xref: /OK3568_Linux_fs/kernel/drivers/net/wireless/rockchip_wlan/rkwifi/bcmdhd/include/wpa.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1 /*
2  * Fundamental types and constants relating to WPA
3  *
4  * Copyright (C) 2020, Broadcom.
5  *
6  *      Unless you and Broadcom execute a separate written software license
7  * agreement governing use of this software, this software is licensed to you
8  * under the terms of the GNU General Public License version 2 (the "GPL"),
9  * available at http://www.broadcom.com/licenses/GPLv2.php, with the
10  * following added to such license:
11  *
12  *      As a special exception, the copyright holders of this software give you
13  * permission to link this software with independent modules, and to copy and
14  * distribute the resulting executable under terms of your choice, provided that
15  * you also meet, for each linked independent module, the terms and conditions of
16  * the license of that module.  An independent module is a module which is not
17  * derived from this software.  The special exception does not apply to any
18  * modifications of the software.
19  *
20  *
21  * <<Broadcom-WL-IPTag/Dual:>>
22  */
23 
24 #ifndef _proto_wpa_h_
25 #define _proto_wpa_h_
26 
27 #include <typedefs.h>
28 #include <ethernet.h>
29 
30 /* This marks the start of a packed structure section. */
31 #include <packed_section_start.h>
32 
33 /* Reason Codes */
34 
35 /* 13 through 23 taken from IEEE Std 802.11i-2004 */
36 #define DOT11_RC_INVALID_WPA_IE		13	/* Invalid info. element */
37 #define DOT11_RC_MIC_FAILURE		14	/* Michael failure */
38 #define DOT11_RC_4WH_TIMEOUT		15	/* 4-way handshake timeout */
39 #define DOT11_RC_GTK_UPDATE_TIMEOUT	16	/* Group key update timeout */
40 #define DOT11_RC_WPA_IE_MISMATCH	17	/* WPA IE in 4-way handshake differs from
41 						 * (re-)assoc. request/probe response
42 						 */
43 #define DOT11_RC_INVALID_MC_CIPHER	18	/* Invalid multicast cipher */
44 #define DOT11_RC_INVALID_UC_CIPHER	19	/* Invalid unicast cipher */
45 #define DOT11_RC_INVALID_AKMP		20	/* Invalid authenticated key management protocol */
46 #define DOT11_RC_BAD_WPA_VERSION	21	/* Unsupported WPA version */
47 #define DOT11_RC_INVALID_WPA_CAP	22	/* Invalid WPA IE capabilities */
48 #define DOT11_RC_8021X_AUTH_FAIL	23	/* 802.1X authentication failure */
49 
50 #define WPA2_PMKID_LEN	16
51 
52 /* WPA IE fixed portion */
53 typedef BWL_PRE_PACKED_STRUCT struct
54 {
55 	uint8 tag;	/* TAG */
56 	uint8 length;	/* TAG length */
57 	uint8 oui[3];	/* IE OUI */
58 	uint8 oui_type;	/* OUI type */
59 	BWL_PRE_PACKED_STRUCT struct {
60 		uint8 low;
61 		uint8 high;
62 	} BWL_POST_PACKED_STRUCT version;	/* IE version */
63 } BWL_POST_PACKED_STRUCT wpa_ie_fixed_t;
64 #define WPA_IE_OUITYPE_LEN	4
65 #define WPA_IE_FIXED_LEN	8
66 #define WPA_IE_TAG_FIXED_LEN	6
67 
68 #define BIP_OUI_TYPE WPA2_OUI "\x06"
69 
70 typedef BWL_PRE_PACKED_STRUCT struct {
71 	uint8 tag;	/* TAG */
72 	uint8 length;	/* TAG length */
73 	BWL_PRE_PACKED_STRUCT struct {
74 		uint8 low;
75 		uint8 high;
76 	} BWL_POST_PACKED_STRUCT version;	/* IE version */
77 } BWL_POST_PACKED_STRUCT wpa_rsn_ie_fixed_t;
78 #define WPA_RSN_IE_FIXED_LEN	4
79 #define WPA_RSN_IE_TAG_FIXED_LEN	2
80 typedef uint8 wpa_pmkid_t[WPA2_PMKID_LEN];
81 
82 #define WFA_OSEN_IE_FIXED_LEN	6
83 
84 /* WPA suite/multicast suite */
85 typedef BWL_PRE_PACKED_STRUCT struct
86 {
87 	uint8 oui[3];
88 	uint8 type;
89 } BWL_POST_PACKED_STRUCT wpa_suite_t, wpa_suite_mcast_t;
90 #define WPA_SUITE_LEN	4
91 
92 /* WPA unicast suite list/key management suite list */
93 typedef BWL_PRE_PACKED_STRUCT struct
94 {
95 	BWL_PRE_PACKED_STRUCT struct {
96 		uint8 low;
97 		uint8 high;
98 	} BWL_POST_PACKED_STRUCT count;
99 	wpa_suite_t list[1];
100 } BWL_POST_PACKED_STRUCT wpa_suite_ucast_t, wpa_suite_auth_key_mgmt_t;
101 #define WPA_IE_SUITE_COUNT_LEN	2
102 typedef BWL_PRE_PACKED_STRUCT struct
103 {
104 	BWL_PRE_PACKED_STRUCT struct {
105 		uint8 low;
106 		uint8 high;
107 	} BWL_POST_PACKED_STRUCT count;
108 	wpa_pmkid_t list[1];
109 } BWL_POST_PACKED_STRUCT wpa_pmkid_list_t;
110 
111 /* WPA cipher suites */
112 #define WPA_CIPHER_NONE		0	/* None */
113 #define WPA_CIPHER_WEP_40	1	/* WEP (40-bit) */
114 #define WPA_CIPHER_TKIP		2	/* TKIP: default for WPA */
115 #define WPA_CIPHER_AES_OCB	3	/* AES (OCB) */
116 #define WPA_CIPHER_AES_CCM	4	/* AES (CCM) */
117 #define WPA_CIPHER_WEP_104	5	/* WEP (104-bit) */
118 #define WPA_CIPHER_BIP		6	/* WEP (104-bit) */
119 #define WPA_CIPHER_TPK		7	/* Group addressed traffic not allowed */
120 #ifdef BCMCCX
121 #define WPA_CIPHER_CKIP		8	/* KP with no MIC */
122 #define WPA_CIPHER_CKIP_MMH	9	/* KP with MIC ("CKIP/MMH", "CKIP+CMIC") */
123 #define WPA_CIPHER_WEP_MMH	10	/* MIC with no KP ("WEP/MMH", "CMIC") */
124 
125 #define IS_CCX_CIPHER(cipher)	((cipher) == WPA_CIPHER_CKIP || \
126 				 (cipher) == WPA_CIPHER_CKIP_MMH || \
127 				 (cipher) == WPA_CIPHER_WEP_MMH)
128 #endif /* BCMCCX */
129 
130 #define WPA_CIPHER_AES_GCM	8	/* AES (GCM) */
131 #define WPA_CIPHER_AES_GCM256	9	/* AES (GCM256) */
132 #define WPA_CIPHER_CCMP_256	10	/* CCMP-256 */
133 #define WPA_CIPHER_BIP_GMAC_128	11	/* BIP_GMAC_128 */
134 #define WPA_CIPHER_BIP_GMAC_256 12	/* BIP_GMAC_256 */
135 #define WPA_CIPHER_BIP_CMAC_256 13	/* BIP_CMAC_256 */
136 
137 #ifdef BCMWAPI_WAI
138 #define WAPI_CIPHER_NONE	WPA_CIPHER_NONE
139 #define WAPI_CIPHER_SMS4	11
140 
141 #define WAPI_CSE_WPI_SMS4	1
142 #endif /* BCMWAPI_WAI */
143 
144 #define IS_WPA_CIPHER(cipher)	((cipher) == WPA_CIPHER_NONE || \
145 				 (cipher) == WPA_CIPHER_WEP_40 || \
146 				 (cipher) == WPA_CIPHER_WEP_104 || \
147 				 (cipher) == WPA_CIPHER_TKIP || \
148 				 (cipher) == WPA_CIPHER_AES_OCB || \
149 				 (cipher) == WPA_CIPHER_AES_CCM || \
150 				 (cipher) == WPA_CIPHER_AES_GCM || \
151 				 (cipher) == WPA_CIPHER_AES_GCM256 || \
152 				 (cipher) == WPA_CIPHER_CCMP_256 || \
153 				 (cipher) == WPA_CIPHER_TPK)
154 
155 #define IS_WPA_BIP_CIPHER(cipher)  ((cipher) == WPA_CIPHER_BIP || \
156 				    (cipher) == WPA_CIPHER_BIP_GMAC_128 || \
157 				    (cipher) == WPA_CIPHER_BIP_GMAC_256 || \
158 				    (cipher) == WPA_CIPHER_BIP_CMAC_256)
159 
160 #ifdef BCMWAPI_WAI
161 #define IS_WAPI_CIPHER(cipher)	((cipher) == WAPI_CIPHER_NONE || \
162 				 (cipher) == WAPI_CSE_WPI_SMS4)
163 
164 /* convert WAPI_CSE_WPI_XXX to WAPI_CIPHER_XXX */
165 #define WAPI_CSE_WPI_2_CIPHER(cse) ((cse) == WAPI_CSE_WPI_SMS4 ? \
166 				WAPI_CIPHER_SMS4 : WAPI_CIPHER_NONE)
167 
168 #define WAPI_CIPHER_2_CSE_WPI(cipher) ((cipher) == WAPI_CIPHER_SMS4 ? \
169 				WAPI_CSE_WPI_SMS4 : WAPI_CIPHER_NONE)
170 #endif /* BCMWAPI_WAI */
171 
172 #define IS_VALID_AKM(akm) ((akm) == RSN_AKM_NONE || \
173 			(akm) == RSN_AKM_UNSPECIFIED || \
174 			(akm) == RSN_AKM_PSK || \
175 			(akm) == RSN_AKM_FBT_1X || \
176 			(akm) == RSN_AKM_FBT_PSK || \
177 			(akm) == RSN_AKM_MFP_1X || \
178 			(akm) == RSN_AKM_MFP_PSK || \
179 			(akm) == RSN_AKM_SHA256_1X || \
180 			(akm) == RSN_AKM_SHA256_PSK || \
181 			(akm) == RSN_AKM_TPK || \
182 			(akm) == RSN_AKM_SAE_PSK || \
183 			(akm) == RSN_AKM_SAE_FBT || \
184 			(akm) == RSN_AKM_FILS_SHA256 || \
185 			(akm) == RSN_AKM_FILS_SHA384 || \
186 			(akm) == RSN_AKM_OWE || \
187 			(akm) == RSN_AKM_SUITEB_SHA256_1X || \
188 			(akm) == RSN_AKM_SUITEB_SHA384_1X)
189 
190 #define IS_VALID_BIP_CIPHER(cipher) ((cipher) == WPA_CIPHER_BIP || \
191 					(cipher) == WPA_CIPHER_BIP_GMAC_128 || \
192 					(cipher) == WPA_CIPHER_BIP_GMAC_256 || \
193 					(cipher) == WPA_CIPHER_BIP_CMAC_256)
194 
195 #define WPA_IS_FT_AKM(akm)	((akm) == RSN_AKM_FBT_SHA256 || \
196 			(akm) == RSN_AKM_FBT_SHA384)
197 
198 #define WPA_IS_FILS_AKM(akm)	((akm) == RSN_AKM_FILS_SHA256 || \
199 			(akm) == RSN_AKM_FILS_SHA384)
200 
201 #define WPA_IS_FILS_FT_AKM(akm)	((akm) == RSN_AKM_FBT_SHA256_FILS || \
202 			(akm) == RSN_AKM_FBT_SHA384_FILS)
203 
204 /* WPA TKIP countermeasures parameters */
205 #define WPA_TKIP_CM_DETECT	60	/* multiple MIC failure window (seconds) */
206 #define WPA_TKIP_CM_BLOCK	60	/* countermeasures active window (seconds) */
207 
208 /* RSN IE defines */
209 #define RSN_CAP_LEN		2	/* Length of RSN capabilities field (2 octets) */
210 
211 /* RSN Capabilities defined in 802.11i */
212 #define RSN_CAP_PREAUTH			0x0001
213 #define RSN_CAP_NOPAIRWISE		0x0002
214 #define RSN_CAP_PTK_REPLAY_CNTR_MASK	0x000C
215 #define RSN_CAP_PTK_REPLAY_CNTR_SHIFT	2
216 #define RSN_CAP_GTK_REPLAY_CNTR_MASK	0x0030
217 #define RSN_CAP_GTK_REPLAY_CNTR_SHIFT	4
218 #define RSN_CAP_1_REPLAY_CNTR		0
219 #define RSN_CAP_2_REPLAY_CNTRS		1
220 #define RSN_CAP_4_REPLAY_CNTRS		2
221 #define RSN_CAP_16_REPLAY_CNTRS		3
222 #define RSN_CAP_MFPR			0x0040
223 #define RSN_CAP_MFPC			0x0080
224 #define RSN_CAP_SPPC			0x0400
225 #define RSN_CAP_SPPR			0x0800
226 #define RSN_CAP_OCVC			0x4000
227 
228 /* WPA capabilities defined in 802.11i */
229 #define WPA_CAP_4_REPLAY_CNTRS		RSN_CAP_4_REPLAY_CNTRS
230 #define WPA_CAP_16_REPLAY_CNTRS		RSN_CAP_16_REPLAY_CNTRS
231 #define WPA_CAP_REPLAY_CNTR_SHIFT	RSN_CAP_PTK_REPLAY_CNTR_SHIFT
232 #define WPA_CAP_REPLAY_CNTR_MASK	RSN_CAP_PTK_REPLAY_CNTR_MASK
233 
234 /* WPA capabilities defined in 802.11zD9.0 */
235 #define WPA_CAP_PEER_KEY_ENABLE		(0x1 << 1)	/* bit 9 */
236 
237 /* WPA Specific defines */
238 #define WPA_CAP_LEN	RSN_CAP_LEN	/* Length of RSN capabilities in RSN IE (2 octets) */
239 #define WPA_PMKID_CNT_LEN	2	/* Length of RSN PMKID count (2 octests) */
240 
241 #define	WPA_CAP_WPA2_PREAUTH		RSN_CAP_PREAUTH
242 
243 #define WPA2_PMKID_COUNT_LEN	2
244 
245 /* RSN dev type in rsn_info struct */
246 typedef enum {
247 	DEV_NONE = 0,
248 	DEV_STA = 1,
249 	DEV_AP = 2
250 } device_type_t;
251 
252 typedef uint32 rsn_akm_mask_t;			/* RSN_AKM_... see 802.11.h */
253 typedef uint8  rsn_cipher_t;			/* WPA_CIPHER_xxx */
254 typedef uint32 rsn_ciphers_t;			/* mask of rsn_cipher_t */
255 typedef uint8 rsn_akm_t;
256 typedef uint8 auth_ie_type_mask_t;
257 
258 /* Old location for this structure. Moved to bcmwpa.h */
259 #ifndef RSN_IE_INFO_STRUCT_RELOCATED
260 typedef struct rsn_ie_info {
261 	uint8 version;
262 	rsn_cipher_t g_cipher;
263 	uint8 p_count;
264 	uint8 akm_count;
265 	uint8 pmkid_count;
266 	rsn_akm_t sta_akm;			/* single STA akm */
267 	uint16 caps;
268 	rsn_ciphers_t p_ciphers;
269 	rsn_akm_mask_t akms;
270 	uint8 pmkids_offset;			/* offset into the IE */
271 	rsn_cipher_t g_mgmt_cipher;
272 	device_type_t dev_type;			/* AP or STA */
273 	rsn_cipher_t sta_cipher;		/* single STA cipher */
274 	uint16 key_desc;			/* key descriptor version as STA */
275 	int parse_status;
276 	uint16 mic_len;				/* unused. keep for ROM compatibility. */
277 	auth_ie_type_mask_t auth_ie_type;	/* bit field of WPA, WPA2 and (not yet) CCX WAPI */
278 	uint8 pmk_len;				/* EAPOL PMK */
279 	uint8 kck_mic_len;			/* EAPOL MIC (by KCK) */
280 	uint8 kck_len;				/* EAPOL KCK */
281 	uint8 kek_len;				/* EAPOL KEK */
282 	uint8 tk_len;				/* EAPOL TK */
283 	uint8 ptk_len;				/* EAPOL PTK */
284 	uint8 kck2_len;				/* EAPOL KCK2 */
285 	uint8 kek2_len;				/* EAPOL KEK2 */
286 } rsn_ie_info_t;
287 #endif /* RSN_IE_INFO_STRUCT_RELOCATED */
288 
289 #ifdef BCMWAPI_WAI
290 #define WAPI_CAP_PREAUTH		RSN_CAP_PREAUTH
291 
292 /* Other WAI definition */
293 #define WAPI_WAI_REQUEST		0x00F1
294 #define WAPI_UNICAST_REKEY		0x00F2
295 #define WAPI_STA_AGING			0x00F3
296 #define WAPI_MUTIL_REKEY		0x00F4
297 #define WAPI_STA_STATS			0x00F5
298 
299 #define WAPI_USK_REKEY_COUNT		0x4000000 /* 0xA00000 */
300 #define WAPI_MSK_REKEY_COUNT		0x4000000 /* 0xA00000 */
301 #endif /* BCMWAPI_WAI */
302 
303 /* This marks the end of a packed structure section. */
304 #include <packed_section_end.h>
305 
306 #endif /* _proto_wpa_h_ */
307