Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 8c6f5e82b0b15337e158ee915aac207b5602f3c6 / . / core / mac / src / pe / include / lim_fils_defs.h
blob: c3619cbdb45610b4654dfe73bd540b937c1b725d [file] [log] [blame]
/*
* Copyright (c) 2017 The Linux Foundation. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all
* copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
* WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
* TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
#define FILS_EAP_TLV_MAX_DATA_LEN 255
#define FILS_SHA256_128_AUTH_TAG 16
#define FILS_SHA256_256_AUTH_TAG 32
#define FILS_SHA256_CRYPTO_TYPE "hmac(sha256)"
#define FILS_SHA384_CRYPTO_TYPE "hmac(sha384)"
/* RFC 6696 */
#define RMSK_LABEL "Re-authentication Master Session Key@ietf.org"
/* 12.12.2.5.3 80211-ai draft */
#define PTK_KEY_LABEL "FILS PTK Derivation"
#define MAX_ICK_LEN 48
#define MAX_KEK_LEN 64
#define MAX_TK_LEN 32
#define MAX_KEY_AUTH_DATA_LEN 48
#define MAX_GTK_LEN 255
#define MAX_IGTK_LEN 255
#define IPN_LEN 6
#define FILS_SESSION_LENGTH 8
#define FILS_MAX_KDE_LIST_LEN 255
/* 12.12.2.5.3 80211-ai draft */
#define FILS_SHA384_KEK_LEN 64
#define FILS_SHA256_KEK_LEN 32
/* 12.12.2.5.3 80211-ai draft */
#define FILS_SHA256_ICK_LEN 32
#define FILS_SHA384_ICK_LEN 48
#define TK_LEN_TKIP 32
#define TK_LEN_CCMP 16
#define TK_LEN_AES_128_CMAC 32
#define FILS_SHA256_PKM_LEN 32
#define FILS_SHA384_PKM_LEN 48
#define PMKID_LEN 16
#define MAX_PRF_INTERATIONS_COUNT 255
/* 9.4.2.180 FILS Session element */
#define SIR_FILS_SESSION_LENGTH 8
#define SIR_FILS_SESSION_EXT_EID 4
/* 9.4.2.190 FILS Nonce element */
#define SIR_FILS_NONCE_LENGTH 16
#define SIR_FILS_NONCE_EXT_EID 13
/*9.4.2.188 FILS Wrapped Data element */
#define SIR_FILS_WRAPPED_DATA_MAX_SIZE 255
#define SIR_FILS_WRAPPED_DATA_EXT_EID 8
#define MAX_IE_LENGTH 255
/* RFC 6696 5.3.1: EAP-Initiate/Re-auth-Start Packet */
#define SIR_FILS_EAP_REAUTH_PACKET_TYPE 1
#define SIR_FILS_EAP_INIT_PACKET_TYPE 2
#define FILS_AUTH_TAG_MAX_LENGTH 32
#define SIR_FILS_OPTIONAL_DATA_LEN 3
/* RFC 6696 4.3: RiK deriavtion */
#define SIR_FILS_RIK_LABEL "Re-authentication Integrity Key@ietf.org"
/* RFC 6696 5.3.1: EAP-Initiate/Re-auth-Start Packet */
#define SIR_FILS_EAP_TLV_KEYNAME_NAI 1
#define SIR_FILS_EAP_TLV_R_RK_LIFETIME 2
#define SIR_FILS_EAP_TLV_R_MSK_LIFETIME 3
#define SIR_FILS_EAP_TLV_DOMAIN_NAME 4
#define SIR_FILS_EAP_TLV_CRYPTO_LIST 5
#define SIR_FILS_EAP_TLV_AUTH_INDICATION 6
/*
* struct eap_auth_reserved: this structure defines flags format in eap packets
* as defined in RFC 6696 5.3.1
* flag_r:
* flag_b:
* flag_l:
*/
struct eap_auth_reserved {
uint8_t flag_r:1;
uint8_t flag_b:1;
uint8_t flag_l:1;
uint8_t reverved:5;
};
/*
* enum fils_erp_cryptosuite: this enum defines the cryptosuites used
* to calculate auth tag and auth tag length as defined by RFC 6696 5.3.1
* @HMAC_SHA256_64: sha256 with auth tag len as 64 bits
* @HMAC_SHA256_128: sha256 with auth tag len as 128 bits
* @HMAC_SHA256_256: sha256 with auth tag len as 256 bits
*/
enum fils_erp_cryptosuite {
INVALID_CRYPTO = 0, /* reserved */
HMAC_SHA256_64,
HMAC_SHA256_128,
HMAC_SHA256_256,
};
/*
* struct fils_eap_tlv: this structure defines the eap header
* for eap packet present in warpped data element IE
* @type: type of packet
* @length: length of packet
* @data: pointer to eap data
*/
struct fils_eap_tlv {
uint8_t type;
uint8_t length;
uint8_t data[FILS_EAP_TLV_MAX_DATA_LEN];
};
/* struct fils_auth_rsp_info: this structure saves the info from
* fils auth response.
* @keyname: pointer to keyname nai
* @keylength: keyname nai length
* @domain_name: pointer to domain name
* @domain_len: domain length
* @r_rk_lifetime: rRk lifetime
* @r_msk_lifetime: RMSK lifetime
* @sequence: sequence number to be validated
* @fils_nonce: anonce
* @assoc_delay: time in ms, DUT needs to wait after association req
*/
struct fils_auth_rsp_info {
uint8_t *keyname;
uint8_t keylength;
uint8_t *domain_name;
uint8_t domain_len;
uint32_t r_rk_lifetime;
uint32_t r_msk_lifetime;
uint16_t sequence;
uint8_t fils_nonce[SIR_FILS_NONCE_LENGTH];
uint8_t assoc_delay;
};
/*
* struct pe_fils_session: fils session info used in PE session
* @is_fils_connection: whether connection is fils or not
* @keyname_nai_data: keyname nai data
* @keyname_nai_length: keyname nai length
* @akm: akm type will be used
* @auth: authentication type
* @cipher: cipher type
* @fils_erp_reauth_pkt: pointer to fils reauth packet data
* @fils_erp_reauth_pkt_len: reauth packet length
* @fils_r_rk: pointer to fils rRk
* @fils_r_rk_len: fils rRk length
* @fils_r_ik: pointer to fils rIk
* @fils_r_ik_len: fils rIk length
* @sequence_number: sequence number needs to be used in eap packet
* @fils_session: fils session IE element
* @fils_nonce: fils snonce
* @rsn_ie: rsn ie used in auth request
* @rsn_ie_len: rsn ie length
* @fils_eap_finish_pkt: pointer to eap finish packet
* @fils_eap_finish_pkt_len: eap finish packet length
* @fils_rmsk: rmsk data pointer
* @fils_rmsk_len: rmsk data length
* @fils_pmk: pointer to pmk data
* @fils_pmk_len: pmk length
* @fils_pmkid: pointer to pmkid derived
* @auth_info: data obtained from auth response
* @ick: pointer to ick
* @ick_len: ick length
* @kek: pointer to kek
* @kek_len: kek length
* @tk: pointer to tk
* @tk_len: tk length
* @key_auth: data needs to be sent in assoc req, will be validated by AP
* @key_auth_len: key auth data length
* @ap_key_auth_data: data needs to be validated in assoc rsp
* @ap_key_auth_len: ap key data length
* @gtk_len: gtk key length
* @gtk: pointer to gtk data
* @rsc: rsc value
* @igtk_len: igtk length
* @igtk: igtk data pointer
* @ipn: pointer to ipn data
*/
struct pe_fils_session {
bool is_fils_connection;
uint8_t *keyname_nai_data;
uint8_t keyname_nai_length;
uint8_t akm;
uint8_t auth;
uint8_t cipher;
uint8_t *fils_erp_reauth_pkt;
uint32_t fils_erp_reauth_pkt_len;
uint8_t *fils_r_rk;
uint8_t fils_r_rk_len;
uint8_t *fils_r_ik;
uint32_t fils_r_ik_len;
uint16_t sequence_number;
uint8_t fils_session[SIR_FILS_SESSION_LENGTH];
uint8_t fils_nonce[SIR_FILS_NONCE_LENGTH];
uint8_t rsn_ie[MAX_IE_LENGTH];
uint8_t rsn_ie_len;
uint8_t *fils_eap_finish_pkt;
uint8_t fils_eap_finish_pkt_len;
uint8_t *fils_rmsk;
uint8_t fils_rmsk_len;
uint8_t *fils_pmk;
uint8_t fils_pmk_len;
uint8_t fils_pmkid[PMKID_LEN];
struct fils_auth_rsp_info auth_info;
uint8_t ick[MAX_ICK_LEN];
uint8_t ick_len;
uint8_t kek[MAX_KEK_LEN];
uint8_t kek_len;
uint8_t tk[MAX_TK_LEN];
uint8_t tk_len;
uint8_t key_auth[MAX_KEY_AUTH_DATA_LEN];
uint8_t key_auth_len;
uint8_t ap_key_auth_data[MAX_KEY_AUTH_DATA_LEN];
uint8_t ap_key_auth_len;
uint8_t gtk_len;
uint8_t gtk[MAX_GTK_LEN];
uint8_t rsc;
uint8_t igtk_len;
uint8_t igtk[MAX_IGTK_LEN];
uint8_t ipn[IPN_LEN];
};