]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/wpa_auth_i.h
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
FT: Add FTIE, TIE[ReassocDeadline], TIE[KeyLifetime] to EAPOL-Key 3/4
[thirdparty/hostap.git] / src / ap / wpa_auth_i.h
1 /*
2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator: Internal definitions
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #ifndef WPA_AUTH_I_H
16 #define WPA_AUTH_I_H
17
18 /* max(dot11RSNAConfigGroupUpdateCount,dot11RSNAConfigPairwiseUpdateCount) */
19 #define RSNA_MAX_EAPOL_RETRIES 4
20
21 struct wpa_group;
22
23 struct wpa_stsl_negotiation {
24 struct wpa_stsl_negotiation *next;
25 u8 initiator[ETH_ALEN];
26 u8 peer[ETH_ALEN];
27 };
28
29
30 struct wpa_state_machine {
31 struct wpa_authenticator *wpa_auth;
32 struct wpa_group *group;
33
34 u8 addr[ETH_ALEN];
35
36 enum {
37 WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED,
38 WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2,
39 WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART,
40 WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2,
41 WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE
42 } wpa_ptk_state;
43
44 enum {
45 WPA_PTK_GROUP_IDLE = 0,
46 WPA_PTK_GROUP_REKEYNEGOTIATING,
47 WPA_PTK_GROUP_REKEYESTABLISHED,
48 WPA_PTK_GROUP_KEYERROR
49 } wpa_ptk_group_state;
50
51 Boolean Init;
52 Boolean DeauthenticationRequest;
53 Boolean AuthenticationRequest;
54 Boolean ReAuthenticationRequest;
55 Boolean Disconnect;
56 int TimeoutCtr;
57 int GTimeoutCtr;
58 Boolean TimeoutEvt;
59 Boolean EAPOLKeyReceived;
60 Boolean EAPOLKeyPairwise;
61 Boolean EAPOLKeyRequest;
62 Boolean MICVerified;
63 Boolean GUpdateStationKeys;
64 u8 ANonce[WPA_NONCE_LEN];
65 u8 SNonce[WPA_NONCE_LEN];
66 u8 PMK[PMK_LEN];
67 struct wpa_ptk PTK;
68 Boolean PTK_valid;
69 Boolean pairwise_set;
70 int keycount;
71 Boolean Pair;
72 struct {
73 u8 counter[WPA_REPLAY_COUNTER_LEN];
74 Boolean valid;
75 } key_replay[RSNA_MAX_EAPOL_RETRIES];
76 Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */
77 Boolean PTKRequest; /* not in IEEE 802.11i state machine */
78 Boolean has_GTK;
79 Boolean PtkGroupInit; /* init request for PTK Group state machine */
80
81 u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
82 size_t last_rx_eapol_key_len;
83
84 unsigned int changed:1;
85 unsigned int in_step_loop:1;
86 unsigned int pending_deinit:1;
87 unsigned int started:1;
88 unsigned int mgmt_frame_prot:1;
89 #ifdef CONFIG_IEEE80211R
90 unsigned int ft_completed:1;
91 unsigned int pmk_r1_name_valid:1;
92 #endif /* CONFIG_IEEE80211R */
93
94 u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
95 int req_replay_counter_used;
96
97 u8 *wpa_ie;
98 size_t wpa_ie_len;
99
100 enum {
101 WPA_VERSION_NO_WPA = 0 /* WPA not used */,
102 WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */,
103 WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */
104 } wpa;
105 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
106 int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */
107 struct rsn_pmksa_cache_entry *pmksa;
108
109 u32 dot11RSNAStatsTKIPLocalMICFailures;
110 u32 dot11RSNAStatsTKIPRemoteMICFailures;
111
112 #ifdef CONFIG_IEEE80211R
113 u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
114 size_t xxkey_len;
115 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name derived from FT Auth
116 * Request */
117 u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; /* R0KH-ID from FT Auth Request */
118 size_t r0kh_id_len;
119 u8 sup_pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name from EAPOL-Key
120 * message 2/4 */
121 #endif /* CONFIG_IEEE80211R */
122 };
123
124
125 /* per group key state machine data */
126 struct wpa_group {
127 struct wpa_group *next;
128 int vlan_id;
129
130 Boolean GInit;
131 int GKeyDoneStations;
132 Boolean GTKReKey;
133 int GTK_len;
134 int GN, GM;
135 Boolean GTKAuthenticator;
136 u8 Counter[WPA_NONCE_LEN];
137
138 enum {
139 WPA_GROUP_GTK_INIT = 0,
140 WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE
141 } wpa_group_state;
142
143 u8 GMK[WPA_GMK_LEN];
144 u8 GTK[2][WPA_GTK_MAX_LEN];
145 u8 GNonce[WPA_NONCE_LEN];
146 Boolean changed;
147 #ifdef CONFIG_IEEE80211W
148 u8 IGTK[2][WPA_IGTK_LEN];
149 int GN_igtk, GM_igtk;
150 #endif /* CONFIG_IEEE80211W */
151 };
152
153
154 struct wpa_ft_pmk_cache;
155
156 /* per authenticator data */
157 struct wpa_authenticator {
158 struct wpa_group *group;
159
160 unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
161 u32 dot11RSNAAuthenticationSuiteSelected;
162 u32 dot11RSNAPairwiseCipherSelected;
163 u32 dot11RSNAGroupCipherSelected;
164 u8 dot11RSNAPMKIDUsed[PMKID_LEN];
165 u32 dot11RSNAAuthenticationSuiteRequested; /* FIX: update */
166 u32 dot11RSNAPairwiseCipherRequested; /* FIX: update */
167 u32 dot11RSNAGroupCipherRequested; /* FIX: update */
168 unsigned int dot11RSNATKIPCounterMeasuresInvoked;
169 unsigned int dot11RSNA4WayHandshakeFailures;
170
171 struct wpa_stsl_negotiation *stsl_negotiations;
172
173 struct wpa_auth_config conf;
174 struct wpa_auth_callbacks cb;
175
176 u8 *wpa_ie;
177 size_t wpa_ie_len;
178
179 u8 addr[ETH_ALEN];
180
181 struct rsn_pmksa_cache *pmksa;
182 struct wpa_ft_pmk_cache *ft_pmk_cache;
183 };
184
185
186 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
187 const u8 *pmkid);
188 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
189 logger_level level, const char *txt);
190 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
191 logger_level level, const char *fmt, ...);
192 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
193 struct wpa_state_machine *sm, int key_info,
194 const u8 *key_rsc, const u8 *nonce,
195 const u8 *kde, size_t kde_len,
196 int keyidx, int encr, int force_version);
197 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
198 int (*cb)(struct wpa_state_machine *sm, void *ctx),
199 void *cb_ctx);
200 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
201 int (*cb)(struct wpa_authenticator *a, void *ctx),
202 void *cb_ctx);
203
204 #ifdef CONFIG_PEERKEY
205 int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
206 struct wpa_stsl_negotiation *neg);
207 void wpa_smk_error(struct wpa_authenticator *wpa_auth,
208 struct wpa_state_machine *sm, struct wpa_eapol_key *key);
209 void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
210 struct wpa_state_machine *sm, struct wpa_eapol_key *key);
211 void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
212 struct wpa_state_machine *sm, struct wpa_eapol_key *key);
213 #endif /* CONFIG_PEERKEY */
214
215 #ifdef CONFIG_IEEE80211R
216 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
217 int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
218 size_t r0kh_id_len,
219 const u8 *anonce, const u8 *snonce,
220 u8 *buf, size_t len, const u8 *subelem,
221 size_t subelem_len);
222 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
223 struct wpa_ptk *ptk, size_t ptk_len);
224 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void);
225 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache);
226 void wpa_ft_install_ptk(struct wpa_state_machine *sm);
227 #endif /* CONFIG_IEEE80211R */
228
229 #endif /* WPA_AUTH_I_H */
Unnamed repository; edit this file 'description' to name the repository.