/*
|
* bcmwpa.h - interface definitions of shared WPA-related functions
|
*
|
* Broadcom Proprietary and Confidential. Copyright (C) 2020,
|
* All Rights Reserved.
|
*
|
* This is UNPUBLISHED PROPRIETARY SOURCE CODE of Broadcom;
|
* the contents of this file may not be disclosed to third parties,
|
* copied or duplicated in any form, in whole or in part, without
|
* the prior written permission of Broadcom.
|
*
|
*
|
* <<Broadcom-WL-IPTag/Proprietary:>>
|
*/
|
|
#ifndef _BCMWPA_H_
|
#define _BCMWPA_H_
|
#ifdef BCM_EXTERNAL_APP
|
typedef int osl_t;
|
#endif
|
#include <wpa.h>
|
#if defined(BCMSUP_PSK) || defined(BCMSUPPL) || \
|
defined(MFP) || defined(BCMAUTH_PSK) || defined(WLFBT) || \
|
defined(WL_OKC) || defined(GTKOE) || defined(WL_FILS)
|
#include <eapol.h>
|
#endif
|
#include <802.11.h>
|
#ifdef WLP2P
|
#include <p2p.h>
|
#endif
|
#include <rc4.h>
|
#include <bcmutils.h>
|
#include <wlioctl.h>
|
#include <sha2.h>
|
#ifdef WL_OCV
|
#include <bcm_ocv.h>
|
#endif /* WL_OCV */
|
|
/* Field sizes for WPA key hierarchy */
|
#define WPA_TEMP_TX_KEY_LEN 8u
|
#define WPA_TEMP_RX_KEY_LEN 8u
|
|
#define PMK_LEN 32u
|
#define TKIP_PTK_LEN 64u
|
#define TKIP_TK_LEN 32u
|
#define AES_PTK_LEN 48u
|
#define AES_TK_LEN 16u
|
#define AES_GCM_PTK_LEN 48u
|
#define AES_GCM_TK_LEN 16u
|
#define AES_GCM256_PTK_LEN 64u
|
#define AES_GCM256_TK_LEN 32u
|
|
/* limits for pre-shared key lengths */
|
#define WPA_MIN_PSK_LEN 8u
|
#define WPA_MAX_PSK_LEN 64u
|
|
#define WPA_KEY_DATA_LEN_256 256u /* allocation size of 256 for temp data pointer. */
|
#define WPA_KEY_DATA_LEN_128 128u /* allocation size of 128 for temp data pointer. */
|
|
/* Minimum length of WPA2 GTK encapsulation in EAPOL */
|
#define EAPOL_WPA2_GTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \
|
TLV_HDR_LEN + EAPOL_WPA2_KEY_GTK_ENCAP_HDR_LEN)
|
|
/* Minimum length of WPA2 IGTK encapsulation in EAPOL */
|
#define EAPOL_WPA2_IGTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \
|
TLV_HDR_LEN + EAPOL_WPA2_KEY_IGTK_ENCAP_HDR_LEN)
|
|
/* Minimum length of BIGTK encapsulation in EAPOL */
|
#define EAPOL_WPA2_BIGTK_ENCAP_MIN_LEN (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - \
|
TLV_HDR_LEN + EAPOL_WPA2_KEY_BIGTK_ENCAP_HDR_LEN)
|
|
#ifdef WL_OCV
|
/* Size of the OCI element */
|
#define WPA_OCV_OCI_IE_SIZE \
|
(bcm_ocv_get_oci_len() + BCM_TLV_EXT_HDR_SIZE)
|
|
/* Size of the OCI KDE */
|
#define WPA_OCV_OCI_KDE_SIZE \
|
(bcm_ocv_get_oci_len() + EAPOL_WPA2_ENCAP_DATA_HDR_LEN)
|
|
/* Size of the OCI subelement */
|
#define WPA_OCV_OCI_SUBELEM_SIZE \
|
(bcm_ocv_get_oci_len() + TLV_HDR_LEN)
|
|
/* Minimum length of WPA2 OCI encapsulation in EAPOL */
|
#define EAPOL_WPA2_OCI_ENCAP_MIN_LEN \
|
(WPA_OCV_OCI_KDE_SIZE - TLV_HDR_LEN)
|
#endif /* WL_OCV */
|
|
#ifdef WLFIPS
|
#define WLC_SW_KEYS(wlc, bsscfg) ((((wlc)->wsec_swkeys) || \
|
((bsscfg)->wsec & (WSEC_SWFLAG | FIPS_ENABLED))))
|
#else
|
#define WLC_SW_KEYS(wlc, bsscfg) ((((wlc)->wsec_swkeys) || \
|
((bsscfg)->wsec & WSEC_SWFLAG)))
|
#endif /* WLFIPS */
|
|
/* This doesn't really belong here, but neither does WSEC_CKIP* */
|
/* per-packet encryption exemption policy */
|
/* no exemption...follow whatever standard rules apply */
|
#define WSEC_EXEMPT_NO 0
|
/* send unencrypted */
|
#define WSEC_EXEMPT_ALWAYS 1
|
/* send unencrypted if no pairwise key */
|
#define WSEC_EXEMPT_NO_PAIRWISE 2
|
|
#define WPA_CIPHER_UNSPECIFIED 0xff
|
#define WPA_P_CIPHERS_UNSPECIFIED 0x80000000
|
|
#ifdef RSN_IE_INFO_STRUCT_RELOCATED
|
#define WPA_AKMS_UNSPECIFIED 0x80000000
|
#else
|
#define WPA_AKMS_UNSPECIFIED 0
|
#endif
|
|
#ifdef BCMWAPI_WAI
|
#define IS_WAPI_AUTH(auth) ((auth) == WAPI_AUTH_UNSPECIFIED || \
|
(auth) == WAPI_AUTH_PSK)
|
#define INCLUDES_WAPI_AUTH(auth) \
|
((auth) & (WAPI_AUTH_UNSPECIFIED | \
|
WAPI_AUTH_PSK))
|
#endif /* BCMWAPI_WAI */
|
|
#define IS_WPA_AKM(akm) ((akm) == RSN_AKM_NONE || \
|
(akm) == RSN_AKM_UNSPECIFIED || \
|
(akm) == RSN_AKM_PSK)
|
|
#define IS_WPA2_AKM(akm) ((akm) == RSN_AKM_UNSPECIFIED || \
|
(akm) == RSN_AKM_PSK || \
|
(akm) == RSN_AKM_FILS_SHA256 || \
|
(akm) == RSN_AKM_FILS_SHA384)
|
|
/* this doesn't mean much. A WPA (not RSN) akm type would match this */
|
#define RSN_AKM_MASK (\
|
BCM_BIT(RSN_AKM_UNSPECIFIED) | \
|
BCM_BIT(RSN_AKM_PSK) | \
|
BCM_BIT(RSN_AKM_SAE_PSK) | \
|
BCM_BIT(RSN_AKM_FILS_SHA256) | \
|
BCM_BIT(RSN_AKM_FILS_SHA384) | \
|
BCM_BIT(RSN_AKM_OWE) | \
|
BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_SUITEB_SHA384_1X))
|
|
/* verify less than 32 before shifting bits */
|
#define VALID_AKM_BIT(akm) ((akm) < 32u ? BCM_BIT((akm)) : 0u)
|
|
#define IS_RSN_AKM(akm) (VALID_AKM_BIT((akm)) & RSN_AKM_MASK)
|
|
#define FBT_AKM_MASK (BCM_BIT(RSN_AKM_FBT_1X) | \
|
BCM_BIT(RSN_AKM_FBT_PSK) | \
|
BCM_BIT(RSN_AKM_SAE_FBT) | \
|
BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \
|
BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \
|
BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \
|
BCM_BIT(RSN_AKM_FBT_SHA384_PSK))
|
|
#define IS_FBT_AKM(akm) (VALID_AKM_BIT((akm)) & FBT_AKM_MASK)
|
|
#define FILS_AKM_MASK (\
|
BCM_BIT(RSN_AKM_FILS_SHA256) | \
|
BCM_BIT(RSN_AKM_FILS_SHA384))
|
|
#define IS_FILS_AKM(akm) (VALID_AKM_BIT((akm)) & FILS_AKM_MASK)
|
|
#define MFP_AKM_MASK (\
|
BCM_BIT(RSN_AKM_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_SHA256_PSK))
|
|
#define IS_MFP_AKM(akm) (MFP_AKM_MASK & VALID_AKM_BIT((akm)))
|
|
#ifdef BCMWAPI_WAI
|
#define IS_WAPI_AKM(akm) ((akm) == RSN_AKM_NONE || \
|
(akm) == RSN_AKM_UNSPECIFIED || \
|
(akm) == RSN_AKM_PSK)
|
#endif /* BCMWAPI_WAI */
|
|
#define IS_TDLS_AKM(akm) ((akm) == RSN_AKM_TPK)
|
|
/* Broadcom(OUI) authenticated key managment suite */
|
#define BRCM_AKM_NONE 0
|
#define BRCM_AKM_PSK 1u /* Proprietary PSK AKM */
|
|
#define IS_BRCM_AKM(akm) ((akm) == BRCM_AKM_PSK)
|
|
#define ONE_X_AKM_MASK (BCM_BIT(RSN_AKM_FBT_1X) | \
|
BCM_BIT(RSN_AKM_MFP_1X) | \
|
BCM_BIT(RSN_AKM_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \
|
BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \
|
BCM_BIT(RSN_AKM_UNSPECIFIED))
|
|
#define IS_1X_AKM(akm) (VALID_AKM_BIT((akm)) & ONE_X_AKM_MASK)
|
|
#define SUITEB_AKM_MASK (BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_SUITEB_SHA384_1X))
|
#define IS_1X_SUITEB_AKM(akm) (VALID_AKM_BIT((akm)) & SUITEB_AKM_MASK)
|
|
#define SAE_AKM_MASK (BCM_BIT(RSN_AKM_SAE_PSK) | BCM_BIT(RSN_AKM_SAE_FBT))
|
#define IS_SAE_AKM(akm) (VALID_AKM_BIT((akm)) & SAE_AKM_MASK)
|
|
#define SHA256_AKM_MASK (BCM_BIT(RSN_AKM_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_SHA256_PSK) | \
|
BCM_BIT(RSN_AKM_SAE_PSK) | \
|
BCM_BIT(RSN_AKM_SAE_FBT) | \
|
BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_FILS_SHA256) | \
|
BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \
|
BCM_BIT(RSN_AKM_OWE))
|
#define IS_SHA256_AKM(akm) (VALID_AKM_BIT((akm)) & SHA256_AKM_MASK)
|
|
#define SHA384_AKM_MASK (BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \
|
BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \
|
BCM_BIT(RSN_AKM_FILS_SHA384) | \
|
BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \
|
BCM_BIT(RSN_AKM_PSK_SHA384))
|
#define IS_SHA384_AKM(akm) (VALID_AKM_BIT((akm)) & SHA384_AKM_MASK)
|
|
#define OPEN_AUTH_AKM_MASK (\
|
BCM_BIT(RSN_AKM_UNSPECIFIED) | \
|
BCM_BIT(RSN_AKM_PSK) | \
|
BCM_BIT(RSN_AKM_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_SHA256_PSK) | \
|
BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \
|
BCM_BIT(RSN_AKM_PSK_SHA384))
|
#define IS_OPEN_AUTH_AKM(akm) (VALID_AKM_BIT((akm)) & OPEN_AUTH_AKM_MASK)
|
|
typedef enum akm_type {
|
WPA_AUTH_IE = 0x01,
|
RSN_AUTH_IE = 0x02,
|
OSEN_AUTH_IE = 0x04
|
} akm_type_t;
|
|
#define MAX_ARRAY 1
|
#define MIN_ARRAY 0
|
|
#define WPS_ATID_SEL_REGISTRAR 0x1041
|
|
/* move these to appropriate file(s) */
|
#define WPS_IE_FIXED_LEN 6
|
|
/* GTK indices we use - 0-3 valid per IEEE/802.11 2012 */
|
#define GTK_INDEX_1 1
|
#define GTK_INDEX_2 2
|
|
/* IGTK indices we use - 4-5 are valid per IEEE 802.11 2012 */
|
#define IGTK_INDEX_1 4
|
#define IGTK_INDEX_2 5
|
|
/* following needed for compatibility for router code because it automerges */
|
#define IGTK_ID_TO_WSEC_INDEX(_id) (_id)
|
#define WPA_AES_CMAC_CALC aes_cmac_calc
|
|
#define IS_IGTK_INDEX(x) ((x) == IGTK_INDEX_1 || (x) == IGTK_INDEX_2)
|
|
#ifdef RSN_IE_INFO_STRUCT_RELOCATED
|
typedef struct rsn_ie_info {
|
uint8 version;
|
int parse_status;
|
device_type_t dev_type; /* AP or STA */
|
auth_ie_type_mask_t auth_ie_type; /* bit field of WPA, WPA2 and (not yet) WAPI */
|
rsn_cipher_t g_cipher;
|
rsn_akm_t sta_akm; /* single STA akm */
|
uint16 caps;
|
rsn_ciphers_t rsn_p_ciphers;
|
rsn_ciphers_t wpa_p_ciphers;
|
rsn_akm_mask_t rsn_akms;
|
rsn_akm_mask_t wpa_akms;
|
uint8 pmkid_count;
|
uint8 pmkids_offset; /* offset into the IE */
|
rsn_cipher_t g_mgmt_cipher;
|
rsn_cipher_t sta_cipher; /* single STA cipher */
|
uint16 key_desc; /* key descriptor version as STA */
|
uint16 mic_len; /* unused. keep for ROM compatibility. */
|
uint8 pmk_len; /* EAPOL PMK */
|
uint8 kck_mic_len; /* EAPOL MIC (by KCK) */
|
uint8 kck_len; /* EAPOL KCK */
|
uint8 kek_len; /* EAPOL KEK */
|
uint8 tk_len; /* EAPOL TK */
|
uint8 ptk_len; /* EAPOL PTK */
|
uint8 kck2_len; /* EAPOL KCK2 */
|
uint8 kek2_len; /* EAPOL KEK2 */
|
uint8* rsn_ie; /* RSN IE from beacon or assoc request */
|
uint16 rsn_ie_len; /* RSN IE length */
|
uint8* wpa_ie; /* WPA IE */
|
uint16 wpa_ie_len; /* WPA IE length (is it fixed ? */
|
/* the following are helpers in the AP rsn info to be filled in by the STA
|
* after determination of which IE is being used.in wsec_filter.
|
*/
|
uint32 p_ciphers; /* current ciphers for the chosen auth IE */
|
uint32 akms; /* current ciphers for the chosen auth IE */
|
uint8 *auth_ie; /* pointer to current chosen auth IE */
|
uint16 auth_ie_len;
|
uint8 ref_count; /* external reference count to decide if structure must be freed */
|
uint8 rsnxe_len; /* RSNXE IE length */
|
uint8 PAD[3];
|
uint8* rsnxe; /* RSNXE IE TLV buffer */
|
uint32 rsnxe_cap; /* RSNXE IE cap flag, refer to 802.11.h */
|
} rsn_ie_info_t;
|
#endif /* RSN_IE_INFO_STRUCT_RELOCATED */
|
|
/* WiFi WPS Attribute fixed portion */
|
typedef struct wps_at_fixed {
|
uint8 at[2];
|
uint8 len[2];
|
uint8 data[1];
|
} wps_at_fixed_t;
|
|
typedef const struct oui_akm_wpa_tbl {
|
const char *oui; /* WPA auth category */
|
uint16 rsn_akm;
|
uint32 wpa_auth;
|
} oui_akm_wpa_tbl_t;
|
|
#define WPS_AT_FIXED_LEN 4
|
|
#define wps_ie_fixed_t wpa_ie_fixed_t
|
|
/* What should be the multicast mask for AES ? */
|
#define WPA_UNICAST_AES_MASK (\
|
BCM_BIT(WPA_CIPHER_AES_CCM) | \
|
BCM_BIT(WPA_CIPHER_AES_GCM) | \
|
BCM_BIT(WPA_CIPHER_AES_GCM256))
|
|
#define WPA_CIPHER_WEP_MASK (\
|
BCM_BIT(WPA_CIPHER_WEP_104) | \
|
BCM_BIT(WPA_CIPHER_WEP_40))
|
|
/* temporary to pass pre-commit */
|
#ifdef TMP_USE_RSN_INFO
|
/* wsec macros */
|
#ifdef EXT_STA
|
#define UCAST_NONE(rsn_info) (((rsn_info)->p_ciphers == (1 << WPA_CIPHER_NONE)) && \
|
(!WLEXTSTA_ENAB(wlc->pub) || wlc->use_group_enabled))
|
#else
|
#define UCAST_NONE(rsn_info) (rsn_info->p_ciphers == (1 << WPA_CIPHER_NONE))
|
#endif /* EXT_STA */
|
|
#define UCAST_AES(rsn_info) (rsn_info->p_ciphers & WPA_UNICAST_AES_MASK)
|
#define UCAST_TKIP(rsn_info) (rsn_info->p_ciphers & (1 << WPA_CIPHER_TKIP))
|
#define UCAST_WEP(rsn_info) (rsn_info->p_ciphers & WPA_CIPHER_WEP_MASK)
|
|
#define MCAST_NONE(rsn_info) ((rsn_info)->g_cipher == WPA_CIPHER_NONE)
|
#define MCAST_AES(rsn_info) ((1 << rsn_info->g_cipher) & WPA_UNICAST_AES_MASK)
|
#define MCAST_TKIP(rsn_info) (rsn_info->g_cipher == WPA_CIPHER_TKIP)
|
#define MCAST_WEP(rsn_info) ((1 << rsn_info->g_cipher) & WPA_CIPHER_WEP_MASK)
|
|
#endif /* TMP_USE_RSN_INFO */
|
|
#define AKM_SHA256_MASK (\
|
BCM_BIT(RSN_AKM_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_SHA256_PSK) | \
|
BCM_BIT(RSN_AKM_SAE_PSK) | \
|
BCM_BIT(RSN_AKM_OWE) | \
|
BCM_BIT(RSN_AKM_SUITEB_SHA256_1X) | \
|
BCM_BIT(RSN_AKM_FILS_SHA256) | \
|
BCM_BIT(RSN_AKM_FBT_SHA256_FILS) | \
|
BCM_BIT(RSN_AKM_SAE_FBT))
|
|
#define AKM_SHA384_MASK (\
|
BCM_BIT(RSN_AKM_SUITEB_SHA384_1X) | \
|
BCM_BIT(RSN_AKM_FBT_SHA384_1X) | \
|
BCM_BIT(RSN_AKM_FILS_SHA384) | \
|
BCM_BIT(RSN_AKM_FBT_SHA384_FILS) | \
|
BCM_BIT(RSN_AKM_FBT_SHA384_PSK) | \
|
BCM_BIT(RSN_AKM_PSK_SHA384))
|
|
/* these AKMs require MFP capable set in their IE */
|
#define RSN_MFPC_AKM_MASK (\
|
BCM_BIT(RSN_AKM_SAE_PSK) | \
|
BCM_BIT(RSN_AKM_OWE) | \
|
BCM_BIT(RSN_AKM_SAE_FBT))
|
|
/* AKMs that supported by in-driver supplicant.
|
* TODO: have to redesign this to include 1x and other PSK AKMs.
|
*/
|
#define IS_BCMSUP_AKM(akm) \
|
((akm == RSN_AKM_PSK) | \
|
(akm == RSN_AKM_SAE_PSK) | \
|
(akm == RSN_AKM_OWE) | \
|
(akm == RSN_AKM_FBT_PSK) | \
|
(akm == RSN_AKM_SAE_FBT) | \
|
(akm == RSN_AKM_FBT_SHA384_1X) | \
|
(akm == RSN_AKM_FBT_SHA384_PSK))
|
|
/* AKMs use common PSK which identified by broadcast addr */
|
#define IS_SHARED_PMK_AKM(akm) \
|
((akm == RSN_AKM_PSK) | \
|
(akm == RSN_AKM_FBT_PSK) | \
|
(akm == RSN_AKM_SHA256_PSK) | \
|
(akm == RSN_AKM_FBT_SHA384_PSK) | \
|
(akm == RSN_AKM_PSK_SHA384))
|
|
#define RSN_AKM_USE_KDF(akm) (akm >= RSN_AKM_FBT_1X ? 1u : 0)
|
|
/* Macro to abstract access to the rsn_ie_info strucuture in case
|
* we want to move it to a cubby or something else.
|
* Gives the rsn_info pointer
|
*/
|
|
#define RSN_INFO_GET(s) (s->rsn_info)
|
/* where the rsn_info resides */
|
#define RSN_INFO_GET_PTR(s) (&s->rsn_info)
|
|
#define AUTH_AKM_INCLUDED(s) (s->rsn_info != NULL && s->rsn_info->parse_status == BCME_OK && \
|
s->rsn_info->akms != WPA_AKMS_UNSPECIFIED)
|
|
#define AKM_IS_MEMBER(akm, mask) ((mask) & VALID_AKM_BIT((akm)) || ((akm) == 0 && (mask) == 0))
|
|
typedef enum eapol_key_type {
|
EAPOL_KEY_NONE = 0,
|
EAPOL_KEY_PMK = 1,
|
EAPOL_KEY_KCK_MIC = 2,
|
EAPOL_KEY_KEK = 3,
|
EAPOL_KEY_TK = 4,
|
EAPOL_KEY_PTK = 5,
|
EAPOL_KEY_KCK = 6,
|
EAPOL_KEY_KCK2 = 7,
|
EAPOL_KEY_KEK2 = 8
|
} eapol_key_type_t;
|
|
/* Return address of max or min array depending first argument.
|
* Return NULL in case of a draw.
|
*/
|
extern const uint8 *wpa_array_cmp(int max_array, const uint8 *x, const uint8 *y, uint len);
|
|
/* Increment the array argument */
|
extern void wpa_incr_array(uint8 *array, uint len);
|
|
/* Convert WPA IE cipher suite to locally used value */
|
extern bool wpa_cipher(wpa_suite_t *suite, ushort *cipher, bool wep_ok);
|
|
/* Look for a WPA IE; return it's address if found, NULL otherwise */
|
extern wpa_ie_fixed_t *bcm_find_wpaie(uint8 *parse, uint len);
|
extern bcm_tlv_t *bcm_find_wmeie(uint8 *parse, uint len, uint8 subtype, uint8 subtype_len);
|
/* Look for a WPS IE; return it's address if found, NULL otherwise */
|
extern wps_ie_fixed_t *bcm_find_wpsie(const uint8 *parse, uint len);
|
extern wps_at_fixed_t *bcm_wps_find_at(wps_at_fixed_t *at, uint len, uint16 id);
|
int bcm_find_security_ies(uint8 *buf, uint buflen, void **wpa_ie,
|
void **rsn_ie);
|
|
#ifdef WLP2P
|
/* Look for a WiFi P2P IE; return it's address if found, NULL otherwise */
|
extern wifi_p2p_ie_t *bcm_find_p2pie(const uint8 *parse, uint len);
|
#endif
|
/* Look for a hotspot2.0 IE; return it's address if found, NULL otherwise */
|
bcm_tlv_t *bcm_find_hs20ie(uint8 *parse, uint len);
|
/* Look for a OSEN IE; return it's address if found, NULL otherwise */
|
bcm_tlv_t *bcm_find_osenie(uint8 *parse, uint len);
|
|
/* Check whether the given IE has the specific OUI and the specific type. */
|
extern bool bcm_has_ie(uint8 *ie, uint8 **tlvs, uint *tlvs_len,
|
const uint8 *oui, uint oui_len, uint8 type);
|
|
/* Check whether pointed-to IE looks like WPA. */
|
#define bcm_is_wpa_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \
|
(const uint8 *)WPA_OUI, WPA_OUI_LEN, WPA_OUI_TYPE)
|
/* Check whether pointed-to IE looks like WPS. */
|
#define bcm_is_wps_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \
|
(const uint8 *)WPS_OUI, WPS_OUI_LEN, WPS_OUI_TYPE)
|
#ifdef WLP2P
|
/* Check whether the given IE looks like WFA P2P IE. */
|
#define bcm_is_p2p_ie(ie, tlvs, len) bcm_has_ie(ie, tlvs, len, \
|
(const uint8 *)P2P_OUI, P2P_OUI_LEN, P2P_OUI_TYPE)
|
#endif
|
|
/* Convert WPA2 IE cipher suite to locally used value */
|
extern bool wpa2_cipher(wpa_suite_t *suite, ushort *cipher, bool wep_ok);
|
|
#if defined(BCMSUP_PSK) || defined(BCMSUPPL) || defined(GTKOE) || defined(WL_FILS)
|
/* Look for an encapsulated GTK; return it's address if found, NULL otherwise */
|
extern eapol_wpa2_encap_data_t *wpa_find_gtk_encap(uint8 *parse, uint len);
|
|
/* Check whether pointed-to IE looks like an encapsulated GTK. */
|
extern bool wpa_is_gtk_encap(uint8 *ie, uint8 **tlvs, uint *tlvs_len);
|
|
/* Look for encapsulated key data; return it's address if found, NULL otherwise */
|
extern eapol_wpa2_encap_data_t *wpa_find_kde(const uint8 *parse, uint len, uint8 type);
|
|
/* Find kde data given eapol header. */
|
extern int wpa_find_eapol_kde_data(eapol_header_t *eapol, uint8 eapol_mic_len,
|
uint8 subtype, eapol_wpa2_encap_data_t **out_data);
|
|
/* Look for kde data in key data. */
|
extern int wpa_find_kde_data(const uint8 *kde_buf, uint16 buf_len,
|
uint8 subtype, eapol_wpa2_encap_data_t **out_data);
|
|
#ifdef WL_OCV
|
/* Check if both local and remote are OCV capable */
|
extern bool wpa_check_ocv_caps(uint16 local_caps, uint16 peer_caps);
|
|
/* Write OCI KDE into the buffer */
|
extern int wpa_add_oci_encap(chanspec_t chspec, uint8* buf, uint buf_len);
|
|
/* Validate OCI KDE */
|
extern int wpa_validate_oci_encap(chanspec_t chspec, const uint8* buf, uint buf_len);
|
|
/* Write OCI IE into the buffer */
|
extern int wpa_add_oci_ie(chanspec_t chspec, uint8* buf, uint buf_len);
|
|
/* Validate OCI IE */
|
extern int wpa_validate_oci_ie(chanspec_t chspec, const uint8* buf, uint buf_len);
|
|
/* Write OCI subelement into the FTE buffer */
|
extern int wpa_add_oci_ft_subelem(chanspec_t chspec, uint8* buf, uint buf_len);
|
|
/* Validate OCI FTE subelement */
|
extern int wpa_validate_oci_ft_subelem(chanspec_t chspec,
|
const uint8* buf, uint buf_len);
|
#endif /* WL_OCV */
|
#endif /* defined(BCMSUP_PSK) || defined(BCMSUPPL) || defined(GTKOE) || defined(WL_FILS) */
|
|
#if defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK)|| \
|
defined(WL_OKC) || defined(GTKOE)
|
/* Calculate a pair-wise transient key */
|
extern int wpa_calc_ptk(rsn_akm_t akm, const struct ether_addr *auth_ea,
|
const struct ether_addr *sta_ea, const uint8 *anonce, uint8 anonce_len,
|
const uint8* snonce, uint8 snonce_len, const uint8 *pmk,
|
uint pmk_len, uint8 *ptk, uint ptk_len);
|
|
/* Compute Message Integrity Code (MIC) over EAPOL message */
|
extern int wpa_make_mic(eapol_header_t *eapol, uint key_desc, uint8 *mic_key,
|
rsn_ie_info_t *rsn_info, uchar *mic, uint mic_len);
|
|
/* Check MIC of EAPOL message */
|
extern bool wpa_check_mic(eapol_header_t *eapol,
|
uint key_desc, uint8 *mic_key, rsn_ie_info_t *rsn_info);
|
|
/* Calculate PMKID */
|
extern void wpa_calc_pmkid(const struct ether_addr *auth_ea,
|
const struct ether_addr *sta_ea, const uint8 *pmk, uint pmk_len, uint8 *pmkid);
|
|
/* Encrypt key data for a WPA key message */
|
extern bool wpa_encr_key_data(eapol_wpa_key_header_t *body, uint16 key_info,
|
uint8 *ekey, uint8 *gtk, uint8 *data, uint8 *encrkey, rc4_ks_t *rc4key,
|
const rsn_ie_info_t *rsn_info);
|
|
typedef uint8 wpa_rc4_ivkbuf_t[EAPOL_WPA_KEY_IV_LEN + EAPOL_WPA_ENCR_KEY_MAX_LEN];
|
/* Decrypt key data from a WPA key message */
|
extern int wpa_decr_key_data(eapol_wpa_key_header_t *body, uint16 key_info,
|
uint8 *ekey, wpa_rc4_ivkbuf_t ivk, rc4_ks_t *rc4key, const rsn_ie_info_t *rsn_info,
|
uint16 *dec_len);
|
#endif /* BCMSUP_PSK || WLFBT || BCMAUTH_PSK || defined(GTKOE) */
|
|
#if defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK)|| \
|
defined(WL_OKC) || defined(GTKOE) || defined(WLHOSTFBT)
|
|
/* Calculate PMKR0 for FT association */
|
extern void wpa_calc_pmkR0(sha2_hash_type_t hash_type, const uint8 *ssid, uint ssid_len,
|
uint16 mdid, const uint8 *r0kh, uint r0kh_len, const struct ether_addr *sta_ea,
|
const uint8 *pmk, uint pmk_len, uint8 *pmkr0, uint8 *pmkr0name);
|
|
/* Calculate PMKR1 for FT association */
|
extern void wpa_calc_pmkR1(sha2_hash_type_t hash_type, const struct ether_addr *r1kh,
|
const struct ether_addr *sta_ea, const uint8 *pmk, uint pmk_len,
|
const uint8 *pmkr0name, uint8 *pmkr1, uint8 *pmkr1name);
|
|
/* Calculate PTK for FT association */
|
extern void wpa_calc_ft_ptk(sha2_hash_type_t hash_type, const struct ether_addr *bssid,
|
const struct ether_addr *sta_ea, const uint8 *anonce, const uint8* snonce,
|
const uint8 *pmk, uint pmk_len, uint8 *ptk, uint ptk_len);
|
|
extern void wpa_derive_pmkR1_name(sha2_hash_type_t hash_type, struct ether_addr *r1kh,
|
struct ether_addr *sta_ea, uint8 *pmkr0name, uint8 *pmkr1name);
|
|
#endif /* defined(BCMSUP_PSK) || defined(WLFBT) || defined(BCMAUTH_PSK) ||
|
* defined(WL_OKC) || defined(WLTDLS) || defined(GTKOE) || defined(WLHOSTFBT)
|
*/
|
|
#if defined(BCMSUP_PSK) || defined(BCMSUPPL)
|
|
/* Translate RSNE group mgmt cipher to CRYPTO_ALGO_XXX */
|
extern uint8 bcmwpa_find_group_mgmt_algo(rsn_cipher_t g_mgmt_cipher);
|
|
#endif /* BCMSUP_PSK || BCMSUPPL */
|
|
extern bool bcmwpa_akm2WPAauth(uint8 *akm, uint32 *auth, bool sta_iswpa);
|
|
extern bool bcmwpa_cipher2wsec(uint8 *cipher, uint32 *wsec);
|
|
#ifdef RSN_IE_INFO_STRUCT_RELOCATED
|
extern uint32 bcmwpa_wpaciphers2wsec(uint32 unicast);
|
extern int bcmwpa_decode_ie_type(const bcm_tlv_t *ie, rsn_ie_info_t *info,
|
uint32 *remaining, uint8 *type);
|
|
/* to be removed after merge to NEWT (changed into bcmwpa_rsn_ie_info_reset) */
|
void rsn_ie_info_reset(rsn_ie_info_t *rsn_info, osl_t *osh);
|
uint32 wlc_convert_rsn_to_wsec_bitmap(uint32 ap_cipher_mask);
|
#else
|
uint32 bcmwpa_wpaciphers2wsec(uint8 wpacipher);
|
int bcmwpa_decode_ie_type(const bcm_tlv_t *ie, rsn_ie_info_t *info, uint32 *remaining);
|
#endif /* RSN_IE_INFO_STRUCT_RELOCATED */
|
|
extern int bcmwpa_parse_rsnie(const bcm_tlv_t *ie, rsn_ie_info_t *info, device_type_t dev_type);
|
|
/* Calculate PMKID */
|
extern void kdf_calc_pmkid(const struct ether_addr *auth_ea,
|
const struct ether_addr *sta_ea, const uint8 *key, uint key_len, uint8 *pmkid,
|
rsn_ie_info_t *rsn_info);
|
|
extern void kdf_calc_ptk(const struct ether_addr *auth_ea, const struct ether_addr *sta_ea,
|
const uint8 *anonce, const uint8 *snonce, const uint8 *pmk, uint pmk_len,
|
uint8 *ptk, uint ptk_len);
|
|
#ifdef WLTDLS
|
/* Calculate TPK for TDLS association */
|
extern void wpa_calc_tpk(const struct ether_addr *init_ea,
|
const struct ether_addr *resp_ea, const struct ether_addr *bssid,
|
const uint8 *anonce, const uint8* snonce, uint8 *tpk, uint tpk_len);
|
#endif
|
extern bool bcmwpa_is_wpa_auth(uint32 wpa_auth);
|
extern bool bcmwpa_includes_wpa_auth(uint32 wpa_auth);
|
extern bool bcmwpa_is_rsn_auth(uint32 wpa_auth);
|
extern bool bcmwpa_includes_rsn_auth(uint32 wpa_auth);
|
extern int bcmwpa_get_algo_key_len(uint8 algo, uint16 *key_len);
|
|
/* macro to pass precommit on ndis builds */
|
#define bcmwpa_is_wpa2_auth(wpa_auth) bcmwpa_is_rsn_auth(wpa_auth)
|
extern uint8 bcmwpa_eapol_key_length(eapol_key_type_t key, rsn_akm_t akm, rsn_cipher_t cipher);
|
|
/* rsn info allocation utilities. */
|
void bcmwpa_rsn_ie_info_reset(rsn_ie_info_t *rsn_info, osl_t *osh);
|
void bcmwpa_rsn_ie_info_rel_ref(rsn_ie_info_t **rsn_info, osl_t *osh);
|
int bcmwpa_rsn_ie_info_add_ref(rsn_ie_info_t *rsn_info);
|
int bcmwpa_rsn_akm_cipher_match(rsn_ie_info_t *rsn_info);
|
int bcmwpa_rsnie_eapol_key_len(rsn_ie_info_t *info);
|
#if defined(WL_BAND6G)
|
/* Return TRUE if any of the akm in akms_bmp is invalid in 6Ghz */
|
bool bcmwpa_is_invalid_6g_akm(const rsn_akm_mask_t akms_bmp);
|
/* Return TRUE if any of the cipher in ciphers_bmp is invalid in 6Ghz */
|
bool bcmwpa_is_invalid_6g_cipher(const rsn_ciphers_t ciphers_bmp);
|
#endif /* WL_BAND6G */
|
#endif /* _BCMWPA_H_ */
|
