1 /* 2 * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved. 3 * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for 6 * any purpose with or without fee is hereby granted, provided that the 7 * above copyright notice and this permission notice appear in all 8 * copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 11 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 13 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 14 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 15 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 16 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /** 21 * DOC: Public definitions for crypto service 22 */ 23 24 #ifndef _WLAN_CRYPTO_GLOBAL_DEF_H_ 25 #define _WLAN_CRYPTO_GLOBAL_DEF_H_ 26 27 #include <wlan_cmn.h> 28 #ifdef WLAN_CRYPTO_SUPPORT_FILS 29 #include "wlan_crypto_fils_def.h" 30 #endif 31 #include <wlan_objmgr_cmn.h> 32 #include <wlan_cmn_ieee80211.h> 33 34 #define WLAN_CRYPTO_TID_SIZE (17) 35 #define WLAN_CRYPTO_RSC_SIZE (16) 36 #define WLAN_CRYPTO_KEYBUF_SIZE (32) 37 #define WLAN_CRYPTO_MICBUF_SIZE (16) 38 #define WLAN_CRYPTO_MIC_LEN (8) 39 #define WLAN_CRYPTO_IV_SIZE (16) 40 #define WLAN_CRYPTO_MIC256_LEN (16) 41 #define WLAN_CRYPTO_TXMIC_OFFSET (0) 42 #define WLAN_CRYPTO_RXMIC_OFFSET (WLAN_CRYPTO_TXMIC_OFFSET + \ 43 WLAN_CRYPTO_MIC_LEN) 44 #define WLAN_CRYPTO_WAPI_IV_SIZE (16) 45 #define WLAN_CRYPTO_CRC_LEN (4) 46 #define WLAN_CRYPTO_IV_LEN (3) 47 #define WLAN_CRYPTO_KEYID_LEN (1) 48 #define WLAN_CRYPTO_EXT_IV_LEN (4) 49 #define WLAN_CRYPTO_EXT_IV_BIT (0x20) 50 #define WLAN_CRYPTO_KEYIX_NONE ((uint16_t)-1) 51 #define WLAN_CRYPTO_MAXKEYIDX (4) 52 #define WLAN_CRYPTO_MAXIGTKKEYIDX (2) 53 #define WLAN_CRYPTO_MAXBIGTKKEYIDX (2) 54 #ifndef WLAN_CRYPTO_MAX_VLANKEYIX 55 #define WLAN_CRYPTO_MAX_VLANKEYIX WLAN_CRYPTO_MAXKEYIDX 56 #endif 57 #define WLAN_CRYPTO_MAX_PMKID (16) 58 #define WLAN_CRYPTO_TOTAL_KEYIDX (WLAN_CRYPTO_MAXKEYIDX + \ 59 WLAN_CRYPTO_MAXIGTKKEYIDX + \ 60 WLAN_CRYPTO_MAXBIGTKKEYIDX) 61 /* 40 bit wep key len */ 62 #define WLAN_CRYPTO_KEY_WEP40_LEN (5) 63 /* 104 bit wep key len */ 64 #define WLAN_CRYPTO_KEY_WEP104_LEN (13) 65 /* 128 bit wep key len */ 66 #define WLAN_CRYPTO_KEY_WEP128_LEN (16) 67 68 #define WLAN_CRYPTO_KEY_TKIP_LEN (32) 69 #define WLAN_CRYPTO_KEY_CCMP_LEN (16) 70 #define WLAN_CRYPTO_KEY_CCMP_256_LEN (32) 71 #define WLAN_CRYPTO_KEY_GCMP_LEN (16) 72 #define WLAN_CRYPTO_KEY_GCMP_256_LEN (32) 73 #define WLAN_CRYPTO_KEY_WAPI_LEN (32) 74 #define WLAN_CRYPTO_KEY_GMAC_LEN (16) 75 #define WLAN_CRYPTO_KEY_GMAC_256_LEN (32) 76 #define WLAN_CRYPTO_WPI_SMS4_IVLEN (16) 77 #define WLAN_CRYPTO_WPI_SMS4_KIDLEN (1) 78 #define WLAN_CRYPTO_WPI_SMS4_PADLEN (1) 79 #define WLAN_CRYPTO_WPI_SMS4_MICLEN (16) 80 81 /* FILS definitions */ 82 #define WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN 3 83 #define WLAN_CRYPTO_FILS_RIK_LABEL "Re-authentication Integrity Key@ietf.org" 84 85 /* key used for xmit */ 86 #define WLAN_CRYPTO_KEY_XMIT (0x01) 87 /* key used for recv */ 88 #define WLAN_CRYPTO_KEY_RECV (0x02) 89 /* key used for WPA group operation */ 90 #define WLAN_CRYPTO_KEY_GROUP (0x04) 91 /* key also used for management frames */ 92 #define WLAN_CRYPTO_KEY_MFP (0x08) 93 /* host-based encryption */ 94 #define WLAN_CRYPTO_KEY_SWENCRYPT (0x10) 95 /* host-based enmic */ 96 #define WLAN_CRYPTO_KEY_SWENMIC (0x20) 97 /* do not remove unless OS commands us to do so */ 98 #define WLAN_CRYPTO_KEY_PERSISTENT (0x40) 99 /* per STA default key */ 100 #define WLAN_CRYPTO_KEY_DEFAULT (0x80) 101 /* host-based decryption */ 102 #define WLAN_CRYPTO_KEY_SWDECRYPT (0x100) 103 /* host-based demic */ 104 #define WLAN_CRYPTO_KEY_SWDEMIC (0x200) 105 /* get pn from fw for key */ 106 #define WLAN_CRYPTO_KEY_GET_PN (0x400) 107 108 #define WLAN_CRYPTO_KEY_SWCRYPT (WLAN_CRYPTO_KEY_SWENCRYPT \ 109 | WLAN_CRYPTO_KEY_SWDECRYPT) 110 111 #define WLAN_CRYPTO_KEY_SWMIC (WLAN_CRYPTO_KEY_SWENMIC \ 112 | WLAN_CRYPTO_KEY_SWDEMIC) 113 114 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0) 115 #define WLAN_AKM_SUITE_FT_8021X 0x000FAC03 116 #define WLAN_AKM_SUITE_FT_PSK 0x000FAC04 117 #endif 118 119 /* Maximum lifetime for a PMKID entry - 12 Hrs */ 120 #define WLAN_CRYPTO_MAX_PMKID_LIFETIME 43200 121 #define WLAN_CRYPTO_MAX_PMKID_LIFETIME_THRESHOLD 100 122 123 /* 124 * Cipher types 125 */ 126 typedef enum wlan_crypto_cipher_type { 127 WLAN_CRYPTO_CIPHER_WEP = 0, 128 WLAN_CRYPTO_CIPHER_TKIP = 1, 129 WLAN_CRYPTO_CIPHER_AES_OCB = 2, 130 WLAN_CRYPTO_CIPHER_AES_CCM = 3, 131 WLAN_CRYPTO_CIPHER_WAPI_SMS4 = 4, 132 WLAN_CRYPTO_CIPHER_CKIP = 5, 133 WLAN_CRYPTO_CIPHER_AES_CMAC = 6, 134 WLAN_CRYPTO_CIPHER_AES_CCM_256 = 7, 135 WLAN_CRYPTO_CIPHER_AES_CMAC_256 = 8, 136 WLAN_CRYPTO_CIPHER_AES_GCM = 9, 137 WLAN_CRYPTO_CIPHER_AES_GCM_256 = 10, 138 WLAN_CRYPTO_CIPHER_AES_GMAC = 11, 139 WLAN_CRYPTO_CIPHER_AES_GMAC_256 = 12, 140 WLAN_CRYPTO_CIPHER_WAPI_GCM4 = 13, 141 WLAN_CRYPTO_CIPHER_FILS_AEAD = 14, 142 WLAN_CRYPTO_CIPHER_WEP_40 = 15, 143 WLAN_CRYPTO_CIPHER_WEP_104 = 16, 144 WLAN_CRYPTO_CIPHER_NONE = 17, 145 WLAN_CRYPTO_CIPHER_MAX = (WLAN_CRYPTO_CIPHER_NONE + 1), 146 WLAN_CRYPTO_CIPHER_INVALID, 147 } wlan_crypto_cipher_type; 148 149 /* Auth types */ 150 typedef enum wlan_crypto_auth_mode { 151 WLAN_CRYPTO_AUTH_NONE = 0, 152 WLAN_CRYPTO_AUTH_OPEN = 1, 153 WLAN_CRYPTO_AUTH_SHARED = 2, 154 WLAN_CRYPTO_AUTH_8021X = 3, 155 WLAN_CRYPTO_AUTH_AUTO = 4, 156 WLAN_CRYPTO_AUTH_WPA = 5, 157 WLAN_CRYPTO_AUTH_RSNA = 6, 158 WLAN_CRYPTO_AUTH_CCKM = 7, 159 WLAN_CRYPTO_AUTH_WAPI = 8, 160 WLAN_CRYPTO_AUTH_SAE = 9, 161 WLAN_CRYPTO_AUTH_FILS_SK = 10, 162 /** Keep WLAN_CRYPTO_AUTH_MAX at the end. */ 163 WLAN_CRYPTO_AUTH_MAX, 164 } wlan_crypto_auth_mode; 165 166 /* crypto capabilities */ 167 typedef enum wlan_crypto_cap { 168 WLAN_CRYPTO_CAP_PRIVACY = 0, 169 WLAN_CRYPTO_CAP_WPA1 = 1, 170 WLAN_CRYPTO_CAP_WPA2 = 2, 171 WLAN_CRYPTO_CAP_WPA = 3, 172 WLAN_CRYPTO_CAP_AES = 4, 173 WLAN_CRYPTO_CAP_WEP = 5, 174 WLAN_CRYPTO_CAP_CKIP = 6, 175 WLAN_CRYPTO_CAP_TKIP_MIC = 7, 176 WLAN_CRYPTO_CAP_CCM256 = 8, 177 WLAN_CRYPTO_CAP_GCM = 9, 178 WLAN_CRYPTO_CAP_GCM_256 = 10, 179 WLAN_CRYPTO_CAP_WAPI_SMS4 = 11, 180 WLAN_CRYPTO_CAP_WAPI_GCM4 = 12, 181 WLAN_CRYPTO_CAP_KEY_MGMT_OFFLOAD = 13, 182 WLAN_CRYPTO_CAP_PMF_OFFLOAD = 14, 183 WLAN_CRYPTO_CAP_PN_TID_BASED = 15, 184 WLAN_CRYPTO_CAP_FILS_AEAD = 16, 185 } wlan_crypto_cap; 186 187 typedef enum wlan_crypto_rsn_cap { 188 WLAN_CRYPTO_RSN_CAP_PREAUTH = 0x01, 189 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED = 0x80, 190 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED = 0x40, 191 WLAN_CRYPTO_RSN_CAP_OCV_SUPPORTED = 0x4000, 192 } wlan_crypto_rsn_cap; 193 194 /** 195 * enum wlan_crypto_rsnx_cap - RSNXE capabilities 196 * @WLAN_CRYPTO_RSNX_CAP_PROTECTED_TWT: Protected TWT 197 * @WLAN_CRYPTO_RSNX_CAP_SAE_H2E: SAE Hash to Element 198 * @WLAN_CRYPTO_RSNX_CAP_SAE_PK: SAE PK 199 * @WLAN_CRYPTO_RSNX_CAP_SECURE_LTF: Secure LTF 200 * @WLAN_CRYPTO_RSNX_CAP_SECURE_RTT: Secure RTT 201 * @WLAN_CRYPTO_RSNX_CAP_URNM_MFPR_X20: Unassociated Range 202 * Negotiation and Measurement MFP Required Exempt 20MHz 203 * @WLAN_CRYPTO_RSNX_CAP_URNM_MFPR: Unassociated Range 204 * Negotiation and Measurement MFP Required 205 * 206 * Definition: (IEEE Std 802.11-2020, 9.4.2.241, Table 9-780) 207 * The Extended RSN Capabilities field, except its first 4 bits, is a 208 * bit field indicating the extended RSN capabilities being advertised 209 * by the STA transmitting the element. The length of the Extended 210 * RSN Capabilities field is a variable n, in octets, as indicated by 211 * the first 4 bits in the field. 212 */ 213 enum wlan_crypto_rsnx_cap { 214 WLAN_CRYPTO_RSNX_CAP_PROTECTED_TWT = 0x10, 215 WLAN_CRYPTO_RSNX_CAP_SAE_H2E = 0x20, 216 WLAN_CRYPTO_RSNX_CAP_SAE_PK = 0x40, 217 WLAN_CRYPTO_RSNX_CAP_SECURE_LTF = 0x100, 218 WLAN_CRYPTO_RSNX_CAP_SECURE_RTT = 0x200, 219 WLAN_CRYPTO_RSNX_CAP_URNM_MFPR_X20 = 0x400, 220 WLAN_CRYPTO_RSNX_CAP_URNM_MFPR = 0x8000, 221 }; 222 223 /** 224 * enum wlan_crypto_vdev_11az_security_capab - 11az related vdev 225 * security capabilities 226 * @WLAN_CRYPTO_RSNX_URNM_MFPR: URNM MFP required bit from RSNXE 227 * @WLAN_CRYPTO_RSN_MFPC: MFP capable bit from RSN IE 228 * @WLAN_CRYPTO_RSN_MFPR: MFP required bit from RSN IE 229 * @WLAN_CRYPTO_RSNX_URNM_MFPR_X20: URNM_MFPR_X20 bit from RSNXE 230 * @WLAN_CRYPTO_RSNX_RSTA_EXTCAP_I2R_LMR_FB: I2R LMR FB Policy from 231 * Extended Capabilities 232 */ 233 enum wlan_crypto_vdev_11az_security_capab { 234 WLAN_CRYPTO_RSNX_URNM_MFPR, 235 WLAN_CRYPTO_RSN_MFPC, 236 WLAN_CRYPTO_RSN_MFPR, 237 WLAN_CRYPTO_RSNX_URNM_MFPR_X20, 238 WLAN_CRYPTO_RSNX_RSTA_EXTCAP_I2R_LMR_FB, 239 }; 240 241 /** 242 * enum wlan_crypto_vdev_pasn_caps - PASN peer related vdev 243 * crypto parameters 244 * @WLAN_CRYPTO_URNM_MFPR: URNM MFP required in RSNXE 245 * @WLAN_CRYPTO_MFPC: MFP capable bit from RSN IE 246 * @WLAN_CRYPTO_MFPR: MFP required from RSNIE 247 */ 248 enum wlan_crypto_vdev_pasn_caps { 249 WLAN_CRYPTO_URNM_MFPR = BIT(0), 250 WLAN_CRYPTO_MFPC = BIT(1), 251 WLAN_CRYPTO_MFPR = BIT(2), 252 }; 253 254 typedef enum wlan_crypto_key_mgmt { 255 WLAN_CRYPTO_KEY_MGMT_IEEE8021X = 0, 256 WLAN_CRYPTO_KEY_MGMT_PSK = 1, 257 WLAN_CRYPTO_KEY_MGMT_NONE = 2, 258 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_NO_WPA = 3, 259 WLAN_CRYPTO_KEY_MGMT_WPA_NONE = 4, 260 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X = 5, 261 WLAN_CRYPTO_KEY_MGMT_FT_PSK = 6, 262 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256 = 7, 263 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256 = 8, 264 WLAN_CRYPTO_KEY_MGMT_WPS = 9, 265 WLAN_CRYPTO_KEY_MGMT_SAE = 10, 266 WLAN_CRYPTO_KEY_MGMT_FT_SAE = 11, 267 WLAN_CRYPTO_KEY_MGMT_WAPI_PSK = 12, 268 WLAN_CRYPTO_KEY_MGMT_WAPI_CERT = 13, 269 WLAN_CRYPTO_KEY_MGMT_CCKM = 14, 270 WLAN_CRYPTO_KEY_MGMT_OSEN = 15, 271 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B = 16, 272 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192 = 17, 273 WLAN_CRYPTO_KEY_MGMT_FILS_SHA256 = 18, 274 WLAN_CRYPTO_KEY_MGMT_FILS_SHA384 = 19, 275 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256 = 20, 276 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384 = 21, 277 WLAN_CRYPTO_KEY_MGMT_OWE = 22, 278 WLAN_CRYPTO_KEY_MGMT_DPP = 23, 279 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384 = 24, 280 WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384 = 25, 281 WLAN_CRYPTO_KEY_MGMT_PSK_SHA384 = 26, 282 WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY = 27, 283 WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY = 28, 284 /** Keep WLAN_CRYPTO_KEY_MGMT_MAX at the end. */ 285 WLAN_CRYPTO_KEY_MGMT_MAX, 286 } wlan_crypto_key_mgmt; 287 288 enum wlan_crypto_key_type { 289 WLAN_CRYPTO_KEY_TYPE_UNICAST, 290 WLAN_CRYPTO_KEY_TYPE_GROUP, 291 }; 292 293 #define IS_WEP_CIPHER(_c) ((_c == WLAN_CRYPTO_CIPHER_WEP) || \ 294 (_c == WLAN_CRYPTO_CIPHER_WEP_40) || \ 295 (_c == WLAN_CRYPTO_CIPHER_WEP_104)) 296 297 #define DEFAULT_KEYMGMT_6G_MASK 0xFFFFFFFF 298 299 /* AKM wlan_crypto_key_mgmt 1, 6, 8, 25 and 26 are not allowed. */ 300 #define ALLOWED_KEYMGMT_6G_MASK 0x19FFFEBD 301 302 /* 303 * enum fils_erp_cryptosuite: this enum defines the cryptosuites used 304 * to calculate auth tag and auth tag length as defined by RFC 6696 5.3.1 305 * @HMAC_SHA256_64: sha256 with auth tag len as 64 bits 306 * @HMAC_SHA256_128: sha256 with auth tag len as 128 bits 307 * @HMAC_SHA256_256: sha256 with auth tag len as 256 bits 308 */ 309 enum fils_erp_cryptosuite { 310 INVALID_CRYPTO = 0, /* reserved */ 311 HMAC_SHA256_64, 312 HMAC_SHA256_128, 313 HMAC_SHA256_256, 314 }; 315 316 /* 317 * enum wlan_crypto_oem_eht_mlo_config - ENUM for different OEM configurable 318 * crypto params to allow EHT/MLO in WPA2/WPA3 security. 319 * 320 * @WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT: Allows connecting to WPA2 with PMF 321 * capability set to false in EHT only mode. If the AP is MLO, the connection 322 * will still be in EHT without MLO. 323 * 324 * @WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO: Allows connecting to WPA2 with PMF 325 * capability set to false in MLO mode. 326 * -If set along with WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT, 327 * this mode supersedes. 328 * 329 * @WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT_MFPC_SET: Allows connecting to WPA2 330 * with PMF capability set to true in EHT only mode. If the AP is MLO, 331 * the connection will still be in EHT without MLO. 332 * 333 * @WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO_MFPC_SET: Allows connecting to WPA2 with PMF 334 * capability set to true in MLO mode. 335 * -If set along with WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT_MFPC_SET, 336 * this mode supersedes. 337 * 338 * @WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_NON_MLO_EHT_HnP: Connect to non-MLO/MLO 339 * WPA3-SAE without support for H2E (or no RSNXE IE in beacon) in non-MLO EHT. 340 * This bit results in connecting to both H2E and HnP APs in EHT only mode. 341 * 342 * @WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_MLO_HnP: Connect to MLO WPA3-SAE without 343 * support for H2E (or no RSNXE IE in beacon) in MLO. 344 * This bit result in connecting to both H2E and HnP APs in MLO mode. 345 * -If set along with WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_NON_MLO_EHT_HnP, 346 * this mode supersedes. 347 */ 348 enum wlan_crypto_oem_eht_mlo_config { 349 WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT = BIT(0), 350 WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO = BIT(1), 351 WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT_MFPC_SET = BIT(2), 352 WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO_MFPC_SET = BIT(3), 353 /* Bits 4-15 are reserved for future WPA2 security configs */ 354 355 WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_NON_MLO_EHT_HnP = BIT(16), 356 WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_MLO_HnP = BIT(17), 357 /* Bits 18-31 are reserved for future WPA3 security configs */ 358 }; 359 360 #define WLAN_CRYPTO_WPA2_OEM_EHT_CFG_NO_PMF_ALLOWED(_cfg) \ 361 ((_cfg) & WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT || \ 362 (_cfg) & WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO) 363 364 #define WLAN_CRYPTO_WPA2_OEM_EHT_CFG_PMF_ALLOWED(_cfg) \ 365 ((_cfg) & WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT_MFPC_SET || \ 366 (_cfg) & WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO_MFPC_SET) 367 368 #define WLAN_CRYPTO_WPA3_SAE_OEM_EHT_CFG_IS_STRICT_H2E(_cfg) \ 369 (((_cfg) & WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_NON_MLO_EHT_HnP || \ 370 (_cfg) & WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_MLO_HnP) == 0) 371 372 /** 373 * struct mobility_domain_params - structure containing 374 * mobility domain info 375 * @mdie_present: mobility domain present or not 376 * @mobility_domain: mobility domain 377 */ 378 struct mobility_domain_params { 379 uint8_t mdie_present; 380 uint16_t mobility_domain; 381 }; 382 383 /** 384 * struct wlan_crypto_pmksa - structure of crypto to contain pmkid 385 * @bssid: bssid for which pmkid is saved 386 * @pmkid: pmkid info 387 * @pmk: pmk info 388 * @pmk_len: pmk len 389 * @ssid_len: ssid length 390 * @ssid: ssid information 391 * @cache_id: cache id 392 * @pmk_lifetime: Duration in seconds for which the pmk is valid 393 * @pmk_lifetime_threshold: Percentage of pmk lifetime within which 394 * full authentication is expected to avoid disconnection. 395 * @pmk_entry_ts: System timestamp at which the PMK entry was created. 396 * @single_pmk_supported: SAE single pmk supported BSS 397 * @mdid: structure to contain mobility domain parameters 398 */ 399 struct wlan_crypto_pmksa { 400 struct qdf_mac_addr bssid; 401 uint8_t pmkid[PMKID_LEN]; 402 uint8_t pmk[MAX_PMK_LEN]; 403 uint8_t pmk_len; 404 uint8_t ssid_len; 405 uint8_t ssid[WLAN_SSID_MAX_LEN]; 406 uint8_t cache_id[WLAN_CACHE_ID_LEN]; 407 uint32_t pmk_lifetime; 408 uint8_t pmk_lifetime_threshold; 409 qdf_time_t pmk_entry_ts; 410 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD) 411 bool single_pmk_supported; 412 #endif 413 struct mobility_domain_params mdid; 414 }; 415 416 #ifdef WLAN_ADAPTIVE_11R 417 /** 418 * struct key_mgmt_list - structure to store AKM(s) present in RSN IE of 419 * Beacon/Probe response 420 * @key_mgmt: AKM(s) present in RSN IE of Beacon/Probe response 421 */ 422 struct key_mgmt_list { 423 uint32_t key_mgmt; 424 }; 425 #endif 426 427 /** 428 * struct wlan_crypto_params - holds crypto params 429 * @authmodeset: authentication mode 430 * @ucastcipherset: unicast ciphers 431 * @mcastcipherset: multicast cipher 432 * @mgmtcipherset: mgmt cipher 433 * @cipher_caps: cipher capability 434 * @key_mgmt: key mgmt 435 * @pmksa: pmksa 436 * @rsn_caps: rsn_capability 437 * @rsnx_caps: rsnx capability 438 * @akm_list: order of AKM present in RSN IE of Beacon/Probe response 439 * 440 * This structure holds crypto params for peer or vdev 441 */ 442 struct wlan_crypto_params { 443 uint32_t authmodeset; 444 uint32_t ucastcipherset; 445 uint32_t mcastcipherset; 446 uint32_t mgmtcipherset; 447 uint32_t cipher_caps; 448 uint32_t key_mgmt; 449 struct wlan_crypto_pmksa *pmksa[WLAN_CRYPTO_MAX_PMKID]; 450 uint16_t rsn_caps; 451 uint32_t rsnx_caps; 452 #ifdef WLAN_ADAPTIVE_11R 453 struct key_mgmt_list akm_list[WLAN_CRYPTO_KEY_MGMT_MAX]; 454 #endif 455 }; 456 457 /** 458 * struct wlan_crypto_ltf_keyseed_data - LTF keyseed parameters 459 * @vdev_id: Vdev id 460 * @peer_mac_addr: Peer mac address 461 * @src_mac_addr: Source mac address 462 * @rsn_authmode: Cipher suite 463 * @key_seed: Secure LTF key seed 464 * @key_seed_len: Key seed length 465 */ 466 struct wlan_crypto_ltf_keyseed_data { 467 uint8_t vdev_id; 468 struct qdf_mac_addr peer_mac_addr; 469 struct qdf_mac_addr src_mac_addr; 470 uint8_t rsn_authmode; 471 uint8_t key_seed[WLAN_MAX_SECURE_LTF_KEYSEED_LEN]; 472 uint16_t key_seed_len; 473 }; 474 475 typedef enum wlan_crypto_param_type { 476 WLAN_CRYPTO_PARAM_AUTH_MODE, 477 WLAN_CRYPTO_PARAM_UCAST_CIPHER, 478 WLAN_CRYPTO_PARAM_MCAST_CIPHER, 479 WLAN_CRYPTO_PARAM_MGMT_CIPHER, 480 WLAN_CRYPTO_PARAM_CIPHER_CAP, 481 WLAN_CRYPTO_PARAM_RSN_CAP, 482 WLAN_CRYPTO_PARAM_RSNX_CAP, 483 WLAN_CRYPTO_PARAM_KEY_MGMT, 484 WLAN_CRYPTO_PARAM_PMKSA, 485 } wlan_crypto_param_type; 486 487 /** 488 * struct wlan_crypto_key - key structure 489 * @keylen: length of the key 490 * @valid: is key valid or not 491 * @flags: key flags 492 * @keyix: key id 493 * @cipher_type: cipher type being used for this key 494 * @key_type: unicast or broadcast key 495 * @macaddr: MAC address of the peer 496 * @src_addr: Source mac address associated with the key 497 * @cipher_table: table which stores cipher related info 498 * @private: private pointer to save cipher context 499 * @keylock: spin lock 500 * @recviv: WAPI key receive sequence counter 501 * @txiv: WAPI key transmit sequence counter 502 * @keytsc: key transmit sequence counter 503 * @keyrsc: key receive sequence counter 504 * @keyrsc_suspect: key receive sequence counter under 505 * suspect when pN jump is detected 506 * @keyglobal: key receive global sequence counter used with suspect 507 * @keyval: key value buffer 508 * 509 * This key structure to key related details. 510 */ 511 struct wlan_crypto_key { 512 uint8_t keylen; 513 bool valid; 514 uint16_t flags; 515 uint16_t keyix; 516 enum wlan_crypto_cipher_type cipher_type; 517 enum wlan_crypto_key_type key_type; 518 uint8_t macaddr[QDF_MAC_ADDR_SIZE]; 519 struct qdf_mac_addr src_addr; 520 void *cipher_table; 521 void *private; 522 qdf_spinlock_t keylock; 523 uint8_t recviv[WLAN_CRYPTO_WAPI_IV_SIZE]; 524 uint8_t txiv[WLAN_CRYPTO_WAPI_IV_SIZE]; 525 uint64_t keytsc; 526 uint64_t keyrsc[WLAN_CRYPTO_TID_SIZE]; 527 uint64_t keyrsc_suspect[WLAN_CRYPTO_TID_SIZE]; 528 uint64_t keyglobal; 529 uint8_t keyval[WLAN_CRYPTO_KEYBUF_SIZE 530 + WLAN_CRYPTO_MICBUF_SIZE]; 531 #define txmic (keyval + WLAN_CRYPTO_KEYBUF_SIZE \ 532 + WLAN_CRYPTO_TXMIC_OFFSET) 533 #define rxmic (keyval + WLAN_CRYPTO_KEYBUF_SIZE \ 534 + WLAN_CRYPTO_RXMIC_OFFSET) 535 }; 536 537 /** 538 * struct wlan_crypto_keys - crypto keys structure 539 * @key: key buffers for this peer 540 * @igtk_key: igtk key buffer for this peer 541 * @bigtk_key: bigtk key buffer for this peer 542 * @ltf_key_seed: LTF Key Seed buffer 543 * @igtk_key_type: igtk key type 544 * @def_tx_keyid: default key used for this peer 545 * @def_igtk_tx_keyid: default igtk key used for this peer 546 * @def_bigtk_tx_keyid: default bigtk key used for this peer 547 */ 548 struct wlan_crypto_keys { 549 struct wlan_crypto_key *key[WLAN_CRYPTO_MAX_VLANKEYIX]; 550 struct wlan_crypto_key *igtk_key[WLAN_CRYPTO_MAXIGTKKEYIDX]; 551 struct wlan_crypto_key *bigtk_key[WLAN_CRYPTO_MAXBIGTKKEYIDX]; 552 struct wlan_crypto_ltf_keyseed_data ltf_key_seed; 553 enum wlan_crypto_cipher_type igtk_key_type; 554 uint8_t def_tx_keyid; 555 uint8_t def_igtk_tx_keyid; 556 uint8_t def_bigtk_tx_keyid; 557 }; 558 559 union crypto_align_mac_addr { 560 uint8_t raw[QDF_MAC_ADDR_SIZE]; 561 struct { 562 uint16_t bytes_ab; 563 uint16_t bytes_cd; 564 uint16_t bytes_ef; 565 } align2; 566 struct { 567 uint32_t bytes_abcd; 568 uint16_t bytes_ef; 569 } align4; 570 struct __packed { 571 uint16_t bytes_ab; 572 uint32_t bytes_cdef; 573 } align4_2; 574 }; 575 576 /** 577 * struct wlan_crypto_key_entry - crypto key entry structure 578 * @mac_addr: mac addr 579 * @is_active: active key entry 580 * @link_id: link id 581 * @vdev_id: vdev id 582 * @keys: crypto keys 583 * @hash_list_elem: hash list element 584 */ 585 struct wlan_crypto_key_entry { 586 union crypto_align_mac_addr mac_addr; 587 bool is_active; 588 uint8_t link_id; 589 uint8_t vdev_id; 590 struct wlan_crypto_keys keys; 591 592 TAILQ_ENTRY(wlan_crypto_key_entry) hash_list_elem; 593 }; 594 595 /** 596 * struct wlan_crypto_req_key - key request structure 597 * @type: key/cipher type 598 * @pad: padding member 599 * @keyix: key index 600 * @keylen: length of the key value 601 * @flags: key flags 602 * @macaddr: macaddr of the key 603 * @keyrsc: key receive sequence counter 604 * @keytsc: key transmit sequence counter 605 * @keydata: key value 606 * @txiv: wapi key tx iv 607 * @recviv: wapi key rx iv 608 * @filsaad: FILS AEAD data 609 * 610 * Key request structure used for setkey, getkey or delkey 611 */ 612 struct wlan_crypto_req_key { 613 uint8_t type; 614 uint8_t pad; 615 uint16_t keyix; 616 uint8_t keylen; 617 uint16_t flags; 618 uint8_t macaddr[QDF_MAC_ADDR_SIZE]; 619 uint64_t keyrsc; 620 uint64_t keytsc; 621 uint8_t keydata[WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE]; 622 uint8_t txiv[WLAN_CRYPTO_WAPI_IV_SIZE]; 623 uint8_t recviv[WLAN_CRYPTO_WAPI_IV_SIZE]; 624 #ifdef WLAN_CRYPTO_SUPPORT_FILS 625 struct wlan_crypto_fils_aad_key filsaad; 626 #endif 627 }; 628 629 /** 630 * struct wlan_lmac_if_crypto_tx_ops - structure of crypto function 631 * pointers 632 * @allockey: function pointer to alloc key in hw 633 * @setkey: function pointer to setkey in hw 634 * @delkey: function pointer to delkey in hw 635 * @defaultkey: function pointer to set default key 636 * @set_key: converged function pointer to set key in hw 637 * @getpn: function pointer to get current pn value of peer 638 * @set_ltf_keyseed: Set LTF keyseed 639 * @set_vdev_param: Set the vdev crypto parameter 640 * @register_events: function pointer to register wmi event handler 641 * @deregister_events: function pointer to deregister wmi event handler 642 */ 643 struct wlan_lmac_if_crypto_tx_ops { 644 QDF_STATUS (*allockey)(struct wlan_objmgr_vdev *vdev, 645 struct wlan_crypto_key *key, 646 uint8_t *macaddr, uint32_t key_type); 647 QDF_STATUS (*setkey)(struct wlan_objmgr_vdev *vdev, 648 struct wlan_crypto_key *key, 649 uint8_t *macaddr, uint32_t key_type); 650 QDF_STATUS (*delkey)(struct wlan_objmgr_vdev *vdev, 651 struct wlan_crypto_key *key, 652 uint8_t *macaddr, uint32_t key_type); 653 QDF_STATUS (*defaultkey)(struct wlan_objmgr_vdev *vdev, 654 uint8_t keyix, uint8_t *macaddr); 655 QDF_STATUS (*set_key)(struct wlan_objmgr_vdev *vdev, 656 struct wlan_crypto_key *key, 657 enum wlan_crypto_key_type key_type); 658 QDF_STATUS(*getpn)(struct wlan_objmgr_vdev *vdev, 659 uint8_t *macaddr, uint8_t keyix, uint32_t key_type); 660 QDF_STATUS (*set_ltf_keyseed)(struct wlan_objmgr_psoc *psoc, 661 struct wlan_crypto_ltf_keyseed_data *ks); 662 QDF_STATUS (*set_vdev_param)(struct wlan_objmgr_psoc *psoc, 663 uint32_t vdev_id, uint32_t param_id, 664 uint32_t param_value); 665 QDF_STATUS (*register_events)(struct wlan_objmgr_psoc *psoc); 666 QDF_STATUS (*deregister_events)(struct wlan_objmgr_psoc *psoc); 667 }; 668 669 /** 670 * struct wlan_lmac_if_crypto_rx_ops - structure of crypto rx function 671 * pointers 672 * @crypto_encap: function pointer to encap tx frame 673 * @crypto_decap: function pointer to decap rx frame in hw 674 * @crypto_enmic: function pointer to enmic tx frame 675 * @crypto_demic: function pointer to demic rx frame 676 * @set_peer_wep_keys: function pointer to set WEP keys 677 * @get_rxpn: function pointer to get current Rx pn value of peer 678 */ 679 680 struct wlan_lmac_if_crypto_rx_ops { 681 QDF_STATUS(*crypto_encap)(struct wlan_objmgr_vdev *vdev, 682 qdf_nbuf_t wbuf, uint8_t *macaddr, 683 uint8_t encapdone); 684 QDF_STATUS(*crypto_decap)(struct wlan_objmgr_vdev *vdev, 685 qdf_nbuf_t wbuf, uint8_t *macaddr, 686 uint8_t tid); 687 QDF_STATUS(*crypto_enmic)(struct wlan_objmgr_vdev *vdev, 688 qdf_nbuf_t wbuf, uint8_t *macaddr, 689 uint8_t encapdone); 690 QDF_STATUS(*crypto_demic)(struct wlan_objmgr_vdev *vdev, 691 qdf_nbuf_t wbuf, uint8_t *macaddr, 692 uint8_t tid, uint8_t keyid); 693 QDF_STATUS(*set_peer_wep_keys)(struct wlan_objmgr_vdev *vdev, 694 struct wlan_objmgr_peer *peer); 695 QDF_STATUS (*get_rxpn)(struct wlan_objmgr_vdev *vdev, 696 uint8_t *macaddr, uint16_t keyix); 697 }; 698 699 #define WLAN_CRYPTO_RX_OPS_ENCAP(crypto_rx_ops) \ 700 (crypto_rx_ops->crypto_encap) 701 #define WLAN_CRYPTO_RX_OPS_DECAP(crypto_rx_ops) \ 702 (crypto_rx_ops->crypto_decap) 703 #define WLAN_CRYPTO_RX_OPS_ENMIC(crypto_rx_ops) \ 704 (crypto_rx_ops->crypto_enmic) 705 #define WLAN_CRYPTO_RX_OPS_DEMIC(crypto_rx_ops) \ 706 (crypto_rx_ops->crypto_demic) 707 #define WLAN_CRYPTO_RX_OPS_SET_PEER_WEP_KEYS(crypto_rx_ops) \ 708 (crypto_rx_ops->set_peer_wep_keys) 709 #define WLAN_CRYPTO_RX_OPS_GET_RXPN(crypto_rx_ops) \ 710 ((crypto_rx_ops)->get_rxpn) 711 712 #define WLAN_CRYPTO_IS_WPA_WPA2(akm) \ 713 (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X) || \ 714 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK) || \ 715 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X) || \ 716 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK) || \ 717 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256) || \ 718 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256) || \ 719 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WPS) || \ 720 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK) || \ 721 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT) || \ 722 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_CCKM) || \ 723 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_OSEN) || \ 724 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B) || \ 725 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256) || \ 726 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384) || \ 727 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256) || \ 728 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384) || \ 729 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384) || \ 730 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA384)) 731 732 #define WLAN_CRYPTO_IS_WPA2(akm) \ 733 (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK) || \ 734 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK) || \ 735 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256) || \ 736 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384) || \ 737 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA384)) 738 739 #define WLAN_CRYPTO_IS_WPA3(akm) \ 740 (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE) || \ 741 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE) || \ 742 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192) || \ 743 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_OWE) || \ 744 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_DPP) || \ 745 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384) || \ 746 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY) || \ 747 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY)) 748 749 #define WLAN_CRYPTO_IS_AKM_ENTERPRISE(akm) \ 750 (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X) || \ 751 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256) || \ 752 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B) || \ 753 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X) || \ 754 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384) || \ 755 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192) || \ 756 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256) || \ 757 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384) || \ 758 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256) || \ 759 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) 760 761 #define WLAN_CRYPTO_IS_AKM_SAE(akm) \ 762 (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE) || \ 763 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE) || \ 764 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY) || \ 765 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY)) 766 #endif /* end of _WLAN_CRYPTO_GLOBAL_DEF_H_ */ 767