1 /* 2 * WPA Supplicant - Common definitions 3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef DEFS_H 10 #define DEFS_H 11 12 #define WPA_CIPHER_NONE BIT(0) 13 #define WPA_CIPHER_WEP40 BIT(1) 14 #define WPA_CIPHER_WEP104 BIT(2) 15 #define WPA_CIPHER_TKIP BIT(3) 16 #define WPA_CIPHER_CCMP BIT(4) 17 #define WPA_CIPHER_AES_128_CMAC BIT(5) 18 #define WPA_CIPHER_GCMP BIT(6) 19 #define WPA_CIPHER_SMS4 BIT(7) 20 #define WPA_CIPHER_GCMP_256 BIT(8) 21 #define WPA_CIPHER_CCMP_256 BIT(9) 22 #define WPA_CIPHER_BIP_GMAC_128 BIT(11) 23 #define WPA_CIPHER_BIP_GMAC_256 BIT(12) 24 #define WPA_CIPHER_BIP_CMAC_256 BIT(13) 25 #define WPA_CIPHER_GTK_NOT_USED BIT(14) 26 27 #define WPA_KEY_MGMT_IEEE8021X BIT(0) 28 #define WPA_KEY_MGMT_PSK BIT(1) 29 #define WPA_KEY_MGMT_NONE BIT(2) 30 #define WPA_KEY_MGMT_IEEE8021X_NO_WPA BIT(3) 31 #define WPA_KEY_MGMT_WPA_NONE BIT(4) 32 #define WPA_KEY_MGMT_FT_IEEE8021X BIT(5) 33 #define WPA_KEY_MGMT_FT_PSK BIT(6) 34 #define WPA_KEY_MGMT_IEEE8021X_SHA256 BIT(7) 35 #define WPA_KEY_MGMT_PSK_SHA256 BIT(8) 36 #define WPA_KEY_MGMT_WPS BIT(9) 37 #define WPA_KEY_MGMT_SAE BIT(10) 38 #define WPA_KEY_MGMT_FT_SAE BIT(11) 39 #define WPA_KEY_MGMT_WAPI_PSK BIT(12) 40 #define WPA_KEY_MGMT_WAPI_CERT BIT(13) 41 #define WPA_KEY_MGMT_CCKM BIT(14) 42 #define WPA_KEY_MGMT_OSEN BIT(15) 43 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B BIT(16) 44 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 BIT(17) 45 #define WPA_KEY_MGMT_FILS_SHA256 BIT(18) 46 #define WPA_KEY_MGMT_FILS_SHA384 BIT(19) 47 #define WPA_KEY_MGMT_FT_FILS_SHA256 BIT(20) 48 #define WPA_KEY_MGMT_FT_FILS_SHA384 BIT(21) 49 #define WPA_KEY_MGMT_OWE BIT(22) 50 #define WPA_KEY_MGMT_DPP BIT(23) 51 #define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24) 52 #define WPA_KEY_MGMT_PASN BIT(25) 53 54 55 #define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_PSK | \ 56 WPA_KEY_MGMT_FT_IEEE8021X | \ 57 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | \ 58 WPA_KEY_MGMT_FT_SAE | \ 59 WPA_KEY_MGMT_FT_FILS_SHA256 | \ 60 WPA_KEY_MGMT_FT_FILS_SHA384) 61 62 static inline int wpa_key_mgmt_wpa_ieee8021x(int akm) 63 { 64 return !!(akm & (WPA_KEY_MGMT_IEEE8021X | 65 WPA_KEY_MGMT_FT_IEEE8021X | 66 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | 67 WPA_KEY_MGMT_CCKM | 68 WPA_KEY_MGMT_OSEN | 69 WPA_KEY_MGMT_IEEE8021X_SHA256 | 70 WPA_KEY_MGMT_IEEE8021X_SUITE_B | 71 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 | 72 WPA_KEY_MGMT_FILS_SHA256 | 73 WPA_KEY_MGMT_FILS_SHA384 | 74 WPA_KEY_MGMT_FT_FILS_SHA256 | 75 WPA_KEY_MGMT_FT_FILS_SHA384)); 76 } 77 78 static inline int wpa_key_mgmt_wpa_psk_no_sae(int akm) 79 { 80 return !!(akm & (WPA_KEY_MGMT_PSK | 81 WPA_KEY_MGMT_FT_PSK | 82 WPA_KEY_MGMT_PSK_SHA256)); 83 } 84 85 static inline int wpa_key_mgmt_wpa_psk(int akm) 86 { 87 return !!(akm & (WPA_KEY_MGMT_PSK | 88 WPA_KEY_MGMT_FT_PSK | 89 WPA_KEY_MGMT_PSK_SHA256 | 90 WPA_KEY_MGMT_SAE | 91 WPA_KEY_MGMT_FT_SAE)); 92 } 93 94 static inline int wpa_key_mgmt_ft(int akm) 95 { 96 return !!(akm & WPA_KEY_MGMT_FT); 97 } 98 99 static inline int wpa_key_mgmt_only_ft(int akm) 100 { 101 int ft = wpa_key_mgmt_ft(akm); 102 akm &= ~WPA_KEY_MGMT_FT; 103 return ft && !akm; 104 } 105 106 static inline int wpa_key_mgmt_ft_psk(int akm) 107 { 108 return !!(akm & WPA_KEY_MGMT_FT_PSK); 109 } 110 111 static inline int wpa_key_mgmt_sae(int akm) 112 { 113 return !!(akm & (WPA_KEY_MGMT_SAE | 114 WPA_KEY_MGMT_FT_SAE)); 115 } 116 117 static inline int wpa_key_mgmt_fils(int akm) 118 { 119 return !!(akm & (WPA_KEY_MGMT_FILS_SHA256 | 120 WPA_KEY_MGMT_FILS_SHA384 | 121 WPA_KEY_MGMT_FT_FILS_SHA256 | 122 WPA_KEY_MGMT_FT_FILS_SHA384)); 123 } 124 125 static inline int wpa_key_mgmt_sha256(int akm) 126 { 127 return !!(akm & (WPA_KEY_MGMT_PSK_SHA256 | 128 WPA_KEY_MGMT_IEEE8021X_SHA256 | 129 WPA_KEY_MGMT_SAE | 130 WPA_KEY_MGMT_FT_SAE | 131 WPA_KEY_MGMT_OSEN | 132 WPA_KEY_MGMT_IEEE8021X_SUITE_B | 133 WPA_KEY_MGMT_FILS_SHA256 | 134 WPA_KEY_MGMT_FT_FILS_SHA256)); 135 } 136 137 static inline int wpa_key_mgmt_sha384(int akm) 138 { 139 return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 | 140 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | 141 WPA_KEY_MGMT_FILS_SHA384 | 142 WPA_KEY_MGMT_FT_FILS_SHA384)); 143 } 144 145 static inline int wpa_key_mgmt_suite_b(int akm) 146 { 147 return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B | 148 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)); 149 } 150 151 static inline int wpa_key_mgmt_wpa(int akm) 152 { 153 return wpa_key_mgmt_wpa_ieee8021x(akm) || 154 wpa_key_mgmt_wpa_psk(akm) || 155 wpa_key_mgmt_fils(akm) || 156 wpa_key_mgmt_sae(akm) || 157 akm == WPA_KEY_MGMT_OWE || 158 akm == WPA_KEY_MGMT_DPP; 159 } 160 161 static inline int wpa_key_mgmt_wpa_any(int akm) 162 { 163 return wpa_key_mgmt_wpa(akm) || (akm & WPA_KEY_MGMT_WPA_NONE); 164 } 165 166 static inline int wpa_key_mgmt_cckm(int akm) 167 { 168 return akm == WPA_KEY_MGMT_CCKM; 169 } 170 171 172 #define WPA_PROTO_WPA BIT(0) 173 #define WPA_PROTO_RSN BIT(1) 174 #define WPA_PROTO_WAPI BIT(2) 175 #define WPA_PROTO_OSEN BIT(3) 176 177 #define WPA_AUTH_ALG_OPEN BIT(0) 178 #define WPA_AUTH_ALG_SHARED BIT(1) 179 #define WPA_AUTH_ALG_LEAP BIT(2) 180 #define WPA_AUTH_ALG_FT BIT(3) 181 #define WPA_AUTH_ALG_SAE BIT(4) 182 #define WPA_AUTH_ALG_FILS BIT(5) 183 #define WPA_AUTH_ALG_FILS_SK_PFS BIT(6) 184 185 static inline int wpa_auth_alg_fils(int alg) 186 { 187 return !!(alg & (WPA_AUTH_ALG_FILS | WPA_AUTH_ALG_FILS_SK_PFS)); 188 } 189 190 enum wpa_alg { 191 WPA_ALG_NONE, 192 WPA_ALG_WEP, 193 WPA_ALG_TKIP, 194 WPA_ALG_CCMP, 195 WPA_ALG_BIP_CMAC_128, 196 WPA_ALG_GCMP, 197 WPA_ALG_SMS4, 198 WPA_ALG_KRK, 199 WPA_ALG_GCMP_256, 200 WPA_ALG_CCMP_256, 201 WPA_ALG_BIP_GMAC_128, 202 WPA_ALG_BIP_GMAC_256, 203 WPA_ALG_BIP_CMAC_256 204 }; 205 206 static inline int wpa_alg_bip(enum wpa_alg alg) 207 { 208 return alg == WPA_ALG_BIP_CMAC_128 || 209 alg == WPA_ALG_BIP_GMAC_128 || 210 alg == WPA_ALG_BIP_GMAC_256 || 211 alg == WPA_ALG_BIP_CMAC_256; 212 } 213 214 /** 215 * enum wpa_states - wpa_supplicant state 216 * 217 * These enumeration values are used to indicate the current wpa_supplicant 218 * state (wpa_s->wpa_state). The current state can be retrieved with 219 * wpa_supplicant_get_state() function and the state can be changed by calling 220 * wpa_supplicant_set_state(). In WPA state machine (wpa.c and preauth.c), the 221 * wrapper functions wpa_sm_get_state() and wpa_sm_set_state() should be used 222 * to access the state variable. 223 */ 224 enum wpa_states { 225 /** 226 * WPA_DISCONNECTED - Disconnected state 227 * 228 * This state indicates that client is not associated, but is likely to 229 * start looking for an access point. This state is entered when a 230 * connection is lost. 231 */ 232 WPA_DISCONNECTED, 233 234 /** 235 * WPA_INTERFACE_DISABLED - Interface disabled 236 * 237 * This state is entered if the network interface is disabled, e.g., 238 * due to rfkill. wpa_supplicant refuses any new operations that would 239 * use the radio until the interface has been enabled. 240 */ 241 WPA_INTERFACE_DISABLED, 242 243 /** 244 * WPA_INACTIVE - Inactive state (wpa_supplicant disabled) 245 * 246 * This state is entered if there are no enabled networks in the 247 * configuration. wpa_supplicant is not trying to associate with a new 248 * network and external interaction (e.g., ctrl_iface call to add or 249 * enable a network) is needed to start association. 250 */ 251 WPA_INACTIVE, 252 253 /** 254 * WPA_SCANNING - Scanning for a network 255 * 256 * This state is entered when wpa_supplicant starts scanning for a 257 * network. 258 */ 259 WPA_SCANNING, 260 261 /** 262 * WPA_AUTHENTICATING - Trying to authenticate with a BSS/SSID 263 * 264 * This state is entered when wpa_supplicant has found a suitable BSS 265 * to authenticate with and the driver is configured to try to 266 * authenticate with this BSS. This state is used only with drivers 267 * that use wpa_supplicant as the SME. 268 */ 269 WPA_AUTHENTICATING, 270 271 /** 272 * WPA_ASSOCIATING - Trying to associate with a BSS/SSID 273 * 274 * This state is entered when wpa_supplicant has found a suitable BSS 275 * to associate with and the driver is configured to try to associate 276 * with this BSS in ap_scan=1 mode. When using ap_scan=2 mode, this 277 * state is entered when the driver is configured to try to associate 278 * with a network using the configured SSID and security policy. 279 */ 280 WPA_ASSOCIATING, 281 282 /** 283 * WPA_ASSOCIATED - Association completed 284 * 285 * This state is entered when the driver reports that association has 286 * been successfully completed with an AP. If IEEE 802.1X is used 287 * (with or without WPA/WPA2), wpa_supplicant remains in this state 288 * until the IEEE 802.1X/EAPOL authentication has been completed. 289 */ 290 WPA_ASSOCIATED, 291 292 /** 293 * WPA_4WAY_HANDSHAKE - WPA 4-Way Key Handshake in progress 294 * 295 * This state is entered when WPA/WPA2 4-Way Handshake is started. In 296 * case of WPA-PSK, this happens when receiving the first EAPOL-Key 297 * frame after association. In case of WPA-EAP, this state is entered 298 * when the IEEE 802.1X/EAPOL authentication has been completed. 299 */ 300 WPA_4WAY_HANDSHAKE, 301 302 /** 303 * WPA_GROUP_HANDSHAKE - WPA Group Key Handshake in progress 304 * 305 * This state is entered when 4-Way Key Handshake has been completed 306 * (i.e., when the supplicant sends out message 4/4) and when Group 307 * Key rekeying is started by the AP (i.e., when supplicant receives 308 * message 1/2). 309 */ 310 WPA_GROUP_HANDSHAKE, 311 312 /** 313 * WPA_COMPLETED - All authentication completed 314 * 315 * This state is entered when the full authentication process is 316 * completed. In case of WPA2, this happens when the 4-Way Handshake is 317 * successfully completed. With WPA, this state is entered after the 318 * Group Key Handshake; with IEEE 802.1X (non-WPA) connection is 319 * completed after dynamic keys are received (or if not used, after 320 * the EAP authentication has been completed). With static WEP keys and 321 * plaintext connections, this state is entered when an association 322 * has been completed. 323 * 324 * This state indicates that the supplicant has completed its 325 * processing for the association phase and that data connection is 326 * fully configured. 327 */ 328 WPA_COMPLETED 329 }; 330 331 #define MLME_SETPROTECTION_PROTECT_TYPE_NONE 0 332 #define MLME_SETPROTECTION_PROTECT_TYPE_RX 1 333 #define MLME_SETPROTECTION_PROTECT_TYPE_TX 2 334 #define MLME_SETPROTECTION_PROTECT_TYPE_RX_TX 3 335 336 #define MLME_SETPROTECTION_KEY_TYPE_GROUP 0 337 #define MLME_SETPROTECTION_KEY_TYPE_PAIRWISE 1 338 339 340 /** 341 * enum mfp_options - Management frame protection (IEEE 802.11w) options 342 */ 343 enum mfp_options { 344 NO_MGMT_FRAME_PROTECTION = 0, 345 MGMT_FRAME_PROTECTION_OPTIONAL = 1, 346 MGMT_FRAME_PROTECTION_REQUIRED = 2, 347 }; 348 #define MGMT_FRAME_PROTECTION_DEFAULT 3 349 350 /** 351 * enum hostapd_hw_mode - Hardware mode 352 */ 353 enum hostapd_hw_mode { 354 HOSTAPD_MODE_IEEE80211B, 355 HOSTAPD_MODE_IEEE80211G, 356 HOSTAPD_MODE_IEEE80211A, 357 HOSTAPD_MODE_IEEE80211AD, 358 HOSTAPD_MODE_IEEE80211ANY, 359 NUM_HOSTAPD_MODES 360 }; 361 362 /** 363 * enum wpa_ctrl_req_type - Control interface request types 364 */ 365 enum wpa_ctrl_req_type { 366 WPA_CTRL_REQ_UNKNOWN, 367 WPA_CTRL_REQ_EAP_IDENTITY, 368 WPA_CTRL_REQ_EAP_PASSWORD, 369 WPA_CTRL_REQ_EAP_NEW_PASSWORD, 370 WPA_CTRL_REQ_EAP_PIN, 371 WPA_CTRL_REQ_EAP_OTP, 372 WPA_CTRL_REQ_EAP_PASSPHRASE, 373 WPA_CTRL_REQ_SIM, 374 WPA_CTRL_REQ_PSK_PASSPHRASE, 375 WPA_CTRL_REQ_EXT_CERT_CHECK, 376 NUM_WPA_CTRL_REQS 377 }; 378 379 /* Maximum number of EAP methods to store for EAP server user information */ 380 #define EAP_MAX_METHODS 8 381 382 enum mesh_plink_state { 383 PLINK_IDLE = 1, 384 PLINK_OPN_SNT, 385 PLINK_OPN_RCVD, 386 PLINK_CNF_RCVD, 387 PLINK_ESTAB, 388 PLINK_HOLDING, 389 PLINK_BLOCKED, /* not defined in the IEEE 802.11 standard */ 390 }; 391 392 enum set_band { 393 WPA_SETBAND_AUTO = 0, 394 WPA_SETBAND_5G = BIT(0), 395 WPA_SETBAND_2G = BIT(1), 396 WPA_SETBAND_6G = BIT(2), 397 }; 398 399 enum wpa_radio_work_band { 400 BAND_2_4_GHZ = BIT(0), 401 BAND_5_GHZ = BIT(1), 402 BAND_60_GHZ = BIT(2), 403 }; 404 405 enum beacon_rate_type { 406 BEACON_RATE_LEGACY, 407 BEACON_RATE_HT, 408 BEACON_RATE_VHT, 409 BEACON_RATE_HE 410 }; 411 412 enum eap_proxy_sim_state { 413 SIM_STATE_ERROR, 414 }; 415 416 #define OCE_STA BIT(0) 417 #define OCE_STA_CFON BIT(1) 418 #define OCE_AP BIT(2) 419 420 /* enum chan_width - Channel width definitions */ 421 enum chan_width { 422 CHAN_WIDTH_20_NOHT, 423 CHAN_WIDTH_20, 424 CHAN_WIDTH_40, 425 CHAN_WIDTH_80, 426 CHAN_WIDTH_80P80, 427 CHAN_WIDTH_160, 428 CHAN_WIDTH_2160, 429 CHAN_WIDTH_4320, 430 CHAN_WIDTH_6480, 431 CHAN_WIDTH_8640, 432 CHAN_WIDTH_UNKNOWN 433 }; 434 435 enum key_flag { 436 KEY_FLAG_MODIFY = BIT(0), 437 KEY_FLAG_DEFAULT = BIT(1), 438 KEY_FLAG_RX = BIT(2), 439 KEY_FLAG_TX = BIT(3), 440 KEY_FLAG_GROUP = BIT(4), 441 KEY_FLAG_PAIRWISE = BIT(5), 442 KEY_FLAG_PMK = BIT(6), 443 /* Used flag combinations */ 444 KEY_FLAG_RX_TX = KEY_FLAG_RX | KEY_FLAG_TX, 445 KEY_FLAG_GROUP_RX_TX = KEY_FLAG_GROUP | KEY_FLAG_RX_TX, 446 KEY_FLAG_GROUP_RX_TX_DEFAULT = KEY_FLAG_GROUP_RX_TX | 447 KEY_FLAG_DEFAULT, 448 KEY_FLAG_GROUP_RX = KEY_FLAG_GROUP | KEY_FLAG_RX, 449 KEY_FLAG_GROUP_TX_DEFAULT = KEY_FLAG_GROUP | KEY_FLAG_TX | 450 KEY_FLAG_DEFAULT, 451 KEY_FLAG_PAIRWISE_RX_TX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX_TX, 452 KEY_FLAG_PAIRWISE_RX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX, 453 KEY_FLAG_PAIRWISE_RX_TX_MODIFY = KEY_FLAG_PAIRWISE_RX_TX | 454 KEY_FLAG_MODIFY, 455 /* Max allowed flags for each key type */ 456 KEY_FLAG_PAIRWISE_MASK = KEY_FLAG_PAIRWISE_RX_TX_MODIFY, 457 KEY_FLAG_GROUP_MASK = KEY_FLAG_GROUP_RX_TX_DEFAULT, 458 KEY_FLAG_PMK_MASK = KEY_FLAG_PMK, 459 }; 460 461 static inline int check_key_flag(enum key_flag key_flag) 462 { 463 return !!(!key_flag || 464 ((key_flag & (KEY_FLAG_PAIRWISE | KEY_FLAG_MODIFY)) && 465 (key_flag & ~KEY_FLAG_PAIRWISE_MASK)) || 466 ((key_flag & KEY_FLAG_GROUP) && 467 (key_flag & ~KEY_FLAG_GROUP_MASK)) || 468 ((key_flag & KEY_FLAG_PMK) && 469 (key_flag & ~KEY_FLAG_PMK_MASK))); 470 } 471 472 enum ptk0_rekey_handling { 473 PTK0_REKEY_ALLOW_ALWAYS, 474 PTK0_REKEY_ALLOW_LOCAL_OK, 475 PTK0_REKEY_ALLOW_NEVER 476 }; 477 478 #endif /* DEFS_H */ 479