2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator: Internal definitions
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 /* max(dot11RSNAConfigGroupUpdateCount,dot11RSNAConfigPairwiseUpdateCount) */
13 #define RSNA_MAX_EAPOL_RETRIES 4
17 struct wpa_stsl_negotiation
{
18 struct wpa_stsl_negotiation
*next
;
19 u8 initiator
[ETH_ALEN
];
24 struct wpa_state_machine
{
25 struct wpa_authenticator
*wpa_auth
;
26 struct wpa_group
*group
;
31 WPA_PTK_INITIALIZE
, WPA_PTK_DISCONNECT
, WPA_PTK_DISCONNECTED
,
32 WPA_PTK_AUTHENTICATION
, WPA_PTK_AUTHENTICATION2
,
33 WPA_PTK_INITPMK
, WPA_PTK_INITPSK
, WPA_PTK_PTKSTART
,
34 WPA_PTK_PTKCALCNEGOTIATING
, WPA_PTK_PTKCALCNEGOTIATING2
,
35 WPA_PTK_PTKINITNEGOTIATING
, WPA_PTK_PTKINITDONE
39 WPA_PTK_GROUP_IDLE
= 0,
40 WPA_PTK_GROUP_REKEYNEGOTIATING
,
41 WPA_PTK_GROUP_REKEYESTABLISHED
,
42 WPA_PTK_GROUP_KEYERROR
43 } wpa_ptk_group_state
;
46 Boolean DeauthenticationRequest
;
47 Boolean AuthenticationRequest
;
48 Boolean ReAuthenticationRequest
;
53 Boolean EAPOLKeyReceived
;
54 Boolean EAPOLKeyPairwise
;
55 Boolean EAPOLKeyRequest
;
57 Boolean GUpdateStationKeys
;
58 u8 ANonce
[WPA_NONCE_LEN
];
59 u8 SNonce
[WPA_NONCE_LEN
];
66 struct wpa_key_replay_counter
{
67 u8 counter
[WPA_REPLAY_COUNTER_LEN
];
69 } key_replay
[RSNA_MAX_EAPOL_RETRIES
],
70 prev_key_replay
[RSNA_MAX_EAPOL_RETRIES
];
71 Boolean PInitAKeys
; /* WPA only, not in IEEE 802.11i */
72 Boolean PTKRequest
; /* not in IEEE 802.11i state machine */
74 Boolean PtkGroupInit
; /* init request for PTK Group state machine */
76 u8
*last_rx_eapol_key
; /* starting from IEEE 802.1X header */
77 size_t last_rx_eapol_key_len
;
79 unsigned int changed
:1;
80 unsigned int in_step_loop
:1;
81 unsigned int pending_deinit
:1;
82 unsigned int started
:1;
83 unsigned int mgmt_frame_prot
:1;
84 unsigned int rx_eapol_key_secure
:1;
85 unsigned int update_snonce
:1;
86 #ifdef CONFIG_IEEE80211R
87 unsigned int ft_completed
:1;
88 unsigned int pmk_r1_name_valid
:1;
89 #endif /* CONFIG_IEEE80211R */
90 #ifdef CONFIG_IEEE80211V
91 unsigned int is_wnmsleep
:1;
92 #endif /* CONFIG_IEEE80211V */
94 u8 req_replay_counter
[WPA_REPLAY_COUNTER_LEN
];
95 int req_replay_counter_used
;
101 WPA_VERSION_NO_WPA
= 0 /* WPA not used */,
102 WPA_VERSION_WPA
= 1 /* WPA / IEEE 802.11i/D3.0 */,
103 WPA_VERSION_WPA2
= 2 /* WPA2 / IEEE 802.11i */
105 int pairwise
; /* Pairwise cipher suite, WPA_CIPHER_* */
106 int wpa_key_mgmt
; /* the selected WPA_KEY_MGMT_* */
107 struct rsn_pmksa_cache_entry
*pmksa
;
109 u32 dot11RSNAStatsTKIPLocalMICFailures
;
110 u32 dot11RSNAStatsTKIPRemoteMICFailures
;
112 #ifdef CONFIG_IEEE80211R
113 u8 xxkey
[PMK_LEN
]; /* PSK or the second 256 bits of MSK */
115 u8 pmk_r1_name
[WPA_PMK_NAME_LEN
]; /* PMKR1Name derived from FT Auth
117 u8 r0kh_id
[FT_R0KH_ID_MAX_LEN
]; /* R0KH-ID from FT Auth Request */
119 u8 sup_pmk_r1_name
[WPA_PMK_NAME_LEN
]; /* PMKR1Name from EAPOL-Key
122 #endif /* CONFIG_IEEE80211R */
124 int pending_1_of_4_timeout
;
128 /* per group key state machine data */
130 struct wpa_group
*next
;
134 int GKeyDoneStations
;
138 Boolean GTKAuthenticator
;
139 u8 Counter
[WPA_NONCE_LEN
];
142 WPA_GROUP_GTK_INIT
= 0,
143 WPA_GROUP_SETKEYS
, WPA_GROUP_SETKEYSDONE
147 u8 GTK
[2][WPA_GTK_MAX_LEN
];
148 u8 GNonce
[WPA_NONCE_LEN
];
150 Boolean first_sta_seen
;
151 Boolean reject_4way_hs_for_entropy
;
152 #ifdef CONFIG_IEEE80211W
153 u8 IGTK
[2][WPA_IGTK_LEN
];
154 int GN_igtk
, GM_igtk
;
155 #endif /* CONFIG_IEEE80211W */
159 struct wpa_ft_pmk_cache
;
161 /* per authenticator data */
162 struct wpa_authenticator
{
163 struct wpa_group
*group
;
165 unsigned int dot11RSNAStatsTKIPRemoteMICFailures
;
166 u32 dot11RSNAAuthenticationSuiteSelected
;
167 u32 dot11RSNAPairwiseCipherSelected
;
168 u32 dot11RSNAGroupCipherSelected
;
169 u8 dot11RSNAPMKIDUsed
[PMKID_LEN
];
170 u32 dot11RSNAAuthenticationSuiteRequested
; /* FIX: update */
171 u32 dot11RSNAPairwiseCipherRequested
; /* FIX: update */
172 u32 dot11RSNAGroupCipherRequested
; /* FIX: update */
173 unsigned int dot11RSNATKIPCounterMeasuresInvoked
;
174 unsigned int dot11RSNA4WayHandshakeFailures
;
176 struct wpa_stsl_negotiation
*stsl_negotiations
;
178 struct wpa_auth_config conf
;
179 struct wpa_auth_callbacks cb
;
186 struct rsn_pmksa_cache
*pmksa
;
187 struct wpa_ft_pmk_cache
*ft_pmk_cache
;
191 int wpa_write_rsn_ie(struct wpa_auth_config
*conf
, u8
*buf
, size_t len
,
193 void wpa_auth_logger(struct wpa_authenticator
*wpa_auth
, const u8
*addr
,
194 logger_level level
, const char *txt
);
195 void wpa_auth_vlogger(struct wpa_authenticator
*wpa_auth
, const u8
*addr
,
196 logger_level level
, const char *fmt
, ...);
197 void __wpa_send_eapol(struct wpa_authenticator
*wpa_auth
,
198 struct wpa_state_machine
*sm
, int key_info
,
199 const u8
*key_rsc
, const u8
*nonce
,
200 const u8
*kde
, size_t kde_len
,
201 int keyidx
, int encr
, int force_version
);
202 int wpa_auth_for_each_sta(struct wpa_authenticator
*wpa_auth
,
203 int (*cb
)(struct wpa_state_machine
*sm
, void *ctx
),
205 int wpa_auth_for_each_auth(struct wpa_authenticator
*wpa_auth
,
206 int (*cb
)(struct wpa_authenticator
*a
, void *ctx
),
209 #ifdef CONFIG_PEERKEY
210 int wpa_stsl_remove(struct wpa_authenticator
*wpa_auth
,
211 struct wpa_stsl_negotiation
*neg
);
212 void wpa_smk_error(struct wpa_authenticator
*wpa_auth
,
213 struct wpa_state_machine
*sm
, struct wpa_eapol_key
*key
);
214 void wpa_smk_m1(struct wpa_authenticator
*wpa_auth
,
215 struct wpa_state_machine
*sm
, struct wpa_eapol_key
*key
);
216 void wpa_smk_m3(struct wpa_authenticator
*wpa_auth
,
217 struct wpa_state_machine
*sm
, struct wpa_eapol_key
*key
);
218 #endif /* CONFIG_PEERKEY */
220 #ifdef CONFIG_IEEE80211R
221 int wpa_write_mdie(struct wpa_auth_config
*conf
, u8
*buf
, size_t len
);
222 int wpa_write_ftie(struct wpa_auth_config
*conf
, const u8
*r0kh_id
,
224 const u8
*anonce
, const u8
*snonce
,
225 u8
*buf
, size_t len
, const u8
*subelem
,
227 int wpa_auth_derive_ptk_ft(struct wpa_state_machine
*sm
, const u8
*pmk
,
228 struct wpa_ptk
*ptk
, size_t ptk_len
);
229 struct wpa_ft_pmk_cache
* wpa_ft_pmk_cache_init(void);
230 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache
*cache
);
231 void wpa_ft_install_ptk(struct wpa_state_machine
*sm
);
232 #endif /* CONFIG_IEEE80211R */
234 #endif /* WPA_AUTH_I_H */