1 /* 2 * WPA Supplicant - Common definitions 3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef DEFS_H 10 #define DEFS_H 11 12 #define WPA_CIPHER_NONE BIT(0) 13 #define WPA_CIPHER_WEP40 BIT(1) 14 #define WPA_CIPHER_WEP104 BIT(2) 15 #define WPA_CIPHER_TKIP BIT(3) 16 #define WPA_CIPHER_CCMP BIT(4) 17 #define WPA_CIPHER_AES_128_CMAC BIT(5) 18 #define WPA_CIPHER_GCMP BIT(6) 19 #define WPA_CIPHER_SMS4 BIT(7) 20 #define WPA_CIPHER_GCMP_256 BIT(8) 21 #define WPA_CIPHER_CCMP_256 BIT(9) 22 #define WPA_CIPHER_BIP_GMAC_128 BIT(11) 23 #define WPA_CIPHER_BIP_GMAC_256 BIT(12) 24 #define WPA_CIPHER_BIP_CMAC_256 BIT(13) 25 #define WPA_CIPHER_GTK_NOT_USED BIT(14) 26 27 #define WPA_KEY_MGMT_IEEE8021X BIT(0) 28 #define WPA_KEY_MGMT_PSK BIT(1) 29 #define WPA_KEY_MGMT_NONE BIT(2) 30 #define WPA_KEY_MGMT_IEEE8021X_NO_WPA BIT(3) 31 #define WPA_KEY_MGMT_WPA_NONE BIT(4) 32 #define WPA_KEY_MGMT_FT_IEEE8021X BIT(5) 33 #define WPA_KEY_MGMT_FT_PSK BIT(6) 34 #define WPA_KEY_MGMT_IEEE8021X_SHA256 BIT(7) 35 #define WPA_KEY_MGMT_PSK_SHA256 BIT(8) 36 #define WPA_KEY_MGMT_WPS BIT(9) 37 #define WPA_KEY_MGMT_SAE BIT(10) 38 #define WPA_KEY_MGMT_FT_SAE BIT(11) 39 #define WPA_KEY_MGMT_WAPI_PSK BIT(12) 40 #define WPA_KEY_MGMT_WAPI_CERT BIT(13) 41 #define WPA_KEY_MGMT_CCKM BIT(14) 42 #define WPA_KEY_MGMT_OSEN BIT(15) 43 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B BIT(16) 44 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 BIT(17) 45 #define WPA_KEY_MGMT_FILS_SHA256 BIT(18) 46 #define WPA_KEY_MGMT_FILS_SHA384 BIT(19) 47 #define WPA_KEY_MGMT_FT_FILS_SHA256 BIT(20) 48 #define WPA_KEY_MGMT_FT_FILS_SHA384 BIT(21) 49 #define WPA_KEY_MGMT_OWE BIT(22) 50 #define WPA_KEY_MGMT_DPP BIT(23) 51 #define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24) 52 #define WPA_KEY_MGMT_PASN BIT(25) 53 #define WPA_KEY_MGMT_SAE_EXT_KEY BIT(26) 54 #define WPA_KEY_MGMT_FT_SAE_EXT_KEY BIT(27) 55 #define WPA_KEY_MGMT_IEEE8021X_SHA384 BIT(28) 56 57 58 #define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_PSK | \ 59 WPA_KEY_MGMT_FT_IEEE8021X | \ 60 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | \ 61 WPA_KEY_MGMT_FT_SAE | \ 62 WPA_KEY_MGMT_FT_SAE_EXT_KEY | \ 63 WPA_KEY_MGMT_FT_FILS_SHA256 | \ 64 WPA_KEY_MGMT_FT_FILS_SHA384) 65 66 static inline int wpa_key_mgmt_wpa_ieee8021x(int akm) 67 { 68 return !!(akm & (WPA_KEY_MGMT_IEEE8021X | 69 WPA_KEY_MGMT_FT_IEEE8021X | 70 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | 71 WPA_KEY_MGMT_CCKM | 72 WPA_KEY_MGMT_OSEN | 73 WPA_KEY_MGMT_IEEE8021X_SHA256 | 74 WPA_KEY_MGMT_IEEE8021X_SUITE_B | 75 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 | 76 WPA_KEY_MGMT_FILS_SHA256 | 77 WPA_KEY_MGMT_FILS_SHA384 | 78 WPA_KEY_MGMT_FT_FILS_SHA256 | 79 WPA_KEY_MGMT_FT_FILS_SHA384 | 80 WPA_KEY_MGMT_IEEE8021X_SHA384)); 81 } 82 83 static inline int wpa_key_mgmt_wpa_psk_no_sae(int akm) 84 { 85 return !!(akm & (WPA_KEY_MGMT_PSK | 86 WPA_KEY_MGMT_FT_PSK | 87 WPA_KEY_MGMT_PSK_SHA256)); 88 } 89 90 static inline int wpa_key_mgmt_wpa_psk(int akm) 91 { 92 return !!(akm & (WPA_KEY_MGMT_PSK | 93 WPA_KEY_MGMT_FT_PSK | 94 WPA_KEY_MGMT_PSK_SHA256 | 95 WPA_KEY_MGMT_SAE | 96 WPA_KEY_MGMT_SAE_EXT_KEY | 97 WPA_KEY_MGMT_FT_SAE | 98 WPA_KEY_MGMT_FT_SAE_EXT_KEY)); 99 } 100 101 static inline int wpa_key_mgmt_ft(int akm) 102 { 103 return !!(akm & WPA_KEY_MGMT_FT); 104 } 105 106 static inline int wpa_key_mgmt_only_ft(int akm) 107 { 108 int ft = wpa_key_mgmt_ft(akm); 109 akm &= ~WPA_KEY_MGMT_FT; 110 return ft && !akm; 111 } 112 113 static inline int wpa_key_mgmt_ft_psk(int akm) 114 { 115 return !!(akm & WPA_KEY_MGMT_FT_PSK); 116 } 117 118 static inline int wpa_key_mgmt_sae(int akm) 119 { 120 return !!(akm & (WPA_KEY_MGMT_SAE | 121 WPA_KEY_MGMT_SAE_EXT_KEY | 122 WPA_KEY_MGMT_FT_SAE | 123 WPA_KEY_MGMT_FT_SAE_EXT_KEY)); 124 } 125 126 static inline int wpa_key_mgmt_sae_ext_key(int akm) 127 { 128 return !!(akm & (WPA_KEY_MGMT_SAE_EXT_KEY | 129 WPA_KEY_MGMT_FT_SAE_EXT_KEY)); 130 } 131 132 static inline int wpa_key_mgmt_fils(int akm) 133 { 134 return !!(akm & (WPA_KEY_MGMT_FILS_SHA256 | 135 WPA_KEY_MGMT_FILS_SHA384 | 136 WPA_KEY_MGMT_FT_FILS_SHA256 | 137 WPA_KEY_MGMT_FT_FILS_SHA384)); 138 } 139 140 static inline int wpa_key_mgmt_sha256(int akm) 141 { 142 return !!(akm & (WPA_KEY_MGMT_FT_IEEE8021X | 143 WPA_KEY_MGMT_PSK_SHA256 | 144 WPA_KEY_MGMT_IEEE8021X_SHA256 | 145 WPA_KEY_MGMT_SAE | 146 WPA_KEY_MGMT_FT_SAE | 147 WPA_KEY_MGMT_OSEN | 148 WPA_KEY_MGMT_IEEE8021X_SUITE_B | 149 WPA_KEY_MGMT_FILS_SHA256 | 150 WPA_KEY_MGMT_FT_FILS_SHA256)); 151 } 152 153 static inline int wpa_key_mgmt_sha384(int akm) 154 { 155 return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 | 156 WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | 157 WPA_KEY_MGMT_FILS_SHA384 | 158 WPA_KEY_MGMT_FT_FILS_SHA384 | 159 WPA_KEY_MGMT_IEEE8021X_SHA384)); 160 } 161 162 static inline int wpa_key_mgmt_suite_b(int akm) 163 { 164 return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B | 165 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)); 166 } 167 168 static inline int wpa_key_mgmt_wpa(int akm) 169 { 170 return wpa_key_mgmt_wpa_ieee8021x(akm) || 171 wpa_key_mgmt_wpa_psk(akm) || 172 wpa_key_mgmt_fils(akm) || 173 wpa_key_mgmt_sae(akm) || 174 akm == WPA_KEY_MGMT_OWE || 175 akm == WPA_KEY_MGMT_DPP; 176 } 177 178 static inline int wpa_key_mgmt_wpa_any(int akm) 179 { 180 return wpa_key_mgmt_wpa(akm) || (akm & WPA_KEY_MGMT_WPA_NONE); 181 } 182 183 static inline int wpa_key_mgmt_cckm(int akm) 184 { 185 return akm == WPA_KEY_MGMT_CCKM; 186 } 187 188 static inline int wpa_key_mgmt_cross_akm(int akm) 189 { 190 return !!(akm & (WPA_KEY_MGMT_PSK | 191 WPA_KEY_MGMT_PSK_SHA256 | 192 WPA_KEY_MGMT_SAE | 193 WPA_KEY_MGMT_SAE_EXT_KEY)); 194 } 195 196 #define WPA_PROTO_WPA BIT(0) 197 #define WPA_PROTO_RSN BIT(1) 198 #define WPA_PROTO_WAPI BIT(2) 199 #define WPA_PROTO_OSEN BIT(3) 200 201 #define WPA_AUTH_ALG_OPEN BIT(0) 202 #define WPA_AUTH_ALG_SHARED BIT(1) 203 #define WPA_AUTH_ALG_LEAP BIT(2) 204 #define WPA_AUTH_ALG_FT BIT(3) 205 #define WPA_AUTH_ALG_SAE BIT(4) 206 #define WPA_AUTH_ALG_FILS BIT(5) 207 #define WPA_AUTH_ALG_FILS_SK_PFS BIT(6) 208 209 static inline int wpa_auth_alg_fils(int alg) 210 { 211 return !!(alg & (WPA_AUTH_ALG_FILS | WPA_AUTH_ALG_FILS_SK_PFS)); 212 } 213 214 enum wpa_alg { 215 WPA_ALG_NONE, 216 WPA_ALG_WEP, 217 WPA_ALG_TKIP, 218 WPA_ALG_CCMP, 219 WPA_ALG_BIP_CMAC_128, 220 WPA_ALG_GCMP, 221 WPA_ALG_SMS4, 222 WPA_ALG_KRK, 223 WPA_ALG_GCMP_256, 224 WPA_ALG_CCMP_256, 225 WPA_ALG_BIP_GMAC_128, 226 WPA_ALG_BIP_GMAC_256, 227 WPA_ALG_BIP_CMAC_256 228 }; 229 230 static inline int wpa_alg_bip(enum wpa_alg alg) 231 { 232 return alg == WPA_ALG_BIP_CMAC_128 || 233 alg == WPA_ALG_BIP_GMAC_128 || 234 alg == WPA_ALG_BIP_GMAC_256 || 235 alg == WPA_ALG_BIP_CMAC_256; 236 } 237 238 /** 239 * enum wpa_states - wpa_supplicant state 240 * 241 * These enumeration values are used to indicate the current wpa_supplicant 242 * state (wpa_s->wpa_state). The current state can be retrieved with 243 * wpa_supplicant_get_state() function and the state can be changed by calling 244 * wpa_supplicant_set_state(). In WPA state machine (wpa.c and preauth.c), the 245 * wrapper functions wpa_sm_get_state() and wpa_sm_set_state() should be used 246 * to access the state variable. 247 */ 248 enum wpa_states { 249 /** 250 * WPA_DISCONNECTED - Disconnected state 251 * 252 * This state indicates that client is not associated, but is likely to 253 * start looking for an access point. This state is entered when a 254 * connection is lost. 255 */ 256 WPA_DISCONNECTED, 257 258 /** 259 * WPA_INTERFACE_DISABLED - Interface disabled 260 * 261 * This state is entered if the network interface is disabled, e.g., 262 * due to rfkill. wpa_supplicant refuses any new operations that would 263 * use the radio until the interface has been enabled. 264 */ 265 WPA_INTERFACE_DISABLED, 266 267 /** 268 * WPA_INACTIVE - Inactive state (wpa_supplicant disabled) 269 * 270 * This state is entered if there are no enabled networks in the 271 * configuration. wpa_supplicant is not trying to associate with a new 272 * network and external interaction (e.g., ctrl_iface call to add or 273 * enable a network) is needed to start association. 274 */ 275 WPA_INACTIVE, 276 277 /** 278 * WPA_SCANNING - Scanning for a network 279 * 280 * This state is entered when wpa_supplicant starts scanning for a 281 * network. 282 */ 283 WPA_SCANNING, 284 285 /** 286 * WPA_AUTHENTICATING - Trying to authenticate with a BSS/SSID 287 * 288 * This state is entered when wpa_supplicant has found a suitable BSS 289 * to authenticate with and the driver is configured to try to 290 * authenticate with this BSS. This state is used only with drivers 291 * that use wpa_supplicant as the SME. 292 */ 293 WPA_AUTHENTICATING, 294 295 /** 296 * WPA_ASSOCIATING - Trying to associate with a BSS/SSID 297 * 298 * This state is entered when wpa_supplicant has found a suitable BSS 299 * to associate with and the driver is configured to try to associate 300 * with this BSS in ap_scan=1 mode. When using ap_scan=2 mode, this 301 * state is entered when the driver is configured to try to associate 302 * with a network using the configured SSID and security policy. 303 */ 304 WPA_ASSOCIATING, 305 306 /** 307 * WPA_ASSOCIATED - Association completed 308 * 309 * This state is entered when the driver reports that association has 310 * been successfully completed with an AP. If IEEE 802.1X is used 311 * (with or without WPA/WPA2), wpa_supplicant remains in this state 312 * until the IEEE 802.1X/EAPOL authentication has been completed. 313 */ 314 WPA_ASSOCIATED, 315 316 /** 317 * WPA_4WAY_HANDSHAKE - WPA 4-Way Key Handshake in progress 318 * 319 * This state is entered when WPA/WPA2 4-Way Handshake is started. In 320 * case of WPA-PSK, this happens when receiving the first EAPOL-Key 321 * frame after association. In case of WPA-EAP, this state is entered 322 * when the IEEE 802.1X/EAPOL authentication has been completed. 323 */ 324 WPA_4WAY_HANDSHAKE, 325 326 /** 327 * WPA_GROUP_HANDSHAKE - WPA Group Key Handshake in progress 328 * 329 * This state is entered when 4-Way Key Handshake has been completed 330 * (i.e., when the supplicant sends out message 4/4) and when Group 331 * Key rekeying is started by the AP (i.e., when supplicant receives 332 * message 1/2). 333 */ 334 WPA_GROUP_HANDSHAKE, 335 336 /** 337 * WPA_COMPLETED - All authentication completed 338 * 339 * This state is entered when the full authentication process is 340 * completed. In case of WPA2, this happens when the 4-Way Handshake is 341 * successfully completed. With WPA, this state is entered after the 342 * Group Key Handshake; with IEEE 802.1X (non-WPA) connection is 343 * completed after dynamic keys are received (or if not used, after 344 * the EAP authentication has been completed). With static WEP keys and 345 * plaintext connections, this state is entered when an association 346 * has been completed. 347 * 348 * This state indicates that the supplicant has completed its 349 * processing for the association phase and that data connection is 350 * fully configured. 351 */ 352 WPA_COMPLETED 353 }; 354 355 #define MLME_SETPROTECTION_PROTECT_TYPE_NONE 0 356 #define MLME_SETPROTECTION_PROTECT_TYPE_RX 1 357 #define MLME_SETPROTECTION_PROTECT_TYPE_TX 2 358 #define MLME_SETPROTECTION_PROTECT_TYPE_RX_TX 3 359 360 #define MLME_SETPROTECTION_KEY_TYPE_GROUP 0 361 #define MLME_SETPROTECTION_KEY_TYPE_PAIRWISE 1 362 363 364 /** 365 * enum mfp_options - Management frame protection (IEEE 802.11w) options 366 */ 367 enum mfp_options { 368 NO_MGMT_FRAME_PROTECTION = 0, 369 MGMT_FRAME_PROTECTION_OPTIONAL = 1, 370 MGMT_FRAME_PROTECTION_REQUIRED = 2, 371 }; 372 #define MGMT_FRAME_PROTECTION_DEFAULT 3 373 374 /** 375 * enum hostapd_hw_mode - Hardware mode 376 */ 377 enum hostapd_hw_mode { 378 HOSTAPD_MODE_IEEE80211B, 379 HOSTAPD_MODE_IEEE80211G, 380 HOSTAPD_MODE_IEEE80211A, 381 HOSTAPD_MODE_IEEE80211AD, 382 HOSTAPD_MODE_IEEE80211ANY, 383 NUM_HOSTAPD_MODES 384 }; 385 386 /** 387 * enum wpa_ctrl_req_type - Control interface request types 388 */ 389 enum wpa_ctrl_req_type { 390 WPA_CTRL_REQ_UNKNOWN, 391 WPA_CTRL_REQ_EAP_IDENTITY, 392 WPA_CTRL_REQ_EAP_PASSWORD, 393 WPA_CTRL_REQ_EAP_NEW_PASSWORD, 394 WPA_CTRL_REQ_EAP_PIN, 395 WPA_CTRL_REQ_EAP_OTP, 396 WPA_CTRL_REQ_EAP_PASSPHRASE, 397 WPA_CTRL_REQ_SIM, 398 WPA_CTRL_REQ_PSK_PASSPHRASE, 399 WPA_CTRL_REQ_EXT_CERT_CHECK, 400 NUM_WPA_CTRL_REQS 401 }; 402 403 /* Maximum number of EAP methods to store for EAP server user information */ 404 #define EAP_MAX_METHODS 8 405 406 enum mesh_plink_state { 407 PLINK_IDLE = 1, 408 PLINK_OPN_SNT, 409 PLINK_OPN_RCVD, 410 PLINK_CNF_RCVD, 411 PLINK_ESTAB, 412 PLINK_HOLDING, 413 PLINK_BLOCKED, /* not defined in the IEEE 802.11 standard */ 414 }; 415 416 enum set_band { 417 WPA_SETBAND_AUTO = 0, 418 WPA_SETBAND_5G = BIT(0), 419 WPA_SETBAND_2G = BIT(1), 420 WPA_SETBAND_6G = BIT(2), 421 }; 422 423 enum wpa_radio_work_band { 424 BAND_2_4_GHZ = BIT(0), 425 BAND_5_GHZ = BIT(1), 426 BAND_60_GHZ = BIT(2), 427 }; 428 429 enum beacon_rate_type { 430 BEACON_RATE_LEGACY, 431 BEACON_RATE_HT, 432 BEACON_RATE_VHT, 433 BEACON_RATE_HE 434 }; 435 436 enum eap_proxy_sim_state { 437 SIM_STATE_ERROR, 438 }; 439 440 #define OCE_STA BIT(0) 441 #define OCE_STA_CFON BIT(1) 442 #define OCE_AP BIT(2) 443 444 /* enum chan_width - Channel width definitions */ 445 enum chan_width { 446 CHAN_WIDTH_20_NOHT, 447 CHAN_WIDTH_20, 448 CHAN_WIDTH_40, 449 CHAN_WIDTH_80, 450 CHAN_WIDTH_80P80, 451 CHAN_WIDTH_160, 452 CHAN_WIDTH_2160, 453 CHAN_WIDTH_4320, 454 CHAN_WIDTH_6480, 455 CHAN_WIDTH_8640, 456 CHAN_WIDTH_320, 457 CHAN_WIDTH_UNKNOWN 458 }; 459 460 /* VHT/EDMG/etc. channel widths 461 * Note: The first four values are used in hostapd.conf and as such, must 462 * maintain their defined values. Other values are used internally. */ 463 enum oper_chan_width { 464 CONF_OPER_CHWIDTH_USE_HT = 0, 465 CONF_OPER_CHWIDTH_80MHZ = 1, 466 CONF_OPER_CHWIDTH_160MHZ = 2, 467 CONF_OPER_CHWIDTH_80P80MHZ = 3, 468 CONF_OPER_CHWIDTH_2160MHZ, 469 CONF_OPER_CHWIDTH_4320MHZ, 470 CONF_OPER_CHWIDTH_6480MHZ, 471 CONF_OPER_CHWIDTH_8640MHZ, 472 CONF_OPER_CHWIDTH_40MHZ_6GHZ, 473 CONF_OPER_CHWIDTH_320MHZ, 474 }; 475 476 enum key_flag { 477 KEY_FLAG_MODIFY = BIT(0), 478 KEY_FLAG_DEFAULT = BIT(1), 479 KEY_FLAG_RX = BIT(2), 480 KEY_FLAG_TX = BIT(3), 481 KEY_FLAG_GROUP = BIT(4), 482 KEY_FLAG_PAIRWISE = BIT(5), 483 KEY_FLAG_PMK = BIT(6), 484 /* Used flag combinations */ 485 KEY_FLAG_RX_TX = KEY_FLAG_RX | KEY_FLAG_TX, 486 KEY_FLAG_GROUP_RX_TX = KEY_FLAG_GROUP | KEY_FLAG_RX_TX, 487 KEY_FLAG_GROUP_RX_TX_DEFAULT = KEY_FLAG_GROUP_RX_TX | 488 KEY_FLAG_DEFAULT, 489 KEY_FLAG_GROUP_RX = KEY_FLAG_GROUP | KEY_FLAG_RX, 490 KEY_FLAG_GROUP_TX_DEFAULT = KEY_FLAG_GROUP | KEY_FLAG_TX | 491 KEY_FLAG_DEFAULT, 492 KEY_FLAG_PAIRWISE_RX_TX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX_TX, 493 KEY_FLAG_PAIRWISE_RX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX, 494 KEY_FLAG_PAIRWISE_RX_TX_MODIFY = KEY_FLAG_PAIRWISE_RX_TX | 495 KEY_FLAG_MODIFY, 496 /* Max allowed flags for each key type */ 497 KEY_FLAG_PAIRWISE_MASK = KEY_FLAG_PAIRWISE_RX_TX_MODIFY, 498 KEY_FLAG_GROUP_MASK = KEY_FLAG_GROUP_RX_TX_DEFAULT, 499 KEY_FLAG_PMK_MASK = KEY_FLAG_PMK, 500 }; 501 502 static inline int check_key_flag(enum key_flag key_flag) 503 { 504 return !!(!key_flag || 505 ((key_flag & (KEY_FLAG_PAIRWISE | KEY_FLAG_MODIFY)) && 506 (key_flag & ~KEY_FLAG_PAIRWISE_MASK)) || 507 ((key_flag & KEY_FLAG_GROUP) && 508 (key_flag & ~KEY_FLAG_GROUP_MASK)) || 509 ((key_flag & KEY_FLAG_PMK) && 510 (key_flag & ~KEY_FLAG_PMK_MASK))); 511 } 512 513 enum ptk0_rekey_handling { 514 PTK0_REKEY_ALLOW_ALWAYS, 515 PTK0_REKEY_ALLOW_LOCAL_OK, 516 PTK0_REKEY_ALLOW_NEVER 517 }; 518 519 enum frame_encryption { 520 FRAME_ENCRYPTION_UNKNOWN = -1, 521 FRAME_NOT_ENCRYPTED = 0, 522 FRAME_ENCRYPTED = 1 523 }; 524 525 #define MAX_NUM_MLD_LINKS 15 526 527 enum sae_pwe { 528 SAE_PWE_HUNT_AND_PECK = 0, 529 SAE_PWE_HASH_TO_ELEMENT = 1, 530 SAE_PWE_BOTH = 2, 531 SAE_PWE_FORCE_HUNT_AND_PECK = 3, 532 SAE_PWE_NOT_SET = 4, 533 }; 534 535 #endif /* DEFS_H */ 536