1/*
2 * local defines for wpapsk supplicant and authenticator
3 *
4 * Copyright (C) 2014, Broadcom Corporation
5 * All Rights Reserved.
6 *
7 * This is UNPUBLISHED PROPRIETARY SOURCE CODE of Broadcom Corporation;
8 * the contents of this file may not be disclosed to third parties, copied
9 * or duplicated in any form, in whole or in part, without the prior
10 * written permission of Broadcom Corporation.
11 *
12 * $Id: wlc_wpa.h,v 1.3 2009-12-04 01:45:51 $
13 */
14
15#ifndef _wlc_wpa_h_
16#define _wlc_wpa_h_
17
18#include <bcmcrypto/passhash.h>
19
20/* WPA key_info flag sets */
21#define PMSG1_REQUIRED	  (WPA_KEY_PAIRWISE | WPA_KEY_ACK)
22#define PMSG1_PROHIBITED  (WPA_KEY_SECURE | WPA_KEY_MIC | WPA_KEY_INSTALL)
23#define PMSG2_REQUIRED	  (WPA_KEY_PAIRWISE | WPA_KEY_MIC)
24#define PMSG2_PROHIBITED  (WPA_KEY_ACK | WPA_KEY_INDEX_MASK)
25#define PMSG3_REQUIRED	  (WPA_KEY_PAIRWISE | WPA_KEY_MIC | WPA_KEY_ACK | WPA_KEY_INSTALL)
26#define PMSG3_BRCM_REQUIRED	(PMSG3_REQUIRED | WPA_KEY_SECURE)
27#define PMSG3_WPA2_REQUIRED	(PMSG3_REQUIRED | WPA_KEY_SECURE | WPA_KEY_ENCRYPTED_DATA)
28#define PMSG3_PROHIBITED  (WPA_KEY_SECURE)
29#define PMSG4_REQUIRED	  (WPA_KEY_MIC)
30#define PMSG4_PROHIBITED  (WPA_KEY_ACK | WPA_KEY_INDEX_MASK)
31#define GMSG1_REQUIRED	  (WPA_KEY_SECURE | WPA_KEY_MIC | WPA_KEY_ACK)
32#define GMSG2_REQUIRED	  (WPA_KEY_MIC | WPA_KEY_SECURE)
33#define MIC_ERROR_REQUIRED (WPA_KEY_MIC | WPA_KEY_ERROR | WPA_KEY_REQ)
34
35/* Spec says some key_info flags in supplicant response should match what
36 * authenticator had in previous message.  Define masks to copy those.
37 */
38#define PMSG2_MATCH_FLAGS (WPA_KEY_DESC_V1 | WPA_KEY_DESC_V2 |		\
39			   WPA_KEY_PAIRWISE | WPA_KEY_INDEX_MASK |	\
40			   WPA_KEY_SECURE | WPA_KEY_ERROR | WPA_KEY_REQ)
41#define PMSG4_MATCH_FLAGS (WPA_KEY_DESC_V1 | WPA_KEY_DESC_V2 |		\
42			   WPA_KEY_PAIRWISE | WPA_KEY_SECURE)
43#define GMSG2_MATCH_FLAGS (WPA_KEY_DESC_V1 | WPA_KEY_DESC_V2 | WPA_KEY_PAIRWISE)
44
45typedef enum {
46	/* Supplicant States */
47	WPA_SUP_DISCONNECTED,
48	WPA_SUP_INITIALIZE,
49	WPA_SUP_AUTHENTICATION,
50	WPA_SUP_STAKEYSTARTP_WAIT_M1 = WPA_SUP_AUTHENTICATION,
51	                                /* 4-way handshake: waiting for msg M1 */
52	WPA_SUP_STAKEYSTARTP_PREP_M2,	/* 4-way handshake: preparing to send M2 */
53	WPA_SUP_STAKEYSTARTP_WAIT_M3,	/* 4-way handshake: waiting for M3 */
54	WPA_SUP_STAKEYSTARTP_PREP_M4,	/* 4-way handshake: preparing to send M4 */
55	WPA_SUP_STAKEYSTARTG_WAIT_G1,	/* group handshake: waiting for G1 */
56	WPA_SUP_STAKEYSTARTG_PREP_G2,	/* group handshake: preparing to send G2 */
57	WPA_SUP_KEYUPDATE,		/* handshake complete, keys updated */
58
59	/* Authenticator States */
60	WPA_AUTH_INITIALIZE,
61	WPA_AUTH_PTKSTART,
62	WPA_AUTH_PTKINITNEGOTIATING,
63	WPA_AUTH_PTKINITDONE,
64	/* for WPA1 group key state machine */
65	WPA_AUTH_REKEYNEGOTIATING,
66	WPA_AUTH_KEYERROR,
67	WPA_AUTH_REKEYESTABLISHED,
68	WPA_AUTH_KEYUPDATE		/* handshake complete, keys updated */
69} wpapsk_state_t;
70
71typedef struct {
72	wpapsk_state_t state;	/* state of WPA PSK key msg exchanges */
73	uint16 auth_wpaie_len;	/* length of authenticator's WPA info element */
74	uint16 sup_wpaie_len;	/* length of supplicant's WPA info element */
75	uchar *auth_wpaie;	/* authenticator's WPA info element */
76	uchar *sup_wpaie;	/* supplicant's WPA info element */
77	ushort ucipher;		/* negotiated unicast cipher */
78	ushort mcipher;		/* negotiated multicast cipher */
79	ushort ptk_len;		/* PTK len, used in PRF calculation */
80	ushort gtk_len;         /* Group (mcast) key length */
81	ushort tk_len;		/* TK len, used when loading key into driver */
82	ushort desc;		/* key descriptor type */
83	uint8 anonce[EAPOL_WPA_KEY_NONCE_LEN];	/* AP's nonce */
84	uint8 snonce[EAPOL_WPA_KEY_NONCE_LEN];	/* STA's nonce */
85	uint8 replay[EAPOL_KEY_REPLAY_LEN];	/* AP's replay counter */
86	uint8 last_replay[EAPOL_KEY_REPLAY_LEN]; /* AP's last replay counter (for WOWL) */
87	uint8 gtk[TKIP_KEY_SIZE];               /* group transient key */
88
89	/* fields of WPA key hierarchy (together forming the PTK) */
90	uint8 eapol_mic_key[WPA_MIC_KEY_LEN];
91	uint8 eapol_encr_key[WPA_ENCR_KEY_LEN];
92	uint8 temp_encr_key[WPA_TEMP_ENCR_KEY_LEN];
93	uint8 temp_tx_key[WPA_TEMP_TX_KEY_LEN];
94	uint8 temp_rx_key[WPA_TEMP_RX_KEY_LEN];
95#if defined(BCMROMBUILD)
96	uint32 rn;	/* reassociation request number (refreshed per session key) */
97	/* fields of CCKM key hierarchy */
98	uint8 key_refresh_key[CCKM_KRK_LEN];
99	uint8 base_transient_key[CCKM_BTK_LEN];
100#endif
101	uint8 gtk_index;
102	uint16 WPA_auth;
103#ifdef BCMAUTH_PSK
104	uint8 retries;		/* retry count */
105#endif /* BCMAUTH_PSK */
106} wpapsk_t;
107
108/* persistent WPA stuff (survives set_sup initialization ) */
109typedef struct wpapsk_info {
110	wlc_info_t *wlc;		/* pointer to main wlc structure */
111	ushort psk_len;			/* len of pre-shared key */
112	ushort pmk_len;			/* len of pairwise master key */
113	uchar  psk[WSEC_MAX_PSK_LEN];	/* saved pre-shared key */
114	uint8 pmk[PMK_LEN];		/* saved pairwise master key */
115	/* break lengthy passhash() calculation into smaller chunks */
116	struct wl_timer *passhash_timer; /* timer for passhash */
117	passhash_t passhash_states;	/* states for passhash */
118#ifdef BCMAUTH_PSK
119	void *retry_timer;	/* auth retry timer */
120#endif /* BCMAUTH_PSK */
121} wpapsk_info_t;
122
123typedef enum {
124	PMSG1, PMSG2, PMSG3, PMSG4, GMSG1, GMSG2, MIC_FAILURE
125} wpa_msg_t;
126
127extern void BCMROMFN(wlc_wpapsk_free)(wlc_info_t *wlc, wpapsk_t *wpa);
128extern bool wlc_wpapsk_start(osl_t *osh, int WPA_auth, wpapsk_t *wpa, uint8 *sup_ies,
129	uint sup_ies_len, uint8 *auth_ies, uint auth_ies_len);
130extern int BCMROMFN(wlc_wpa_cobble_pmk)(wpapsk_info_t *info, char *psk, size_t psk_len,
131	uchar *ssid, uint ssid_len);
132extern bool wlc_wpa_set_ucipher(wpapsk_t *wpa, ushort ucipher, bool wep_ok);
133extern int BCMROMFN(wlc_wpa_set_pmk)(wlc_bsscfg_t *bsscfg, wpapsk_info_t *info,
134	wpapsk_t *wpa, wsec_pmk_t *pmk, bool assoc);
135extern void wlc_wpa_plumb_tk(wlc_info_t *wlc, wlc_bsscfg_t *bsscfg, uint8 *tk,
136	uint32 tk_len, uint32 cipher, struct ether_addr *ea);
137extern void *wlc_eapol_pktget(wlc_info_t *wlc, wlc_bsscfg_t *bsscfg,
138	struct ether_addr *da, uint len);
139extern void
140wlc_wpa_plumb_gtk(wlc_info_t *wlc, wlc_bsscfg_t *bsscfg, uint8 *gtk, uint32 gtk_len,
141	uint32 key_index, uint32 cipher, uint8 *rsc, bool primary_key);
142
143typedef struct _sup_pmkid {
144	struct ether_addr	BSSID;
145	uint8			PMKID[WPA2_PMKID_LEN];
146	uint8			PMK[PMK_LEN];
147	bool			opportunistic;
148} sup_pmkid_t;
149
150#define SUP_MAXPMKID	16 /* Supplementary Max PMK ID */
151
152#endif	/* _wlc_wpa_h_ */
153