Google Git
Sign in
nest-open-source / manifest_repos / dhd-driver / refs/heads/main / . / bcmdhd.101.10.361.x / include / bcmwpa.h
blob: 45d4a9fe4423bd23ef595f64341af1aa329b4a44 [file] [log] [blame]
/*
* bcmwpa.h - interface definitions of shared WPA-related functions
*
* Broadcom Proprietary and Confidential. Copyright (C) 2020,
* All Rights Reserved.
*
* This is UNPUBLISHED PROPRIETARY SOURCE CODE of Broadcom;
* the contents of this file may not be disclosed to third parties,
* copied or duplicated in any form, in whole or in part, without
* the prior written permission of Broadcom.
*
*
* <<Broadcom-WL-IPTag/Proprietary:>>
*/
#ifndef _BCMWPA_H_
#define _BCMWPA_H_
#ifdef BCM_EXTERNAL_APP
typedef int osl_t;
#endif
#include <wpa.h>
#if defined(BCMSUP_PSK) || defined(BCMSUPPL) || \
defined(MFP) || defined(BCMAUTH_PSK) || defined(WLFBT) || \
defined(WL_OKC) || defined(GTKOE) || defined(WL_FILS)
#include <eapol.h>
#endif
#include <802.11.h>
#ifdef WLP2P
#include <p2p.h>
#endif
#include <rc4.h>
#include <bcmutils.h>
#include <wlioctl.h>
#include <sha2.h>
#ifdef WL_OCV
#include <bcm_ocv.h>
#endif /* WL_OCV */
/* Field sizes for WPA key hierarchy */
#define WPA_TEMP_TX_KEY_LEN 8u
#define WPA_TEMP_RX_KEY_LEN 8u
#define PMK_LEN 32u
#define TKIP_PTK_LEN 64u
#define TKIP_TK_LEN 32u
#define AES_PTK_LEN 48u
#define AES_TK_LEN 16u
#define AES_GCM_PTK_LEN 48u
#define AES_GCM_TK_LEN 16u
#define AES_GCM256_PTK_LEN 64u
#define AES_GCM256_TK_LEN 32u
/* limits for pre-shared key lengths */
#define WPA_MIN_PSK_LEN 8u
#define WPA_MAX_PSK_LEN 64u
#define WPA_KEY_DATA_LEN_256 256u /* allocation size of 256 for temp data pointer. */
#define WPA_KEY_DATA_LEN_128 128u /* allocation size of 128 for temp data pointer. */
/* Minimum length of WPA2 GTK encapsulation in EAPOL */
#define EAPOL_WPA2_GTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \
TLV_HDR_LEN + EAPOL_WPA2_KEY_GTK_ENCAP_HDR_LEN)
/* Minimum length of WPA2 IGTK encapsulation in EAPOL */
#define EAPOL_WPA2_IGTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \
TLV_HDR_LEN + EAPOL_WPA2_KEY_IGTK_ENCAP_HDR_LEN)
/* Minimum length of BIGTK encapsulation in EAPOL */
#define EAPOL_WPA2_BIGTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \
TLV_HDR_LEN + EAPOL_WPA2_KEY_BIGTK_ENCAP_HDR_LEN)
#ifdef WL_OCV
/* Size of the OCI element */
#define WPA_OCV_OCI_IE_SIZE \
(bcm_ocv_get_oci_len() + BCM_TLV_EXT_HDR_SIZE)
/* Size of the OCI KDE */
#define WPA_OCV_OCI_KDE_SIZE \
(bcm_ocv_get_oci_len() + EAPOL_WPA2_ENCAP_DATA_HDR_LEN)
/* Size of the OCI subelement */
#define WPA_OCV_OCI_SUBELEM_SIZE \
(bcm_ocv_get_oci_len() + TLV_HDR_LEN)
/* Minimum length of WPA2 OCI encapsulation in EAPOL */
#define EAPOL_WPA2_OCI_ENCAP_MIN_LEN \
(WPA_OCV_OCI_KDE_SIZE - TLV_HDR_LEN)
#endif /* WL_OCV */
#ifdef WLFIPS
#define WLC_SW_KEYS(wlc, bsscfg) ((((wlc)->wsec_swkeys) || \
((bsscfg)->wsec & (WSEC_SWFLAG | FIPS_ENABLED))))
#else
#define WLC_SW_KEYS(wlc, bsscfg) ((((wlc)->wsec_swkeys) || \
((bsscfg)->wsec & WSEC_SWFLAG)))
#endif /* WLFIPS */
/* This doesn't really belong here, but neither does WSEC_CKIP* */
/* per-packet encryption exemption policy */
/* no exemption...follow whatever standard rules apply */
#define WSEC_EXEMPT_NO 0
/* send unencrypted */
#define WSEC_EXEMPT_ALWAYS 1
/* send unencrypted if no pairwise key */
#define WSEC_EXEMPT_NO_PAIRWISE 2
#define WPA_CIPHER_UNSPECIFIED 0xff
#define WPA_P_CIPHERS_UNSPECIFIED 0x80000000
#ifdef RSN_IE_INFO_STRUCT_RELOCATED
#define WPA_AKMS_UNSPECIFIED 0x80000000
#else
#define WPA_AKMS_UNSPECIFIED 0
#endif
#ifdef BCMWAPI_WAI
#define IS_WAPI_AUTH(auth) ((auth) == WAPI_AUTH_UNSPECIFIED || \
(auth) == WAPI_AUTH_PSK)
#define INCLUDES_WAPI_AUTH(auth) \
((auth) & (WAPI_AUTH_UNSPECIFIED | \
WAPI_AUTH_PSK))
#endif /* BCMWAPI_WAI */
#define IS_WPA_AKM(akm) ((akm) == RSN_AKM_NONE || \
(akm) == RSN_AKM_UNSPECIFIED || \
(akm) == RSN_AKM_PSK)
#define IS_WPA2_AKM(akm) ((akm) == RSN_AKM_UNSPECIFIED || \
(akm) == RSN_AKM_PSK || \
(akm) == RSN_AKM_FILS_SHA256 || \
(akm) == RSN_AKM_FILS_SHA384)
/* this doesn't mean much. A WPA (not RSN) akm type would match this */
#define RSN_AKM_MASK (\
BCM_BIT(RSN_AKM_UNSPECIFIED) | \
BCM_BIT(RSN_AKM_PSK) | \
BCM_BIT(RSN_AKM_SAE_PSK) | \
BCM_BIT(RSN_AKM_FILS_SHA256) | \
BCM_BIT(RSN_AKM_FILS_SHA384) | \
BCM_BIT(RSN_AKM_OWE) | \
BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
BCM_BIT(RSN_AKM_SUITEB_SHA384_1X))
/* verify less than 32 before shifting bits */
#define VALID_AKM_BIT(akm) ((akm) < 32u ? BCM_BIT((akm)) : 0u)
#define IS_RSN_AKM(akm) (VALID_AKM_BIT((akm)) & RSN_AKM_MASK)
#define FBT_AKM_MASK (BCM_BIT(RSN_AKM_FBT_1X) | \
BCM_BIT(RSN_AKM_FBT_PSK) | \
BCM_BIT(RSN_AKM_SAE_FBT) | \
BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \
BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \
BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \
BCM_BIT(RSN_AKM_FBT_SHA384_PSK))
#define IS_FBT_AKM(akm) (VALID_AKM_BIT((akm)) & FBT_AKM_MASK)
#define FILS_AKM_MASK (\
BCM_BIT(RSN_AKM_FILS_SHA256) | \
BCM_BIT(RSN_AKM_FILS_SHA384))
#define IS_FILS_AKM(akm) (VALID_AKM_BIT((akm)) & FILS_AKM_MASK)
#define MFP_AKM_MASK (\
BCM_BIT(RSN_AKM_SHA256_1X) | \
BCM_BIT(RSN_AKM_SHA256_PSK))
#define IS_MFP_AKM(akm) (MFP_AKM_MASK & VALID_AKM_BIT((akm)))
#ifdef BCMWAPI_WAI
#define IS_WAPI_AKM(akm) ((akm) == RSN_AKM_NONE || \
(akm) == RSN_AKM_UNSPECIFIED || \
(akm) == RSN_AKM_PSK)
#endif /* BCMWAPI_WAI */
#define IS_TDLS_AKM(akm) ((akm) == RSN_AKM_TPK)
/* Broadcom(OUI) authenticated key managment suite */
#define BRCM_AKM_NONE 0
#define BRCM_AKM_PSK 1u /* Proprietary PSK AKM */
#define IS_BRCM_AKM(akm) ((akm) == BRCM_AKM_PSK)
#define ONE_X_AKM_MASK (BCM_BIT(RSN_AKM_FBT_1X) | \
BCM_BIT(RSN_AKM_MFP_1X) | \
BCM_BIT(RSN_AKM_SHA256_1X) | \
BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \
BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \
BCM_BIT(RSN_AKM_UNSPECIFIED))
#define IS_1X_AKM(akm) (VALID_AKM_BIT((akm)) & ONE_X_AKM_MASK)
#define SUITEB_AKM_MASK (BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
BCM_BIT(RSN_AKM_SUITEB_SHA384_1X))
#define IS_1X_SUITEB_AKM(akm) (VALID_AKM_BIT((akm)) & SUITEB_AKM_MASK)
#define SAE_AKM_MASK (BCM_BIT(RSN_AKM_SAE_PSK) | BCM_BIT(RSN_AKM_SAE_FBT))
#define IS_SAE_AKM(akm) (VALID_AKM_BIT((akm)) & SAE_AKM_MASK)
#define SHA256_AKM_MASK (BCM_BIT(RSN_AKM_SHA256_1X) | \
BCM_BIT(RSN_AKM_SHA256_PSK) | \
BCM_BIT(RSN_AKM_SAE_PSK) | \
BCM_BIT(RSN_AKM_SAE_FBT) | \
BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
BCM_BIT(RSN_AKM_FILS_SHA256) | \
BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \
BCM_BIT(RSN_AKM_OWE))
#define IS_SHA256_AKM(akm) (VALID_AKM_BIT((akm)) & SHA256_AKM_MASK)
#define SHA384_AKM_MASK (BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \
BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \
BCM_BIT(RSN_AKM_FILS_SHA384) | \
BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \
BCM_BIT(RSN_AKM_PSK_SHA384))
#define IS_SHA384_AKM(akm) (VALID_AKM_BIT((akm)) & SHA384_AKM_MASK)
#define OPEN_AUTH_AKM_MASK (\
BCM_BIT(RSN_AKM_UNSPECIFIED) | \
BCM_BIT(RSN_AKM_PSK) | \
BCM_BIT(RSN_AKM_SHA256_1X) | \
BCM_BIT(RSN_AKM_SHA256_PSK) | \
BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \
BCM_BIT(RSN_AKM_PSK_SHA384))
#define IS_OPEN_AUTH_AKM(akm) (VALID_AKM_BIT((akm)) & OPEN_AUTH_AKM_MASK)
typedef enum akm_type {
WPA_AUTH_IE = 0x01,
RSN_AUTH_IE = 0x02,
OSEN_AUTH_IE = 0x04
} akm_type_t;
#define MAX_ARRAY 1
#define MIN_ARRAY 0
#define WPS_ATID_SEL_REGISTRAR 0x1041
/* move these to appropriate file(s) */
#define WPS_IE_FIXED_LEN 6
/* GTK indices we use - 0-3 valid per IEEE/802.11 2012 */
#define GTK_INDEX_1 1
#define GTK_INDEX_2 2
/* IGTK indices we use - 4-5 are valid per IEEE 802.11 2012 */
#define IGTK_INDEX_1 4
#define IGTK_INDEX_2 5
/* following needed for compatibility for router code because it automerges */
#define IGTK_ID_TO_WSEC_INDEX(_id) (_id)
#define WPA_AES_CMAC_CALC aes_cmac_calc
#define IS_IGTK_INDEX(x) ((x) == IGTK_INDEX_1 || (x) == IGTK_INDEX_2)
#ifdef RSN_IE_INFO_STRUCT_RELOCATED
typedef struct rsn_ie_info {
uint8 version;
int parse_status;
device_type_t dev_type; /* AP or STA */
auth_ie_type_mask_t auth_ie_type; /* bit field of WPA, WPA2 and (not yet) WAPI */
rsn_cipher_t g_cipher;
rsn_akm_t sta_akm; /* single STA akm */
uint16 caps;
rsn_ciphers_t rsn_p_ciphers;
rsn_ciphers_t wpa_p_ciphers;
rsn_akm_mask_t rsn_akms;
rsn_akm_mask_t wpa_akms;
uint8 pmkid_count;
uint8 pmkids_offset; /* offset into the IE */
rsn_cipher_t g_mgmt_cipher;
rsn_cipher_t sta_cipher; /* single STA cipher */
uint16 key_desc; /* key descriptor version as STA */
uint16 mic_len; /* unused. keep for ROM compatibility. */
uint8 pmk_len; /* EAPOL PMK */
uint8 kck_mic_len; /* EAPOL MIC (by KCK) */
uint8 kck_len; /* EAPOL KCK */
uint8 kek_len; /* EAPOL KEK */
uint8 tk_len; /* EAPOL TK */
uint8 ptk_len; /* EAPOL PTK */
uint8 kck2_len; /* EAPOL KCK2 */
uint8 kek2_len; /* EAPOL KEK2 */
uint8* rsn_ie; /* RSN IE from beacon or assoc request */
uint16 rsn_ie_len; /* RSN IE length */
uint8* wpa_ie; /* WPA IE */
uint16 wpa_ie_len; /* WPA IE length (is it fixed ? */
/* the following are helpers in the AP rsn info to be filled in by the STA
* after determination of which IE is being used.in wsec_filter.
*/
uint32 p_ciphers; /* current ciphers for the chosen auth IE */
uint32 akms; /* current ciphers for the chosen auth IE */
uint8 *auth_ie; /* pointer to current chosen auth IE */
uint16 auth_ie_len;
uint8 ref_count; /* external reference count to decide if structure must be freed */
uint8 rsnxe_len; /* RSNXE IE length */
uint8 PAD[3];
uint8* rsnxe; /* RSNXE IE TLV buffer */
uint32 rsnxe_cap; /* RSNXE IE cap flag, refer to 802.11.h */
} rsn_ie_info_t;
#endif /* RSN_IE_INFO_STRUCT_RELOCATED */
/* WiFi WPS Attribute fixed portion */
typedef struct wps_at_fixed {
uint8 at[2];
uint8 len[2];
uint8 data[1];
} wps_at_fixed_t;
typedef const struct oui_akm_wpa_tbl {
const char *oui; /* WPA auth category */
uint16 rsn_akm;
uint32 wpa_auth;
} oui_akm_wpa_tbl_t;
#define WPS_AT_FIXED_LEN 4
#define wps_ie_fixed_t wpa_ie_fixed_t
/* What should be the multicast mask for AES ? */
#define WPA_UNICAST_AES_MASK (\
BCM_BIT(WPA_CIPHER_AES_CCM) | \
BCM_BIT(WPA_CIPHER_AES_GCM) | \
BCM_BIT(WPA_CIPHER_AES_GCM256))
#define WPA_CIPHER_WEP_MASK (\
BCM_BIT(WPA_CIPHER_WEP_104) | \
BCM_BIT(WPA_CIPHER_WEP_40))
/* temporary to pass pre-commit */
#ifdef TMP_USE_RSN_INFO
/* wsec macros */
#ifdef EXT_STA
#define UCAST_NONE(rsn_info) (((rsn_info)->p_ciphers == (1 << WPA_CIPHER_NONE)) && \
(!WLEXTSTA_ENAB(wlc->pub) || wlc->use_group_enabled))
#else
#define UCAST_NONE(rsn_info) (rsn_info->p_ciphers == (1 << WPA_CIPHER_NONE))
#endif /* EXT_STA */
#define UCAST_AES(rsn_info) (rsn_info->p_ciphers & WPA_UNICAST_AES_MASK)
#define UCAST_TKIP(rsn_info) (rsn_info->p_ciphers & (1 << WPA_CIPHER_TKIP))
#define UCAST_WEP(rsn_info) (rsn_info->p_ciphers & WPA_CIPHER_WEP_MASK)
#define MCAST_NONE(rsn_info) ((rsn_info)->g_cipher == WPA_CIPHER_NONE)
#define MCAST_AES(rsn_info) ((1 << rsn_info->g_cipher) & WPA_UNICAST_AES_MASK)
#define MCAST_TKIP(rsn_info) (rsn_info->g_cipher == WPA_CIPHER_TKIP)
#define MCAST_WEP(rsn_info) ((1 << rsn_info->g_cipher) & WPA_CIPHER_WEP_MASK)
#endif /* TMP_USE_RSN_INFO */
#define AKM_SHA256_MASK (\
BCM_BIT(RSN_AKM_SHA256_1X) | \
BCM_BIT(RSN_AKM_SHA256_PSK) | \
BCM_BIT(RSN_AKM_SAE_PSK) | \
BCM_BIT(RSN_AKM_OWE) | \
BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
BCM_BIT(RSN_AKM_FILS_SHA256) | \
BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \
BCM_BIT(RSN_AKM_SAE_FBT))
#define AKM_SHA384_MASK (\
BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \
BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \
BCM_BIT(RSN_AKM_FILS_SHA384) | \
BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \
BCM_BIT(RSN_AKM_FBT_SHA384_PSK) | \
BCM_BIT(RSN_AKM_PSK_SHA384))
/* these AKMs require MFP capable set in their IE */
#define RSN_MFPC_AKM_MASK (\
BCM_BIT(RSN_AKM_SAE_PSK) | \
BCM_BIT(RSN_AKM_OWE) | \
BCM_BIT(RSN_AKM_SAE_FBT))
/* AKMs that supported by in-driver supplicant.
* TODO: have to redesign this to include 1x and other PSK AKMs.
*/
#define IS_BCMSUP_AKM(akm) \
((akm == RSN_AKM_PSK) | \
(akm == RSN_AKM_SAE_PSK) | \
(akm == RSN_AKM_OWE) | \
(akm == RSN_AKM_FBT_PSK) | \
(akm == RSN_AKM_SAE_FBT) | \
(akm == RSN_AKM_FBT_SHA384_1X) | \
(akm == RSN_AKM_FBT_SHA384_PSK))
/* AKMs use common PSK which identified by broadcast addr */
#define IS_SHARED_PMK_AKM(akm) \
((akm == RSN_AKM_PSK) | \
(akm == RSN_AKM_FBT_PSK) | \
(akm == RSN_AKM_SHA256_PSK) | \
(akm == RSN_AKM_FBT_SHA384_PSK) | \
(akm == RSN_AKM_PSK_SHA384))
#define RSN_AKM_USE_KDF(akm) (akm >= RSN_AKM_FBT_1X ? 1u : 0)
/* Macro to abstract access to the rsn_ie_info strucuture in case
* we want to move it to a cubby or something else.
* Gives the rsn_info pointer
*/
#define RSN_INFO_GET(s) (s->rsn_info)
/* where the rsn_info resides */
#define RSN_INFO_GET_PTR(s) (&s->rsn_info)
#define AUTH_AKM_INCLUDED(s) (s->rsn_info != NULL && s->rsn_info->parse_status == BCME_OK && \
s->rsn_info->akms != WPA_AKMS_UNSPECIFIED)
#define AKM_IS_MEMBER(akm, mask) ((mask) & VALID_AKM_BIT((akm)) || ((akm) == 0 && (mask) == 0))
typedef enum eapol_key_type {
EAPOL_KEY_NONE = 0,
EAPOL_KEY_PMK = 1,
EAPOL_KEY_KCK_MIC = 2,
EAPOL_KEY_KEK = 3,
EAPOL_KEY_TK = 4,
EAPOL_KEY_PTK = 5,
EAPOL_KEY_KCK = 6,
EAPOL_KEY_KCK2 = 7,
EAPOL_KEY_KEK2 = 8
} eapol_key_type_t;
/* Return address of max or min array depending first argument.
* Return NULL in case of a draw.
*/
extern const uint8 *wpa_array_cmp(int max_array, const uint8 *x, const uint8 *y, uint len);
/* Increment the array argument */
extern void wpa_incr_array(uint8 *array, uint len);
/* Convert WPA IE cipher suite to locally used value */
extern bool wpa_cipher(wpa_suite_t *suite, ushort *cipher, bool wep_ok);
/* Look for a WPA IE; return it's address if found, NULL otherwise */
extern wpa_ie_fixed_t *bcm_find_wpaie(uint8 *parse, uint len);
extern bcm_tlv_t *bcm_find_wmeie(uint8 *parse, uint len, uint8 subtype, uint8 subtype_len);
/* Look for a WPS IE; return it's address if found, NULL otherwise */
extern wps_ie_fixed_t *bcm_find_wpsie(const uint8 *parse, uint len);
extern wps_at_fixed_t *bcm_wps_find_at(wps_at_fixed_t *at, uint len, uint16 id);
int bcm_find_security_ies(uint8 *buf, uint buflen, void **wpa_ie,
void **rsn_ie);
#ifdef WLP2P
/* Look for a WiFi P2P IE; return it's address if found, NULL otherwise */
extern wifi_p2p_ie_t *bcm_find_p2pie(const uint8 *parse, uint len);
#endif
/* Look for a hotspot2.0 IE; return it's address if found, NULL otherwise */
bcm_tlv_t *bcm_find_hs20ie(uint8 *parse, uint len);
/* Look for a OSEN IE; return it's address if found, NULL otherwise */
bcm_tlv_t *bcm_find_osenie(uint8 *parse, uint len);
/* Check whether the given IE has the specific OUI and the specific type. */
extern bool bcm_has_ie(uint8 *ie, uint8 **tlvs, uint *tlvs_len,
const uint8 *oui, uint oui_len, uint8 type);
/* Check whether pointed-to IE looks like WPA. */
#define bcm_is_wpa_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \
(const uint8 *)WPA_OUI, WPA_OUI_LEN, WPA_OUI_TYPE)
/* Check whether pointed-to IE looks like WPS. */
#define bcm_is_wps_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \
(const uint8 *)WPS_OUI, WPS_OUI_LEN, WPS_OUI_TYPE)
#ifdef WLP2P
/* Check whether the given IE looks like WFA P2P IE. */
#define bcm_is_p2p_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \
(const uint8 *)P2P_OUI, P2P_OUI_LEN, P2P_OUI_TYPE)
#endif
/* Convert WPA2 IE cipher suite to locally used value */
extern bool wpa2_cipher(wpa_suite_t *suite, ushort *cipher, bool wep_ok);
#if defined(BCMSUP_PSK) || defined(BCMSUPPL) || defined(GTKOE) || defined(WL_FILS)
/* Look for an encapsulated GTK; return it's address if found, NULL otherwise */
extern eapol_wpa2_encap_data_t *wpa_find_gtk_encap(uint8 *parse, uint len);
/* Check whether pointed-to IE looks like an encapsulated GTK. */
extern bool wpa_is_gtk_encap(uint8 *ie, uint8 **tlvs, uint *tlvs_len);
/* Look for encapsulated key data; return it's address if found, NULL otherwise */
extern eapol_wpa2_encap_data_t *wpa_find_kde(const uint8 *parse, uint len, uint8 type);
/* Find kde data given eapol header. */
extern int wpa_find_eapol_kde_data(eapol_header_t *eapol, uint8 eapol_mic_len,
uint8 subtype, eapol_wpa2_encap_data_t **out_data);
/* Look for kde data in key data. */
extern int wpa_find_kde_data(const uint8 *kde_buf, uint16 buf_len,
uint8 subtype, eapol_wpa2_encap_data_t **out_data);
#ifdef WL_OCV
/* Check if both local and remote are OCV capable */
extern bool wpa_check_ocv_caps(uint16 local_caps, uint16 peer_caps);
/* Write OCI KDE into the buffer */
extern int wpa_add_oci_encap(chanspec_t chspec, uint8* buf, uint buf_len);
/* Validate OCI KDE */
extern int wpa_validate_oci_encap(chanspec_t chspec, const uint8* buf, uint buf_len);
/* Write OCI IE into the buffer */
extern int wpa_add_oci_ie(chanspec_t chspec, uint8* buf, uint buf_len);
/* Validate OCI IE */
extern int wpa_validate_oci_ie(chanspec_t chspec, const uint8* buf, uint buf_len);
/* Write OCI subelement into the FTE buffer */
extern int wpa_add_oci_ft_subelem(chanspec_t chspec, uint8* buf, uint buf_len);
/* Validate OCI FTE subelement */
extern int wpa_validate_oci_ft_subelem(chanspec_t chspec,
const uint8* buf, uint buf_len);
#endif /* WL_OCV */
#endif /* defined(BCMSUP_PSK) || defined(BCMSUPPL) || defined(GTKOE) || defined(WL_FILS) */
#if defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK)|| \
defined(WL_OKC) || defined(GTKOE)
/* Calculate a pair-wise transient key */
extern int wpa_calc_ptk(rsn_akm_t akm, const struct ether_addr *auth_ea,
const struct ether_addr *sta_ea, const uint8 *anonce, uint8 anonce_len,
const uint8* snonce, uint8 snonce_len, const uint8 *pmk,
uint pmk_len, uint8 *ptk, uint ptk_len);
/* Compute Message Integrity Code (MIC) over EAPOL message */
extern int wpa_make_mic(eapol_header_t *eapol, uint key_desc, uint8 *mic_key,
rsn_ie_info_t *rsn_info, uchar *mic, uint mic_len);
/* Check MIC of EAPOL message */
extern bool wpa_check_mic(eapol_header_t *eapol,
uint key_desc, uint8 *mic_key, rsn_ie_info_t *rsn_info);
/* Calculate PMKID */
extern void wpa_calc_pmkid(const struct ether_addr *auth_ea,
const struct ether_addr *sta_ea, const uint8 *pmk, uint pmk_len, uint8 *pmkid);
/* Encrypt key data for a WPA key message */
extern bool wpa_encr_key_data(eapol_wpa_key_header_t *body, uint16 key_info,
uint8 *ekey, uint8 *gtk, uint8 *data, uint8 *encrkey, rc4_ks_t *rc4key,
const rsn_ie_info_t *rsn_info);
typedef uint8 wpa_rc4_ivkbuf_t[EAPOL_WPA_KEY_IV_LEN + EAPOL_WPA_ENCR_KEY_MAX_LEN];
/* Decrypt key data from a WPA key message */
extern int wpa_decr_key_data(eapol_wpa_key_header_t *body, uint16 key_info,
uint8 *ekey, wpa_rc4_ivkbuf_t ivk, rc4_ks_t *rc4key, const rsn_ie_info_t *rsn_info,
uint16 *dec_len);
#endif /* BCMSUP_PSK || WLFBT || BCMAUTH_PSK || defined(GTKOE) */
#if defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK)|| \
defined(WL_OKC) || defined(GTKOE) || defined(WLHOSTFBT)
/* Calculate PMKR0 for FT association */
extern void wpa_calc_pmkR0(sha2_hash_type_t hash_type, const uint8 *ssid, uint ssid_len,
uint16 mdid, const uint8 *r0kh, uint r0kh_len, const struct ether_addr *sta_ea,
const uint8 *pmk, uint pmk_len, uint8 *pmkr0, uint8 *pmkr0name);
/* Calculate PMKR1 for FT association */
extern void wpa_calc_pmkR1(sha2_hash_type_t hash_type, const struct ether_addr *r1kh,
const struct ether_addr *sta_ea, const uint8 *pmk, uint pmk_len,
const uint8 *pmkr0name, uint8 *pmkr1, uint8 *pmkr1name);
/* Calculate PTK for FT association */
extern void wpa_calc_ft_ptk(sha2_hash_type_t hash_type, const struct ether_addr *bssid,
const struct ether_addr *sta_ea, const uint8 *anonce, const uint8* snonce,
const uint8 *pmk, uint pmk_len, uint8 *ptk, uint ptk_len);
extern void wpa_derive_pmkR1_name(sha2_hash_type_t hash_type, struct ether_addr *r1kh,
struct ether_addr *sta_ea, uint8 *pmkr0name, uint8 *pmkr1name);
#endif /* defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK) ||
* defined(WL_OKC) || defined(WLTDLS) || defined(GTKOE) || defined(WLHOSTFBT)
*/
#if defined(BCMSUP_PSK) || defined(BCMSUPPL)
/* Translate RSNE group mgmt cipher to CRYPTO_ALGO_XXX */
extern uint8 bcmwpa_find_group_mgmt_algo(rsn_cipher_t g_mgmt_cipher);
#endif /* BCMSUP_PSK || BCMSUPPL */
extern bool bcmwpa_akm2WPAauth(uint8 *akm, uint32 *auth, bool sta_iswpa);
extern bool bcmwpa_cipher2wsec(uint8 *cipher, uint32 *wsec);
#ifdef RSN_IE_INFO_STRUCT_RELOCATED
extern uint32 bcmwpa_wpaciphers2wsec(uint32 unicast);
extern int bcmwpa_decode_ie_type(const bcm_tlv_t *ie, rsn_ie_info_t *info,
uint32 *remaining, uint8 *type);
/* to be removed after merge to NEWT (changed into bcmwpa_rsn_ie_info_reset) */
void rsn_ie_info_reset(rsn_ie_info_t *rsn_info, osl_t *osh);
uint32 wlc_convert_rsn_to_wsec_bitmap(uint32 ap_cipher_mask);
#else
uint32 bcmwpa_wpaciphers2wsec(uint8 wpacipher);
int bcmwpa_decode_ie_type(const bcm_tlv_t *ie, rsn_ie_info_t *info, uint32 *remaining);
#endif /* RSN_IE_INFO_STRUCT_RELOCATED */
extern int bcmwpa_parse_rsnie(const bcm_tlv_t *ie, rsn_ie_info_t *info, device_type_t dev_type);
/* Calculate PMKID */
extern void kdf_calc_pmkid(const struct ether_addr *auth_ea,
const struct ether_addr *sta_ea, const uint8 *key, uint key_len, uint8 *pmkid,
rsn_ie_info_t *rsn_info);
extern void kdf_calc_ptk(const struct ether_addr *auth_ea, const struct ether_addr *sta_ea,
const uint8 *anonce, const uint8 *snonce, const uint8 *pmk, uint pmk_len,
uint8 *ptk, uint ptk_len);
#ifdef WLTDLS
/* Calculate TPK for TDLS association */
extern void wpa_calc_tpk(const struct ether_addr *init_ea,
const struct ether_addr *resp_ea, const struct ether_addr *bssid,
const uint8 *anonce, const uint8* snonce, uint8 *tpk, uint tpk_len);
#endif
extern bool bcmwpa_is_wpa_auth(uint32 wpa_auth);
extern bool bcmwpa_includes_wpa_auth(uint32 wpa_auth);
extern bool bcmwpa_is_rsn_auth(uint32 wpa_auth);
extern bool bcmwpa_includes_rsn_auth(uint32 wpa_auth);
extern int bcmwpa_get_algo_key_len(uint8 algo, uint16 *key_len);
/* macro to pass precommit on ndis builds */
#define bcmwpa_is_wpa2_auth(wpa_auth) bcmwpa_is_rsn_auth(wpa_auth)
extern uint8 bcmwpa_eapol_key_length(eapol_key_type_t key, rsn_akm_t akm, rsn_cipher_t cipher);
/* rsn info allocation utilities. */
void bcmwpa_rsn_ie_info_reset(rsn_ie_info_t *rsn_info, osl_t *osh);
void bcmwpa_rsn_ie_info_rel_ref(rsn_ie_info_t **rsn_info, osl_t *osh);
int bcmwpa_rsn_ie_info_add_ref(rsn_ie_info_t *rsn_info);
int bcmwpa_rsn_akm_cipher_match(rsn_ie_info_t *rsn_info);
int bcmwpa_rsnie_eapol_key_len(rsn_ie_info_t *info);
#if defined(WL_BAND6G)
/* Return TRUE if any of the akm in akms_bmp is invalid in 6Ghz */
bool bcmwpa_is_invalid_6g_akm(const rsn_akm_mask_t akms_bmp);
/* Return TRUE if any of the cipher in ciphers_bmp is invalid in 6Ghz */
bool bcmwpa_is_invalid_6g_cipher(const rsn_ciphers_t ciphers_bmp);
#endif /* WL_BAND6G */
#endif /* _BCMWPA_H_ */