Jeff Johnson | 295189b | 2012-06-20 16:38:30 -0700 | [diff] [blame] | 1 | /* |
AnjaneeDevi Kapparapu | 24b52ff | 2014-02-18 18:44:02 -0800 | [diff] [blame] | 2 | * Copyright (c) 2012-2013 The Linux Foundation. All rights reserved. |
| 3 | * |
| 4 | * Previously licensed under the ISC license by Qualcomm Atheros, Inc. |
| 5 | * |
| 6 | * |
| 7 | * Permission to use, copy, modify, and/or distribute this software for |
| 8 | * any purpose with or without fee is hereby granted, provided that the |
| 9 | * above copyright notice and this permission notice appear in all |
| 10 | * copies. |
| 11 | * |
| 12 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL |
| 13 | * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED |
| 14 | * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE |
| 15 | * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL |
| 16 | * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR |
| 17 | * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER |
| 18 | * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR |
| 19 | * PERFORMANCE OF THIS SOFTWARE. |
Gopichand Nakkala | 9c070ad | 2013-01-08 21:16:34 -0800 | [diff] [blame] | 20 | */ |
AnjaneeDevi Kapparapu | 24b52ff | 2014-02-18 18:44:02 -0800 | [diff] [blame] | 21 | |
Gopichand Nakkala | 9c070ad | 2013-01-08 21:16:34 -0800 | [diff] [blame] | 22 | /* |
AnjaneeDevi Kapparapu | 24b52ff | 2014-02-18 18:44:02 -0800 | [diff] [blame] | 23 | * This file was originally distributed by Qualcomm Atheros, Inc. |
| 24 | * under proprietary terms before Copyright ownership was assigned |
| 25 | * to the Linux Foundation. |
| 26 | */ |
| 27 | |
| 28 | /* |
Jeff Johnson | 295189b | 2012-06-20 16:38:30 -0700 | [diff] [blame] | 29 | * $File: //depot/software/projects/feature_branches/gen5_phase1/os/linux/classic/ap/apps/include/aniSsmServices.h $ |
| 30 | * |
| 31 | * Contains definitions of common types that the SSM exports to other |
| 32 | * modules. |
| 33 | * |
| 34 | * Author: Mayank D. Upadhyay |
| 35 | * Date: 23-January-2003 |
| 36 | * History:- |
| 37 | * Date Modified by Modification Information |
| 38 | * ------------------------------------------------------ |
| 39 | * |
| 40 | */ |
| 41 | |
| 42 | #ifndef _ANI_SSM_SERVICES_H_ |
| 43 | #define _ANI_SSM_SERVICES_H_ |
| 44 | |
| 45 | #include "vos_types.h" |
| 46 | #include "sirApi.h" |
| 47 | |
| 48 | #define ANI_SSM_MAX_KEYS_INFO_SIZE 512 |
| 49 | #define ANI_SSM_MAX_GROUP_SIZE 32 |
| 50 | #define ANI_SSM_MAX_USERID_SIZE 64 |
| 51 | |
| 52 | #define ANI_SSM_RSN_PMK_LEN 32 |
| 53 | #define ANI_SSM_RSN_PSK_LEN ANI_SSM_RSN_PMK_LEN |
Madan Mohan Koyyalamudi | a53c4dc | 2012-11-13 10:35:42 -0800 | [diff] [blame] | 54 | #define ANI_SSM_RSN_PSK_LEN_HEX (ANI_SSM_RSN_PSK_LEN + ANI_SSM_RSN_PSK_LEN) |
Jeff Johnson | 295189b | 2012-06-20 16:38:30 -0700 | [diff] [blame] | 55 | #define ANI_SSM_MAX_PASSPHRASE_LEN 128 |
| 56 | #define ANI_SSM_MAX_AUTHZONE_LEN 32 |
| 57 | #define ANI_SSM_MAX_LANDPG_URL_LEN 128 |
| 58 | #define ANI_SSM_MAX_GUEST_PORTAL_PWD_LEN 32 |
| 59 | |
| 60 | #define ANI_SSM_IE_RSN_OUI {0x00, 0x0F, 0xAC} |
| 61 | #define ANI_SSM_IE_WPA_OUI {0x00, 0x50, 0xF2} |
| 62 | |
| 63 | #define ANI_SSM_IE_RSN_ELEM_ID 48 |
| 64 | #define ANI_SSM_IE_WPA_ELEM_ID 221 |
| 65 | |
| 66 | /* |
| 67 | * The total length of an RSN IE may be no longer than these many |
| 68 | * octets, including the two bytes for type and len. |
| 69 | */ |
| 70 | #define ANI_RSN_IE_MAX_LEN 257 |
| 71 | |
Jeff Johnson | 295189b | 2012-06-20 16:38:30 -0700 | [diff] [blame] | 72 | /* |
| 73 | * PMKSA ID data type |
| 74 | * (PMKID is an HMAC-SHA1-128 value) |
| 75 | */ |
| 76 | #define ANI_AAG_PMKID_SIZE 16 |
| 77 | |
| 78 | #define ANI_SSM_AUTH_BITMASK 0x00010000 |
| 79 | #define ANI_SSM_IEMODE_BITMASK 0xC0000000 |
| 80 | #define ANI_SSM_ENCR_BITMASK 0x00000001 |
| 81 | #define ANI_SSM_IEMODE_SHIFT (30) |
| 82 | |
| 83 | |
| 84 | // Upper level authentication types used by AA |
| 85 | typedef enum eAniSsmAuthType { |
| 86 | eANI_SSM_AT_UNDERFLOW = -1, |
| 87 | |
| 88 | // The numbers are fixed so that they can be re-used in the XCLI |
| 89 | // config file and 1x.conf. |
| 90 | eANI_SSM_AT_NONE = 0, |
| 91 | eANI_SSM_AT_SHARED_KEY = 1, |
| 92 | eANI_SSM_AT_LEGACY_EAP = 2, |
| 93 | eANI_SSM_AT_RSN_PSK = 3, |
| 94 | eANI_SSM_AT_RSN_EAP = 4, |
| 95 | |
| 96 | eANI_SSM_AT_OVERFLOW |
| 97 | } tAniSsmAuthType; |
| 98 | |
| 99 | // Upper level encryption types used by AA |
| 100 | typedef enum eAniSsmCipherType { |
| 101 | eANI_SSM_CT_UNDERFLOW = -1, |
| 102 | |
| 103 | // The numbers are fixed so that they can be re-used in the XCLI |
| 104 | // config file and 1x.conf. |
| 105 | eANI_SSM_CT_NONE = 0, |
| 106 | eANI_SSM_CT_WEP40 = 1, |
| 107 | eANI_SSM_CT_WEP104 = 2, |
| 108 | eANI_SSM_CT_WPA_WEP40 = 3, |
| 109 | eANI_SSM_CT_WPA_WEP104 = 4, |
| 110 | eANI_SSM_CT_TKIP = 5, |
| 111 | eANI_SSM_CT_CCMP = 6, |
| 112 | |
| 113 | eANI_SSM_CT_OVERFLOW |
| 114 | } tAniSsmCipherType; |
| 115 | |
| 116 | |
| 117 | // WPA modes |
| 118 | typedef enum eAniSsmWpaModes { |
| 119 | eANI_SSM_WPA_UNDERFLOW = -1, |
| 120 | |
| 121 | eANI_SSM_WPA_DISABLE = 0, |
| 122 | eANI_SSM_WPA_1 = 1, |
| 123 | eANI_SSM_WPA_2 = 2, |
| 124 | |
| 125 | eANI_SSM_WPA_OVERFLOW = ((eANI_SSM_WPA_2 | eANI_SSM_WPA_1) + 1) |
| 126 | } tAniSsmWpaModes; |
| 127 | |
| 128 | typedef struct sAniSsmGroup { |
| 129 | v_U16_t len; // Valid range: 0..ANI_SSM_MAX_GROUP_SIZE |
| 130 | v_U8_t group[1]; |
| 131 | } tAniSsmGroup; |
| 132 | |
| 133 | typedef struct sAniSsmUserId { |
| 134 | v_U16_t len; // Valid range: 0..ANI_SSM_MAX_USERID_SIZE |
| 135 | v_U8_t userId[1]; |
| 136 | } tAniSsmUserId; |
| 137 | |
| 138 | /* |
| 139 | * PMKSA ID data type |
| 140 | * (PMKID is an HMAC-SHA1-128 value) |
| 141 | */ |
| 142 | typedef v_U8_t tAniSsmPmkId[ANI_AAG_PMKID_SIZE]; |
| 143 | |
| 144 | /** |
| 145 | * aniSsmInitStaticConf |
| 146 | * |
| 147 | * (Re-)Initializes the SSM internal static configuration. This may be |
| 148 | * from a static configuration file and will include items such as |
| 149 | * local MAC-ACL lists. |
| 150 | * |
| 151 | * @param configFileName - an optional filename to read from. If this is |
| 152 | * NULL, the default AAG static conf file is read. |
| 153 | * |
| 154 | * @return ANI_OK if the operation succeeds |
| 155 | */ |
| 156 | int |
| 157 | aniSsmInitStaticConf(char *configFileName); |
| 158 | |
| 159 | /** |
| 160 | * aniSsmIsStaMacAllowed |
| 161 | * |
| 162 | * Determines if a given STA passes the local MAC-ACL check. If |
| 163 | * MAC-ACL lookup is enabled, it may be either positive (whitelist) or |
| 164 | * negative (blacklist). If positive MAC-ACLs are on, then only those |
| 165 | * STAs that are in the whitelist are allowed in. If negative MAC-ACLs |
| 166 | * are on, then those STAs that are in the blacklist are not allowed in. |
| 167 | * |
| 168 | * Note that local MAC-ACLs may be maintained per SSID. |
| 169 | * |
| 170 | * @param staMac - the MAC address of the STA |
| 171 | * @param ssid - the SSID that the STA is associating on |
| 172 | * |
| 173 | * @return ANI_OK if the operation succeeds |
| 174 | */ |
| 175 | v_BOOL_t |
| 176 | aniSsmIsStaMacAllowed(const tAniMacAddr staMac, const tAniSSID *ssid); |
| 177 | |
| 178 | /** |
| 179 | * aniSsmIsSecModeAllowed |
| 180 | * |
| 181 | * Determines if the security suites requested by an RSN station or |
| 182 | * non-RSN station are allowed under the security mode in force at the |
| 183 | * moment. |
| 184 | * |
| 185 | * An RSN IE needs to be passed in if RSN is being used. Otherwise the |
| 186 | * ieLen field should be set to 0 or ieData set to NULL to indicate |
| 187 | * that no IE is present. If the RSN IE is present it is used to check |
| 188 | * both the authentication type and the cipher type for the group and |
| 189 | * pairwise keys. Special rules might apply in the case of a |
| 190 | * BP. Therefore, a separate flag indicates if the STA is a BP. |
| 191 | * |
| 192 | * If the station is not using RSN, the authentication type is |
| 193 | * tightly bound to the cipher type. For instance, when using |
| 194 | * shared-key MAC authentication, the cipher type will be assumed to |
| 195 | * be WEP. (Both WEP-40 and WEP-104 fall under the same security |
| 196 | * level.) When using open-system MAC authentication, the cipher type |
| 197 | * will be assumed to be WEP if the security level requires WEP, |
| 198 | * otherwise the cipher will be determined later. (When performing |
| 199 | * open-auth in the lowest security level, the STA is required to |
| 200 | * initiate EAPOL in order to establish WEP keys, or WEP cannot be not |
| 201 | * used.) |
| 202 | * |
| 203 | * @param secMode the security mode that is in force |
| 204 | * @param macAuthType the MAC-level authentication type to check |
| 205 | * @param ieLen is set 0 if no RSN IE is present, or to the number of |
| 206 | * octets in the RSN IE. |
| 207 | * @param ieData the optional IE data bytes, or NULL if no IE is |
| 208 | * present. |
| 209 | * @param bpIndicator eANI_BOOLEAN_TRUE if the STA is a BP, |
| 210 | * eANI_BOOLEAN_FALSE otherwise. |
| 211 | * |
| 212 | * @return eANI_BOOLEAN_TRUE if the authentication type is allowed, |
| 213 | * eANI_BOOLEAN_FALSE if not. |
| 214 | * |
| 215 | * @see aniSsmIsRsnSuiteAllowed |
| 216 | */ |
| 217 | v_BOOL_t |
| 218 | aniSsmIsSecModeAllowed(v_U32_t secMode, |
| 219 | tAniAuthType macAuthType, |
| 220 | v_U8_t ieLen, |
| 221 | v_U8_t *ieData, |
| 222 | v_BOOL_t bpIndicator, |
| 223 | v_BOOL_t wpsEnabled); |
| 224 | |
| 225 | /** |
| 226 | * aniSsmGenRsnSuiteList |
| 227 | * |
| 228 | * Generates a RSN information element containing a list of RSN suites |
| 229 | * that conform to the specified security level. This is generally |
| 230 | * used on the AP to generate the RSN information element it |
| 231 | * advertizes. |
| 232 | * |
| 233 | * @param secMode the security mode in force |
| 234 | * @param ieData the buffer in which to store the generated IE |
| 235 | * |
| 236 | * @return the non-negative number of bytes written into the buffer if |
| 237 | * the operation succeeds, or a negative error code. |
| 238 | */ |
| 239 | int |
| 240 | aniSsmGenRsnSuiteList(v_U32_t secMode, |
| 241 | v_U8_t ieData[ANI_RSN_IE_MAX_LEN]); |
| 242 | |
| 243 | /** |
| 244 | * aniSsmGenRsnSuiteForBp |
| 245 | * |
| 246 | * Generates a RSN information element containing exactly one RSN |
| 247 | * suite selector for authentication and exactly one for the |
| 248 | * cipher. This is generally used on the BP side while associating |
| 249 | * with an upstream AP. |
| 250 | * |
| 251 | * If RSN is turned off on the BP, then the IE is of length 0. |
| 252 | * |
| 253 | * NOTE: As per 802.11/D3.0, the BP has to send back the exact group |
| 254 | * key cipher that the AP indicated in its IE. |
| 255 | * |
| 256 | * @param apIeData contains the IE sent by the AP and is used to read |
| 257 | * the group key cipher that the AP wants us to use. |
| 258 | * @param apIeLen the length of the AP's IE |
| 259 | * @param bpRsnFlag should be 0 for no RSN, 1 for AES, 2 for TKIP |
| 260 | * @param bpPskFlag should be eANI_BOOLEAN_TRUE if RSN with PSK is |
| 261 | * desired. This is only relevant if bpRsnFlag is not zero. |
| 262 | * @param ieData the buffer in which to store the generated IE |
| 263 | * |
| 264 | * @return the non-negative number of bytes written into the buffer if |
| 265 | * the operation succeeds, or a negative error code. |
| 266 | */ |
| 267 | int |
| 268 | aniSsmGenRsnSuiteForBp(const v_U8_t *apIeData, |
| 269 | v_U8_t apIeLen, |
| 270 | v_U32_t bpRsnFlag, |
| 271 | v_BOOL_t bpPskFlag, |
| 272 | v_U8_t ieData[ANI_RSN_IE_MAX_LEN]); |
| 273 | |
| 274 | /** |
| 275 | * aniSsmSecMode2Str |
| 276 | * |
| 277 | * Returns a descriptive string that can be used for logging the |
| 278 | * security mode. |
| 279 | * |
| 280 | * @param secMode the secMode to be printed |
| 281 | * |
| 282 | * @return a printable ASCII string representing the secMode |
| 283 | */ |
| 284 | v_U8_t * |
| 285 | aniSsmSecMode2Str(v_U32_t secMode); |
| 286 | |
| 287 | /** |
| 288 | * aniSsmIe2Str |
| 289 | * |
| 290 | * Parses and returns a printable form of the IE (WPA/RSN). |
| 291 | * |
| 292 | * @param ieData the IE bytes |
| 293 | * @param ieLen the length of the IE |
| 294 | * |
| 295 | * @return ANI_OK if the operation succeeds |
| 296 | */ |
| 297 | v_U8_t * |
| 298 | aniSsmIe2Str(const v_U8_t *ieData, v_U8_t ieLen); |
| 299 | |
| 300 | #endif /* _ANI_SSM_SERVICES_H_ */ |