1 /*
2  *************************************************************************
3  * Ralink Tech Inc.
4  * 5F., No.36, Taiyuan St., Jhubei City,
5  * Hsinchu County 302,
6  * Taiwan, R.O.C.
7  *
8  * (c) Copyright 2002-2007, Ralink Technology, Inc.
9  *
10  * This program is free software; you can redistribute it and/or modify  *
11  * it under the terms of the GNU General Public License as published by  *
12  * the Free Software Foundation; either version 2 of the License, or     *
13  * (at your option) any later version.                                   *
14  *                                                                       *
15  * This program is distributed in the hope that it will be useful,       *
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
18  * GNU General Public License for more details.                          *
19  *                                                                       *
20  * You should have received a copy of the GNU General Public License     *
21  * along with this program; if not, write to the                         *
22  * Free Software Foundation, Inc.,                                       *
23  * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
24  *                                                                       *
25  *************************************************************************
26 
27 	Module Name:
28 	wpa.h
29 
30 	Abstract:
31 
32 	Revision History:
33 	Who			When			What
34 	--------	----------		----------------------------------------------
35 	Name			Date			Modification logs
36 	Justin P. Mattock	11/07/2010		Fix a typo
37 */
38 
39 #ifndef	__WPA_H__
40 #define	__WPA_H__
41 
42 /* EAPOL Key descriptor frame format related length */
43 #define LEN_KEY_DESC_NONCE			32
44 #define LEN_KEY_DESC_IV				16
45 #define LEN_KEY_DESC_RSC			8
46 #define LEN_KEY_DESC_ID				8
47 #define LEN_KEY_DESC_REPLAY			8
48 #define LEN_KEY_DESC_MIC			16
49 
50 /* The length is the EAPoL-Key frame except key data field. */
51 /* Please refer to 802.11i-2004 ,Figure 43u in p.78 */
52 #define LEN_EAPOL_KEY_MSG			(sizeof(struct rt_key_descripter) - MAX_LEN_OF_RSNIE)
53 
54 /* EAP Code Type. */
55 #define EAP_CODE_REQUEST	1
56 #define EAP_CODE_RESPONSE	2
57 #define EAP_CODE_SUCCESS    3
58 #define EAP_CODE_FAILURE    4
59 
60 /* EAPOL frame Protocol Version */
61 #define	EAPOL_VER					1
62 #define	EAPOL_VER2					2
63 
64 /* EAPOL-KEY Descriptor Type */
65 #define	WPA1_KEY_DESC				0xfe
66 #define WPA2_KEY_DESC               0x02
67 
68 /* Key Descriptor Version of Key Information */
69 #define	DESC_TYPE_TKIP				1
70 #define	DESC_TYPE_AES				2
71 
72 #define LEN_MSG1_2WAY               0x7f
73 #define MAX_LEN_OF_EAP_HS           256
74 
75 #define LEN_MASTER_KEY				32
76 
77 /* EAPOL EK, MK */
78 #define LEN_EAP_EK					16
79 #define LEN_EAP_MICK				16
80 #define LEN_EAP_KEY					((LEN_EAP_EK)+(LEN_EAP_MICK))
81 /* TKIP key related */
82 #define LEN_PMKID					16
83 #define LEN_TKIP_EK					16
84 #define LEN_TKIP_RXMICK				8
85 #define LEN_TKIP_TXMICK				8
86 #define LEN_AES_EK					16
87 #define LEN_AES_KEY					LEN_AES_EK
88 #define LEN_TKIP_KEY				((LEN_TKIP_EK)+(LEN_TKIP_RXMICK)+(LEN_TKIP_TXMICK))
89 #define TKIP_AP_TXMICK_OFFSET		((LEN_EAP_KEY)+(LEN_TKIP_EK))
90 #define TKIP_AP_RXMICK_OFFSET		(TKIP_AP_TXMICK_OFFSET+LEN_TKIP_TXMICK)
91 #define TKIP_GTK_LENGTH				((LEN_TKIP_EK)+(LEN_TKIP_RXMICK)+(LEN_TKIP_TXMICK))
92 #define LEN_PTK						((LEN_EAP_KEY)+(LEN_TKIP_KEY))
93 #define MIN_LEN_OF_GTK				5
94 #define LEN_PMK						32
95 #define LEN_PMK_NAME				16
96 #define LEN_NONCE					32
97 
98 /* RSN IE Length definition */
99 #define MAX_LEN_OF_RSNIE		255
100 #define MIN_LEN_OF_RSNIE         	8
101 
102 #define KEY_LIFETIME				3600
103 
104 /*EAP Packet Type */
105 #define	EAPPacket		0
106 #define	EAPOLStart		1
107 #define	EAPOLLogoff		2
108 #define	EAPOLKey		3
109 #define	EAPOLASFAlert	4
110 #define	EAPTtypeMax		5
111 
112 #define	EAPOL_MSG_INVALID	0
113 #define	EAPOL_PAIR_MSG_1	1
114 #define	EAPOL_PAIR_MSG_2	2
115 #define	EAPOL_PAIR_MSG_3	3
116 #define	EAPOL_PAIR_MSG_4	4
117 #define	EAPOL_GROUP_MSG_1	5
118 #define	EAPOL_GROUP_MSG_2	6
119 
120 #define PAIRWISEKEY					1
121 #define GROUPKEY					0
122 
123 /* Retry timer counter initial value */
124 #define PEER_MSG1_RETRY_TIMER_CTR           0
125 #define PEER_MSG3_RETRY_TIMER_CTR           10
126 #define GROUP_MSG1_RETRY_TIMER_CTR          20
127 
128 /*#ifdef CONFIG_AP_SUPPORT */
129 /* WPA mechanism retry timer interval */
130 #define PEER_MSG1_RETRY_EXEC_INTV           1000	/* 1 sec */
131 #define PEER_MSG3_RETRY_EXEC_INTV           3000	/* 3 sec */
132 #define GROUP_KEY_UPDATE_EXEC_INTV          1000	/* 1 sec */
133 #define PEER_GROUP_KEY_UPDATE_INIV			2000	/* 2 sec */
134 
135 #define ENQUEUE_EAPOL_START_TIMER			200	/* 200 ms */
136 
137 /* group rekey interval */
138 #define TIME_REKEY                          0
139 #define PKT_REKEY                           1
140 #define DISABLE_REKEY                       2
141 #define MAX_REKEY                           2
142 
143 #define MAX_REKEY_INTER                     0x3ffffff
144 /*#endif // CONFIG_AP_SUPPORT // */
145 
146 #define GROUP_SUITE					0
147 #define PAIRWISE_SUITE				1
148 #define AKM_SUITE					2
149 #define PMKID_LIST					3
150 
151 #define EAPOL_START_DISABLE					0
152 #define EAPOL_START_PSK						1
153 #define EAPOL_START_1X						2
154 
155 #define MIX_CIPHER_WPA_TKIP_ON(x)       (((x) & 0x08) != 0)
156 #define MIX_CIPHER_WPA_AES_ON(x)        (((x) & 0x04) != 0)
157 #define MIX_CIPHER_WPA2_TKIP_ON(x)      (((x) & 0x02) != 0)
158 #define MIX_CIPHER_WPA2_AES_ON(x)       (((x) & 0x01) != 0)
159 
160 #ifndef ROUND_UP
161 #define ROUND_UP(__x, __y) \
162 	(((unsigned long)((__x)+((__y)-1))) & ((unsigned long)~((__y)-1)))
163 #endif
164 
165 #define	SET_u16_TO_ARRARY(_V, _LEN)		\
166 {											\
167 	_V[0] = (_LEN & 0xFF00) >> 8;			\
168 	_V[1] = (_LEN & 0xFF);					\
169 }
170 
171 #define	INC_u16_TO_ARRARY(_V, _LEN)			\
172 {												\
173 	u16	var_len;							\
174 												\
175 	var_len = (_V[0]<<8) | (_V[1]);				\
176 	var_len += _LEN;							\
177 												\
178 	_V[0] = (var_len & 0xFF00) >> 8;			\
179 	_V[1] = (var_len & 0xFF);					\
180 }
181 
182 #define	CONV_ARRARY_TO_u16(_V)	((_V[0]<<8) | (_V[1]))
183 
184 #define	ADD_ONE_To_64BIT_VAR(_V)		\
185 {										\
186 	u8	cnt = LEN_KEY_DESC_REPLAY;	\
187 	do									\
188 	{									\
189 		cnt--;							\
190 		_V[cnt]++;						\
191 		if (cnt == 0)					\
192 			break;						\
193 	}while (_V[cnt] == 0);				\
194 }
195 
196 #define IS_WPA_CAPABILITY(a)       (((a) >= Ndis802_11AuthModeWPA) && ((a) <= Ndis802_11AuthModeWPA1PSKWPA2PSK))
197 
198 /* EAPOL Key Information definition within Key descriptor format */
199 struct PACKED rt_key_info {
200 	u8 KeyMic:1;
201 	u8 Secure:1;
202 	u8 Error:1;
203 	u8 Request:1;
204 	u8 EKD_DL:1;		/* EKD for AP; DL for STA */
205 	u8 Rsvd:3;
206 	u8 KeyDescVer:3;
207 	u8 KeyType:1;
208 	u8 KeyIndex:2;
209 	u8 Install:1;
210 	u8 KeyAck:1;
211 };
212 
213 /* EAPOL Key descriptor format */
214 struct PACKED rt_key_descripter {
215 	u8 Type;
216 	struct rt_key_info KeyInfo;
217 	u8 KeyLength[2];
218 	u8 ReplayCounter[LEN_KEY_DESC_REPLAY];
219 	u8 KeyNonce[LEN_KEY_DESC_NONCE];
220 	u8 KeyIv[LEN_KEY_DESC_IV];
221 	u8 KeyRsc[LEN_KEY_DESC_RSC];
222 	u8 KeyId[LEN_KEY_DESC_ID];
223 	u8 KeyMic[LEN_KEY_DESC_MIC];
224 	u8 KeyDataLen[2];
225 	u8 KeyData[MAX_LEN_OF_RSNIE];
226 };
227 
228 struct PACKED rt_eapol_packet {
229 	u8 ProVer;
230 	u8 ProType;
231 	u8 Body_Len[2];
232 	struct rt_key_descripter KeyDesc;
233 };
234 
235 /*802.11i D10 page 83 */
236 struct PACKED rt_gtk_encap {
237 	u8 Kid:2;
238 	u8 tx:1;
239 	u8 rsv:5;
240 	u8 rsv1;
241 	u8 GTK[TKIP_GTK_LENGTH];
242 };
243 
244 struct PACKED rt_kde_encap {
245 	u8 Type;
246 	u8 Len;
247 	u8 OUI[3];
248 	u8 DataType;
249 	struct rt_gtk_encap GTKEncap;
250 };
251 
252 /* For WPA1 */
253 struct PACKED rt_rsnie {
254 	u8 oui[4];
255 	u16 version;
256 	u8 mcast[4];
257 	u16 ucount;
258 	struct PACKED {
259 		u8 oui[4];
260 	} ucast[1];
261 };
262 
263 /* For WPA2 */
264 struct PACKED rt_rsnie2 {
265 	u16 version;
266 	u8 mcast[4];
267 	u16 ucount;
268 	struct PACKED {
269 		u8 oui[4];
270 	} ucast[1];
271 };
272 
273 /* AKM Suite */
274 struct PACKED rt_rsnie_auth {
275 	u16 acount;
276 	struct PACKED {
277 		u8 oui[4];
278 	} auth[1];
279 };
280 
281 typedef union PACKED _RSN_CAPABILITIES {
282 	struct PACKED {
283 		u16 PreAuth:1;
284 		u16 No_Pairwise:1;
285 		u16 PTKSA_R_Counter:2;
286 		u16 GTKSA_R_Counter:2;
287 		u16 Rsvd:10;
288 	} field;
289 	u16 word;
290 } RSN_CAPABILITIES, *PRSN_CAPABILITIES;
291 
292 struct PACKED rt_eap_hdr {
293 	u8 ProVer;
294 	u8 ProType;
295 	u8 Body_Len[2];
296 	u8 code;
297 	u8 identifier;
298 	u8 length[2];	/* including code and identifier, followed by length-2 octets of data */
299 };
300 
301 /* For supplicant state machine states. 802.11i Draft 4.1, p. 97 */
302 /* We simplified it */
303 typedef enum _WpaState {
304 	SS_NOTUSE,		/* 0 */
305 	SS_START,		/* 1 */
306 	SS_WAIT_MSG_3,		/* 2 */
307 	SS_WAIT_GROUP,		/* 3 */
308 	SS_FINISH,		/* 4 */
309 	SS_KEYUPDATE,		/* 5 */
310 } WPA_STATE;
311 
312 /* */
313 /*      The definition of the cipher combination */
314 /* */
315 /*       bit3   bit2  bit1   bit0 */
316 /*      +------------+------------+ */
317 /*      |         WPA    |         WPA2   | */
318 /*      +------+-----+------+-----+ */
319 /*      | TKIP | AES | TKIP | AES | */
320 /*      |       0  |  1  |   1  |  0  | -> 0x06 */
321 /*      |       0  |  1  |   1  |  1  | -> 0x07 */
322 /*      |       1  |  0  |   0  |  1  | -> 0x09 */
323 /*      |       1  |  0  |   1  |  1  | -> 0x0B */
324 /*      |       1  |  1  |   0  |  1  | -> 0x0D */
325 /*      |       1  |  1  |   1  |  0  | -> 0x0E */
326 /*      |       1  |  1  |   1  |  1  | -> 0x0F */
327 /*      +------+-----+------+-----+ */
328 /* */
329 typedef enum _WpaMixPairCipher {
330 	MIX_CIPHER_NOTUSE = 0x00,
331 	WPA_NONE_WPA2_TKIPAES = 0x03,	/* WPA2-TKIPAES */
332 	WPA_AES_WPA2_TKIP = 0x06,
333 	WPA_AES_WPA2_TKIPAES = 0x07,
334 	WPA_TKIP_WPA2_AES = 0x09,
335 	WPA_TKIP_WPA2_TKIPAES = 0x0B,
336 	WPA_TKIPAES_WPA2_NONE = 0x0C,	/* WPA-TKIPAES */
337 	WPA_TKIPAES_WPA2_AES = 0x0D,
338 	WPA_TKIPAES_WPA2_TKIP = 0x0E,
339 	WPA_TKIPAES_WPA2_TKIPAES = 0x0F,
340 } WPA_MIX_PAIR_CIPHER;
341 
342 struct PACKED rt_rsn_ie_header {
343 	u8 Eid;
344 	u8 Length;
345 	u16 Version;		/* Little endian format */
346 };
347 
348 /* Cipher suite selector types */
349 struct PACKED rt_cipher_suite_struct {
350 	u8 Oui[3];
351 	u8 Type;
352 };
353 
354 /* Authentication and Key Management suite selector */
355 struct PACKED rt_akm_suite {
356 	u8 Oui[3];
357 	u8 Type;
358 };
359 
360 /* RSN capability */
361 struct PACKED rt_rsn_capability {
362 	u16 Rsv:10;
363 	u16 GTKSAReplayCnt:2;
364 	u16 PTKSAReplayCnt:2;
365 	u16 NoPairwise:1;
366 	u16 PreAuth:1;
367 };
368 
369 /*========================================
370 	The prototype is defined in cmm_wpa.c
371   ========================================*/
372 BOOLEAN WpaMsgTypeSubst(u8 EAPType, int *MsgType);
373 
374 void PRF(u8 *key, int key_len, u8 *prefix, int prefix_len,
375 	 u8 *data, int data_len, u8 *output, int len);
376 
377 int PasswordHash(char *password,
378 		 unsigned char *ssid, int ssidlength, unsigned char *output);
379 
380 u8 *GetSuiteFromRSNIE(u8 *rsnie, u32 rsnie_len, u8 type, u8 *count);
381 
382 void WpaShowAllsuite(u8 *rsnie, u32 rsnie_len);
383 
384 void RTMPInsertRSNIE(u8 *pFrameBuf,
385 		     unsigned long *pFrameLen,
386 		     u8 *rsnie_ptr,
387 		     u8 rsnie_len,
388 		     u8 *pmkid_ptr, u8 pmkid_len);
389 
390 #endif
391