Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / prima / 9c070add6c34d9124e8ef0907bcce7f9a247cb27 / . / CORE / BAP / src / bapRsnSsmServices.h
blob: d73aacf9580ab4cd5ab6f75e06fc7281e03190f0 [file] [log] [blame]
Jeff Johnson295189b2012-06-20 16:38:30 -0700[diff] [blame]1/*
Gopichand Nakkala9c070ad2013-01-08 21:16:34 -0800[diff] [blame^]2 * Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
3 *
4 * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
5 *
6 *
7 * Permission to use, copy, modify, and/or distribute this software for
8 * any purpose with or without fee is hereby granted, provided that the
9 * above copyright notice and this permission notice appear in all
10 * copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
13 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
14 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
15 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
16 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
17 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
18 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
19 * PERFORMANCE OF THIS SOFTWARE.
20 */
21/*
Jeff Johnson32d95a32012-09-10 13:15:23 -0700[diff] [blame]22 * Copyright (c) 2012, The Linux Foundation. All rights reserved.
Jeff Johnson295189b2012-06-20 16:38:30 -0700[diff] [blame]23 *
24 * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
25 *
26 *
27 * Permission to use, copy, modify, and/or distribute this software for
28 * any purpose with or without fee is hereby granted, provided that the
29 * above copyright notice and this permission notice appear in all
30 * copies.
31 *
32 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
33 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
34 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
35 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
36 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
37 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
38 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
39 * PERFORMANCE OF THIS SOFTWARE.
40 */
41
42/*
43 * Airgo Networks, Inc proprietary. All rights reserved.
44 * $File: //depot/software/projects/feature_branches/gen5_phase1/os/linux/classic/ap/apps/include/aniSsmServices.h $
45 *
46 * Contains definitions of common types that the SSM exports to other
47 * modules.
48 *
49 * Author: Mayank D. Upadhyay
50 * Date: 23-January-2003
51 * History:-
52 * Date Modified by Modification Information
53 * ------------------------------------------------------
54 *
55 */
56
57#ifndef _ANI_SSM_SERVICES_H_
58#define _ANI_SSM_SERVICES_H_
59
60#include "vos_types.h"
61#include "sirApi.h"
62
63#define ANI_SSM_MAX_KEYS_INFO_SIZE 512
64#define ANI_SSM_MAX_GROUP_SIZE 32
65#define ANI_SSM_MAX_USERID_SIZE 64
66
67#define ANI_SSM_RSN_PMK_LEN 32
68#define ANI_SSM_RSN_PSK_LEN ANI_SSM_RSN_PMK_LEN
Madan Mohan Koyyalamudia53c4dc2012-11-13 10:35:42 -0800[diff] [blame]69#define ANI_SSM_RSN_PSK_LEN_HEX (ANI_SSM_RSN_PSK_LEN + ANI_SSM_RSN_PSK_LEN)
Jeff Johnson295189b2012-06-20 16:38:30 -0700[diff] [blame]70#define ANI_SSM_MAX_PASSPHRASE_LEN 128
71#define ANI_SSM_MAX_AUTHZONE_LEN 32
72#define ANI_SSM_MAX_LANDPG_URL_LEN 128
73#define ANI_SSM_MAX_GUEST_PORTAL_PWD_LEN 32
74
75#define ANI_SSM_IE_RSN_OUI {0x00, 0x0F, 0xAC}
76#define ANI_SSM_IE_WPA_OUI {0x00, 0x50, 0xF2}
77
78#define ANI_SSM_IE_RSN_ELEM_ID 48
79#define ANI_SSM_IE_WPA_ELEM_ID 221
80
81/*
82 * The total length of an RSN IE may be no longer than these many
83 * octets, including the two bytes for type and len.
84 */
85#define ANI_RSN_IE_MAX_LEN 257
86
87#ifndef ANI_AP_SDK
88#define ANI_AAG_CONF_FILE_NAME ANI_STATIC_CONFIG_DIR"/ssm/1x.conf"
89#define ANI_AAG_AA_CFG_FILE_ORIG ANI_STATIC_CONFIG_DIR"/ssm/1x.conf.orig"
90#else
91#define ANI_AAG_CONF_FILE_NAME "/var/1x.conf"
92#define ANI_AAG_AA_CFG_FILE_ORIG "/var/1x.conf.orig"
93#define ANI_WSM_DEFAULTS_FILE_NAME "/var/wsmDefaults"
94#define ANI_WSM_DEFAULTS_FILE_ORIG "/var/wsmDefaults.orig"
95#endif // !ANI_AP_SDK
96
97#define ANI_AAG_CONF_MAX_LINE 120
98
99/*
100 * PMKSA ID data type
101 * (PMKID is an HMAC-SHA1-128 value)
102 */
103#define ANI_AAG_PMKID_SIZE 16
104
105#define ANI_SSM_AUTH_BITMASK 0x00010000
106#define ANI_SSM_IEMODE_BITMASK 0xC0000000
107#define ANI_SSM_ENCR_BITMASK 0x00000001
108#define ANI_SSM_IEMODE_SHIFT (30)
109
110
111// Upper level authentication types used by AA
112typedef enum eAniSsmAuthType {
113 eANI_SSM_AT_UNDERFLOW = -1,
114
115 // The numbers are fixed so that they can be re-used in the XCLI
116 // config file and 1x.conf.
117 eANI_SSM_AT_NONE = 0,
118 eANI_SSM_AT_SHARED_KEY = 1,
119 eANI_SSM_AT_LEGACY_EAP = 2,
120 eANI_SSM_AT_RSN_PSK = 3,
121 eANI_SSM_AT_RSN_EAP = 4,
122
123 eANI_SSM_AT_OVERFLOW
124} tAniSsmAuthType;
125
126// Upper level encryption types used by AA
127typedef enum eAniSsmCipherType {
128 eANI_SSM_CT_UNDERFLOW = -1,
129
130 // The numbers are fixed so that they can be re-used in the XCLI
131 // config file and 1x.conf.
132 eANI_SSM_CT_NONE = 0,
133 eANI_SSM_CT_WEP40 = 1,
134 eANI_SSM_CT_WEP104 = 2,
135 eANI_SSM_CT_WPA_WEP40 = 3,
136 eANI_SSM_CT_WPA_WEP104 = 4,
137 eANI_SSM_CT_TKIP = 5,
138 eANI_SSM_CT_CCMP = 6,
139
140 eANI_SSM_CT_OVERFLOW
141} tAniSsmCipherType;
142
143
144// WPA modes
145typedef enum eAniSsmWpaModes {
146 eANI_SSM_WPA_UNDERFLOW = -1,
147
148 eANI_SSM_WPA_DISABLE = 0,
149 eANI_SSM_WPA_1 = 1,
150 eANI_SSM_WPA_2 = 2,
151
152 eANI_SSM_WPA_OVERFLOW = ((eANI_SSM_WPA_2 | eANI_SSM_WPA_1) + 1)
153} tAniSsmWpaModes;
154
155typedef struct sAniSsmGroup {
156 v_U16_t len; // Valid range: 0..ANI_SSM_MAX_GROUP_SIZE
157 v_U8_t group[1];
158} tAniSsmGroup;
159
160typedef struct sAniSsmUserId {
161 v_U16_t len; // Valid range: 0..ANI_SSM_MAX_USERID_SIZE
162 v_U8_t userId[1];
163} tAniSsmUserId;
164
165/*
166 * PMKSA ID data type
167 * (PMKID is an HMAC-SHA1-128 value)
168 */
169typedef v_U8_t tAniSsmPmkId[ANI_AAG_PMKID_SIZE];
170
171/**
172 * aniSsmInitStaticConf
173 *
174 * (Re-)Initializes the SSM internal static configuration. This may be
175 * from a static configuration file and will include items such as
176 * local MAC-ACL lists.
177 *
178 * @param configFileName - an optional filename to read from. If this is
179 * NULL, the default AAG static conf file is read.
180 *
181 * @return ANI_OK if the operation succeeds
182 */
183int
184aniSsmInitStaticConf(char *configFileName);
185
186/**
187 * aniSsmIsStaMacAllowed
188 *
189 * Determines if a given STA passes the local MAC-ACL check. If
190 * MAC-ACL lookup is enabled, it may be either positive (whitelist) or
191 * negative (blacklist). If positive MAC-ACLs are on, then only those
192 * STAs that are in the whitelist are allowed in. If negative MAC-ACLs
193 * are on, then those STAs that are in the blacklist are not allowed in.
194 *
195 * Note that local MAC-ACLs may be maintained per SSID.
196 *
197 * @param staMac - the MAC address of the STA
198 * @param ssid - the SSID that the STA is associating on
199 *
200 * @return ANI_OK if the operation succeeds
201 */
202v_BOOL_t
203aniSsmIsStaMacAllowed(const tAniMacAddr staMac, const tAniSSID *ssid);
204
205/**
206 * aniSsmIsSecModeAllowed
207 *
208 * Determines if the security suites requested by an RSN station or
209 * non-RSN station are allowed under the security mode in force at the
210 * moment.
211 *
212 * An RSN IE needs to be passed in if RSN is being used. Otherwise the
213 * ieLen field should be set to 0 or ieData set to NULL to indicate
214 * that no IE is present. If the RSN IE is present it is used to check
215 * both the authentication type and the cipher type for the group and
216 * pairwise keys. Special rules might apply in the case of a
217 * BP. Therefore, a separate flag indicates if the STA is a BP.
218 *
219 * If the station is not using RSN, the authentication type is
220 * tightly bound to the cipher type. For instance, when using
221 * shared-key MAC authentication, the cipher type will be assumed to
222 * be WEP. (Both WEP-40 and WEP-104 fall under the same security
223 * level.) When using open-system MAC authentication, the cipher type
224 * will be assumed to be WEP if the security level requires WEP,
225 * otherwise the cipher will be determined later. (When performing
226 * open-auth in the lowest security level, the STA is required to
227 * initiate EAPOL in order to establish WEP keys, or WEP cannot be not
228 * used.)
229 *
230 * @param secMode the security mode that is in force
231 * @param macAuthType the MAC-level authentication type to check
232 * @param ieLen is set 0 if no RSN IE is present, or to the number of
233 * octets in the RSN IE.
234 * @param ieData the optional IE data bytes, or NULL if no IE is
235 * present.
236 * @param bpIndicator eANI_BOOLEAN_TRUE if the STA is a BP,
237 * eANI_BOOLEAN_FALSE otherwise.
238 *
239 * @return eANI_BOOLEAN_TRUE if the authentication type is allowed,
240 * eANI_BOOLEAN_FALSE if not.
241 *
242 * @see aniSsmIsRsnSuiteAllowed
243 */
244v_BOOL_t
245aniSsmIsSecModeAllowed(v_U32_t secMode,
246 tAniAuthType macAuthType,
247 v_U8_t ieLen,
248 v_U8_t *ieData,
249 v_BOOL_t bpIndicator,
250 v_BOOL_t wpsEnabled);
251
252/**
253 * aniSsmGenRsnSuiteList
254 *
255 * Generates a RSN information element containing a list of RSN suites
256 * that conform to the specified security level. This is generally
257 * used on the AP to generate the RSN information element it
258 * advertizes.
259 *
260 * @param secMode the security mode in force
261 * @param ieData the buffer in which to store the generated IE
262 *
263 * @return the non-negative number of bytes written into the buffer if
264 * the operation succeeds, or a negative error code.
265 */
266int
267aniSsmGenRsnSuiteList(v_U32_t secMode,
268 v_U8_t ieData[ANI_RSN_IE_MAX_LEN]);
269
270/**
271 * aniSsmGenRsnSuiteForBp
272 *
273 * Generates a RSN information element containing exactly one RSN
274 * suite selector for authentication and exactly one for the
275 * cipher. This is generally used on the BP side while associating
276 * with an upstream AP.
277 *
278 * If RSN is turned off on the BP, then the IE is of length 0.
279 *
280 * NOTE: As per 802.11/D3.0, the BP has to send back the exact group
281 * key cipher that the AP indicated in its IE.
282 *
283 * @param apIeData contains the IE sent by the AP and is used to read
284 * the group key cipher that the AP wants us to use.
285 * @param apIeLen the length of the AP's IE
286 * @param bpRsnFlag should be 0 for no RSN, 1 for AES, 2 for TKIP
287 * @param bpPskFlag should be eANI_BOOLEAN_TRUE if RSN with PSK is
288 * desired. This is only relevant if bpRsnFlag is not zero.
289 * @param ieData the buffer in which to store the generated IE
290 *
291 * @return the non-negative number of bytes written into the buffer if
292 * the operation succeeds, or a negative error code.
293 */
294int
295aniSsmGenRsnSuiteForBp(const v_U8_t *apIeData,
296 v_U8_t apIeLen,
297 v_U32_t bpRsnFlag,
298 v_BOOL_t bpPskFlag,
299 v_U8_t ieData[ANI_RSN_IE_MAX_LEN]);
300
301/**
302 * aniSsmSecMode2Str
303 *
304 * Returns a descriptive string that can be used for logging the
305 * security mode.
306 *
307 * @param secMode the secMode to be printed
308 *
309 * @return a printable ASCII string representing the secMode
310 */
311v_U8_t *
312aniSsmSecMode2Str(v_U32_t secMode);
313
314/**
315 * aniSsmIe2Str
316 *
317 * Parses and returns a printable form of the IE (WPA/RSN).
318 *
319 * @param ieData the IE bytes
320 * @param ieLen the length of the IE
321 *
322 * @return ANI_OK if the operation succeeds
323 */
324v_U8_t *
325aniSsmIe2Str(const v_U8_t *ieData, v_U8_t ieLen);
326
327#endif /* _ANI_SSM_SERVICES_H_ */