4 * Copyright (C) 2002 Broadcom Corporation
6 * $Id: wpa.h 245219 2011-03-09 02:06:06Z kenlo $
14 #include <proto/ethernet.h>
15 #include <proto/eapol.h>
16 #include <proto/wpa.h>
22 #define KEY_COUNTER_LEN 32
24 #define WEP1_PTK_LEN 48
26 #define WEP128_PTK_LEN 48
27 #define WEP128_TK_LEN 13
29 #define TKIP_PTK_LEN 64
30 #define TKIP_TK_LEN 32
32 #define AES_PTK_LEN 48
35 #define MIC_KEY_LEN 16
36 #define MAX_WPA_IE 256
41 /* WPA2 timeout initial values */
42 #define WPA2_DEFAULT_RETRY_MSECS 990
43 #define WPA2_DEFAULT_RETRY_SECS 0
46 typedef uint8 wpaie_buf_t
[MAX_WPA_IE
];
48 /* GTK plumbing index values */
52 /* IGTK plumbing index values */
53 #define IGTK_INDEX_1 4
54 #define IGTK_INDEX_2 5
56 #define KEYAUTH_SHA1 4
57 #define KEYAUTH_SHA256 6
61 /* authenticator states */
62 /* 4 way pkt exchange state machine */
70 WPA_PTKINITNEGOTIATING
,
75 /* group key state machine */
79 /* Authenticator, group key */
83 /* supplicant states */
86 WPA_SUP_AUTHENTICATION
,
98 EAPOL_SUP_PK_MICFAILED
,
102 } eapol_sup_pk_state_t
;
105 /* Declare incomplete types so references needn't be "void *". */
110 typedef struct wsec_igtk_info
{
111 /* integrated group key stuff */
112 uint8 key
[BIP_KEY_SIZE
+8]; /* integrated group transient key, +8 since AES wrapped */
113 uint16 id
; /* integrated group transient key id */
114 uint32 ipn_lo
; /* integrated group transient key IPN */
115 uint16 ipn_hi
; /* integrated group transient key IPN */
120 /* WPA - supplicant */
121 typedef struct wpa_suppl
{
122 wpaie_buf_t assoc_wpaie
; /* WPA info element in assoc resp */
123 uint16 assoc_wpaie_len
;
124 wpa_suppl_state_t state
; /* WPA state */
125 wpa_suppl_state_t retry_state
; /* WPA state for retries */
126 uint8 pmk
[PMK_LEN
]; /* pairwise master key */
129 uint8 pmkid
[WPA2_PMKID_LEN
];
131 uint16 ptk_len
; /* PTK len, used in PRF calculation */
132 uint16 tk_len
; /* TK len, used when loading key into driver */
133 uint16 desc
; /* key descriptor type */
134 uint8 anonce
[NONCE_LEN
];
135 uint8 snonce
[NONCE_LEN
];
136 uint8 replay
[REPLAY_LEN
]; /* replay counter used by authenticator */
137 uint8 replay_req
[REPLAY_LEN
]; /* replay counter from suppl req pkt */
138 uint8 eapol_mic_key
[16]; /* Pair Wise transient Key */
139 uint8 eapol_encr_key
[16];
140 uint8 temp_encr_key
[16];
141 uint8 temp_tx_key
[8];
142 uint8 temp_rx_key
[8];
144 /* need to differentiate message 1 and 3 in 4 way handshake */
145 eapol_sup_pk_state_t pk_state
;
149 /* This coalesces the WPA supplicant and RADIUS PAE structs.
150 * Everything is needed in WPA mode, but the supplicant is not needed
151 * in RADIUS mode and the pae is not needed in WPA_PSK mode.
152 * Unneeded pieces could be malloc'ed in an initialization function.
153 * Dynamic heap use is probably a bad idea.
155 typedef struct nas_sta
{
156 ushort used
; /* flags use of item */
157 ushort retries
; /* count retries for timeout */
158 struct ether_addr ea
; /* STA's ethernet address */
159 struct nas_sta
*next
;
160 time_t last_use
; /* use timestamp */
161 bcm_timer_id td
; /* timer modules cookie */
162 struct nas
*nas
; /* point back to nas */
163 /* These two things might be allocated dynamicly... */
166 /* WDS pairwise key initiator/requestor timeout timer */
168 uint32 mode
; /* Authentication mode */
169 uint8 key_auth_type
; /* hash used for key auth (SHA256 or SHA1) */
170 uint32 wsec
; /* Authenticator: supplicant requested mcast and unicast cryptos */
171 /* Supplicant: supplicant user-cfg'd mcast and unicast cryptos */
172 uint16 algo
; /* Supplicant: auth's mcast key algo when WEP as mcast crypto */
173 uint16 flags
; /* runtime flags */
174 uint32 wpa_msg_timeout_s
; /* WPA Messgae message timeout retry interval in seconds */
175 uint32 wpa_msg_timeout_ms
; /* WPA Messgae message timeout retry interval in mseconds */
176 uint32 listen_interval_ms
; /* Listen Interval from the Drivers point of view */
177 /* deauth. timer for a delay before deauth. sta using wl ioctl */
178 bcm_timer_id deauth_td
; /* deauthentication timer */
179 uint16 rxauths
; /* reAuthCount */
180 uint16 tx_when
; /* txWhen */
181 uint16 auth_while
; /* authWhile */
182 uint16 quiet_while
; /* quietWhile */
183 uint8 eapol_version
; /* eapol version */
184 /* handler for retransmission exceeding limit */
185 void (*retx_exceed_hndlr
)(struct nas_sta
*sta
);
186 /* RC4 key replay counter */
187 uint32 rc4keysec
; /* last key timestamp, initialized at state AUTHENTICATED */
189 uint32 rc4keycntr
; /* use it with last key timestamp if gettimeofday doesn't return usec */
192 /* nas_sta_t flags */
194 #define KEYAUTH_SHA256 6
196 #define STA_FLAG_PRE_AUTH 0x0001 /* STA is doing pre-auth */
199 /* WPA - Authenticator struct */
201 uint8 global_key_counter
[KEY_COUNTER_LEN
]; /* global key counter */
202 uint8 initial_gkc
[KEY_COUNTER_LEN
]; /* initial GKC value */
203 uint8 pmk
[PMK_LEN
]; /* pairwise master key */
205 uint8 gmk
[GMK_LEN
]; /* group master key */
206 uint8 gtk
[TKIP_TK_LEN
]; /* groupwise tmp key */
207 uint8 gtk_encr
[TKIP_TK_LEN
]; /* groupwise tmp key, RC4 encrypted */
210 int gtk_index
; /* where or whether gtk was plumbed */
211 int gtk_rekey_secs
; /* rotational period */
215 int ptk_rekey_secs
; /* rotational period */
216 uint8 gnonce
[NONCE_LEN
];
217 struct nas
*nas
; /* back pointer to the nas struct */
218 /* Interval timer descriptor for GTK updates.
219 * Non-zero means the timer is in use. Check the analogous field
220 * of the wpa_t to see whether it should ever be set.
222 bcm_timer_id gtk_rekey_timer
;
223 bcm_timer_id ptk_rekey_timer
;
224 bcm_timer_id countermeasures_timer
;
225 /* WPA capabilities */
226 uint8 cap
[WPA_CAP_LEN
];
227 /* WDS pairwise key initiator/requestor timeout interval */
231 extern int process_wpa(wpa_t
*wpa
, eapol_header_t
*eapol
, nas_sta_t
*sta
);
233 extern int process_sup_wpa(wpa_t
*wpa
, eapol_header_t
*eapol
, nas_sta_t
*sta
);
235 extern void initialize_global_key_counter(wpa_t
*wpa
);
236 extern void initialize_gmk(wpa_t
*wpa
);
237 extern int wpa_driver_assoc_msg(wpa_t
*wpa
, bcm_event_t
*dpkt
, nas_sta_t
*sta
);
238 extern int wpa_driver_disassoc_msg(wpa_t
*wpa
, bcm_event_t
*dpkt
, nas_sta_t
*sta
);
239 extern void wpa_mic_error(wpa_t
*wpa
, nas_sta_t
*sta
, bool from_driver
);
240 extern int wpa_set_suppl(wpa_t
*wpa
, nas_sta_t
*sta
, uint32 mode
, uint32 wsec
, uint32 algo
);
242 extern void wpa_request(wpa_t
*wpa
, nas_sta_t
*sta
);
244 extern void wpa_start(wpa_t
*wpa
, nas_sta_t
*sta
);
246 extern int wpa_mode2auth(int mode
);
247 extern int wpa_auth2mode(int auth
);
249 extern void nas_wpa_calc_pmkid(wpa_t
*wpa
, nas_sta_t
*sta
);
252 typedef enum { ITIMER_OK
= 0, ITIMER_CREATE_ERROR
, ITIMER_CONNECT_ERROR
,
253 ITIMER_SET_ERROR
} itimer_status_t
;
255 /* Set an iterval timer. */
256 extern itimer_status_t
wpa_set_itimer(bcm_timer_module_id module
, bcm_timer_id
*td
,
257 bcm_timer_cb handler
, int handler_param
,
258 int secs
, int msecs
);
260 extern void wpa_stop_retx(nas_sta_t
*sta
);
261 extern void wpa_reset_countermeasures(wpa_t
*wpa
);