Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 8c6f5e82b0b15337e158ee915aac207b5602f3c6 / . / core / mac / src / pe / include / lim_fils_defs.h
blob: c3619cbdb45610b4654dfe73bd540b937c1b725d [file] [log] [blame]
Sridhar Selvaraj8c6f5e82017-08-21 14:53:46 +0530[diff] [blame^]1/*
2 * Copyright (c) 2017 The Linux Foundation. All rights reserved.
3 *
4 * Permission to use, copy, modify, and/or distribute this software for
5 * any purpose with or without fee is hereby granted, provided that the
6 * above copyright notice and this permission notice appear in all
7 * copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#define FILS_EAP_TLV_MAX_DATA_LEN 255
20#define FILS_SHA256_128_AUTH_TAG 16
21#define FILS_SHA256_256_AUTH_TAG 32
22
23#define FILS_SHA256_CRYPTO_TYPE "hmac(sha256)"
24#define FILS_SHA384_CRYPTO_TYPE "hmac(sha384)"
25
26/* RFC 6696 */
27#define RMSK_LABEL "Re-authentication Master Session Key@ietf.org"
28
29/* 12.12.2.5.3 80211-ai draft */
30#define PTK_KEY_LABEL "FILS PTK Derivation"
31#define MAX_ICK_LEN 48
32#define MAX_KEK_LEN 64
33#define MAX_TK_LEN 32
34#define MAX_KEY_AUTH_DATA_LEN 48
35#define MAX_GTK_LEN 255
36#define MAX_IGTK_LEN 255
37
38#define IPN_LEN 6
39#define FILS_SESSION_LENGTH 8
40#define FILS_MAX_KDE_LIST_LEN 255
41
42/* 12.12.2.5.3 80211-ai draft */
43#define FILS_SHA384_KEK_LEN 64
44#define FILS_SHA256_KEK_LEN 32
45
46/* 12.12.2.5.3 80211-ai draft */
47#define FILS_SHA256_ICK_LEN 32
48#define FILS_SHA384_ICK_LEN 48
49
50#define TK_LEN_TKIP 32
51#define TK_LEN_CCMP 16
52#define TK_LEN_AES_128_CMAC 32
53
54#define FILS_SHA256_PKM_LEN 32
55#define FILS_SHA384_PKM_LEN 48
56
57#define PMKID_LEN 16
58
59#define MAX_PRF_INTERATIONS_COUNT 255
60
61/* 9.4.2.180 FILS Session element */
62#define SIR_FILS_SESSION_LENGTH 8
63#define SIR_FILS_SESSION_EXT_EID 4
64
65/* 9.4.2.190 FILS Nonce element */
66#define SIR_FILS_NONCE_LENGTH 16
67#define SIR_FILS_NONCE_EXT_EID 13
68
69/*9.4.2.188 FILS Wrapped Data element */
70#define SIR_FILS_WRAPPED_DATA_MAX_SIZE 255
71#define SIR_FILS_WRAPPED_DATA_EXT_EID 8
72
73#define MAX_IE_LENGTH 255
74
75/* RFC 6696 5.3.1: EAP-Initiate/Re-auth-Start Packet */
76#define SIR_FILS_EAP_REAUTH_PACKET_TYPE 1
77#define SIR_FILS_EAP_INIT_PACKET_TYPE 2
78
79#define FILS_AUTH_TAG_MAX_LENGTH 32
80
81#define SIR_FILS_OPTIONAL_DATA_LEN 3
82/* RFC 6696 4.3: RiK deriavtion */
83#define SIR_FILS_RIK_LABEL "Re-authentication Integrity Key@ietf.org"
84
85/* RFC 6696 5.3.1: EAP-Initiate/Re-auth-Start Packet */
86#define SIR_FILS_EAP_TLV_KEYNAME_NAI 1
87#define SIR_FILS_EAP_TLV_R_RK_LIFETIME 2
88#define SIR_FILS_EAP_TLV_R_MSK_LIFETIME 3
89#define SIR_FILS_EAP_TLV_DOMAIN_NAME 4
90#define SIR_FILS_EAP_TLV_CRYPTO_LIST 5
91#define SIR_FILS_EAP_TLV_AUTH_INDICATION 6
92
93/*
94 * struct eap_auth_reserved: this structure defines flags format in eap packets
95 * as defined in RFC 6696 5.3.1
96 * flag_r:
97 * flag_b:
98 * flag_l:
99 */
100struct eap_auth_reserved {
101 uint8_t flag_r:1;
102 uint8_t flag_b:1;
103 uint8_t flag_l:1;
104 uint8_t reverved:5;
105};
106
107/*
108 * enum fils_erp_cryptosuite: this enum defines the cryptosuites used
109 * to calculate auth tag and auth tag length as defined by RFC 6696 5.3.1
110 * @HMAC_SHA256_64: sha256 with auth tag len as 64 bits
111 * @HMAC_SHA256_128: sha256 with auth tag len as 128 bits
112 * @HMAC_SHA256_256: sha256 with auth tag len as 256 bits
113 */
114enum fils_erp_cryptosuite {
115 INVALID_CRYPTO = 0, /* reserved */
116 HMAC_SHA256_64,
117 HMAC_SHA256_128,
118 HMAC_SHA256_256,
119};
120
121/*
122 * struct fils_eap_tlv: this structure defines the eap header
123 * for eap packet present in warpped data element IE
124 * @type: type of packet
125 * @length: length of packet
126 * @data: pointer to eap data
127 */
128struct fils_eap_tlv {
129 uint8_t type;
130 uint8_t length;
131 uint8_t data[FILS_EAP_TLV_MAX_DATA_LEN];
132};
133
134/* struct fils_auth_rsp_info: this structure saves the info from
135 * fils auth response.
136 * @keyname: pointer to keyname nai
137 * @keylength: keyname nai length
138 * @domain_name: pointer to domain name
139 * @domain_len: domain length
140 * @r_rk_lifetime: rRk lifetime
141 * @r_msk_lifetime: RMSK lifetime
142 * @sequence: sequence number to be validated
143 * @fils_nonce: anonce
144 * @assoc_delay: time in ms, DUT needs to wait after association req
145 */
146struct fils_auth_rsp_info {
147 uint8_t *keyname;
148 uint8_t keylength;
149 uint8_t *domain_name;
150 uint8_t domain_len;
151 uint32_t r_rk_lifetime;
152 uint32_t r_msk_lifetime;
153 uint16_t sequence;
154 uint8_t fils_nonce[SIR_FILS_NONCE_LENGTH];
155 uint8_t assoc_delay;
156};
157
158/*
159 * struct pe_fils_session: fils session info used in PE session
160 * @is_fils_connection: whether connection is fils or not
161 * @keyname_nai_data: keyname nai data
162 * @keyname_nai_length: keyname nai length
163 * @akm: akm type will be used
164 * @auth: authentication type
165 * @cipher: cipher type
166 * @fils_erp_reauth_pkt: pointer to fils reauth packet data
167 * @fils_erp_reauth_pkt_len: reauth packet length
168 * @fils_r_rk: pointer to fils rRk
169 * @fils_r_rk_len: fils rRk length
170 * @fils_r_ik: pointer to fils rIk
171 * @fils_r_ik_len: fils rIk length
172 * @sequence_number: sequence number needs to be used in eap packet
173 * @fils_session: fils session IE element
174 * @fils_nonce: fils snonce
175 * @rsn_ie: rsn ie used in auth request
176 * @rsn_ie_len: rsn ie length
177 * @fils_eap_finish_pkt: pointer to eap finish packet
178 * @fils_eap_finish_pkt_len: eap finish packet length
179 * @fils_rmsk: rmsk data pointer
180 * @fils_rmsk_len: rmsk data length
181 * @fils_pmk: pointer to pmk data
182 * @fils_pmk_len: pmk length
183 * @fils_pmkid: pointer to pmkid derived
184 * @auth_info: data obtained from auth response
185 * @ick: pointer to ick
186 * @ick_len: ick length
187 * @kek: pointer to kek
188 * @kek_len: kek length
189 * @tk: pointer to tk
190 * @tk_len: tk length
191 * @key_auth: data needs to be sent in assoc req, will be validated by AP
192 * @key_auth_len: key auth data length
193 * @ap_key_auth_data: data needs to be validated in assoc rsp
194 * @ap_key_auth_len: ap key data length
195 * @gtk_len: gtk key length
196 * @gtk: pointer to gtk data
197 * @rsc: rsc value
198 * @igtk_len: igtk length
199 * @igtk: igtk data pointer
200 * @ipn: pointer to ipn data
201 */
202struct pe_fils_session {
203 bool is_fils_connection;
204 uint8_t *keyname_nai_data;
205 uint8_t keyname_nai_length;
206 uint8_t akm;
207 uint8_t auth;
208 uint8_t cipher;
209 uint8_t *fils_erp_reauth_pkt;
210 uint32_t fils_erp_reauth_pkt_len;
211 uint8_t *fils_r_rk;
212 uint8_t fils_r_rk_len;
213 uint8_t *fils_r_ik;
214 uint32_t fils_r_ik_len;
215 uint16_t sequence_number;
216 uint8_t fils_session[SIR_FILS_SESSION_LENGTH];
217 uint8_t fils_nonce[SIR_FILS_NONCE_LENGTH];
218 uint8_t rsn_ie[MAX_IE_LENGTH];
219 uint8_t rsn_ie_len;
220 uint8_t *fils_eap_finish_pkt;
221 uint8_t fils_eap_finish_pkt_len;
222 uint8_t *fils_rmsk;
223 uint8_t fils_rmsk_len;
224 uint8_t *fils_pmk;
225 uint8_t fils_pmk_len;
226 uint8_t fils_pmkid[PMKID_LEN];
227 struct fils_auth_rsp_info auth_info;
228 uint8_t ick[MAX_ICK_LEN];
229 uint8_t ick_len;
230 uint8_t kek[MAX_KEK_LEN];
231 uint8_t kek_len;
232 uint8_t tk[MAX_TK_LEN];
233 uint8_t tk_len;
234 uint8_t key_auth[MAX_KEY_AUTH_DATA_LEN];
235 uint8_t key_auth_len;
236 uint8_t ap_key_auth_data[MAX_KEY_AUTH_DATA_LEN];
237 uint8_t ap_key_auth_len;
238 uint8_t gtk_len;
239 uint8_t gtk[MAX_GTK_LEN];
240 uint8_t rsc;
241 uint8_t igtk_len;
242 uint8_t igtk[MAX_IGTK_LEN];
243 uint8_t ipn[IPN_LEN];
244};