Smuzhiyun 230*4882a593Smuzhiyun #define WPA2_PMKID_COUNT_LEN 2 231*4882a593Smuzhiyun 232*4882a593Smuzhiyun /* RSN dev type in rsn_info struct */ 233*4882a593Smuzhiyun typedef enum { 234*4882a593Smuzhiyun DEV_NONE = 0, 235*4882a593Smuzhiyun DEV_STA = 1, 236*4882a593Smuzhiyun DEV_AP = 2 237*4882a593Smuzhiyun } device_type_t; 238*4882a593Smuzhiyun 239*4882a593Smuzhiyun typedef uint32 rsn_akm_mask_t; /* RSN_AKM_... see 802.11.h */ 240*4882a593Smuzhiyun typedef uint8 rsn_cipher_t; /* WPA_CIPHER_xxx */ 241*4882a593Smuzhiyun typedef uint32 rsn_ciphers_t; /* mask of rsn_cipher_t */ 242*4882a593Smuzhiyun typedef uint8 rsn_akm_t; 243*4882a593Smuzhiyun typedef uint8 auth_ie_type_mask_t; 244*4882a593Smuzhiyun 245*4882a593Smuzhiyun typedef struct rsn_ie_info { 246*4882a593Smuzhiyun uint8 version; 247*4882a593Smuzhiyun rsn_cipher_t g_cipher; 248*4882a593Smuzhiyun uint8 p_count; 249*4882a593Smuzhiyun uint8 akm_count; 250*4882a593Smuzhiyun uint8 pmkid_count; 251*4882a593Smuzhiyun rsn_akm_t sta_akm; /* single STA akm */ 252*4882a593Smuzhiyun uint16 caps; 253*4882a593Smuzhiyun rsn_ciphers_t p_ciphers; 254*4882a593Smuzhiyun rsn_akm_mask_t akms; 255*4882a593Smuzhiyun uint8 pmkids_offset; /* offset into the IE */ 256*4882a593Smuzhiyun rsn_cipher_t g_mgmt_cipher; 257*4882a593Smuzhiyun device_type_t dev_type; /* AP or STA */ 258*4882a593Smuzhiyun rsn_cipher_t sta_cipher; /* single STA cipher */ 259*4882a593Smuzhiyun uint16 key_desc; /* key descriptor version as STA */ 260*4882a593Smuzhiyun int parse_status; 261*4882a593Smuzhiyun uint16 mic_len; /* unused. keep for ROM compatibility. */ 262*4882a593Smuzhiyun auth_ie_type_mask_t auth_ie_type; /* bit field of WPA, WPA2 and (not yet) CCX WAPI */ 263*4882a593Smuzhiyun uint8 pmk_len; /* EAPOL PMK */ 264*4882a593Smuzhiyun uint8 kck_mic_len; /* EAPOL MIC (by KCK) */ 265*4882a593Smuzhiyun uint8 kck_len; /* EAPOL KCK */ 266*4882a593Smuzhiyun uint8 kek_len; /* EAPOL KEK */ 267*4882a593Smuzhiyun uint8 tk_len; /* EAPOL TK */ 268*4882a593Smuzhiyun uint8 ptk_len; /* EAPOL PTK */ 269*4882a593Smuzhiyun } rsn_ie_info_t; 270*4882a593Smuzhiyun 271*4882a593Smuzhiyun #define WAPI_CAP_PREAUTH RSN_CAP_PREAUTH 272*4882a593Smuzhiyun 273*4882a593Smuzhiyun /* Other WAI definition */ 274*4882a593Smuzhiyun #define WAPI_WAI_REQUEST 0x00F1 275*4882a593Smuzhiyun #define WAPI_UNICAST_REKEY 0x00F2 276*4882a593Smuzhiyun #define WAPI_STA_AGING 0x00F3 277*4882a593Smuzhiyun #define WAPI_MUTIL_REKEY 0x00F4 278*4882a593Smuzhiyun #define WAPI_STA_STATS 0x00F5 279*4882a593Smuzhiyun 280*4882a593Smuzhiyun #define WAPI_USK_REKEY_COUNT 0x4000000 /* 0xA00000 */ 281*4882a593Smuzhiyun #define WAPI_MSK_REKEY_COUNT 0x4000000 /* 0xA00000 */ 282*4882a593Smuzhiyun 283*4882a593Smuzhiyun /* This marks the end of a packed structure section. */ 284*4882a593Smuzhiyun #include <packed_section_end.h> 285*4882a593Smuzhiyun 286*4882a593Smuzhiyun #endif /* _proto_wpa_h_ */ 287