| /* |
| * bcmwpa.h - interface definitions of shared WPA-related functions |
| * |
| * Broadcom Proprietary and Confidential. Copyright (C) 2020, |
| * All Rights Reserved. |
| * |
| * This is UNPUBLISHED PROPRIETARY SOURCE CODE of Broadcom; |
| * the contents of this file may not be disclosed to third parties, |
| * copied or duplicated in any form, in whole or in part, without |
| * the prior written permission of Broadcom. |
| * |
| * |
| * <<Broadcom-WL-IPTag/Proprietary:>> |
| */ |
| |
| #ifndef _BCMWPA_H_ |
| #define _BCMWPA_H_ |
| #ifdef BCM_EXTERNAL_APP |
| typedef int osl_t; |
| #endif |
| #include <wpa.h> |
| #if defined(BCMSUP_PSK) || defined(BCMSUPPL) || \ |
| defined(MFP) || defined(BCMAUTH_PSK) || defined(WLFBT) || \ |
| defined(WL_OKC) || defined(GTKOE) || defined(WL_FILS) |
| #include <eapol.h> |
| #endif |
| #include <802.11.h> |
| #ifdef WLP2P |
| #include <p2p.h> |
| #endif |
| #include <rc4.h> |
| #include <bcmutils.h> |
| #include <wlioctl.h> |
| #include <sha2.h> |
| #ifdef WL_OCV |
| #include <bcm_ocv.h> |
| #endif /* WL_OCV */ |
| |
| /* Field sizes for WPA key hierarchy */ |
| #define WPA_TEMP_TX_KEY_LEN 8u |
| #define WPA_TEMP_RX_KEY_LEN 8u |
| |
| #define PMK_LEN 32u |
| #define TKIP_PTK_LEN 64u |
| #define TKIP_TK_LEN 32u |
| #define AES_PTK_LEN 48u |
| #define AES_TK_LEN 16u |
| #define AES_GCM_PTK_LEN 48u |
| #define AES_GCM_TK_LEN 16u |
| #define AES_GCM256_PTK_LEN 64u |
| #define AES_GCM256_TK_LEN 32u |
| |
| /* limits for pre-shared key lengths */ |
| #define WPA_MIN_PSK_LEN 8u |
| #define WPA_MAX_PSK_LEN 64u |
| |
| #define WPA_KEY_DATA_LEN_256 256u /* allocation size of 256 for temp data pointer. */ |
| #define WPA_KEY_DATA_LEN_128 128u /* allocation size of 128 for temp data pointer. */ |
| |
| /* Minimum length of WPA2 GTK encapsulation in EAPOL */ |
| #define EAPOL_WPA2_GTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \ |
| TLV_HDR_LEN + EAPOL_WPA2_KEY_GTK_ENCAP_HDR_LEN) |
| |
| /* Minimum length of WPA2 IGTK encapsulation in EAPOL */ |
| #define EAPOL_WPA2_IGTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \ |
| TLV_HDR_LEN + EAPOL_WPA2_KEY_IGTK_ENCAP_HDR_LEN) |
| |
| /* Minimum length of BIGTK encapsulation in EAPOL */ |
| #define EAPOL_WPA2_BIGTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \ |
| TLV_HDR_LEN + EAPOL_WPA2_KEY_BIGTK_ENCAP_HDR_LEN) |
| |
| #ifdef WL_OCV |
| /* Size of the OCI element */ |
| #define WPA_OCV_OCI_IE_SIZE \ |
| (bcm_ocv_get_oci_len() + BCM_TLV_EXT_HDR_SIZE) |
| |
| /* Size of the OCI KDE */ |
| #define WPA_OCV_OCI_KDE_SIZE \ |
| (bcm_ocv_get_oci_len() + EAPOL_WPA2_ENCAP_DATA_HDR_LEN) |
| |
| /* Size of the OCI subelement */ |
| #define WPA_OCV_OCI_SUBELEM_SIZE \ |
| (bcm_ocv_get_oci_len() + TLV_HDR_LEN) |
| |
| /* Minimum length of WPA2 OCI encapsulation in EAPOL */ |
| #define EAPOL_WPA2_OCI_ENCAP_MIN_LEN \ |
| (WPA_OCV_OCI_KDE_SIZE - TLV_HDR_LEN) |
| #endif /* WL_OCV */ |
| |
| #ifdef WLFIPS |
| #define WLC_SW_KEYS(wlc, bsscfg) ((((wlc)->wsec_swkeys) || \ |
| ((bsscfg)->wsec & (WSEC_SWFLAG | FIPS_ENABLED)))) |
| #else |
| #define WLC_SW_KEYS(wlc, bsscfg) ((((wlc)->wsec_swkeys) || \ |
| ((bsscfg)->wsec & WSEC_SWFLAG))) |
| #endif /* WLFIPS */ |
| |
| /* This doesn't really belong here, but neither does WSEC_CKIP* */ |
| /* per-packet encryption exemption policy */ |
| /* no exemption...follow whatever standard rules apply */ |
| #define WSEC_EXEMPT_NO 0 |
| /* send unencrypted */ |
| #define WSEC_EXEMPT_ALWAYS 1 |
| /* send unencrypted if no pairwise key */ |
| #define WSEC_EXEMPT_NO_PAIRWISE 2 |
| |
| #define WPA_CIPHER_UNSPECIFIED 0xff |
| #define WPA_P_CIPHERS_UNSPECIFIED 0x80000000 |
| |
| #ifdef RSN_IE_INFO_STRUCT_RELOCATED |
| #define WPA_AKMS_UNSPECIFIED 0x80000000 |
| #else |
| #define WPA_AKMS_UNSPECIFIED 0 |
| #endif |
| |
| #ifdef BCMWAPI_WAI |
| #define IS_WAPI_AUTH(auth) ((auth) == WAPI_AUTH_UNSPECIFIED || \ |
| (auth) == WAPI_AUTH_PSK) |
| #define INCLUDES_WAPI_AUTH(auth) \ |
| ((auth) & (WAPI_AUTH_UNSPECIFIED | \ |
| WAPI_AUTH_PSK)) |
| #endif /* BCMWAPI_WAI */ |
| |
| #define IS_WPA_AKM(akm) ((akm) == RSN_AKM_NONE || \ |
| (akm) == RSN_AKM_UNSPECIFIED || \ |
| (akm) == RSN_AKM_PSK) |
| |
| #define IS_WPA2_AKM(akm) ((akm) == RSN_AKM_UNSPECIFIED || \ |
| (akm) == RSN_AKM_PSK || \ |
| (akm) == RSN_AKM_FILS_SHA256 || \ |
| (akm) == RSN_AKM_FILS_SHA384) |
| |
| /* this doesn't mean much. A WPA (not RSN) akm type would match this */ |
| #define RSN_AKM_MASK (\ |
| BCM_BIT(RSN_AKM_UNSPECIFIED) | \ |
| BCM_BIT(RSN_AKM_PSK) | \ |
| BCM_BIT(RSN_AKM_SAE_PSK) | \ |
| BCM_BIT(RSN_AKM_FILS_SHA256) | \ |
| BCM_BIT(RSN_AKM_FILS_SHA384) | \ |
| BCM_BIT(RSN_AKM_OWE) | \ |
| BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_SUITEB_SHA384_1X)) |
| |
| /* verify less than 32 before shifting bits */ |
| #define VALID_AKM_BIT(akm) ((akm) < 32u ? BCM_BIT((akm)) : 0u) |
| |
| #define IS_RSN_AKM(akm) (VALID_AKM_BIT((akm)) & RSN_AKM_MASK) |
| |
| #define FBT_AKM_MASK (BCM_BIT(RSN_AKM_FBT_1X) | \ |
| BCM_BIT(RSN_AKM_FBT_PSK) | \ |
| BCM_BIT(RSN_AKM_SAE_FBT) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA384_PSK)) |
| |
| #define IS_FBT_AKM(akm) (VALID_AKM_BIT((akm)) & FBT_AKM_MASK) |
| |
| #define FILS_AKM_MASK (\ |
| BCM_BIT(RSN_AKM_FILS_SHA256) | \ |
| BCM_BIT(RSN_AKM_FILS_SHA384)) |
| |
| #define IS_FILS_AKM(akm) (VALID_AKM_BIT((akm)) & FILS_AKM_MASK) |
| |
| #define MFP_AKM_MASK (\ |
| BCM_BIT(RSN_AKM_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_SHA256_PSK)) |
| |
| #define IS_MFP_AKM(akm) (MFP_AKM_MASK & VALID_AKM_BIT((akm))) |
| |
| #ifdef BCMWAPI_WAI |
| #define IS_WAPI_AKM(akm) ((akm) == RSN_AKM_NONE || \ |
| (akm) == RSN_AKM_UNSPECIFIED || \ |
| (akm) == RSN_AKM_PSK) |
| #endif /* BCMWAPI_WAI */ |
| |
| #define IS_TDLS_AKM(akm) ((akm) == RSN_AKM_TPK) |
| |
| /* Broadcom(OUI) authenticated key managment suite */ |
| #define BRCM_AKM_NONE 0 |
| #define BRCM_AKM_PSK 1u /* Proprietary PSK AKM */ |
| |
| #define IS_BRCM_AKM(akm) ((akm) == BRCM_AKM_PSK) |
| |
| #define ONE_X_AKM_MASK (BCM_BIT(RSN_AKM_FBT_1X) | \ |
| BCM_BIT(RSN_AKM_MFP_1X) | \ |
| BCM_BIT(RSN_AKM_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \ |
| BCM_BIT(RSN_AKM_UNSPECIFIED)) |
| |
| #define IS_1X_AKM(akm) (VALID_AKM_BIT((akm)) & ONE_X_AKM_MASK) |
| |
| #define SUITEB_AKM_MASK (BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_SUITEB_SHA384_1X)) |
| #define IS_1X_SUITEB_AKM(akm) (VALID_AKM_BIT((akm)) & SUITEB_AKM_MASK) |
| |
| #define SAE_AKM_MASK (BCM_BIT(RSN_AKM_SAE_PSK) | BCM_BIT(RSN_AKM_SAE_FBT)) |
| #define IS_SAE_AKM(akm) (VALID_AKM_BIT((akm)) & SAE_AKM_MASK) |
| |
| #define SHA256_AKM_MASK (BCM_BIT(RSN_AKM_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_SHA256_PSK) | \ |
| BCM_BIT(RSN_AKM_SAE_PSK) | \ |
| BCM_BIT(RSN_AKM_SAE_FBT) | \ |
| BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_FILS_SHA256) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \ |
| BCM_BIT(RSN_AKM_OWE)) |
| #define IS_SHA256_AKM(akm) (VALID_AKM_BIT((akm)) & SHA256_AKM_MASK) |
| |
| #define SHA384_AKM_MASK (BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \ |
| BCM_BIT(RSN_AKM_FILS_SHA384) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \ |
| BCM_BIT(RSN_AKM_PSK_SHA384)) |
| #define IS_SHA384_AKM(akm) (VALID_AKM_BIT((akm)) & SHA384_AKM_MASK) |
| |
| #define OPEN_AUTH_AKM_MASK (\ |
| BCM_BIT(RSN_AKM_UNSPECIFIED) | \ |
| BCM_BIT(RSN_AKM_PSK) | \ |
| BCM_BIT(RSN_AKM_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_SHA256_PSK) | \ |
| BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \ |
| BCM_BIT(RSN_AKM_PSK_SHA384)) |
| #define IS_OPEN_AUTH_AKM(akm) (VALID_AKM_BIT((akm)) & OPEN_AUTH_AKM_MASK) |
| |
| typedef enum akm_type { |
| WPA_AUTH_IE = 0x01, |
| RSN_AUTH_IE = 0x02, |
| OSEN_AUTH_IE = 0x04 |
| } akm_type_t; |
| |
| #define MAX_ARRAY 1 |
| #define MIN_ARRAY 0 |
| |
| #define WPS_ATID_SEL_REGISTRAR 0x1041 |
| |
| /* move these to appropriate file(s) */ |
| #define WPS_IE_FIXED_LEN 6 |
| |
| /* GTK indices we use - 0-3 valid per IEEE/802.11 2012 */ |
| #define GTK_INDEX_1 1 |
| #define GTK_INDEX_2 2 |
| |
| /* IGTK indices we use - 4-5 are valid per IEEE 802.11 2012 */ |
| #define IGTK_INDEX_1 4 |
| #define IGTK_INDEX_2 5 |
| |
| /* following needed for compatibility for router code because it automerges */ |
| #define IGTK_ID_TO_WSEC_INDEX(_id) (_id) |
| #define WPA_AES_CMAC_CALC aes_cmac_calc |
| |
| #define IS_IGTK_INDEX(x) ((x) == IGTK_INDEX_1 || (x) == IGTK_INDEX_2) |
| |
| #ifdef RSN_IE_INFO_STRUCT_RELOCATED |
| typedef struct rsn_ie_info { |
| uint8 version; |
| int parse_status; |
| device_type_t dev_type; /* AP or STA */ |
| auth_ie_type_mask_t auth_ie_type; /* bit field of WPA, WPA2 and (not yet) WAPI */ |
| rsn_cipher_t g_cipher; |
| rsn_akm_t sta_akm; /* single STA akm */ |
| uint16 caps; |
| rsn_ciphers_t rsn_p_ciphers; |
| rsn_ciphers_t wpa_p_ciphers; |
| rsn_akm_mask_t rsn_akms; |
| rsn_akm_mask_t wpa_akms; |
| uint8 pmkid_count; |
| uint8 pmkids_offset; /* offset into the IE */ |
| rsn_cipher_t g_mgmt_cipher; |
| rsn_cipher_t sta_cipher; /* single STA cipher */ |
| uint16 key_desc; /* key descriptor version as STA */ |
| uint16 mic_len; /* unused. keep for ROM compatibility. */ |
| uint8 pmk_len; /* EAPOL PMK */ |
| uint8 kck_mic_len; /* EAPOL MIC (by KCK) */ |
| uint8 kck_len; /* EAPOL KCK */ |
| uint8 kek_len; /* EAPOL KEK */ |
| uint8 tk_len; /* EAPOL TK */ |
| uint8 ptk_len; /* EAPOL PTK */ |
| uint8 kck2_len; /* EAPOL KCK2 */ |
| uint8 kek2_len; /* EAPOL KEK2 */ |
| uint8* rsn_ie; /* RSN IE from beacon or assoc request */ |
| uint16 rsn_ie_len; /* RSN IE length */ |
| uint8* wpa_ie; /* WPA IE */ |
| uint16 wpa_ie_len; /* WPA IE length (is it fixed ? */ |
| /* the following are helpers in the AP rsn info to be filled in by the STA |
| * after determination of which IE is being used.in wsec_filter. |
| */ |
| uint32 p_ciphers; /* current ciphers for the chosen auth IE */ |
| uint32 akms; /* current ciphers for the chosen auth IE */ |
| uint8 *auth_ie; /* pointer to current chosen auth IE */ |
| uint16 auth_ie_len; |
| uint8 ref_count; /* external reference count to decide if structure must be freed */ |
| uint8 rsnxe_len; /* RSNXE IE length */ |
| uint8 PAD[3]; |
| uint8* rsnxe; /* RSNXE IE TLV buffer */ |
| uint32 rsnxe_cap; /* RSNXE IE cap flag, refer to 802.11.h */ |
| } rsn_ie_info_t; |
| #endif /* RSN_IE_INFO_STRUCT_RELOCATED */ |
| |
| /* WiFi WPS Attribute fixed portion */ |
| typedef struct wps_at_fixed { |
| uint8 at[2]; |
| uint8 len[2]; |
| uint8 data[1]; |
| } wps_at_fixed_t; |
| |
| typedef const struct oui_akm_wpa_tbl { |
| const char *oui; /* WPA auth category */ |
| uint16 rsn_akm; |
| uint32 wpa_auth; |
| } oui_akm_wpa_tbl_t; |
| |
| #define WPS_AT_FIXED_LEN 4 |
| |
| #define wps_ie_fixed_t wpa_ie_fixed_t |
| |
| /* What should be the multicast mask for AES ? */ |
| #define WPA_UNICAST_AES_MASK (\ |
| BCM_BIT(WPA_CIPHER_AES_CCM) | \ |
| BCM_BIT(WPA_CIPHER_AES_GCM) | \ |
| BCM_BIT(WPA_CIPHER_AES_GCM256)) |
| |
| #define WPA_CIPHER_WEP_MASK (\ |
| BCM_BIT(WPA_CIPHER_WEP_104) | \ |
| BCM_BIT(WPA_CIPHER_WEP_40)) |
| |
| /* temporary to pass pre-commit */ |
| #ifdef TMP_USE_RSN_INFO |
| /* wsec macros */ |
| #ifdef EXT_STA |
| #define UCAST_NONE(rsn_info) (((rsn_info)->p_ciphers == (1 << WPA_CIPHER_NONE)) && \ |
| (!WLEXTSTA_ENAB(wlc->pub) || wlc->use_group_enabled)) |
| #else |
| #define UCAST_NONE(rsn_info) (rsn_info->p_ciphers == (1 << WPA_CIPHER_NONE)) |
| #endif /* EXT_STA */ |
| |
| #define UCAST_AES(rsn_info) (rsn_info->p_ciphers & WPA_UNICAST_AES_MASK) |
| #define UCAST_TKIP(rsn_info) (rsn_info->p_ciphers & (1 << WPA_CIPHER_TKIP)) |
| #define UCAST_WEP(rsn_info) (rsn_info->p_ciphers & WPA_CIPHER_WEP_MASK) |
| |
| #define MCAST_NONE(rsn_info) ((rsn_info)->g_cipher == WPA_CIPHER_NONE) |
| #define MCAST_AES(rsn_info) ((1 << rsn_info->g_cipher) & WPA_UNICAST_AES_MASK) |
| #define MCAST_TKIP(rsn_info) (rsn_info->g_cipher == WPA_CIPHER_TKIP) |
| #define MCAST_WEP(rsn_info) ((1 << rsn_info->g_cipher) & WPA_CIPHER_WEP_MASK) |
| |
| #endif /* TMP_USE_RSN_INFO */ |
| |
| #define AKM_SHA256_MASK (\ |
| BCM_BIT(RSN_AKM_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_SHA256_PSK) | \ |
| BCM_BIT(RSN_AKM_SAE_PSK) | \ |
| BCM_BIT(RSN_AKM_OWE) | \ |
| BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \ |
| BCM_BIT(RSN_AKM_FILS_SHA256) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \ |
| BCM_BIT(RSN_AKM_SAE_FBT)) |
| |
| #define AKM_SHA384_MASK (\ |
| BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \ |
| BCM_BIT(RSN_AKM_FILS_SHA384) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \ |
| BCM_BIT(RSN_AKM_FBT_SHA384_PSK) | \ |
| BCM_BIT(RSN_AKM_PSK_SHA384)) |
| |
| /* these AKMs require MFP capable set in their IE */ |
| #define RSN_MFPC_AKM_MASK (\ |
| BCM_BIT(RSN_AKM_SAE_PSK) | \ |
| BCM_BIT(RSN_AKM_OWE) | \ |
| BCM_BIT(RSN_AKM_SAE_FBT)) |
| |
| /* AKMs that supported by in-driver supplicant. |
| * TODO: have to redesign this to include 1x and other PSK AKMs. |
| */ |
| #define IS_BCMSUP_AKM(akm) \ |
| ((akm == RSN_AKM_PSK) | \ |
| (akm == RSN_AKM_SAE_PSK) | \ |
| (akm == RSN_AKM_OWE) | \ |
| (akm == RSN_AKM_FBT_PSK) | \ |
| (akm == RSN_AKM_SAE_FBT) | \ |
| (akm == RSN_AKM_FBT_SHA384_1X) | \ |
| (akm == RSN_AKM_FBT_SHA384_PSK)) |
| |
| /* AKMs use common PSK which identified by broadcast addr */ |
| #define IS_SHARED_PMK_AKM(akm) \ |
| ((akm == RSN_AKM_PSK) | \ |
| (akm == RSN_AKM_FBT_PSK) | \ |
| (akm == RSN_AKM_SHA256_PSK) | \ |
| (akm == RSN_AKM_FBT_SHA384_PSK) | \ |
| (akm == RSN_AKM_PSK_SHA384)) |
| |
| #define RSN_AKM_USE_KDF(akm) (akm >= RSN_AKM_FBT_1X ? 1u : 0) |
| |
| /* Macro to abstract access to the rsn_ie_info strucuture in case |
| * we want to move it to a cubby or something else. |
| * Gives the rsn_info pointer |
| */ |
| |
| #define RSN_INFO_GET(s) (s->rsn_info) |
| /* where the rsn_info resides */ |
| #define RSN_INFO_GET_PTR(s) (&s->rsn_info) |
| |
| #define AUTH_AKM_INCLUDED(s) (s->rsn_info != NULL && s->rsn_info->parse_status == BCME_OK && \ |
| s->rsn_info->akms != WPA_AKMS_UNSPECIFIED) |
| |
| #define AKM_IS_MEMBER(akm, mask) ((mask) & VALID_AKM_BIT((akm)) || ((akm) == 0 && (mask) == 0)) |
| |
| typedef enum eapol_key_type { |
| EAPOL_KEY_NONE = 0, |
| EAPOL_KEY_PMK = 1, |
| EAPOL_KEY_KCK_MIC = 2, |
| EAPOL_KEY_KEK = 3, |
| EAPOL_KEY_TK = 4, |
| EAPOL_KEY_PTK = 5, |
| EAPOL_KEY_KCK = 6, |
| EAPOL_KEY_KCK2 = 7, |
| EAPOL_KEY_KEK2 = 8 |
| } eapol_key_type_t; |
| |
| /* Return address of max or min array depending first argument. |
| * Return NULL in case of a draw. |
| */ |
| extern const uint8 *wpa_array_cmp(int max_array, const uint8 *x, const uint8 *y, uint len); |
| |
| /* Increment the array argument */ |
| extern void wpa_incr_array(uint8 *array, uint len); |
| |
| /* Convert WPA IE cipher suite to locally used value */ |
| extern bool wpa_cipher(wpa_suite_t *suite, ushort *cipher, bool wep_ok); |
| |
| /* Look for a WPA IE; return it's address if found, NULL otherwise */ |
| extern wpa_ie_fixed_t *bcm_find_wpaie(uint8 *parse, uint len); |
| extern bcm_tlv_t *bcm_find_wmeie(uint8 *parse, uint len, uint8 subtype, uint8 subtype_len); |
| /* Look for a WPS IE; return it's address if found, NULL otherwise */ |
| extern wps_ie_fixed_t *bcm_find_wpsie(const uint8 *parse, uint len); |
| extern wps_at_fixed_t *bcm_wps_find_at(wps_at_fixed_t *at, uint len, uint16 id); |
| int bcm_find_security_ies(uint8 *buf, uint buflen, void **wpa_ie, |
| void **rsn_ie); |
| |
| #ifdef WLP2P |
| /* Look for a WiFi P2P IE; return it's address if found, NULL otherwise */ |
| extern wifi_p2p_ie_t *bcm_find_p2pie(const uint8 *parse, uint len); |
| #endif |
| /* Look for a hotspot2.0 IE; return it's address if found, NULL otherwise */ |
| bcm_tlv_t *bcm_find_hs20ie(uint8 *parse, uint len); |
| /* Look for a OSEN IE; return it's address if found, NULL otherwise */ |
| bcm_tlv_t *bcm_find_osenie(uint8 *parse, uint len); |
| |
| /* Check whether the given IE has the specific OUI and the specific type. */ |
| extern bool bcm_has_ie(uint8 *ie, uint8 **tlvs, uint *tlvs_len, |
| const uint8 *oui, uint oui_len, uint8 type); |
| |
| /* Check whether pointed-to IE looks like WPA. */ |
| #define bcm_is_wpa_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \ |
| (const uint8 *)WPA_OUI, WPA_OUI_LEN, WPA_OUI_TYPE) |
| /* Check whether pointed-to IE looks like WPS. */ |
| #define bcm_is_wps_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \ |
| (const uint8 *)WPS_OUI, WPS_OUI_LEN, WPS_OUI_TYPE) |
| #ifdef WLP2P |
| /* Check whether the given IE looks like WFA P2P IE. */ |
| #define bcm_is_p2p_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \ |
| (const uint8 *)P2P_OUI, P2P_OUI_LEN, P2P_OUI_TYPE) |
| #endif |
| |
| /* Convert WPA2 IE cipher suite to locally used value */ |
| extern bool wpa2_cipher(wpa_suite_t *suite, ushort *cipher, bool wep_ok); |
| |
| #if defined(BCMSUP_PSK) || defined(BCMSUPPL) || defined(GTKOE) || defined(WL_FILS) |
| /* Look for an encapsulated GTK; return it's address if found, NULL otherwise */ |
| extern eapol_wpa2_encap_data_t *wpa_find_gtk_encap(uint8 *parse, uint len); |
| |
| /* Check whether pointed-to IE looks like an encapsulated GTK. */ |
| extern bool wpa_is_gtk_encap(uint8 *ie, uint8 **tlvs, uint *tlvs_len); |
| |
| /* Look for encapsulated key data; return it's address if found, NULL otherwise */ |
| extern eapol_wpa2_encap_data_t *wpa_find_kde(const uint8 *parse, uint len, uint8 type); |
| |
| /* Find kde data given eapol header. */ |
| extern int wpa_find_eapol_kde_data(eapol_header_t *eapol, uint8 eapol_mic_len, |
| uint8 subtype, eapol_wpa2_encap_data_t **out_data); |
| |
| /* Look for kde data in key data. */ |
| extern int wpa_find_kde_data(const uint8 *kde_buf, uint16 buf_len, |
| uint8 subtype, eapol_wpa2_encap_data_t **out_data); |
| |
| #ifdef WL_OCV |
| /* Check if both local and remote are OCV capable */ |
| extern bool wpa_check_ocv_caps(uint16 local_caps, uint16 peer_caps); |
| |
| /* Write OCI KDE into the buffer */ |
| extern int wpa_add_oci_encap(chanspec_t chspec, uint8* buf, uint buf_len); |
| |
| /* Validate OCI KDE */ |
| extern int wpa_validate_oci_encap(chanspec_t chspec, const uint8* buf, uint buf_len); |
| |
| /* Write OCI IE into the buffer */ |
| extern int wpa_add_oci_ie(chanspec_t chspec, uint8* buf, uint buf_len); |
| |
| /* Validate OCI IE */ |
| extern int wpa_validate_oci_ie(chanspec_t chspec, const uint8* buf, uint buf_len); |
| |
| /* Write OCI subelement into the FTE buffer */ |
| extern int wpa_add_oci_ft_subelem(chanspec_t chspec, uint8* buf, uint buf_len); |
| |
| /* Validate OCI FTE subelement */ |
| extern int wpa_validate_oci_ft_subelem(chanspec_t chspec, |
| const uint8* buf, uint buf_len); |
| #endif /* WL_OCV */ |
| #endif /* defined(BCMSUP_PSK) || defined(BCMSUPPL) || defined(GTKOE) || defined(WL_FILS) */ |
| |
| #if defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK)|| \ |
| defined(WL_OKC) || defined(GTKOE) |
| /* Calculate a pair-wise transient key */ |
| extern int wpa_calc_ptk(rsn_akm_t akm, const struct ether_addr *auth_ea, |
| const struct ether_addr *sta_ea, const uint8 *anonce, uint8 anonce_len, |
| const uint8* snonce, uint8 snonce_len, const uint8 *pmk, |
| uint pmk_len, uint8 *ptk, uint ptk_len); |
| |
| /* Compute Message Integrity Code (MIC) over EAPOL message */ |
| extern int wpa_make_mic(eapol_header_t *eapol, uint key_desc, uint8 *mic_key, |
| rsn_ie_info_t *rsn_info, uchar *mic, uint mic_len); |
| |
| /* Check MIC of EAPOL message */ |
| extern bool wpa_check_mic(eapol_header_t *eapol, |
| uint key_desc, uint8 *mic_key, rsn_ie_info_t *rsn_info); |
| |
| /* Calculate PMKID */ |
| extern void wpa_calc_pmkid(const struct ether_addr *auth_ea, |
| const struct ether_addr *sta_ea, const uint8 *pmk, uint pmk_len, uint8 *pmkid); |
| |
| /* Encrypt key data for a WPA key message */ |
| extern bool wpa_encr_key_data(eapol_wpa_key_header_t *body, uint16 key_info, |
| uint8 *ekey, uint8 *gtk, uint8 *data, uint8 *encrkey, rc4_ks_t *rc4key, |
| const rsn_ie_info_t *rsn_info); |
| |
| typedef uint8 wpa_rc4_ivkbuf_t[EAPOL_WPA_KEY_IV_LEN + EAPOL_WPA_ENCR_KEY_MAX_LEN]; |
| /* Decrypt key data from a WPA key message */ |
| extern int wpa_decr_key_data(eapol_wpa_key_header_t *body, uint16 key_info, |
| uint8 *ekey, wpa_rc4_ivkbuf_t ivk, rc4_ks_t *rc4key, const rsn_ie_info_t *rsn_info, |
| uint16 *dec_len); |
| #endif /* BCMSUP_PSK || WLFBT || BCMAUTH_PSK || defined(GTKOE) */ |
| |
| #if defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK)|| \ |
| defined(WL_OKC) || defined(GTKOE) || defined(WLHOSTFBT) |
| |
| /* Calculate PMKR0 for FT association */ |
| extern void wpa_calc_pmkR0(sha2_hash_type_t hash_type, const uint8 *ssid, uint ssid_len, |
| uint16 mdid, const uint8 *r0kh, uint r0kh_len, const struct ether_addr *sta_ea, |
| const uint8 *pmk, uint pmk_len, uint8 *pmkr0, uint8 *pmkr0name); |
| |
| /* Calculate PMKR1 for FT association */ |
| extern void wpa_calc_pmkR1(sha2_hash_type_t hash_type, const struct ether_addr *r1kh, |
| const struct ether_addr *sta_ea, const uint8 *pmk, uint pmk_len, |
| const uint8 *pmkr0name, uint8 *pmkr1, uint8 *pmkr1name); |
| |
| /* Calculate PTK for FT association */ |
| extern void wpa_calc_ft_ptk(sha2_hash_type_t hash_type, const struct ether_addr *bssid, |
| const struct ether_addr *sta_ea, const uint8 *anonce, const uint8* snonce, |
| const uint8 *pmk, uint pmk_len, uint8 *ptk, uint ptk_len); |
| |
| extern void wpa_derive_pmkR1_name(sha2_hash_type_t hash_type, struct ether_addr *r1kh, |
| struct ether_addr *sta_ea, uint8 *pmkr0name, uint8 *pmkr1name); |
| |
| #endif /* defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK) || |
| * defined(WL_OKC) || defined(WLTDLS) || defined(GTKOE) || defined(WLHOSTFBT) |
| */ |
| |
| #if defined(BCMSUP_PSK) || defined(BCMSUPPL) |
| |
| /* Translate RSNE group mgmt cipher to CRYPTO_ALGO_XXX */ |
| extern uint8 bcmwpa_find_group_mgmt_algo(rsn_cipher_t g_mgmt_cipher); |
| |
| #endif /* BCMSUP_PSK || BCMSUPPL */ |
| |
| extern bool bcmwpa_akm2WPAauth(uint8 *akm, uint32 *auth, bool sta_iswpa); |
| |
| extern bool bcmwpa_cipher2wsec(uint8 *cipher, uint32 *wsec); |
| |
| #ifdef RSN_IE_INFO_STRUCT_RELOCATED |
| extern uint32 bcmwpa_wpaciphers2wsec(uint32 unicast); |
| extern int bcmwpa_decode_ie_type(const bcm_tlv_t *ie, rsn_ie_info_t *info, |
| uint32 *remaining, uint8 *type); |
| |
| /* to be removed after merge to NEWT (changed into bcmwpa_rsn_ie_info_reset) */ |
| void rsn_ie_info_reset(rsn_ie_info_t *rsn_info, osl_t *osh); |
| uint32 wlc_convert_rsn_to_wsec_bitmap(uint32 ap_cipher_mask); |
| #else |
| uint32 bcmwpa_wpaciphers2wsec(uint8 wpacipher); |
| int bcmwpa_decode_ie_type(const bcm_tlv_t *ie, rsn_ie_info_t *info, uint32 *remaining); |
| #endif /* RSN_IE_INFO_STRUCT_RELOCATED */ |
| |
| extern int bcmwpa_parse_rsnie(const bcm_tlv_t *ie, rsn_ie_info_t *info, device_type_t dev_type); |
| |
| /* Calculate PMKID */ |
| extern void kdf_calc_pmkid(const struct ether_addr *auth_ea, |
| const struct ether_addr *sta_ea, const uint8 *key, uint key_len, uint8 *pmkid, |
| rsn_ie_info_t *rsn_info); |
| |
| extern void kdf_calc_ptk(const struct ether_addr *auth_ea, const struct ether_addr *sta_ea, |
| const uint8 *anonce, const uint8 *snonce, const uint8 *pmk, uint pmk_len, |
| uint8 *ptk, uint ptk_len); |
| |
| #ifdef WLTDLS |
| /* Calculate TPK for TDLS association */ |
| extern void wpa_calc_tpk(const struct ether_addr *init_ea, |
| const struct ether_addr *resp_ea, const struct ether_addr *bssid, |
| const uint8 *anonce, const uint8* snonce, uint8 *tpk, uint tpk_len); |
| #endif |
| extern bool bcmwpa_is_wpa_auth(uint32 wpa_auth); |
| extern bool bcmwpa_includes_wpa_auth(uint32 wpa_auth); |
| extern bool bcmwpa_is_rsn_auth(uint32 wpa_auth); |
| extern bool bcmwpa_includes_rsn_auth(uint32 wpa_auth); |
| extern int bcmwpa_get_algo_key_len(uint8 algo, uint16 *key_len); |
| |
| /* macro to pass precommit on ndis builds */ |
| #define bcmwpa_is_wpa2_auth(wpa_auth) bcmwpa_is_rsn_auth(wpa_auth) |
| extern uint8 bcmwpa_eapol_key_length(eapol_key_type_t key, rsn_akm_t akm, rsn_cipher_t cipher); |
| |
| /* rsn info allocation utilities. */ |
| void bcmwpa_rsn_ie_info_reset(rsn_ie_info_t *rsn_info, osl_t *osh); |
| void bcmwpa_rsn_ie_info_rel_ref(rsn_ie_info_t **rsn_info, osl_t *osh); |
| int bcmwpa_rsn_ie_info_add_ref(rsn_ie_info_t *rsn_info); |
| int bcmwpa_rsn_akm_cipher_match(rsn_ie_info_t *rsn_info); |
| int bcmwpa_rsnie_eapol_key_len(rsn_ie_info_t *info); |
| #if defined(WL_BAND6G) |
| /* Return TRUE if any of the akm in akms_bmp is invalid in 6Ghz */ |
| bool bcmwpa_is_invalid_6g_akm(const rsn_akm_mask_t akms_bmp); |
| /* Return TRUE if any of the cipher in ciphers_bmp is invalid in 6Ghz */ |
| bool bcmwpa_is_invalid_6g_cipher(const rsn_ciphers_t ciphers_bmp); |
| #endif /* WL_BAND6G */ |
| #endif /* _BCMWPA_H_ */ |