2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator: Internal definitions
3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "utils/list.h"
14 /* max(dot11RSNAConfigGroupUpdateCount,dot11RSNAConfigPairwiseUpdateCount) */
15 #define RSNA_MAX_EAPOL_RETRIES 4
19 struct wpa_state_machine
{
20 struct wpa_authenticator
*wpa_auth
;
21 struct wpa_group
*group
;
24 u8 p2p_dev_addr
[ETH_ALEN
];
28 WPA_PTK_INITIALIZE
, WPA_PTK_DISCONNECT
, WPA_PTK_DISCONNECTED
,
29 WPA_PTK_AUTHENTICATION
, WPA_PTK_AUTHENTICATION2
,
30 WPA_PTK_INITPMK
, WPA_PTK_INITPSK
, WPA_PTK_PTKSTART
,
31 WPA_PTK_PTKCALCNEGOTIATING
, WPA_PTK_PTKCALCNEGOTIATING2
,
32 WPA_PTK_PTKINITNEGOTIATING
, WPA_PTK_PTKINITDONE
36 WPA_PTK_GROUP_IDLE
= 0,
37 WPA_PTK_GROUP_REKEYNEGOTIATING
,
38 WPA_PTK_GROUP_REKEYESTABLISHED
,
39 WPA_PTK_GROUP_KEYERROR
40 } wpa_ptk_group_state
;
43 Boolean DeauthenticationRequest
;
44 Boolean AuthenticationRequest
;
45 Boolean ReAuthenticationRequest
;
47 u16 disconnect_reason
; /* specific reason code to use with Disconnect */
51 Boolean EAPOLKeyReceived
;
52 Boolean EAPOLKeyPairwise
;
53 Boolean EAPOLKeyRequest
;
55 Boolean GUpdateStationKeys
;
56 u8 ANonce
[WPA_NONCE_LEN
];
57 u8 SNonce
[WPA_NONCE_LEN
];
58 u8 alt_SNonce
[WPA_NONCE_LEN
];
59 u8 alt_replay_counter
[WPA_REPLAY_COUNTER_LEN
];
62 u8 pmkid
[PMKID_LEN
]; /* valid if pmkid_set == 1 */
66 Boolean tk_already_set
;
69 struct wpa_key_replay_counter
{
70 u8 counter
[WPA_REPLAY_COUNTER_LEN
];
72 } key_replay
[RSNA_MAX_EAPOL_RETRIES
],
73 prev_key_replay
[RSNA_MAX_EAPOL_RETRIES
];
74 Boolean PInitAKeys
; /* WPA only, not in IEEE 802.11i */
75 Boolean PTKRequest
; /* not in IEEE 802.11i state machine */
77 Boolean PtkGroupInit
; /* init request for PTK Group state machine */
79 u8
*last_rx_eapol_key
; /* starting from IEEE 802.1X header */
80 size_t last_rx_eapol_key_len
;
82 unsigned int changed
:1;
83 unsigned int in_step_loop
:1;
84 unsigned int pending_deinit
:1;
85 unsigned int started
:1;
86 unsigned int mgmt_frame_prot
:1;
87 unsigned int rx_eapol_key_secure
:1;
88 unsigned int update_snonce
:1;
89 unsigned int alt_snonce_valid
:1;
90 #ifdef CONFIG_IEEE80211R_AP
91 unsigned int ft_completed
:1;
92 unsigned int pmk_r1_name_valid
:1;
93 #endif /* CONFIG_IEEE80211R_AP */
94 unsigned int is_wnmsleep
:1;
95 unsigned int pmkid_set
:1;
97 unsigned int ocv_enabled
:1;
98 #endif /* CONFIG_OCV */
100 u8 req_replay_counter
[WPA_REPLAY_COUNTER_LEN
];
101 int req_replay_counter_used
;
109 WPA_VERSION_NO_WPA
= 0 /* WPA not used */,
110 WPA_VERSION_WPA
= 1 /* WPA / IEEE 802.11i/D3.0 */,
111 WPA_VERSION_WPA2
= 2 /* WPA2 / IEEE 802.11i */
113 int pairwise
; /* Pairwise cipher suite, WPA_CIPHER_* */
114 int wpa_key_mgmt
; /* the selected WPA_KEY_MGMT_* */
115 struct rsn_pmksa_cache_entry
*pmksa
;
117 u32 dot11RSNAStatsTKIPLocalMICFailures
;
118 u32 dot11RSNAStatsTKIPRemoteMICFailures
;
120 #ifdef CONFIG_IEEE80211R_AP
121 u8 xxkey
[PMK_LEN_MAX
]; /* PSK or the second 256 bits of MSK, or the
122 * first 384 bits of MSK */
124 u8 pmk_r1
[PMK_LEN_MAX
];
125 unsigned int pmk_r1_len
;
126 u8 pmk_r1_name
[WPA_PMK_NAME_LEN
]; /* PMKR1Name derived from FT Auth
128 u8 r0kh_id
[FT_R0KH_ID_MAX_LEN
]; /* R0KH-ID from FT Auth Request */
130 u8 sup_pmk_r1_name
[WPA_PMK_NAME_LEN
]; /* PMKR1Name from EAPOL-Key
134 void (*ft_pending_cb
)(void *ctx
, const u8
*dst
, const u8
*bssid
,
135 u16 auth_transaction
, u16 status
,
136 const u8
*ies
, size_t ies_len
);
137 void *ft_pending_cb_ctx
;
138 struct wpabuf
*ft_pending_req_ies
;
139 u8 ft_pending_pull_nonce
[FT_RRB_NONCE_LEN
];
140 u8 ft_pending_auth_transaction
;
141 u8 ft_pending_current_ap
[ETH_ALEN
];
142 int ft_pending_pull_left_retries
;
143 #endif /* CONFIG_IEEE80211R_AP */
145 int pending_1_of_4_timeout
;
149 #endif /* CONFIG_P2P */
152 u8 fils_key_auth_sta
[FILS_MAX_KEY_AUTH_LEN
];
153 u8 fils_key_auth_ap
[FILS_MAX_KEY_AUTH_LEN
];
154 size_t fils_key_auth_len
;
155 unsigned int fils_completed
:1;
156 #endif /* CONFIG_FILS */
159 struct wpabuf
*dpp_z
;
160 #endif /* CONFIG_DPP2 */
162 #ifdef CONFIG_TESTING_OPTIONS
163 void (*eapol_status_cb
)(void *ctx1
, void *ctx2
);
164 void *eapol_status_cb_ctx1
;
165 void *eapol_status_cb_ctx2
;
166 #endif /* CONFIG_TESTING_OPTIONS */
170 /* per group key state machine data */
172 struct wpa_group
*next
;
176 int GKeyDoneStations
;
180 Boolean GTKAuthenticator
;
181 u8 Counter
[WPA_NONCE_LEN
];
184 WPA_GROUP_GTK_INIT
= 0,
185 WPA_GROUP_SETKEYS
, WPA_GROUP_SETKEYSDONE
,
186 WPA_GROUP_FATAL_FAILURE
190 u8 GTK
[2][WPA_GTK_MAX_LEN
];
191 u8 GNonce
[WPA_NONCE_LEN
];
193 Boolean first_sta_seen
;
194 Boolean reject_4way_hs_for_entropy
;
195 u8 IGTK
[2][WPA_IGTK_MAX_LEN
];
196 int GN_igtk
, GM_igtk
;
197 /* Number of references except those in struct wpa_group->next */
198 unsigned int references
;
199 unsigned int num_setup_iface
;
203 struct wpa_ft_pmk_cache
;
205 /* per authenticator data */
206 struct wpa_authenticator
{
207 struct wpa_group
*group
;
209 unsigned int dot11RSNAStatsTKIPRemoteMICFailures
;
210 u32 dot11RSNAAuthenticationSuiteSelected
;
211 u32 dot11RSNAPairwiseCipherSelected
;
212 u32 dot11RSNAGroupCipherSelected
;
213 u8 dot11RSNAPMKIDUsed
[PMKID_LEN
];
214 u32 dot11RSNAAuthenticationSuiteRequested
; /* FIX: update */
215 u32 dot11RSNAPairwiseCipherRequested
; /* FIX: update */
216 u32 dot11RSNAGroupCipherRequested
; /* FIX: update */
217 unsigned int dot11RSNATKIPCounterMeasuresInvoked
;
218 unsigned int dot11RSNA4WayHandshakeFailures
;
220 struct wpa_auth_config conf
;
221 const struct wpa_auth_callbacks
*cb
;
229 struct rsn_pmksa_cache
*pmksa
;
230 struct wpa_ft_pmk_cache
*ft_pmk_cache
;
233 struct bitfield
*ip_pool
;
234 #endif /* CONFIG_P2P */
238 #ifdef CONFIG_IEEE80211R_AP
240 #define FT_REMOTE_SEQ_BACKLOG 16
241 struct ft_remote_seq_rx
{
243 struct os_reltime time_offset
; /* local time - offset = remote time */
245 /* accepted sequence numbers: (offset ... offset + 0x40000000]
246 * (except those in last)
247 * dropped sequence numbers: (offset - 0x40000000 ... offset]
248 * all others trigger SEQ_REQ message (except first message)
250 u32 last
[FT_REMOTE_SEQ_BACKLOG
];
251 unsigned int num_last
;
254 struct dl_list queue
; /* send nonces + rrb msgs awaiting seq resp */
257 struct ft_remote_seq_tx
{
258 u32 dom
; /* non zero if initialized */
262 struct ft_remote_seq
{
263 struct ft_remote_seq_rx rx
;
264 struct ft_remote_seq_tx tx
;
267 #endif /* CONFIG_IEEE80211R_AP */
270 int wpa_write_rsn_ie(struct wpa_auth_config
*conf
, u8
*buf
, size_t len
,
272 int wpa_write_rsnxe(struct wpa_auth_config
*conf
, u8
*buf
, size_t len
);
273 void wpa_auth_logger(struct wpa_authenticator
*wpa_auth
, const u8
*addr
,
274 logger_level level
, const char *txt
);
275 void wpa_auth_vlogger(struct wpa_authenticator
*wpa_auth
, const u8
*addr
,
276 logger_level level
, const char *fmt
, ...);
277 void __wpa_send_eapol(struct wpa_authenticator
*wpa_auth
,
278 struct wpa_state_machine
*sm
, int key_info
,
279 const u8
*key_rsc
, const u8
*nonce
,
280 const u8
*kde
, size_t kde_len
,
281 int keyidx
, int encr
, int force_version
);
282 int wpa_auth_for_each_sta(struct wpa_authenticator
*wpa_auth
,
283 int (*cb
)(struct wpa_state_machine
*sm
, void *ctx
),
285 int wpa_auth_for_each_auth(struct wpa_authenticator
*wpa_auth
,
286 int (*cb
)(struct wpa_authenticator
*a
, void *ctx
),
289 #ifdef CONFIG_IEEE80211R_AP
290 int wpa_write_mdie(struct wpa_auth_config
*conf
, u8
*buf
, size_t len
);
291 int wpa_write_ftie(struct wpa_auth_config
*conf
, int use_sha384
,
292 const u8
*r0kh_id
, size_t r0kh_id_len
,
293 const u8
*anonce
, const u8
*snonce
,
294 u8
*buf
, size_t len
, const u8
*subelem
,
296 int wpa_auth_derive_ptk_ft(struct wpa_state_machine
*sm
, struct wpa_ptk
*ptk
);
297 struct wpa_ft_pmk_cache
* wpa_ft_pmk_cache_init(void);
298 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache
*cache
);
299 void wpa_ft_install_ptk(struct wpa_state_machine
*sm
);
300 int wpa_ft_store_pmk_fils(struct wpa_state_machine
*sm
, const u8
*pmk_r0
,
301 const u8
*pmk_r0_name
);
302 #endif /* CONFIG_IEEE80211R_AP */
304 #endif /* WPA_AUTH_I_H */