wpa_auth.h revision 8d520ff1dc2da35cdca849e982051b86468016d8
1/* 2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator 3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15#ifndef WPA_AUTH_H 16#define WPA_AUTH_H 17 18#include "common/defs.h" 19#include "common/eapol_common.h" 20#include "common/wpa_common.h" 21 22#ifdef _MSC_VER 23#pragma pack(push, 1) 24#endif /* _MSC_VER */ 25 26/* IEEE Std 802.11r-2008, 11A.10.3 - Remote request/response frame definition 27 */ 28struct ft_rrb_frame { 29 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */ 30 u8 packet_type; /* FT_PACKET_REQUEST/FT_PACKET_RESPONSE */ 31 le16 action_length; /* little endian length of action_frame */ 32 u8 ap_address[ETH_ALEN]; 33 /* 34 * Followed by action_length bytes of FT Action frame (from Category 35 * field to the end of Action Frame body. 36 */ 37} STRUCT_PACKED; 38 39#define RSN_REMOTE_FRAME_TYPE_FT_RRB 1 40 41#define FT_PACKET_REQUEST 0 42#define FT_PACKET_RESPONSE 1 43/* Vendor-specific types for R0KH-R1KH protocol; not defined in 802.11r */ 44#define FT_PACKET_R0KH_R1KH_PULL 200 45#define FT_PACKET_R0KH_R1KH_RESP 201 46#define FT_PACKET_R0KH_R1KH_PUSH 202 47 48#define FT_R0KH_R1KH_PULL_DATA_LEN 44 49#define FT_R0KH_R1KH_RESP_DATA_LEN 76 50#define FT_R0KH_R1KH_PUSH_DATA_LEN 88 51 52struct ft_r0kh_r1kh_pull_frame { 53 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */ 54 u8 packet_type; /* FT_PACKET_R0KH_R1KH_PULL */ 55 le16 data_length; /* little endian length of data (44) */ 56 u8 ap_address[ETH_ALEN]; 57 58 u8 nonce[16]; 59 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 60 u8 r1kh_id[FT_R1KH_ID_LEN]; 61 u8 s1kh_id[ETH_ALEN]; 62 u8 pad[4]; /* 8-octet boundary for AES key wrap */ 63 u8 key_wrap_extra[8]; 64} STRUCT_PACKED; 65 66struct ft_r0kh_r1kh_resp_frame { 67 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */ 68 u8 packet_type; /* FT_PACKET_R0KH_R1KH_RESP */ 69 le16 data_length; /* little endian length of data (76) */ 70 u8 ap_address[ETH_ALEN]; 71 72 u8 nonce[16]; /* copied from pull */ 73 u8 r1kh_id[FT_R1KH_ID_LEN]; /* copied from pull */ 74 u8 s1kh_id[ETH_ALEN]; /* copied from pull */ 75 u8 pmk_r1[PMK_LEN]; 76 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 77 le16 pairwise; 78 u8 pad[2]; /* 8-octet boundary for AES key wrap */ 79 u8 key_wrap_extra[8]; 80} STRUCT_PACKED; 81 82struct ft_r0kh_r1kh_push_frame { 83 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */ 84 u8 packet_type; /* FT_PACKET_R0KH_R1KH_PUSH */ 85 le16 data_length; /* little endian length of data (88) */ 86 u8 ap_address[ETH_ALEN]; 87 88 /* Encrypted with AES key-wrap */ 89 u8 timestamp[4]; /* current time in seconds since unix epoch, little 90 * endian */ 91 u8 r1kh_id[FT_R1KH_ID_LEN]; 92 u8 s1kh_id[ETH_ALEN]; 93 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 94 u8 pmk_r1[PMK_LEN]; 95 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 96 le16 pairwise; 97 u8 pad[6]; /* 8-octet boundary for AES key wrap */ 98 u8 key_wrap_extra[8]; 99} STRUCT_PACKED; 100 101#ifdef _MSC_VER 102#pragma pack(pop) 103#endif /* _MSC_VER */ 104 105 106/* per STA state machine data */ 107 108struct wpa_authenticator; 109struct wpa_state_machine; 110struct rsn_pmksa_cache_entry; 111struct eapol_state_machine; 112 113 114struct ft_remote_r0kh { 115 struct ft_remote_r0kh *next; 116 u8 addr[ETH_ALEN]; 117 u8 id[FT_R0KH_ID_MAX_LEN]; 118 size_t id_len; 119 u8 key[16]; 120}; 121 122 123struct ft_remote_r1kh { 124 struct ft_remote_r1kh *next; 125 u8 addr[ETH_ALEN]; 126 u8 id[FT_R1KH_ID_LEN]; 127 u8 key[16]; 128}; 129 130 131struct wpa_auth_config { 132 int wpa; 133 int wpa_key_mgmt; 134 int wpa_pairwise; 135 int wpa_group; 136 int wpa_group_rekey; 137 int wpa_strict_rekey; 138 int wpa_gmk_rekey; 139 int wpa_ptk_rekey; 140 int rsn_pairwise; 141 int rsn_preauth; 142 int eapol_version; 143 int peerkey; 144 int wmm_enabled; 145 int wmm_uapsd; 146 int okc; 147 int tx_status; 148#ifdef CONFIG_IEEE80211W 149 enum mfp_options ieee80211w; 150#endif /* CONFIG_IEEE80211W */ 151#ifdef CONFIG_IEEE80211R 152#define SSID_LEN 32 153 u8 ssid[SSID_LEN]; 154 size_t ssid_len; 155 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; 156 u8 r0_key_holder[FT_R0KH_ID_MAX_LEN]; 157 size_t r0_key_holder_len; 158 u8 r1_key_holder[FT_R1KH_ID_LEN]; 159 u32 r0_key_lifetime; 160 u32 reassociation_deadline; 161 struct ft_remote_r0kh *r0kh_list; 162 struct ft_remote_r1kh *r1kh_list; 163 int pmk_r1_push; 164 int ft_over_ds; 165#endif /* CONFIG_IEEE80211R */ 166}; 167 168typedef enum { 169 LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING 170} logger_level; 171 172typedef enum { 173 WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized, 174 WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable, 175 WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx 176} wpa_eapol_variable; 177 178struct wpa_auth_callbacks { 179 void *ctx; 180 void (*logger)(void *ctx, const u8 *addr, logger_level level, 181 const char *txt); 182 void (*disconnect)(void *ctx, const u8 *addr, u16 reason); 183 void (*mic_failure_report)(void *ctx, const u8 *addr); 184 void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var, 185 int value); 186 int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var); 187 const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *prev_psk); 188 int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len); 189 int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg, 190 const u8 *addr, int idx, u8 *key, size_t key_len); 191 int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq); 192 int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data, 193 size_t data_len, int encrypt); 194 int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm, 195 void *ctx), void *cb_ctx); 196 int (*for_each_auth)(void *ctx, int (*cb)(struct wpa_authenticator *a, 197 void *ctx), void *cb_ctx); 198 int (*send_ether)(void *ctx, const u8 *dst, u16 proto, const u8 *data, 199 size_t data_len); 200#ifdef CONFIG_IEEE80211R 201 struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr); 202 int (*send_ft_action)(void *ctx, const u8 *dst, 203 const u8 *data, size_t data_len); 204#endif /* CONFIG_IEEE80211R */ 205}; 206 207struct wpa_authenticator * wpa_init(const u8 *addr, 208 struct wpa_auth_config *conf, 209 struct wpa_auth_callbacks *cb); 210void wpa_deinit(struct wpa_authenticator *wpa_auth); 211int wpa_reconfig(struct wpa_authenticator *wpa_auth, 212 struct wpa_auth_config *conf); 213 214enum { 215 WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE, 216 WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL, 217 WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER, 218 WPA_INVALID_MDIE, WPA_INVALID_PROTO 219}; 220 221int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, 222 struct wpa_state_machine *sm, 223 const u8 *wpa_ie, size_t wpa_ie_len, 224 const u8 *mdie, size_t mdie_len); 225int wpa_auth_uses_mfp(struct wpa_state_machine *sm); 226struct wpa_state_machine * 227wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr); 228int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, 229 struct wpa_state_machine *sm); 230void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm); 231void wpa_auth_sta_deinit(struct wpa_state_machine *sm); 232void wpa_receive(struct wpa_authenticator *wpa_auth, 233 struct wpa_state_machine *sm, 234 u8 *data, size_t data_len); 235typedef enum { 236 WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, 237 WPA_REAUTH_EAPOL, WPA_ASSOC_FT 238} wpa_event; 239void wpa_remove_ptk(struct wpa_state_machine *sm); 240int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event); 241void wpa_auth_sm_notify(struct wpa_state_machine *sm); 242void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth); 243int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen); 244int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen); 245void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth); 246int wpa_auth_pairwise_set(struct wpa_state_machine *sm); 247int wpa_auth_get_pairwise(struct wpa_state_machine *sm); 248int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); 249int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); 250int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 251 struct rsn_pmksa_cache_entry *entry); 252struct rsn_pmksa_cache_entry * 253wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm); 254void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm); 255const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, 256 size_t *len); 257int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, 258 int session_timeout, struct eapol_state_machine *eapol); 259int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, 260 const u8 *pmk, size_t len, const u8 *sta_addr, 261 int session_timeout, 262 struct eapol_state_machine *eapol); 263int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id); 264void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth, 265 struct wpa_state_machine *sm, int ack); 266 267#ifdef CONFIG_IEEE80211R 268u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, 269 size_t max_len, int auth_alg, 270 const u8 *req_ies, size_t req_ies_len); 271void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid, 272 u16 auth_transaction, const u8 *ies, size_t ies_len, 273 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid, 274 u16 auth_transaction, u16 resp, 275 const u8 *ies, size_t ies_len), 276 void *ctx); 277u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, 278 size_t ies_len); 279int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len); 280int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 281 const u8 *data, size_t data_len); 282void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr); 283#endif /* CONFIG_IEEE80211R */ 284 285#endif /* WPA_AUTH_H */ 286