xref: /freebsd/contrib/wpa/src/common/defs.h (revision 43a5ec4eb41567cc92586503212743d89686d78f)
1 /*
2  * WPA Supplicant - Common definitions
3  * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef DEFS_H
10 #define DEFS_H
11 
12 #define WPA_CIPHER_NONE BIT(0)
13 #define WPA_CIPHER_WEP40 BIT(1)
14 #define WPA_CIPHER_WEP104 BIT(2)
15 #define WPA_CIPHER_TKIP BIT(3)
16 #define WPA_CIPHER_CCMP BIT(4)
17 #define WPA_CIPHER_AES_128_CMAC BIT(5)
18 #define WPA_CIPHER_GCMP BIT(6)
19 #define WPA_CIPHER_SMS4 BIT(7)
20 #define WPA_CIPHER_GCMP_256 BIT(8)
21 #define WPA_CIPHER_CCMP_256 BIT(9)
22 #define WPA_CIPHER_BIP_GMAC_128 BIT(11)
23 #define WPA_CIPHER_BIP_GMAC_256 BIT(12)
24 #define WPA_CIPHER_BIP_CMAC_256 BIT(13)
25 #define WPA_CIPHER_GTK_NOT_USED BIT(14)
26 
27 #define WPA_KEY_MGMT_IEEE8021X BIT(0)
28 #define WPA_KEY_MGMT_PSK BIT(1)
29 #define WPA_KEY_MGMT_NONE BIT(2)
30 #define WPA_KEY_MGMT_IEEE8021X_NO_WPA BIT(3)
31 #define WPA_KEY_MGMT_WPA_NONE BIT(4)
32 #define WPA_KEY_MGMT_FT_IEEE8021X BIT(5)
33 #define WPA_KEY_MGMT_FT_PSK BIT(6)
34 #define WPA_KEY_MGMT_IEEE8021X_SHA256 BIT(7)
35 #define WPA_KEY_MGMT_PSK_SHA256 BIT(8)
36 #define WPA_KEY_MGMT_WPS BIT(9)
37 #define WPA_KEY_MGMT_SAE BIT(10)
38 #define WPA_KEY_MGMT_FT_SAE BIT(11)
39 #define WPA_KEY_MGMT_WAPI_PSK BIT(12)
40 #define WPA_KEY_MGMT_WAPI_CERT BIT(13)
41 #define WPA_KEY_MGMT_CCKM BIT(14)
42 #define WPA_KEY_MGMT_OSEN BIT(15)
43 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B BIT(16)
44 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 BIT(17)
45 #define WPA_KEY_MGMT_FILS_SHA256 BIT(18)
46 #define WPA_KEY_MGMT_FILS_SHA384 BIT(19)
47 #define WPA_KEY_MGMT_FT_FILS_SHA256 BIT(20)
48 #define WPA_KEY_MGMT_FT_FILS_SHA384 BIT(21)
49 #define WPA_KEY_MGMT_OWE BIT(22)
50 #define WPA_KEY_MGMT_DPP BIT(23)
51 #define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24)
52 #define WPA_KEY_MGMT_PASN BIT(25)
53 
54 
55 #define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_PSK | \
56 			 WPA_KEY_MGMT_FT_IEEE8021X | \
57 			 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | \
58 			 WPA_KEY_MGMT_FT_SAE | \
59 			 WPA_KEY_MGMT_FT_FILS_SHA256 | \
60 			 WPA_KEY_MGMT_FT_FILS_SHA384)
61 
62 static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
63 {
64 	return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
65 			 WPA_KEY_MGMT_FT_IEEE8021X |
66 			 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
67 			 WPA_KEY_MGMT_CCKM |
68 			 WPA_KEY_MGMT_OSEN |
69 			 WPA_KEY_MGMT_IEEE8021X_SHA256 |
70 			 WPA_KEY_MGMT_IEEE8021X_SUITE_B |
71 			 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
72 			 WPA_KEY_MGMT_FILS_SHA256 |
73 			 WPA_KEY_MGMT_FILS_SHA384 |
74 			 WPA_KEY_MGMT_FT_FILS_SHA256 |
75 			 WPA_KEY_MGMT_FT_FILS_SHA384));
76 }
77 
78 static inline int wpa_key_mgmt_wpa_psk_no_sae(int akm)
79 {
80 	return !!(akm & (WPA_KEY_MGMT_PSK |
81 			 WPA_KEY_MGMT_FT_PSK |
82 			 WPA_KEY_MGMT_PSK_SHA256));
83 }
84 
85 static inline int wpa_key_mgmt_wpa_psk(int akm)
86 {
87 	return !!(akm & (WPA_KEY_MGMT_PSK |
88 			 WPA_KEY_MGMT_FT_PSK |
89 			 WPA_KEY_MGMT_PSK_SHA256 |
90 			 WPA_KEY_MGMT_SAE |
91 			 WPA_KEY_MGMT_FT_SAE));
92 }
93 
94 static inline int wpa_key_mgmt_ft(int akm)
95 {
96 	return !!(akm & WPA_KEY_MGMT_FT);
97 }
98 
99 static inline int wpa_key_mgmt_only_ft(int akm)
100 {
101 	int ft = wpa_key_mgmt_ft(akm);
102 	akm &= ~WPA_KEY_MGMT_FT;
103 	return ft && !akm;
104 }
105 
106 static inline int wpa_key_mgmt_ft_psk(int akm)
107 {
108 	return !!(akm & WPA_KEY_MGMT_FT_PSK);
109 }
110 
111 static inline int wpa_key_mgmt_sae(int akm)
112 {
113 	return !!(akm & (WPA_KEY_MGMT_SAE |
114 			 WPA_KEY_MGMT_FT_SAE));
115 }
116 
117 static inline int wpa_key_mgmt_fils(int akm)
118 {
119 	return !!(akm & (WPA_KEY_MGMT_FILS_SHA256 |
120 			 WPA_KEY_MGMT_FILS_SHA384 |
121 			 WPA_KEY_MGMT_FT_FILS_SHA256 |
122 			 WPA_KEY_MGMT_FT_FILS_SHA384));
123 }
124 
125 static inline int wpa_key_mgmt_sha256(int akm)
126 {
127 	return !!(akm & (WPA_KEY_MGMT_PSK_SHA256 |
128 			 WPA_KEY_MGMT_IEEE8021X_SHA256 |
129 			 WPA_KEY_MGMT_SAE |
130 			 WPA_KEY_MGMT_FT_SAE |
131 			 WPA_KEY_MGMT_OSEN |
132 			 WPA_KEY_MGMT_IEEE8021X_SUITE_B |
133 			 WPA_KEY_MGMT_FILS_SHA256 |
134 			 WPA_KEY_MGMT_FT_FILS_SHA256));
135 }
136 
137 static inline int wpa_key_mgmt_sha384(int akm)
138 {
139 	return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
140 			 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
141 			 WPA_KEY_MGMT_FILS_SHA384 |
142 			 WPA_KEY_MGMT_FT_FILS_SHA384));
143 }
144 
145 static inline int wpa_key_mgmt_suite_b(int akm)
146 {
147 	return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B |
148 			 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192));
149 }
150 
151 static inline int wpa_key_mgmt_wpa(int akm)
152 {
153 	return wpa_key_mgmt_wpa_ieee8021x(akm) ||
154 		wpa_key_mgmt_wpa_psk(akm) ||
155 		wpa_key_mgmt_fils(akm) ||
156 		wpa_key_mgmt_sae(akm) ||
157 		akm == WPA_KEY_MGMT_OWE ||
158 		akm == WPA_KEY_MGMT_DPP;
159 }
160 
161 static inline int wpa_key_mgmt_wpa_any(int akm)
162 {
163 	return wpa_key_mgmt_wpa(akm) || (akm & WPA_KEY_MGMT_WPA_NONE);
164 }
165 
166 static inline int wpa_key_mgmt_cckm(int akm)
167 {
168 	return akm == WPA_KEY_MGMT_CCKM;
169 }
170 
171 
172 #define WPA_PROTO_WPA BIT(0)
173 #define WPA_PROTO_RSN BIT(1)
174 #define WPA_PROTO_WAPI BIT(2)
175 #define WPA_PROTO_OSEN BIT(3)
176 
177 #define WPA_AUTH_ALG_OPEN BIT(0)
178 #define WPA_AUTH_ALG_SHARED BIT(1)
179 #define WPA_AUTH_ALG_LEAP BIT(2)
180 #define WPA_AUTH_ALG_FT BIT(3)
181 #define WPA_AUTH_ALG_SAE BIT(4)
182 #define WPA_AUTH_ALG_FILS BIT(5)
183 #define WPA_AUTH_ALG_FILS_SK_PFS BIT(6)
184 
185 static inline int wpa_auth_alg_fils(int alg)
186 {
187 	return !!(alg & (WPA_AUTH_ALG_FILS | WPA_AUTH_ALG_FILS_SK_PFS));
188 }
189 
190 enum wpa_alg {
191 	WPA_ALG_NONE,
192 	WPA_ALG_WEP,
193 	WPA_ALG_TKIP,
194 	WPA_ALG_CCMP,
195 	WPA_ALG_BIP_CMAC_128,
196 	WPA_ALG_GCMP,
197 	WPA_ALG_SMS4,
198 	WPA_ALG_KRK,
199 	WPA_ALG_GCMP_256,
200 	WPA_ALG_CCMP_256,
201 	WPA_ALG_BIP_GMAC_128,
202 	WPA_ALG_BIP_GMAC_256,
203 	WPA_ALG_BIP_CMAC_256
204 };
205 
206 static inline int wpa_alg_bip(enum wpa_alg alg)
207 {
208 	return alg == WPA_ALG_BIP_CMAC_128 ||
209 		alg == WPA_ALG_BIP_GMAC_128 ||
210 		alg == WPA_ALG_BIP_GMAC_256 ||
211 		alg == WPA_ALG_BIP_CMAC_256;
212 }
213 
214 /**
215  * enum wpa_states - wpa_supplicant state
216  *
217  * These enumeration values are used to indicate the current wpa_supplicant
218  * state (wpa_s->wpa_state). The current state can be retrieved with
219  * wpa_supplicant_get_state() function and the state can be changed by calling
220  * wpa_supplicant_set_state(). In WPA state machine (wpa.c and preauth.c), the
221  * wrapper functions wpa_sm_get_state() and wpa_sm_set_state() should be used
222  * to access the state variable.
223  */
224 enum wpa_states {
225 	/**
226 	 * WPA_DISCONNECTED - Disconnected state
227 	 *
228 	 * This state indicates that client is not associated, but is likely to
229 	 * start looking for an access point. This state is entered when a
230 	 * connection is lost.
231 	 */
232 	WPA_DISCONNECTED,
233 
234 	/**
235 	 * WPA_INTERFACE_DISABLED - Interface disabled
236 	 *
237 	 * This state is entered if the network interface is disabled, e.g.,
238 	 * due to rfkill. wpa_supplicant refuses any new operations that would
239 	 * use the radio until the interface has been enabled.
240 	 */
241 	WPA_INTERFACE_DISABLED,
242 
243 	/**
244 	 * WPA_INACTIVE - Inactive state (wpa_supplicant disabled)
245 	 *
246 	 * This state is entered if there are no enabled networks in the
247 	 * configuration. wpa_supplicant is not trying to associate with a new
248 	 * network and external interaction (e.g., ctrl_iface call to add or
249 	 * enable a network) is needed to start association.
250 	 */
251 	WPA_INACTIVE,
252 
253 	/**
254 	 * WPA_SCANNING - Scanning for a network
255 	 *
256 	 * This state is entered when wpa_supplicant starts scanning for a
257 	 * network.
258 	 */
259 	WPA_SCANNING,
260 
261 	/**
262 	 * WPA_AUTHENTICATING - Trying to authenticate with a BSS/SSID
263 	 *
264 	 * This state is entered when wpa_supplicant has found a suitable BSS
265 	 * to authenticate with and the driver is configured to try to
266 	 * authenticate with this BSS. This state is used only with drivers
267 	 * that use wpa_supplicant as the SME.
268 	 */
269 	WPA_AUTHENTICATING,
270 
271 	/**
272 	 * WPA_ASSOCIATING - Trying to associate with a BSS/SSID
273 	 *
274 	 * This state is entered when wpa_supplicant has found a suitable BSS
275 	 * to associate with and the driver is configured to try to associate
276 	 * with this BSS in ap_scan=1 mode. When using ap_scan=2 mode, this
277 	 * state is entered when the driver is configured to try to associate
278 	 * with a network using the configured SSID and security policy.
279 	 */
280 	WPA_ASSOCIATING,
281 
282 	/**
283 	 * WPA_ASSOCIATED - Association completed
284 	 *
285 	 * This state is entered when the driver reports that association has
286 	 * been successfully completed with an AP. If IEEE 802.1X is used
287 	 * (with or without WPA/WPA2), wpa_supplicant remains in this state
288 	 * until the IEEE 802.1X/EAPOL authentication has been completed.
289 	 */
290 	WPA_ASSOCIATED,
291 
292 	/**
293 	 * WPA_4WAY_HANDSHAKE - WPA 4-Way Key Handshake in progress
294 	 *
295 	 * This state is entered when WPA/WPA2 4-Way Handshake is started. In
296 	 * case of WPA-PSK, this happens when receiving the first EAPOL-Key
297 	 * frame after association. In case of WPA-EAP, this state is entered
298 	 * when the IEEE 802.1X/EAPOL authentication has been completed.
299 	 */
300 	WPA_4WAY_HANDSHAKE,
301 
302 	/**
303 	 * WPA_GROUP_HANDSHAKE - WPA Group Key Handshake in progress
304 	 *
305 	 * This state is entered when 4-Way Key Handshake has been completed
306 	 * (i.e., when the supplicant sends out message 4/4) and when Group
307 	 * Key rekeying is started by the AP (i.e., when supplicant receives
308 	 * message 1/2).
309 	 */
310 	WPA_GROUP_HANDSHAKE,
311 
312 	/**
313 	 * WPA_COMPLETED - All authentication completed
314 	 *
315 	 * This state is entered when the full authentication process is
316 	 * completed. In case of WPA2, this happens when the 4-Way Handshake is
317 	 * successfully completed. With WPA, this state is entered after the
318 	 * Group Key Handshake; with IEEE 802.1X (non-WPA) connection is
319 	 * completed after dynamic keys are received (or if not used, after
320 	 * the EAP authentication has been completed). With static WEP keys and
321 	 * plaintext connections, this state is entered when an association
322 	 * has been completed.
323 	 *
324 	 * This state indicates that the supplicant has completed its
325 	 * processing for the association phase and that data connection is
326 	 * fully configured.
327 	 */
328 	WPA_COMPLETED
329 };
330 
331 #define MLME_SETPROTECTION_PROTECT_TYPE_NONE 0
332 #define MLME_SETPROTECTION_PROTECT_TYPE_RX 1
333 #define MLME_SETPROTECTION_PROTECT_TYPE_TX 2
334 #define MLME_SETPROTECTION_PROTECT_TYPE_RX_TX 3
335 
336 #define MLME_SETPROTECTION_KEY_TYPE_GROUP 0
337 #define MLME_SETPROTECTION_KEY_TYPE_PAIRWISE 1
338 
339 
340 /**
341  * enum mfp_options - Management frame protection (IEEE 802.11w) options
342  */
343 enum mfp_options {
344 	NO_MGMT_FRAME_PROTECTION = 0,
345 	MGMT_FRAME_PROTECTION_OPTIONAL = 1,
346 	MGMT_FRAME_PROTECTION_REQUIRED = 2,
347 };
348 #define MGMT_FRAME_PROTECTION_DEFAULT 3
349 
350 /**
351  * enum hostapd_hw_mode - Hardware mode
352  */
353 enum hostapd_hw_mode {
354 	HOSTAPD_MODE_IEEE80211B,
355 	HOSTAPD_MODE_IEEE80211G,
356 	HOSTAPD_MODE_IEEE80211A,
357 	HOSTAPD_MODE_IEEE80211AD,
358 	HOSTAPD_MODE_IEEE80211ANY,
359 	NUM_HOSTAPD_MODES
360 };
361 
362 /**
363  * enum wpa_ctrl_req_type - Control interface request types
364  */
365 enum wpa_ctrl_req_type {
366 	WPA_CTRL_REQ_UNKNOWN,
367 	WPA_CTRL_REQ_EAP_IDENTITY,
368 	WPA_CTRL_REQ_EAP_PASSWORD,
369 	WPA_CTRL_REQ_EAP_NEW_PASSWORD,
370 	WPA_CTRL_REQ_EAP_PIN,
371 	WPA_CTRL_REQ_EAP_OTP,
372 	WPA_CTRL_REQ_EAP_PASSPHRASE,
373 	WPA_CTRL_REQ_SIM,
374 	WPA_CTRL_REQ_PSK_PASSPHRASE,
375 	WPA_CTRL_REQ_EXT_CERT_CHECK,
376 	NUM_WPA_CTRL_REQS
377 };
378 
379 /* Maximum number of EAP methods to store for EAP server user information */
380 #define EAP_MAX_METHODS 8
381 
382 enum mesh_plink_state {
383 	PLINK_IDLE = 1,
384 	PLINK_OPN_SNT,
385 	PLINK_OPN_RCVD,
386 	PLINK_CNF_RCVD,
387 	PLINK_ESTAB,
388 	PLINK_HOLDING,
389 	PLINK_BLOCKED, /* not defined in the IEEE 802.11 standard */
390 };
391 
392 enum set_band {
393 	WPA_SETBAND_AUTO = 0,
394 	WPA_SETBAND_5G = BIT(0),
395 	WPA_SETBAND_2G = BIT(1),
396 	WPA_SETBAND_6G = BIT(2),
397 };
398 
399 enum wpa_radio_work_band {
400 	BAND_2_4_GHZ = BIT(0),
401 	BAND_5_GHZ = BIT(1),
402 	BAND_60_GHZ = BIT(2),
403 };
404 
405 enum beacon_rate_type {
406 	BEACON_RATE_LEGACY,
407 	BEACON_RATE_HT,
408 	BEACON_RATE_VHT,
409 	BEACON_RATE_HE
410 };
411 
412 enum eap_proxy_sim_state {
413 	SIM_STATE_ERROR,
414 };
415 
416 #define OCE_STA BIT(0)
417 #define OCE_STA_CFON BIT(1)
418 #define OCE_AP BIT(2)
419 
420 /* enum chan_width - Channel width definitions */
421 enum chan_width {
422 	CHAN_WIDTH_20_NOHT,
423 	CHAN_WIDTH_20,
424 	CHAN_WIDTH_40,
425 	CHAN_WIDTH_80,
426 	CHAN_WIDTH_80P80,
427 	CHAN_WIDTH_160,
428 	CHAN_WIDTH_2160,
429 	CHAN_WIDTH_4320,
430 	CHAN_WIDTH_6480,
431 	CHAN_WIDTH_8640,
432 	CHAN_WIDTH_UNKNOWN
433 };
434 
435 enum key_flag {
436 	KEY_FLAG_MODIFY			= BIT(0),
437 	KEY_FLAG_DEFAULT		= BIT(1),
438 	KEY_FLAG_RX			= BIT(2),
439 	KEY_FLAG_TX			= BIT(3),
440 	KEY_FLAG_GROUP			= BIT(4),
441 	KEY_FLAG_PAIRWISE		= BIT(5),
442 	KEY_FLAG_PMK			= BIT(6),
443 	/* Used flag combinations */
444 	KEY_FLAG_RX_TX			= KEY_FLAG_RX | KEY_FLAG_TX,
445 	KEY_FLAG_GROUP_RX_TX		= KEY_FLAG_GROUP | KEY_FLAG_RX_TX,
446 	KEY_FLAG_GROUP_RX_TX_DEFAULT	= KEY_FLAG_GROUP_RX_TX |
447 					  KEY_FLAG_DEFAULT,
448 	KEY_FLAG_GROUP_RX		= KEY_FLAG_GROUP | KEY_FLAG_RX,
449 	KEY_FLAG_GROUP_TX_DEFAULT	= KEY_FLAG_GROUP | KEY_FLAG_TX |
450 					  KEY_FLAG_DEFAULT,
451 	KEY_FLAG_PAIRWISE_RX_TX		= KEY_FLAG_PAIRWISE | KEY_FLAG_RX_TX,
452 	KEY_FLAG_PAIRWISE_RX		= KEY_FLAG_PAIRWISE | KEY_FLAG_RX,
453 	KEY_FLAG_PAIRWISE_RX_TX_MODIFY	= KEY_FLAG_PAIRWISE_RX_TX |
454 					  KEY_FLAG_MODIFY,
455 	/* Max allowed flags for each key type */
456 	KEY_FLAG_PAIRWISE_MASK		= KEY_FLAG_PAIRWISE_RX_TX_MODIFY,
457 	KEY_FLAG_GROUP_MASK		= KEY_FLAG_GROUP_RX_TX_DEFAULT,
458 	KEY_FLAG_PMK_MASK		= KEY_FLAG_PMK,
459 };
460 
461 static inline int check_key_flag(enum key_flag key_flag)
462 {
463 	return !!(!key_flag ||
464 		  ((key_flag & (KEY_FLAG_PAIRWISE | KEY_FLAG_MODIFY)) &&
465 		   (key_flag & ~KEY_FLAG_PAIRWISE_MASK)) ||
466 		  ((key_flag & KEY_FLAG_GROUP) &&
467 		   (key_flag & ~KEY_FLAG_GROUP_MASK)) ||
468 		  ((key_flag & KEY_FLAG_PMK) &&
469 		   (key_flag & ~KEY_FLAG_PMK_MASK)));
470 }
471 
472 enum ptk0_rekey_handling {
473 	PTK0_REKEY_ALLOW_ALWAYS,
474 	PTK0_REKEY_ALLOW_LOCAL_OK,
475 	PTK0_REKEY_ALLOW_NEVER
476 };
477 
478 #endif /* DEFS_H */
479