Jeff Johnson | 295189b | 2012-06-20 16:38:30 -0700 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (c) 2012, Code Aurora Forum. All rights reserved. |
| 3 | * |
| 4 | * Previously licensed under the ISC license by Qualcomm Atheros, Inc. |
| 5 | * |
| 6 | * |
| 7 | * Permission to use, copy, modify, and/or distribute this software for |
| 8 | * any purpose with or without fee is hereby granted, provided that the |
| 9 | * above copyright notice and this permission notice appear in all |
| 10 | * copies. |
| 11 | * |
| 12 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL |
| 13 | * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED |
| 14 | * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE |
| 15 | * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL |
| 16 | * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR |
| 17 | * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER |
| 18 | * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR |
| 19 | * PERFORMANCE OF THIS SOFTWARE. |
| 20 | */ |
| 21 | |
| 22 | /* |
| 23 | * Airgo Networks, Inc proprietary. All rights reserved. |
| 24 | * $File: //depot/software/projects/feature_branches/gen5_phase1/os/linux/classic/ap/apps/include/aniSsmServices.h $ |
| 25 | * |
| 26 | * Contains definitions of common types that the SSM exports to other |
| 27 | * modules. |
| 28 | * |
| 29 | * Author: Mayank D. Upadhyay |
| 30 | * Date: 23-January-2003 |
| 31 | * History:- |
| 32 | * Date Modified by Modification Information |
| 33 | * ------------------------------------------------------ |
| 34 | * |
| 35 | */ |
| 36 | |
| 37 | #ifndef _ANI_SSM_SERVICES_H_ |
| 38 | #define _ANI_SSM_SERVICES_H_ |
| 39 | |
| 40 | #include "vos_types.h" |
| 41 | #include "sirApi.h" |
| 42 | |
| 43 | #define ANI_SSM_MAX_KEYS_INFO_SIZE 512 |
| 44 | #define ANI_SSM_MAX_GROUP_SIZE 32 |
| 45 | #define ANI_SSM_MAX_USERID_SIZE 64 |
| 46 | |
| 47 | #define ANI_SSM_RSN_PMK_LEN 32 |
| 48 | #define ANI_SSM_RSN_PSK_LEN ANI_SSM_RSN_PMK_LEN |
| 49 | #define ANI_SSM_RSN_PSK_LEN_HEX ANI_SSM_RSN_PSK_LEN+ANI_SSM_RSN_PSK_LEN |
| 50 | #define ANI_SSM_MAX_PASSPHRASE_LEN 128 |
| 51 | #define ANI_SSM_MAX_AUTHZONE_LEN 32 |
| 52 | #define ANI_SSM_MAX_LANDPG_URL_LEN 128 |
| 53 | #define ANI_SSM_MAX_GUEST_PORTAL_PWD_LEN 32 |
| 54 | |
| 55 | #define ANI_SSM_IE_RSN_OUI {0x00, 0x0F, 0xAC} |
| 56 | #define ANI_SSM_IE_WPA_OUI {0x00, 0x50, 0xF2} |
| 57 | |
| 58 | #define ANI_SSM_IE_RSN_ELEM_ID 48 |
| 59 | #define ANI_SSM_IE_WPA_ELEM_ID 221 |
| 60 | |
| 61 | /* |
| 62 | * The total length of an RSN IE may be no longer than these many |
| 63 | * octets, including the two bytes for type and len. |
| 64 | */ |
| 65 | #define ANI_RSN_IE_MAX_LEN 257 |
| 66 | |
| 67 | #ifndef ANI_AP_SDK |
| 68 | #define ANI_AAG_CONF_FILE_NAME ANI_STATIC_CONFIG_DIR"/ssm/1x.conf" |
| 69 | #define ANI_AAG_AA_CFG_FILE_ORIG ANI_STATIC_CONFIG_DIR"/ssm/1x.conf.orig" |
| 70 | #else |
| 71 | #define ANI_AAG_CONF_FILE_NAME "/var/1x.conf" |
| 72 | #define ANI_AAG_AA_CFG_FILE_ORIG "/var/1x.conf.orig" |
| 73 | #define ANI_WSM_DEFAULTS_FILE_NAME "/var/wsmDefaults" |
| 74 | #define ANI_WSM_DEFAULTS_FILE_ORIG "/var/wsmDefaults.orig" |
| 75 | #endif // !ANI_AP_SDK |
| 76 | |
| 77 | #define ANI_AAG_CONF_MAX_LINE 120 |
| 78 | |
| 79 | /* |
| 80 | * PMKSA ID data type |
| 81 | * (PMKID is an HMAC-SHA1-128 value) |
| 82 | */ |
| 83 | #define ANI_AAG_PMKID_SIZE 16 |
| 84 | |
| 85 | #define ANI_SSM_AUTH_BITMASK 0x00010000 |
| 86 | #define ANI_SSM_IEMODE_BITMASK 0xC0000000 |
| 87 | #define ANI_SSM_ENCR_BITMASK 0x00000001 |
| 88 | #define ANI_SSM_IEMODE_SHIFT (30) |
| 89 | |
| 90 | |
| 91 | // Upper level authentication types used by AA |
| 92 | typedef enum eAniSsmAuthType { |
| 93 | eANI_SSM_AT_UNDERFLOW = -1, |
| 94 | |
| 95 | // The numbers are fixed so that they can be re-used in the XCLI |
| 96 | // config file and 1x.conf. |
| 97 | eANI_SSM_AT_NONE = 0, |
| 98 | eANI_SSM_AT_SHARED_KEY = 1, |
| 99 | eANI_SSM_AT_LEGACY_EAP = 2, |
| 100 | eANI_SSM_AT_RSN_PSK = 3, |
| 101 | eANI_SSM_AT_RSN_EAP = 4, |
| 102 | |
| 103 | eANI_SSM_AT_OVERFLOW |
| 104 | } tAniSsmAuthType; |
| 105 | |
| 106 | // Upper level encryption types used by AA |
| 107 | typedef enum eAniSsmCipherType { |
| 108 | eANI_SSM_CT_UNDERFLOW = -1, |
| 109 | |
| 110 | // The numbers are fixed so that they can be re-used in the XCLI |
| 111 | // config file and 1x.conf. |
| 112 | eANI_SSM_CT_NONE = 0, |
| 113 | eANI_SSM_CT_WEP40 = 1, |
| 114 | eANI_SSM_CT_WEP104 = 2, |
| 115 | eANI_SSM_CT_WPA_WEP40 = 3, |
| 116 | eANI_SSM_CT_WPA_WEP104 = 4, |
| 117 | eANI_SSM_CT_TKIP = 5, |
| 118 | eANI_SSM_CT_CCMP = 6, |
| 119 | |
| 120 | eANI_SSM_CT_OVERFLOW |
| 121 | } tAniSsmCipherType; |
| 122 | |
| 123 | |
| 124 | // WPA modes |
| 125 | typedef enum eAniSsmWpaModes { |
| 126 | eANI_SSM_WPA_UNDERFLOW = -1, |
| 127 | |
| 128 | eANI_SSM_WPA_DISABLE = 0, |
| 129 | eANI_SSM_WPA_1 = 1, |
| 130 | eANI_SSM_WPA_2 = 2, |
| 131 | |
| 132 | eANI_SSM_WPA_OVERFLOW = ((eANI_SSM_WPA_2 | eANI_SSM_WPA_1) + 1) |
| 133 | } tAniSsmWpaModes; |
| 134 | |
| 135 | typedef struct sAniSsmGroup { |
| 136 | v_U16_t len; // Valid range: 0..ANI_SSM_MAX_GROUP_SIZE |
| 137 | v_U8_t group[1]; |
| 138 | } tAniSsmGroup; |
| 139 | |
| 140 | typedef struct sAniSsmUserId { |
| 141 | v_U16_t len; // Valid range: 0..ANI_SSM_MAX_USERID_SIZE |
| 142 | v_U8_t userId[1]; |
| 143 | } tAniSsmUserId; |
| 144 | |
| 145 | /* |
| 146 | * PMKSA ID data type |
| 147 | * (PMKID is an HMAC-SHA1-128 value) |
| 148 | */ |
| 149 | typedef v_U8_t tAniSsmPmkId[ANI_AAG_PMKID_SIZE]; |
| 150 | |
| 151 | /** |
| 152 | * aniSsmInitStaticConf |
| 153 | * |
| 154 | * (Re-)Initializes the SSM internal static configuration. This may be |
| 155 | * from a static configuration file and will include items such as |
| 156 | * local MAC-ACL lists. |
| 157 | * |
| 158 | * @param configFileName - an optional filename to read from. If this is |
| 159 | * NULL, the default AAG static conf file is read. |
| 160 | * |
| 161 | * @return ANI_OK if the operation succeeds |
| 162 | */ |
| 163 | int |
| 164 | aniSsmInitStaticConf(char *configFileName); |
| 165 | |
| 166 | /** |
| 167 | * aniSsmIsStaMacAllowed |
| 168 | * |
| 169 | * Determines if a given STA passes the local MAC-ACL check. If |
| 170 | * MAC-ACL lookup is enabled, it may be either positive (whitelist) or |
| 171 | * negative (blacklist). If positive MAC-ACLs are on, then only those |
| 172 | * STAs that are in the whitelist are allowed in. If negative MAC-ACLs |
| 173 | * are on, then those STAs that are in the blacklist are not allowed in. |
| 174 | * |
| 175 | * Note that local MAC-ACLs may be maintained per SSID. |
| 176 | * |
| 177 | * @param staMac - the MAC address of the STA |
| 178 | * @param ssid - the SSID that the STA is associating on |
| 179 | * |
| 180 | * @return ANI_OK if the operation succeeds |
| 181 | */ |
| 182 | v_BOOL_t |
| 183 | aniSsmIsStaMacAllowed(const tAniMacAddr staMac, const tAniSSID *ssid); |
| 184 | |
| 185 | /** |
| 186 | * aniSsmIsSecModeAllowed |
| 187 | * |
| 188 | * Determines if the security suites requested by an RSN station or |
| 189 | * non-RSN station are allowed under the security mode in force at the |
| 190 | * moment. |
| 191 | * |
| 192 | * An RSN IE needs to be passed in if RSN is being used. Otherwise the |
| 193 | * ieLen field should be set to 0 or ieData set to NULL to indicate |
| 194 | * that no IE is present. If the RSN IE is present it is used to check |
| 195 | * both the authentication type and the cipher type for the group and |
| 196 | * pairwise keys. Special rules might apply in the case of a |
| 197 | * BP. Therefore, a separate flag indicates if the STA is a BP. |
| 198 | * |
| 199 | * If the station is not using RSN, the authentication type is |
| 200 | * tightly bound to the cipher type. For instance, when using |
| 201 | * shared-key MAC authentication, the cipher type will be assumed to |
| 202 | * be WEP. (Both WEP-40 and WEP-104 fall under the same security |
| 203 | * level.) When using open-system MAC authentication, the cipher type |
| 204 | * will be assumed to be WEP if the security level requires WEP, |
| 205 | * otherwise the cipher will be determined later. (When performing |
| 206 | * open-auth in the lowest security level, the STA is required to |
| 207 | * initiate EAPOL in order to establish WEP keys, or WEP cannot be not |
| 208 | * used.) |
| 209 | * |
| 210 | * @param secMode the security mode that is in force |
| 211 | * @param macAuthType the MAC-level authentication type to check |
| 212 | * @param ieLen is set 0 if no RSN IE is present, or to the number of |
| 213 | * octets in the RSN IE. |
| 214 | * @param ieData the optional IE data bytes, or NULL if no IE is |
| 215 | * present. |
| 216 | * @param bpIndicator eANI_BOOLEAN_TRUE if the STA is a BP, |
| 217 | * eANI_BOOLEAN_FALSE otherwise. |
| 218 | * |
| 219 | * @return eANI_BOOLEAN_TRUE if the authentication type is allowed, |
| 220 | * eANI_BOOLEAN_FALSE if not. |
| 221 | * |
| 222 | * @see aniSsmIsRsnSuiteAllowed |
| 223 | */ |
| 224 | v_BOOL_t |
| 225 | aniSsmIsSecModeAllowed(v_U32_t secMode, |
| 226 | tAniAuthType macAuthType, |
| 227 | v_U8_t ieLen, |
| 228 | v_U8_t *ieData, |
| 229 | v_BOOL_t bpIndicator, |
| 230 | v_BOOL_t wpsEnabled); |
| 231 | |
| 232 | /** |
| 233 | * aniSsmGenRsnSuiteList |
| 234 | * |
| 235 | * Generates a RSN information element containing a list of RSN suites |
| 236 | * that conform to the specified security level. This is generally |
| 237 | * used on the AP to generate the RSN information element it |
| 238 | * advertizes. |
| 239 | * |
| 240 | * @param secMode the security mode in force |
| 241 | * @param ieData the buffer in which to store the generated IE |
| 242 | * |
| 243 | * @return the non-negative number of bytes written into the buffer if |
| 244 | * the operation succeeds, or a negative error code. |
| 245 | */ |
| 246 | int |
| 247 | aniSsmGenRsnSuiteList(v_U32_t secMode, |
| 248 | v_U8_t ieData[ANI_RSN_IE_MAX_LEN]); |
| 249 | |
| 250 | /** |
| 251 | * aniSsmGenRsnSuiteForBp |
| 252 | * |
| 253 | * Generates a RSN information element containing exactly one RSN |
| 254 | * suite selector for authentication and exactly one for the |
| 255 | * cipher. This is generally used on the BP side while associating |
| 256 | * with an upstream AP. |
| 257 | * |
| 258 | * If RSN is turned off on the BP, then the IE is of length 0. |
| 259 | * |
| 260 | * NOTE: As per 802.11/D3.0, the BP has to send back the exact group |
| 261 | * key cipher that the AP indicated in its IE. |
| 262 | * |
| 263 | * @param apIeData contains the IE sent by the AP and is used to read |
| 264 | * the group key cipher that the AP wants us to use. |
| 265 | * @param apIeLen the length of the AP's IE |
| 266 | * @param bpRsnFlag should be 0 for no RSN, 1 for AES, 2 for TKIP |
| 267 | * @param bpPskFlag should be eANI_BOOLEAN_TRUE if RSN with PSK is |
| 268 | * desired. This is only relevant if bpRsnFlag is not zero. |
| 269 | * @param ieData the buffer in which to store the generated IE |
| 270 | * |
| 271 | * @return the non-negative number of bytes written into the buffer if |
| 272 | * the operation succeeds, or a negative error code. |
| 273 | */ |
| 274 | int |
| 275 | aniSsmGenRsnSuiteForBp(const v_U8_t *apIeData, |
| 276 | v_U8_t apIeLen, |
| 277 | v_U32_t bpRsnFlag, |
| 278 | v_BOOL_t bpPskFlag, |
| 279 | v_U8_t ieData[ANI_RSN_IE_MAX_LEN]); |
| 280 | |
| 281 | /** |
| 282 | * aniSsmSecMode2Str |
| 283 | * |
| 284 | * Returns a descriptive string that can be used for logging the |
| 285 | * security mode. |
| 286 | * |
| 287 | * @param secMode the secMode to be printed |
| 288 | * |
| 289 | * @return a printable ASCII string representing the secMode |
| 290 | */ |
| 291 | v_U8_t * |
| 292 | aniSsmSecMode2Str(v_U32_t secMode); |
| 293 | |
| 294 | /** |
| 295 | * aniSsmIe2Str |
| 296 | * |
| 297 | * Parses and returns a printable form of the IE (WPA/RSN). |
| 298 | * |
| 299 | * @param ieData the IE bytes |
| 300 | * @param ieLen the length of the IE |
| 301 | * |
| 302 | * @return ANI_OK if the operation succeeds |
| 303 | */ |
| 304 | v_U8_t * |
| 305 | aniSsmIe2Str(const v_U8_t *ieData, v_U8_t ieLen); |
| 306 | |
| 307 | #endif /* _ANI_SSM_SERVICES_H_ */ |