1 /*
2  * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.
3  * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
4  *
5  * Permission to use, copy, modify, and/or distribute this software for
6  * any purpose with or without fee is hereby granted, provided that the
7  * above copyright notice and this permission notice appear in all
8  * copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
11  * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
12  * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
13  * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
14  * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
15  * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
16  * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17  * PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 /**
21  * DOC: Public definitions  for crypto service
22  */
23 
24 #ifndef _WLAN_CRYPTO_GLOBAL_DEF_H_
25 #define _WLAN_CRYPTO_GLOBAL_DEF_H_
26 
27 #include <wlan_cmn.h>
28 #ifdef WLAN_CRYPTO_SUPPORT_FILS
29 #include "wlan_crypto_fils_def.h"
30 #endif
31 #include <wlan_objmgr_cmn.h>
32 #include <wlan_cmn_ieee80211.h>
33 
34 #define WLAN_CRYPTO_TID_SIZE         (17)
35 #define WLAN_CRYPTO_RSC_SIZE         (16)
36 #define WLAN_CRYPTO_KEYBUF_SIZE      (32)
37 #define WLAN_CRYPTO_MICBUF_SIZE      (16)
38 #define WLAN_CRYPTO_MIC_LEN          (8)
39 #define WLAN_CRYPTO_IV_SIZE          (16)
40 #define WLAN_CRYPTO_MIC256_LEN       (16)
41 #define WLAN_CRYPTO_TXMIC_OFFSET     (0)
42 #define WLAN_CRYPTO_RXMIC_OFFSET     (WLAN_CRYPTO_TXMIC_OFFSET + \
43 					WLAN_CRYPTO_MIC_LEN)
44 #define WLAN_CRYPTO_WAPI_IV_SIZE     (16)
45 #define WLAN_CRYPTO_CRC_LEN          (4)
46 #define WLAN_CRYPTO_IV_LEN           (3)
47 #define WLAN_CRYPTO_KEYID_LEN        (1)
48 #define WLAN_CRYPTO_EXT_IV_LEN       (4)
49 #define WLAN_CRYPTO_EXT_IV_BIT       (0x20)
50 #define WLAN_CRYPTO_KEYIX_NONE       ((uint16_t)-1)
51 #define WLAN_CRYPTO_MAXKEYIDX        (4)
52 #define WLAN_CRYPTO_MAXIGTKKEYIDX    (2)
53 #define WLAN_CRYPTO_MAXBIGTKKEYIDX   (2)
54 #ifndef WLAN_CRYPTO_MAX_VLANKEYIX
55 #define WLAN_CRYPTO_MAX_VLANKEYIX    WLAN_CRYPTO_MAXKEYIDX
56 #endif
57 #define WLAN_CRYPTO_MAX_PMKID        (16)
58 #define WLAN_CRYPTO_TOTAL_KEYIDX     (WLAN_CRYPTO_MAXKEYIDX + \
59 					WLAN_CRYPTO_MAXIGTKKEYIDX + \
60 					WLAN_CRYPTO_MAXBIGTKKEYIDX)
61 /* 40 bit wep key len */
62 #define WLAN_CRYPTO_KEY_WEP40_LEN    (5)
63 /* 104 bit wep key len */
64 #define WLAN_CRYPTO_KEY_WEP104_LEN   (13)
65 /* 128 bit wep key len */
66 #define WLAN_CRYPTO_KEY_WEP128_LEN   (16)
67 
68 #define WLAN_CRYPTO_KEY_TKIP_LEN     (32)
69 #define WLAN_CRYPTO_KEY_CCMP_LEN     (16)
70 #define WLAN_CRYPTO_KEY_CCMP_256_LEN (32)
71 #define WLAN_CRYPTO_KEY_GCMP_LEN     (16)
72 #define WLAN_CRYPTO_KEY_GCMP_256_LEN (32)
73 #define WLAN_CRYPTO_KEY_WAPI_LEN     (32)
74 #define WLAN_CRYPTO_KEY_GMAC_LEN     (16)
75 #define WLAN_CRYPTO_KEY_GMAC_256_LEN (32)
76 #define WLAN_CRYPTO_WPI_SMS4_IVLEN   (16)
77 #define WLAN_CRYPTO_WPI_SMS4_KIDLEN  (1)
78 #define WLAN_CRYPTO_WPI_SMS4_PADLEN  (1)
79 #define WLAN_CRYPTO_WPI_SMS4_MICLEN  (16)
80 
81 /* FILS definitions */
82 #define WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN 3
83 #define WLAN_CRYPTO_FILS_RIK_LABEL "Re-authentication Integrity Key@ietf.org"
84 
85 /* key used for xmit */
86 #define WLAN_CRYPTO_KEY_XMIT         (0x01)
87 /* key used for recv */
88 #define WLAN_CRYPTO_KEY_RECV         (0x02)
89 /* key used for WPA group operation */
90 #define WLAN_CRYPTO_KEY_GROUP        (0x04)
91 /* key also used for management frames */
92 #define WLAN_CRYPTO_KEY_MFP          (0x08)
93 /* host-based encryption */
94 #define WLAN_CRYPTO_KEY_SWENCRYPT    (0x10)
95 /* host-based enmic */
96 #define WLAN_CRYPTO_KEY_SWENMIC      (0x20)
97 /* do not remove unless OS commands us to do so */
98 #define WLAN_CRYPTO_KEY_PERSISTENT   (0x40)
99 /* per STA default key */
100 #define WLAN_CRYPTO_KEY_DEFAULT      (0x80)
101 /* host-based decryption */
102 #define WLAN_CRYPTO_KEY_SWDECRYPT    (0x100)
103 /* host-based demic */
104 #define WLAN_CRYPTO_KEY_SWDEMIC      (0x200)
105 /* get pn from fw for key */
106 #define WLAN_CRYPTO_KEY_GET_PN       (0x400)
107 
108 #define WLAN_CRYPTO_KEY_SWCRYPT      (WLAN_CRYPTO_KEY_SWENCRYPT \
109 						| WLAN_CRYPTO_KEY_SWDECRYPT)
110 
111 #define WLAN_CRYPTO_KEY_SWMIC        (WLAN_CRYPTO_KEY_SWENMIC \
112 						| WLAN_CRYPTO_KEY_SWDEMIC)
113 
114 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)
115 #define WLAN_AKM_SUITE_FT_8021X         0x000FAC03
116 #define WLAN_AKM_SUITE_FT_PSK           0x000FAC04
117 #endif
118 
119 /* Maximum lifetime for a PMKID entry - 12 Hrs */
120 #define WLAN_CRYPTO_MAX_PMKID_LIFETIME 43200
121 #define WLAN_CRYPTO_MAX_PMKID_LIFETIME_THRESHOLD 100
122 
123 /*
124  * Cipher types
125  */
126 typedef enum wlan_crypto_cipher_type {
127 	WLAN_CRYPTO_CIPHER_WEP             = 0,
128 	WLAN_CRYPTO_CIPHER_TKIP            = 1,
129 	WLAN_CRYPTO_CIPHER_AES_OCB         = 2,
130 	WLAN_CRYPTO_CIPHER_AES_CCM         = 3,
131 	WLAN_CRYPTO_CIPHER_WAPI_SMS4       = 4,
132 	WLAN_CRYPTO_CIPHER_CKIP            = 5,
133 	WLAN_CRYPTO_CIPHER_AES_CMAC        = 6,
134 	WLAN_CRYPTO_CIPHER_AES_CCM_256     = 7,
135 	WLAN_CRYPTO_CIPHER_AES_CMAC_256    = 8,
136 	WLAN_CRYPTO_CIPHER_AES_GCM         = 9,
137 	WLAN_CRYPTO_CIPHER_AES_GCM_256     = 10,
138 	WLAN_CRYPTO_CIPHER_AES_GMAC        = 11,
139 	WLAN_CRYPTO_CIPHER_AES_GMAC_256    = 12,
140 	WLAN_CRYPTO_CIPHER_WAPI_GCM4       = 13,
141 	WLAN_CRYPTO_CIPHER_FILS_AEAD       = 14,
142 	WLAN_CRYPTO_CIPHER_WEP_40          = 15,
143 	WLAN_CRYPTO_CIPHER_WEP_104         = 16,
144 	WLAN_CRYPTO_CIPHER_NONE            = 17,
145 	WLAN_CRYPTO_CIPHER_MAX             = (WLAN_CRYPTO_CIPHER_NONE + 1),
146 	WLAN_CRYPTO_CIPHER_INVALID,
147 } wlan_crypto_cipher_type;
148 
149 /* Auth types */
150 typedef enum wlan_crypto_auth_mode {
151 	WLAN_CRYPTO_AUTH_NONE     = 0,
152 	WLAN_CRYPTO_AUTH_OPEN     = 1,
153 	WLAN_CRYPTO_AUTH_SHARED   = 2,
154 	WLAN_CRYPTO_AUTH_8021X    = 3,
155 	WLAN_CRYPTO_AUTH_AUTO     = 4,
156 	WLAN_CRYPTO_AUTH_WPA      = 5,
157 	WLAN_CRYPTO_AUTH_RSNA     = 6,
158 	WLAN_CRYPTO_AUTH_CCKM     = 7,
159 	WLAN_CRYPTO_AUTH_WAPI     = 8,
160 	WLAN_CRYPTO_AUTH_SAE      = 9,
161 	WLAN_CRYPTO_AUTH_FILS_SK  = 10,
162 	/** Keep WLAN_CRYPTO_AUTH_MAX at the end. */
163 	WLAN_CRYPTO_AUTH_MAX,
164 } wlan_crypto_auth_mode;
165 
166 /* crypto capabilities */
167 typedef enum wlan_crypto_cap {
168 	WLAN_CRYPTO_CAP_PRIVACY          = 0,
169 	WLAN_CRYPTO_CAP_WPA1             = 1,
170 	WLAN_CRYPTO_CAP_WPA2             = 2,
171 	WLAN_CRYPTO_CAP_WPA              = 3,
172 	WLAN_CRYPTO_CAP_AES              = 4,
173 	WLAN_CRYPTO_CAP_WEP              = 5,
174 	WLAN_CRYPTO_CAP_CKIP             = 6,
175 	WLAN_CRYPTO_CAP_TKIP_MIC         = 7,
176 	WLAN_CRYPTO_CAP_CCM256           = 8,
177 	WLAN_CRYPTO_CAP_GCM              = 9,
178 	WLAN_CRYPTO_CAP_GCM_256          = 10,
179 	WLAN_CRYPTO_CAP_WAPI_SMS4        = 11,
180 	WLAN_CRYPTO_CAP_WAPI_GCM4        = 12,
181 	WLAN_CRYPTO_CAP_KEY_MGMT_OFFLOAD = 13,
182 	WLAN_CRYPTO_CAP_PMF_OFFLOAD      = 14,
183 	WLAN_CRYPTO_CAP_PN_TID_BASED     = 15,
184 	WLAN_CRYPTO_CAP_FILS_AEAD        = 16,
185 } wlan_crypto_cap;
186 
187 typedef enum wlan_crypto_rsn_cap {
188 	WLAN_CRYPTO_RSN_CAP_PREAUTH       = 0x01,
189 	WLAN_CRYPTO_RSN_CAP_MFP_ENABLED   = 0x80,
190 	WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED  = 0x40,
191 	WLAN_CRYPTO_RSN_CAP_OCV_SUPPORTED  = 0x4000,
192 } wlan_crypto_rsn_cap;
193 
194 /**
195  * enum wlan_crypto_rsnx_cap - RSNXE capabilities
196  * @WLAN_CRYPTO_RSNX_CAP_PROTECTED_TWT: Protected TWT
197  * @WLAN_CRYPTO_RSNX_CAP_SAE_H2E: SAE Hash to Element
198  * @WLAN_CRYPTO_RSNX_CAP_SAE_PK: SAE PK
199  * @WLAN_CRYPTO_RSNX_CAP_SECURE_LTF: Secure LTF
200  * @WLAN_CRYPTO_RSNX_CAP_SECURE_RTT: Secure RTT
201  * @WLAN_CRYPTO_RSNX_CAP_URNM_MFPR_X20: Unassociated Range
202  * Negotiation and Measurement MFP Required Exempt 20MHz
203  * @WLAN_CRYPTO_RSNX_CAP_URNM_MFPR: Unassociated Range
204  * Negotiation and Measurement MFP Required
205  *
206  * Definition: (IEEE Std 802.11-2020, 9.4.2.241, Table 9-780)
207  * The Extended RSN Capabilities field, except its first 4 bits, is a
208  * bit field indicating the extended RSN capabilities being advertised
209  * by the STA transmitting the element. The length of the Extended
210  * RSN Capabilities field is a variable n, in octets, as indicated by
211  * the first 4 bits in the field.
212  */
213 enum wlan_crypto_rsnx_cap {
214 	WLAN_CRYPTO_RSNX_CAP_PROTECTED_TWT = 0x10,
215 	WLAN_CRYPTO_RSNX_CAP_SAE_H2E = 0x20,
216 	WLAN_CRYPTO_RSNX_CAP_SAE_PK = 0x40,
217 	WLAN_CRYPTO_RSNX_CAP_SECURE_LTF = 0x100,
218 	WLAN_CRYPTO_RSNX_CAP_SECURE_RTT = 0x200,
219 	WLAN_CRYPTO_RSNX_CAP_URNM_MFPR_X20 = 0x400,
220 	WLAN_CRYPTO_RSNX_CAP_URNM_MFPR = 0x8000,
221 };
222 
223 /**
224  * enum wlan_crypto_vdev_11az_security_capab  - 11az related vdev
225  * security capabilities
226  * @WLAN_CRYPTO_RSNX_URNM_MFPR: URNM MFP required bit from RSNXE
227  * @WLAN_CRYPTO_RSN_MFPC: MFP capable bit from RSN IE
228  * @WLAN_CRYPTO_RSN_MFPR: MFP required bit from RSN IE
229  * @WLAN_CRYPTO_RSNX_URNM_MFPR_X20: URNM_MFPR_X20 bit from RSNXE
230  * @WLAN_CRYPTO_RSNX_RSTA_EXTCAP_I2R_LMR_FB: I2R LMR FB Policy from
231  * Extended Capabilities
232  */
233 enum wlan_crypto_vdev_11az_security_capab {
234 	WLAN_CRYPTO_RSNX_URNM_MFPR,
235 	WLAN_CRYPTO_RSN_MFPC,
236 	WLAN_CRYPTO_RSN_MFPR,
237 	WLAN_CRYPTO_RSNX_URNM_MFPR_X20,
238 	WLAN_CRYPTO_RSNX_RSTA_EXTCAP_I2R_LMR_FB,
239 };
240 
241 /**
242  * enum wlan_crypto_vdev_pasn_caps  - PASN peer related vdev
243  * crypto parameters
244  * @WLAN_CRYPTO_URNM_MFPR: URNM MFP required in RSNXE
245  * @WLAN_CRYPTO_MFPC: MFP capable bit from RSN IE
246  * @WLAN_CRYPTO_MFPR: MFP required from RSNIE
247  */
248 enum wlan_crypto_vdev_pasn_caps {
249 	WLAN_CRYPTO_URNM_MFPR = BIT(0),
250 	WLAN_CRYPTO_MFPC = BIT(1),
251 	WLAN_CRYPTO_MFPR = BIT(2),
252 };
253 
254 typedef enum wlan_crypto_key_mgmt {
255 	WLAN_CRYPTO_KEY_MGMT_IEEE8021X             = 0,
256 	WLAN_CRYPTO_KEY_MGMT_PSK                   = 1,
257 	WLAN_CRYPTO_KEY_MGMT_NONE                  = 2,
258 	WLAN_CRYPTO_KEY_MGMT_IEEE8021X_NO_WPA      = 3,
259 	WLAN_CRYPTO_KEY_MGMT_WPA_NONE              = 4,
260 	WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X          = 5,
261 	WLAN_CRYPTO_KEY_MGMT_FT_PSK                = 6,
262 	WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256      = 7,
263 	WLAN_CRYPTO_KEY_MGMT_PSK_SHA256            = 8,
264 	WLAN_CRYPTO_KEY_MGMT_WPS                   = 9,
265 	WLAN_CRYPTO_KEY_MGMT_SAE                   = 10,
266 	WLAN_CRYPTO_KEY_MGMT_FT_SAE                = 11,
267 	WLAN_CRYPTO_KEY_MGMT_WAPI_PSK              = 12,
268 	WLAN_CRYPTO_KEY_MGMT_WAPI_CERT             = 13,
269 	WLAN_CRYPTO_KEY_MGMT_CCKM                  = 14,
270 	WLAN_CRYPTO_KEY_MGMT_OSEN                  = 15,
271 	WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B     = 16,
272 	WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192 = 17,
273 	WLAN_CRYPTO_KEY_MGMT_FILS_SHA256           = 18,
274 	WLAN_CRYPTO_KEY_MGMT_FILS_SHA384           = 19,
275 	WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256        = 20,
276 	WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384        = 21,
277 	WLAN_CRYPTO_KEY_MGMT_OWE                   = 22,
278 	WLAN_CRYPTO_KEY_MGMT_DPP                   = 23,
279 	WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384   = 24,
280 	WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384         = 25,
281 	WLAN_CRYPTO_KEY_MGMT_PSK_SHA384            = 26,
282 	WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY           = 27,
283 	WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY        = 28,
284 	/** Keep WLAN_CRYPTO_KEY_MGMT_MAX at the end. */
285 	WLAN_CRYPTO_KEY_MGMT_MAX,
286 } wlan_crypto_key_mgmt;
287 
288 enum wlan_crypto_key_type {
289 	WLAN_CRYPTO_KEY_TYPE_UNICAST,
290 	WLAN_CRYPTO_KEY_TYPE_GROUP,
291 };
292 
293 #define IS_WEP_CIPHER(_c)      ((_c == WLAN_CRYPTO_CIPHER_WEP) || \
294 				(_c == WLAN_CRYPTO_CIPHER_WEP_40) || \
295 				(_c == WLAN_CRYPTO_CIPHER_WEP_104))
296 
297 #define DEFAULT_KEYMGMT_6G_MASK 0xFFFFFFFF
298 
299 /* AKM wlan_crypto_key_mgmt 1, 6, 8, 25 and 26 are not allowed. */
300 #define ALLOWED_KEYMGMT_6G_MASK 0x19FFFEBD
301 
302 /*
303  * enum fils_erp_cryptosuite: this enum defines the cryptosuites used
304  * to calculate auth tag and auth tag length as defined by RFC 6696 5.3.1
305  * @HMAC_SHA256_64: sha256 with auth tag len as 64 bits
306  * @HMAC_SHA256_128: sha256 with auth tag len as 128 bits
307  * @HMAC_SHA256_256: sha256 with auth tag len as 256 bits
308  */
309 enum fils_erp_cryptosuite {
310 	INVALID_CRYPTO = 0, /* reserved */
311 	HMAC_SHA256_64,
312 	HMAC_SHA256_128,
313 	HMAC_SHA256_256,
314 };
315 
316 /*
317  * enum wlan_crypto_oem_eht_mlo_config - ENUM for different OEM configurable
318  * crypto params to allow EHT/MLO in WPA2/WPA3 security.
319  *
320  * @WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT: Allows connecting to WPA2 with PMF
321  * capability set to false in EHT only mode. If the AP is MLO, the connection
322  * will still be in EHT without MLO.
323  *
324  * @WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO: Allows connecting to WPA2 with PMF
325  * capability set to false in MLO mode.
326  *    -If set along with WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT,
327  *     this mode supersedes.
328  *
329  * @WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT_MFPC_SET: Allows connecting to WPA2
330  * with PMF capability set to true in EHT only mode. If the AP is MLO,
331  * the connection will still be in EHT without MLO.
332  *
333  * @WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO_MFPC_SET: Allows connecting to WPA2 with PMF
334  * capability set to true in MLO mode.
335  *    -If set along with WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT_MFPC_SET,
336  *     this mode supersedes.
337  *
338  * @WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_NON_MLO_EHT_HnP: Connect to non-MLO/MLO
339  * WPA3-SAE without support for H2E (or no RSNXE IE in beacon) in non-MLO EHT.
340  * This bit results in connecting to both H2E and HnP APs in EHT only mode.
341  *
342  * @WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_MLO_HnP: Connect to MLO WPA3-SAE without
343  * support for H2E (or no RSNXE IE in beacon) in MLO.
344  * This bit result in connecting to both H2E and HnP APs in MLO mode.
345  *    -If set along with WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_NON_MLO_EHT_HnP,
346  *     this mode supersedes.
347  */
348 enum wlan_crypto_oem_eht_mlo_config {
349 	WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT           = BIT(0),
350 	WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO                   = BIT(1),
351 	WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT_MFPC_SET  = BIT(2),
352 	WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO_MFPC_SET          = BIT(3),
353 	/* Bits 4-15 are reserved for future WPA2 security configs */
354 
355 	WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_NON_MLO_EHT_HnP   = BIT(16),
356 	WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_MLO_HnP           = BIT(17),
357 	/* Bits 18-31 are reserved for future WPA3 security configs */
358 };
359 
360 #define WLAN_CRYPTO_WPA2_OEM_EHT_CFG_NO_PMF_ALLOWED(_cfg) \
361 	((_cfg) & WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT || \
362 	 (_cfg) & WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO)
363 
364 #define WLAN_CRYPTO_WPA2_OEM_EHT_CFG_PMF_ALLOWED(_cfg) \
365 	 ((_cfg) & WLAN_HOST_CRYPTO_WPA2_ALLOW_NON_MLO_EHT_MFPC_SET || \
366 	  (_cfg) & WLAN_HOST_CRYPTO_WPA2_ALLOW_MLO_MFPC_SET)
367 
368 #define WLAN_CRYPTO_WPA3_SAE_OEM_EHT_CFG_IS_STRICT_H2E(_cfg) \
369 	(((_cfg) & WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_NON_MLO_EHT_HnP || \
370 	  (_cfg) & WLAN_HOST_CRYPTO_WPA3_SAE_ALLOW_MLO_HnP) == 0)
371 
372 /**
373  * struct mobility_domain_params - structure containing
374  *				   mobility domain info
375  * @mdie_present: mobility domain present or not
376  * @mobility_domain: mobility domain
377  */
378 struct mobility_domain_params {
379 	uint8_t mdie_present;
380 	uint16_t mobility_domain;
381 };
382 
383 /**
384  * struct wlan_crypto_pmksa - structure of crypto to contain pmkid
385  * @bssid: bssid for which pmkid is saved
386  * @pmkid: pmkid info
387  * @pmk: pmk info
388  * @pmk_len: pmk len
389  * @ssid_len: ssid length
390  * @ssid: ssid information
391  * @cache_id: cache id
392  * @pmk_lifetime: Duration in seconds for which the pmk is valid
393  * @pmk_lifetime_threshold: Percentage of pmk lifetime within which
394  * full authentication is expected to avoid disconnection.
395  * @pmk_entry_ts: System timestamp at which the PMK entry was created.
396  * @single_pmk_supported: SAE single pmk supported BSS
397  * @mdid: structure to contain mobility domain parameters
398  */
399 struct wlan_crypto_pmksa {
400 	struct qdf_mac_addr bssid;
401 	uint8_t    pmkid[PMKID_LEN];
402 	uint8_t    pmk[MAX_PMK_LEN];
403 	uint8_t    pmk_len;
404 	uint8_t    ssid_len;
405 	uint8_t    ssid[WLAN_SSID_MAX_LEN];
406 	uint8_t    cache_id[WLAN_CACHE_ID_LEN];
407 	uint32_t   pmk_lifetime;
408 	uint8_t    pmk_lifetime_threshold;
409 	qdf_time_t pmk_entry_ts;
410 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD)
411 	bool       single_pmk_supported;
412 #endif
413 	struct mobility_domain_params mdid;
414 };
415 
416 #ifdef WLAN_ADAPTIVE_11R
417 /**
418  * struct key_mgmt_list - structure to store AKM(s) present in RSN IE of
419  * Beacon/Probe response
420  * @key_mgmt: AKM(s) present in RSN IE of Beacon/Probe response
421  */
422 struct key_mgmt_list {
423 	uint32_t key_mgmt;
424 };
425 #endif
426 
427 /**
428  * struct wlan_crypto_params - holds crypto params
429  * @authmodeset:        authentication mode
430  * @ucastcipherset:     unicast ciphers
431  * @mcastcipherset:     multicast cipher
432  * @mgmtcipherset:      mgmt cipher
433  * @cipher_caps:        cipher capability
434  * @key_mgmt:           key mgmt
435  * @pmksa:              pmksa
436  * @rsn_caps:           rsn_capability
437  * @rsnx_caps:          rsnx capability
438  * @akm_list:           order of AKM present in RSN IE of Beacon/Probe response
439  *
440  * This structure holds crypto params for peer or vdev
441  */
442 struct wlan_crypto_params {
443 	uint32_t authmodeset;
444 	uint32_t ucastcipherset;
445 	uint32_t mcastcipherset;
446 	uint32_t mgmtcipherset;
447 	uint32_t cipher_caps;
448 	uint32_t key_mgmt;
449 	struct   wlan_crypto_pmksa *pmksa[WLAN_CRYPTO_MAX_PMKID];
450 	uint16_t rsn_caps;
451 	uint32_t rsnx_caps;
452 #ifdef WLAN_ADAPTIVE_11R
453 	struct key_mgmt_list akm_list[WLAN_CRYPTO_KEY_MGMT_MAX];
454 #endif
455 };
456 
457 /**
458  * struct wlan_crypto_ltf_keyseed_data - LTF keyseed parameters
459  * @vdev_id: Vdev id
460  * @peer_mac_addr: Peer mac address
461  * @src_mac_addr: Source mac address
462  * @rsn_authmode: Cipher suite
463  * @key_seed: Secure LTF key seed
464  * @key_seed_len: Key seed length
465  */
466 struct wlan_crypto_ltf_keyseed_data {
467 	uint8_t vdev_id;
468 	struct qdf_mac_addr peer_mac_addr;
469 	struct qdf_mac_addr src_mac_addr;
470 	uint8_t rsn_authmode;
471 	uint8_t key_seed[WLAN_MAX_SECURE_LTF_KEYSEED_LEN];
472 	uint16_t key_seed_len;
473 };
474 
475 typedef enum wlan_crypto_param_type {
476 	WLAN_CRYPTO_PARAM_AUTH_MODE,
477 	WLAN_CRYPTO_PARAM_UCAST_CIPHER,
478 	WLAN_CRYPTO_PARAM_MCAST_CIPHER,
479 	WLAN_CRYPTO_PARAM_MGMT_CIPHER,
480 	WLAN_CRYPTO_PARAM_CIPHER_CAP,
481 	WLAN_CRYPTO_PARAM_RSN_CAP,
482 	WLAN_CRYPTO_PARAM_RSNX_CAP,
483 	WLAN_CRYPTO_PARAM_KEY_MGMT,
484 	WLAN_CRYPTO_PARAM_PMKSA,
485 } wlan_crypto_param_type;
486 
487 /**
488  * struct wlan_crypto_key - key structure
489  * @keylen:         length of the key
490  * @valid:          is key valid or not
491  * @flags:          key flags
492  * @keyix:          key id
493  * @cipher_type:    cipher type being used for this key
494  * @key_type:       unicast or broadcast key
495  * @macaddr:        MAC address of the peer
496  * @src_addr:       Source mac address associated with the key
497  * @cipher_table:   table which stores cipher related info
498  * @private:        private pointer to save cipher context
499  * @keylock:        spin lock
500  * @recviv:         WAPI key receive sequence counter
501  * @txiv:           WAPI key transmit sequence counter
502  * @keytsc:         key transmit sequence counter
503  * @keyrsc:         key receive sequence counter
504  * @keyrsc_suspect: key receive sequence counter under
505  *                  suspect when pN jump is detected
506  * @keyglobal:      key receive global sequence counter used with suspect
507  * @keyval:         key value buffer
508  *
509  * This key structure to key related details.
510  */
511 struct wlan_crypto_key {
512 	uint8_t     keylen;
513 	bool        valid;
514 	uint16_t    flags;
515 	uint16_t    keyix;
516 	enum wlan_crypto_cipher_type cipher_type;
517 	enum wlan_crypto_key_type key_type;
518 	uint8_t     macaddr[QDF_MAC_ADDR_SIZE];
519 	struct qdf_mac_addr src_addr;
520 	void        *cipher_table;
521 	void        *private;
522 	qdf_spinlock_t	keylock;
523 	uint8_t     recviv[WLAN_CRYPTO_WAPI_IV_SIZE];
524 	uint8_t     txiv[WLAN_CRYPTO_WAPI_IV_SIZE];
525 	uint64_t    keytsc;
526 	uint64_t    keyrsc[WLAN_CRYPTO_TID_SIZE];
527 	uint64_t    keyrsc_suspect[WLAN_CRYPTO_TID_SIZE];
528 	uint64_t    keyglobal;
529 	uint8_t     keyval[WLAN_CRYPTO_KEYBUF_SIZE
530 				+ WLAN_CRYPTO_MICBUF_SIZE];
531 #define txmic    (keyval + WLAN_CRYPTO_KEYBUF_SIZE \
532 				+ WLAN_CRYPTO_TXMIC_OFFSET)
533 #define rxmic    (keyval + WLAN_CRYPTO_KEYBUF_SIZE \
534 				+ WLAN_CRYPTO_RXMIC_OFFSET)
535 };
536 
537 /**
538  * struct wlan_crypto_keys - crypto keys structure
539  * @key:              key buffers for this peer
540  * @igtk_key:         igtk key buffer for this peer
541  * @bigtk_key:        bigtk key buffer for this peer
542  * @ltf_key_seed:     LTF Key Seed buffer
543  * @igtk_key_type:    igtk key type
544  * @def_tx_keyid:     default key used for this peer
545  * @def_igtk_tx_keyid: default igtk key used for this peer
546  * @def_bigtk_tx_keyid: default bigtk key used for this peer
547  */
548 struct wlan_crypto_keys {
549 	struct wlan_crypto_key *key[WLAN_CRYPTO_MAX_VLANKEYIX];
550 	struct wlan_crypto_key *igtk_key[WLAN_CRYPTO_MAXIGTKKEYIDX];
551 	struct wlan_crypto_key *bigtk_key[WLAN_CRYPTO_MAXBIGTKKEYIDX];
552 	struct wlan_crypto_ltf_keyseed_data ltf_key_seed;
553 	enum wlan_crypto_cipher_type igtk_key_type;
554 	uint8_t def_tx_keyid;
555 	uint8_t def_igtk_tx_keyid;
556 	uint8_t def_bigtk_tx_keyid;
557 };
558 
559 union crypto_align_mac_addr {
560 	uint8_t raw[QDF_MAC_ADDR_SIZE];
561 	struct {
562 		uint16_t bytes_ab;
563 		uint16_t bytes_cd;
564 		uint16_t bytes_ef;
565 	} align2;
566 	struct {
567 		uint32_t bytes_abcd;
568 		uint16_t bytes_ef;
569 	} align4;
570 	struct __packed {
571 		uint16_t bytes_ab;
572 		uint32_t bytes_cdef;
573 	} align4_2;
574 };
575 
576 /**
577  * struct wlan_crypto_key_entry - crypto key entry structure
578  * @mac_addr: mac addr
579  * @is_active: active key entry
580  * @link_id: link id
581  * @vdev_id: vdev id
582  * @keys: crypto keys
583  * @hash_list_elem: hash list element
584  */
585 struct wlan_crypto_key_entry {
586 	union crypto_align_mac_addr mac_addr;
587 	bool is_active;
588 	uint8_t link_id;
589 	uint8_t vdev_id;
590 	struct wlan_crypto_keys keys;
591 
592 	TAILQ_ENTRY(wlan_crypto_key_entry) hash_list_elem;
593 };
594 
595 /**
596  * struct wlan_crypto_req_key - key request structure
597  * @type:                       key/cipher type
598  * @pad:                        padding member
599  * @keyix:                      key index
600  * @keylen:                     length of the key value
601  * @flags:                      key flags
602  * @macaddr:                    macaddr of the key
603  * @keyrsc:                     key receive sequence counter
604  * @keytsc:                     key transmit sequence counter
605  * @keydata:                    key value
606  * @txiv:                       wapi key tx iv
607  * @recviv:                     wapi key rx iv
608  * @filsaad:                    FILS AEAD data
609  *
610  * Key request structure used for setkey, getkey or delkey
611  */
612 struct wlan_crypto_req_key {
613 	uint8_t    type;
614 	uint8_t    pad;
615 	uint16_t   keyix;
616 	uint8_t    keylen;
617 	uint16_t    flags;
618 	uint8_t    macaddr[QDF_MAC_ADDR_SIZE];
619 	uint64_t   keyrsc;
620 	uint64_t   keytsc;
621 	uint8_t    keydata[WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE];
622 	uint8_t    txiv[WLAN_CRYPTO_WAPI_IV_SIZE];
623 	uint8_t    recviv[WLAN_CRYPTO_WAPI_IV_SIZE];
624 #ifdef WLAN_CRYPTO_SUPPORT_FILS
625 	struct     wlan_crypto_fils_aad_key   filsaad;
626 #endif
627 };
628 
629 /**
630  * struct wlan_lmac_if_crypto_tx_ops - structure of crypto function
631  *                  pointers
632  * @allockey: function pointer to alloc key in hw
633  * @setkey:  function pointer to setkey in hw
634  * @delkey: function pointer to delkey in hw
635  * @defaultkey: function pointer to set default key
636  * @set_key: converged function pointer to set key in hw
637  * @getpn: function pointer to get current pn value of peer
638  * @set_ltf_keyseed: Set LTF keyseed
639  * @set_vdev_param: Set the vdev crypto parameter
640  * @register_events: function pointer to register wmi event handler
641  * @deregister_events: function pointer to deregister wmi event handler
642  */
643 struct wlan_lmac_if_crypto_tx_ops {
644 	QDF_STATUS (*allockey)(struct wlan_objmgr_vdev *vdev,
645 			       struct wlan_crypto_key *key,
646 			       uint8_t *macaddr, uint32_t key_type);
647 	QDF_STATUS (*setkey)(struct wlan_objmgr_vdev *vdev,
648 			     struct wlan_crypto_key *key,
649 			     uint8_t *macaddr, uint32_t key_type);
650 	QDF_STATUS (*delkey)(struct wlan_objmgr_vdev *vdev,
651 			     struct wlan_crypto_key *key,
652 			     uint8_t *macaddr, uint32_t key_type);
653 	QDF_STATUS (*defaultkey)(struct wlan_objmgr_vdev *vdev,
654 				 uint8_t keyix, uint8_t *macaddr);
655 	QDF_STATUS (*set_key)(struct wlan_objmgr_vdev *vdev,
656 			      struct wlan_crypto_key *key,
657 			      enum wlan_crypto_key_type key_type);
658 	QDF_STATUS(*getpn)(struct wlan_objmgr_vdev *vdev,
659 			   uint8_t *macaddr, uint8_t keyix, uint32_t key_type);
660 	QDF_STATUS (*set_ltf_keyseed)(struct wlan_objmgr_psoc *psoc,
661 				      struct wlan_crypto_ltf_keyseed_data *ks);
662 	QDF_STATUS (*set_vdev_param)(struct wlan_objmgr_psoc *psoc,
663 				     uint32_t vdev_id, uint32_t param_id,
664 				     uint32_t param_value);
665 	QDF_STATUS (*register_events)(struct wlan_objmgr_psoc *psoc);
666 	QDF_STATUS (*deregister_events)(struct wlan_objmgr_psoc *psoc);
667 };
668 
669 /**
670  * struct wlan_lmac_if_crypto_rx_ops - structure of crypto rx  function
671  *                  pointers
672  * @crypto_encap: function pointer to encap tx frame
673  * @crypto_decap:  function pointer to decap rx frame in hw
674  * @crypto_enmic: function pointer to enmic tx frame
675  * @crypto_demic: function pointer to demic rx frame
676  * @set_peer_wep_keys: function pointer to set WEP keys
677  * @get_rxpn: function pointer to get current Rx pn value of peer
678  */
679 
680 struct wlan_lmac_if_crypto_rx_ops {
681 	QDF_STATUS(*crypto_encap)(struct wlan_objmgr_vdev *vdev,
682 					qdf_nbuf_t wbuf, uint8_t *macaddr,
683 					uint8_t encapdone);
684 	QDF_STATUS(*crypto_decap)(struct wlan_objmgr_vdev *vdev,
685 					qdf_nbuf_t wbuf, uint8_t *macaddr,
686 					uint8_t tid);
687 	QDF_STATUS(*crypto_enmic)(struct wlan_objmgr_vdev *vdev,
688 					qdf_nbuf_t wbuf, uint8_t *macaddr,
689 					uint8_t encapdone);
690 	QDF_STATUS(*crypto_demic)(struct wlan_objmgr_vdev *vdev,
691 					qdf_nbuf_t wbuf, uint8_t *macaddr,
692 					uint8_t tid, uint8_t keyid);
693 	QDF_STATUS(*set_peer_wep_keys)(struct wlan_objmgr_vdev *vdev,
694 					struct wlan_objmgr_peer *peer);
695 	QDF_STATUS (*get_rxpn)(struct wlan_objmgr_vdev *vdev,
696 			       uint8_t *macaddr, uint16_t keyix);
697 };
698 
699 #define WLAN_CRYPTO_RX_OPS_ENCAP(crypto_rx_ops) \
700 				(crypto_rx_ops->crypto_encap)
701 #define WLAN_CRYPTO_RX_OPS_DECAP(crypto_rx_ops) \
702 				(crypto_rx_ops->crypto_decap)
703 #define WLAN_CRYPTO_RX_OPS_ENMIC(crypto_rx_ops) \
704 				(crypto_rx_ops->crypto_enmic)
705 #define WLAN_CRYPTO_RX_OPS_DEMIC(crypto_rx_ops) \
706 				(crypto_rx_ops->crypto_demic)
707 #define WLAN_CRYPTO_RX_OPS_SET_PEER_WEP_KEYS(crypto_rx_ops) \
708 				(crypto_rx_ops->set_peer_wep_keys)
709 #define WLAN_CRYPTO_RX_OPS_GET_RXPN(crypto_rx_ops) \
710 				((crypto_rx_ops)->get_rxpn)
711 
712 #define WLAN_CRYPTO_IS_WPA_WPA2(akm) \
713 	(QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X) || \
714 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK) || \
715 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X) || \
716 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK) || \
717 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256) || \
718 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256) || \
719 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WPS) || \
720 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK) || \
721 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT) || \
722 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_CCKM) || \
723 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_OSEN) || \
724 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B) || \
725 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256) || \
726 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384) || \
727 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256) || \
728 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384) || \
729 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384) || \
730 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA384))
731 
732 #define WLAN_CRYPTO_IS_WPA2(akm) \
733 	(QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK) || \
734 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK) || \
735 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256) || \
736 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384) || \
737 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA384))
738 
739 #define WLAN_CRYPTO_IS_WPA3(akm) \
740 	(QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE) || \
741 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE) || \
742 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192) || \
743 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_OWE) || \
744 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_DPP) || \
745 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384) || \
746 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY) || \
747 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY))
748 
749 #define WLAN_CRYPTO_IS_AKM_ENTERPRISE(akm) \
750 	(QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X) || \
751 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256) || \
752 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B) || \
753 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X) || \
754 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384) || \
755 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192) || \
756 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256) || \
757 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384) || \
758 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256) || \
759 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384))
760 
761 #define WLAN_CRYPTO_IS_AKM_SAE(akm) \
762 	(QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE) || \
763 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE) || \
764 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY) || \
765 	 QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY))
766 #endif /* end of _WLAN_CRYPTO_GLOBAL_DEF_H_ */
767