src/ap/wpa_auth_i.h

   1 /*
   2  * hostapd - IEEE 802.11i-2004 / WPA Authenticator: Internal definitions
   3  * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #ifndef WPA_AUTH_I_H
  10 #define WPA_AUTH_I_H
  11
  12 /* max(dot11RSNAConfigGroupUpdateCount,dot11RSNAConfigPairwiseUpdateCount) */
  13 #define RSNA_MAX_EAPOL_RETRIES 4
  14
  15 struct wpa_group;
  16
  17 struct wpa_stsl_negotiation {
  18         struct wpa_stsl_negotiation *next;
  19         u8 initiator[ETH_ALEN];
  20         u8 peer[ETH_ALEN];
  21 };
  22
  23
  24 struct wpa_state_machine {
  25         struct wpa_authenticator *wpa_auth;
  26         struct wpa_group *group;
  27
  28         u8 addr[ETH_ALEN];
  29
  30         enum {
  31                 WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED,
  32                 WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2,
  33                 WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART,
  34                 WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2,
  35                 WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE
  36         } wpa_ptk_state;
  37
  38         enum {
  39                 WPA_PTK_GROUP_IDLE = 0,
  40                 WPA_PTK_GROUP_REKEYNEGOTIATING,
  41                 WPA_PTK_GROUP_REKEYESTABLISHED,
  42                 WPA_PTK_GROUP_KEYERROR
  43         } wpa_ptk_group_state;
  44
  45         Boolean Init;
  46         Boolean DeauthenticationRequest;
  47         Boolean AuthenticationRequest;
  48         Boolean ReAuthenticationRequest;
  49         Boolean Disconnect;
  50         int TimeoutCtr;
  51         int GTimeoutCtr;
  52         Boolean TimeoutEvt;
  53         Boolean EAPOLKeyReceived;
  54         Boolean EAPOLKeyPairwise;
  55         Boolean EAPOLKeyRequest;
  56         Boolean MICVerified;
  57         Boolean GUpdateStationKeys;
  58         u8 ANonce[WPA_NONCE_LEN];
  59         u8 SNonce[WPA_NONCE_LEN];
  60         u8 PMK[PMK_LEN];
  61         struct wpa_ptk PTK;
  62         Boolean PTK_valid;
  63         Boolean pairwise_set;
  64         int keycount;
  65         Boolean Pair;
  66         struct wpa_key_replay_counter {
  67                 u8 counter[WPA_REPLAY_COUNTER_LEN];
  68                 Boolean valid;
  69         } key_replay[RSNA_MAX_EAPOL_RETRIES],
  70                 prev_key_replay[RSNA_MAX_EAPOL_RETRIES];
  71         Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */
  72         Boolean PTKRequest; /* not in IEEE 802.11i state machine */
  73         Boolean has_GTK;
  74         Boolean PtkGroupInit; /* init request for PTK Group state machine */
  75
  76         u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
  77         size_t last_rx_eapol_key_len;
  78
  79         unsigned int changed:1;
  80         unsigned int in_step_loop:1;
  81         unsigned int pending_deinit:1;
  82         unsigned int started:1;
  83         unsigned int mgmt_frame_prot:1;
  84         unsigned int rx_eapol_key_secure:1;
  85         unsigned int update_snonce:1;
  86 #ifdef CONFIG_IEEE80211R
  87         unsigned int ft_completed:1;
  88         unsigned int pmk_r1_name_valid:1;
  89 #endif /* CONFIG_IEEE80211R */
  90 #ifdef CONFIG_IEEE80211V
  91         unsigned int is_wnmsleep:1;
  92 #endif /* CONFIG_IEEE80211V */
  93
  94         u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
  95         int req_replay_counter_used;
  96
  97         u8 *wpa_ie;
  98         size_t wpa_ie_len;
  99
 100         enum {
 101                 WPA_VERSION_NO_WPA = 0 /* WPA not used */,
 102                 WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */,
 103                 WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */
 104         } wpa;
 105         int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
 106         int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */
 107         struct rsn_pmksa_cache_entry *pmksa;
 108
 109         u32 dot11RSNAStatsTKIPLocalMICFailures;
 110         u32 dot11RSNAStatsTKIPRemoteMICFailures;
 111
 112 #ifdef CONFIG_IEEE80211R
 113         u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
 114         size_t xxkey_len;
 115         u8 pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name derived from FT Auth
 116                                            * Request */
 117         u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; /* R0KH-ID from FT Auth Request */
 118         size_t r0kh_id_len;
 119         u8 sup_pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name from EAPOL-Key
 120                                                * message 2/4 */
 121         u8 *assoc_resp_ftie;
 122 #endif /* CONFIG_IEEE80211R */
 123
 124         int pending_1_of_4_timeout;
 125 };
 126
 127
 128 /* per group key state machine data */
 129 struct wpa_group {
 130         struct wpa_group *next;
 131         int vlan_id;
 132
 133         Boolean GInit;
 134         int GKeyDoneStations;
 135         Boolean GTKReKey;
 136         int GTK_len;
 137         int GN, GM;
 138         Boolean GTKAuthenticator;
 139         u8 Counter[WPA_NONCE_LEN];
 140
 141         enum {
 142                 WPA_GROUP_GTK_INIT = 0,
 143                 WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE
 144         } wpa_group_state;
 145
 146         u8 GMK[WPA_GMK_LEN];
 147         u8 GTK[2][WPA_GTK_MAX_LEN];
 148         u8 GNonce[WPA_NONCE_LEN];
 149         Boolean changed;
 150         Boolean first_sta_seen;
 151         Boolean reject_4way_hs_for_entropy;
 152 #ifdef CONFIG_IEEE80211W
 153         u8 IGTK[2][WPA_IGTK_LEN];
 154         int GN_igtk, GM_igtk;
 155 #endif /* CONFIG_IEEE80211W */
 156 };
 157
 158
 159 struct wpa_ft_pmk_cache;
 160
 161 /* per authenticator data */
 162 struct wpa_authenticator {
 163         struct wpa_group *group;
 164
 165         unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
 166         u32 dot11RSNAAuthenticationSuiteSelected;
 167         u32 dot11RSNAPairwiseCipherSelected;
 168         u32 dot11RSNAGroupCipherSelected;
 169         u8 dot11RSNAPMKIDUsed[PMKID_LEN];
 170         u32 dot11RSNAAuthenticationSuiteRequested; /* FIX: update */
 171         u32 dot11RSNAPairwiseCipherRequested; /* FIX: update */
 172         u32 dot11RSNAGroupCipherRequested; /* FIX: update */
 173         unsigned int dot11RSNATKIPCounterMeasuresInvoked;
 174         unsigned int dot11RSNA4WayHandshakeFailures;
 175
 176         struct wpa_stsl_negotiation *stsl_negotiations;
 177
 178         struct wpa_auth_config conf;
 179         struct wpa_auth_callbacks cb;
 180
 181         u8 *wpa_ie;
 182         size_t wpa_ie_len;
 183
 184         u8 addr[ETH_ALEN];
 185
 186         struct rsn_pmksa_cache *pmksa;
 187         struct wpa_ft_pmk_cache *ft_pmk_cache;
 188 };
 189
 190
 191 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
 192                      const u8 *pmkid);
 193 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
 194                      logger_level level, const char *txt);
 195 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
 196                       logger_level level, const char *fmt, ...);
 197 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
 198                       struct wpa_state_machine *sm, int key_info,
 199                       const u8 *key_rsc, const u8 *nonce,
 200                       const u8 *kde, size_t kde_len,
 201                       int keyidx, int encr, int force_version);
 202 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
 203                           int (*cb)(struct wpa_state_machine *sm, void *ctx),
 204                           void *cb_ctx);
 205 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
 206                            int (*cb)(struct wpa_authenticator *a, void *ctx),
 207                            void *cb_ctx);
 208
 209 #ifdef CONFIG_PEERKEY
 210 int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
 211                     struct wpa_stsl_negotiation *neg);
 212 void wpa_smk_error(struct wpa_authenticator *wpa_auth,
 213                    struct wpa_state_machine *sm, struct wpa_eapol_key *key);
 214 void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
 215                 struct wpa_state_machine *sm, struct wpa_eapol_key *key);
 216 void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
 217                 struct wpa_state_machine *sm, struct wpa_eapol_key *key);
 218 #endif /* CONFIG_PEERKEY */
 219
 220 #ifdef CONFIG_IEEE80211R
 221 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
 222 int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
 223                    size_t r0kh_id_len,
 224                    const u8 *anonce, const u8 *snonce,
 225                    u8 *buf, size_t len, const u8 *subelem,
 226                    size_t subelem_len);
 227 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
 228                            struct wpa_ptk *ptk, size_t ptk_len);
 229 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void);
 230 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache);
 231 void wpa_ft_install_ptk(struct wpa_state_machine *sm);
 232 #endif /* CONFIG_IEEE80211R */
 233
 234 #endif /* WPA_AUTH_I_H */