1*e28a4053SRui Paulo /* 2*e28a4053SRui Paulo * hostapd - IEEE 802.11i-2004 / WPA Authenticator: Internal definitions 3*e28a4053SRui Paulo * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> 4*e28a4053SRui Paulo * 5*e28a4053SRui Paulo * This program is free software; you can redistribute it and/or modify 6*e28a4053SRui Paulo * it under the terms of the GNU General Public License version 2 as 7*e28a4053SRui Paulo * published by the Free Software Foundation. 8*e28a4053SRui Paulo * 9*e28a4053SRui Paulo * Alternatively, this software may be distributed under the terms of BSD 10*e28a4053SRui Paulo * license. 11*e28a4053SRui Paulo * 12*e28a4053SRui Paulo * See README and COPYING for more details. 13*e28a4053SRui Paulo */ 14*e28a4053SRui Paulo 15*e28a4053SRui Paulo #ifndef WPA_AUTH_I_H 16*e28a4053SRui Paulo #define WPA_AUTH_I_H 17*e28a4053SRui Paulo 18*e28a4053SRui Paulo /* max(dot11RSNAConfigGroupUpdateCount,dot11RSNAConfigPairwiseUpdateCount) */ 19*e28a4053SRui Paulo #define RSNA_MAX_EAPOL_RETRIES 4 20*e28a4053SRui Paulo 21*e28a4053SRui Paulo struct wpa_group; 22*e28a4053SRui Paulo 23*e28a4053SRui Paulo struct wpa_stsl_negotiation { 24*e28a4053SRui Paulo struct wpa_stsl_negotiation *next; 25*e28a4053SRui Paulo u8 initiator[ETH_ALEN]; 26*e28a4053SRui Paulo u8 peer[ETH_ALEN]; 27*e28a4053SRui Paulo }; 28*e28a4053SRui Paulo 29*e28a4053SRui Paulo 30*e28a4053SRui Paulo struct wpa_state_machine { 31*e28a4053SRui Paulo struct wpa_authenticator *wpa_auth; 32*e28a4053SRui Paulo struct wpa_group *group; 33*e28a4053SRui Paulo 34*e28a4053SRui Paulo u8 addr[ETH_ALEN]; 35*e28a4053SRui Paulo 36*e28a4053SRui Paulo enum { 37*e28a4053SRui Paulo WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED, 38*e28a4053SRui Paulo WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2, 39*e28a4053SRui Paulo WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART, 40*e28a4053SRui Paulo WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2, 41*e28a4053SRui Paulo WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE 42*e28a4053SRui Paulo } wpa_ptk_state; 43*e28a4053SRui Paulo 44*e28a4053SRui Paulo enum { 45*e28a4053SRui Paulo WPA_PTK_GROUP_IDLE = 0, 46*e28a4053SRui Paulo WPA_PTK_GROUP_REKEYNEGOTIATING, 47*e28a4053SRui Paulo WPA_PTK_GROUP_REKEYESTABLISHED, 48*e28a4053SRui Paulo WPA_PTK_GROUP_KEYERROR 49*e28a4053SRui Paulo } wpa_ptk_group_state; 50*e28a4053SRui Paulo 51*e28a4053SRui Paulo Boolean Init; 52*e28a4053SRui Paulo Boolean DeauthenticationRequest; 53*e28a4053SRui Paulo Boolean AuthenticationRequest; 54*e28a4053SRui Paulo Boolean ReAuthenticationRequest; 55*e28a4053SRui Paulo Boolean Disconnect; 56*e28a4053SRui Paulo int TimeoutCtr; 57*e28a4053SRui Paulo int GTimeoutCtr; 58*e28a4053SRui Paulo Boolean TimeoutEvt; 59*e28a4053SRui Paulo Boolean EAPOLKeyReceived; 60*e28a4053SRui Paulo Boolean EAPOLKeyPairwise; 61*e28a4053SRui Paulo Boolean EAPOLKeyRequest; 62*e28a4053SRui Paulo Boolean MICVerified; 63*e28a4053SRui Paulo Boolean GUpdateStationKeys; 64*e28a4053SRui Paulo u8 ANonce[WPA_NONCE_LEN]; 65*e28a4053SRui Paulo u8 SNonce[WPA_NONCE_LEN]; 66*e28a4053SRui Paulo u8 PMK[PMK_LEN]; 67*e28a4053SRui Paulo struct wpa_ptk PTK; 68*e28a4053SRui Paulo Boolean PTK_valid; 69*e28a4053SRui Paulo Boolean pairwise_set; 70*e28a4053SRui Paulo int keycount; 71*e28a4053SRui Paulo Boolean Pair; 72*e28a4053SRui Paulo struct { 73*e28a4053SRui Paulo u8 counter[WPA_REPLAY_COUNTER_LEN]; 74*e28a4053SRui Paulo Boolean valid; 75*e28a4053SRui Paulo } key_replay[RSNA_MAX_EAPOL_RETRIES]; 76*e28a4053SRui Paulo Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */ 77*e28a4053SRui Paulo Boolean PTKRequest; /* not in IEEE 802.11i state machine */ 78*e28a4053SRui Paulo Boolean has_GTK; 79*e28a4053SRui Paulo Boolean PtkGroupInit; /* init request for PTK Group state machine */ 80*e28a4053SRui Paulo 81*e28a4053SRui Paulo u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */ 82*e28a4053SRui Paulo size_t last_rx_eapol_key_len; 83*e28a4053SRui Paulo 84*e28a4053SRui Paulo unsigned int changed:1; 85*e28a4053SRui Paulo unsigned int in_step_loop:1; 86*e28a4053SRui Paulo unsigned int pending_deinit:1; 87*e28a4053SRui Paulo unsigned int started:1; 88*e28a4053SRui Paulo unsigned int mgmt_frame_prot:1; 89*e28a4053SRui Paulo #ifdef CONFIG_IEEE80211R 90*e28a4053SRui Paulo unsigned int ft_completed:1; 91*e28a4053SRui Paulo unsigned int pmk_r1_name_valid:1; 92*e28a4053SRui Paulo #endif /* CONFIG_IEEE80211R */ 93*e28a4053SRui Paulo 94*e28a4053SRui Paulo u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN]; 95*e28a4053SRui Paulo int req_replay_counter_used; 96*e28a4053SRui Paulo 97*e28a4053SRui Paulo u8 *wpa_ie; 98*e28a4053SRui Paulo size_t wpa_ie_len; 99*e28a4053SRui Paulo 100*e28a4053SRui Paulo enum { 101*e28a4053SRui Paulo WPA_VERSION_NO_WPA = 0 /* WPA not used */, 102*e28a4053SRui Paulo WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */, 103*e28a4053SRui Paulo WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */ 104*e28a4053SRui Paulo } wpa; 105*e28a4053SRui Paulo int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */ 106*e28a4053SRui Paulo int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */ 107*e28a4053SRui Paulo struct rsn_pmksa_cache_entry *pmksa; 108*e28a4053SRui Paulo 109*e28a4053SRui Paulo u32 dot11RSNAStatsTKIPLocalMICFailures; 110*e28a4053SRui Paulo u32 dot11RSNAStatsTKIPRemoteMICFailures; 111*e28a4053SRui Paulo 112*e28a4053SRui Paulo #ifdef CONFIG_IEEE80211R 113*e28a4053SRui Paulo u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */ 114*e28a4053SRui Paulo size_t xxkey_len; 115*e28a4053SRui Paulo u8 pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name derived from FT Auth 116*e28a4053SRui Paulo * Request */ 117*e28a4053SRui Paulo u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; /* R0KH-ID from FT Auth Request */ 118*e28a4053SRui Paulo size_t r0kh_id_len; 119*e28a4053SRui Paulo u8 sup_pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name from EAPOL-Key 120*e28a4053SRui Paulo * message 2/4 */ 121*e28a4053SRui Paulo u8 *assoc_resp_ftie; 122*e28a4053SRui Paulo #endif /* CONFIG_IEEE80211R */ 123*e28a4053SRui Paulo }; 124*e28a4053SRui Paulo 125*e28a4053SRui Paulo 126*e28a4053SRui Paulo /* per group key state machine data */ 127*e28a4053SRui Paulo struct wpa_group { 128*e28a4053SRui Paulo struct wpa_group *next; 129*e28a4053SRui Paulo int vlan_id; 130*e28a4053SRui Paulo 131*e28a4053SRui Paulo Boolean GInit; 132*e28a4053SRui Paulo int GKeyDoneStations; 133*e28a4053SRui Paulo Boolean GTKReKey; 134*e28a4053SRui Paulo int GTK_len; 135*e28a4053SRui Paulo int GN, GM; 136*e28a4053SRui Paulo Boolean GTKAuthenticator; 137*e28a4053SRui Paulo u8 Counter[WPA_NONCE_LEN]; 138*e28a4053SRui Paulo 139*e28a4053SRui Paulo enum { 140*e28a4053SRui Paulo WPA_GROUP_GTK_INIT = 0, 141*e28a4053SRui Paulo WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE 142*e28a4053SRui Paulo } wpa_group_state; 143*e28a4053SRui Paulo 144*e28a4053SRui Paulo u8 GMK[WPA_GMK_LEN]; 145*e28a4053SRui Paulo u8 GTK[2][WPA_GTK_MAX_LEN]; 146*e28a4053SRui Paulo u8 GNonce[WPA_NONCE_LEN]; 147*e28a4053SRui Paulo Boolean changed; 148*e28a4053SRui Paulo #ifdef CONFIG_IEEE80211W 149*e28a4053SRui Paulo u8 IGTK[2][WPA_IGTK_LEN]; 150*e28a4053SRui Paulo int GN_igtk, GM_igtk; 151*e28a4053SRui Paulo #endif /* CONFIG_IEEE80211W */ 152*e28a4053SRui Paulo }; 153*e28a4053SRui Paulo 154*e28a4053SRui Paulo 155*e28a4053SRui Paulo struct wpa_ft_pmk_cache; 156*e28a4053SRui Paulo 157*e28a4053SRui Paulo /* per authenticator data */ 158*e28a4053SRui Paulo struct wpa_authenticator { 159*e28a4053SRui Paulo struct wpa_group *group; 160*e28a4053SRui Paulo 161*e28a4053SRui Paulo unsigned int dot11RSNAStatsTKIPRemoteMICFailures; 162*e28a4053SRui Paulo u32 dot11RSNAAuthenticationSuiteSelected; 163*e28a4053SRui Paulo u32 dot11RSNAPairwiseCipherSelected; 164*e28a4053SRui Paulo u32 dot11RSNAGroupCipherSelected; 165*e28a4053SRui Paulo u8 dot11RSNAPMKIDUsed[PMKID_LEN]; 166*e28a4053SRui Paulo u32 dot11RSNAAuthenticationSuiteRequested; /* FIX: update */ 167*e28a4053SRui Paulo u32 dot11RSNAPairwiseCipherRequested; /* FIX: update */ 168*e28a4053SRui Paulo u32 dot11RSNAGroupCipherRequested; /* FIX: update */ 169*e28a4053SRui Paulo unsigned int dot11RSNATKIPCounterMeasuresInvoked; 170*e28a4053SRui Paulo unsigned int dot11RSNA4WayHandshakeFailures; 171*e28a4053SRui Paulo 172*e28a4053SRui Paulo struct wpa_stsl_negotiation *stsl_negotiations; 173*e28a4053SRui Paulo 174*e28a4053SRui Paulo struct wpa_auth_config conf; 175*e28a4053SRui Paulo struct wpa_auth_callbacks cb; 176*e28a4053SRui Paulo 177*e28a4053SRui Paulo u8 *wpa_ie; 178*e28a4053SRui Paulo size_t wpa_ie_len; 179*e28a4053SRui Paulo 180*e28a4053SRui Paulo u8 addr[ETH_ALEN]; 181*e28a4053SRui Paulo 182*e28a4053SRui Paulo struct rsn_pmksa_cache *pmksa; 183*e28a4053SRui Paulo struct wpa_ft_pmk_cache *ft_pmk_cache; 184*e28a4053SRui Paulo }; 185*e28a4053SRui Paulo 186*e28a4053SRui Paulo 187*e28a4053SRui Paulo int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len, 188*e28a4053SRui Paulo const u8 *pmkid); 189*e28a4053SRui Paulo void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr, 190*e28a4053SRui Paulo logger_level level, const char *txt); 191*e28a4053SRui Paulo void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr, 192*e28a4053SRui Paulo logger_level level, const char *fmt, ...); 193*e28a4053SRui Paulo void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, 194*e28a4053SRui Paulo struct wpa_state_machine *sm, int key_info, 195*e28a4053SRui Paulo const u8 *key_rsc, const u8 *nonce, 196*e28a4053SRui Paulo const u8 *kde, size_t kde_len, 197*e28a4053SRui Paulo int keyidx, int encr, int force_version); 198*e28a4053SRui Paulo int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth, 199*e28a4053SRui Paulo int (*cb)(struct wpa_state_machine *sm, void *ctx), 200*e28a4053SRui Paulo void *cb_ctx); 201*e28a4053SRui Paulo int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth, 202*e28a4053SRui Paulo int (*cb)(struct wpa_authenticator *a, void *ctx), 203*e28a4053SRui Paulo void *cb_ctx); 204*e28a4053SRui Paulo 205*e28a4053SRui Paulo #ifdef CONFIG_PEERKEY 206*e28a4053SRui Paulo int wpa_stsl_remove(struct wpa_authenticator *wpa_auth, 207*e28a4053SRui Paulo struct wpa_stsl_negotiation *neg); 208*e28a4053SRui Paulo void wpa_smk_error(struct wpa_authenticator *wpa_auth, 209*e28a4053SRui Paulo struct wpa_state_machine *sm, struct wpa_eapol_key *key); 210*e28a4053SRui Paulo void wpa_smk_m1(struct wpa_authenticator *wpa_auth, 211*e28a4053SRui Paulo struct wpa_state_machine *sm, struct wpa_eapol_key *key); 212*e28a4053SRui Paulo void wpa_smk_m3(struct wpa_authenticator *wpa_auth, 213*e28a4053SRui Paulo struct wpa_state_machine *sm, struct wpa_eapol_key *key); 214*e28a4053SRui Paulo #endif /* CONFIG_PEERKEY */ 215*e28a4053SRui Paulo 216*e28a4053SRui Paulo #ifdef CONFIG_IEEE80211R 217*e28a4053SRui Paulo int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len); 218*e28a4053SRui Paulo int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id, 219*e28a4053SRui Paulo size_t r0kh_id_len, 220*e28a4053SRui Paulo const u8 *anonce, const u8 *snonce, 221*e28a4053SRui Paulo u8 *buf, size_t len, const u8 *subelem, 222*e28a4053SRui Paulo size_t subelem_len); 223*e28a4053SRui Paulo int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk, 224*e28a4053SRui Paulo struct wpa_ptk *ptk, size_t ptk_len); 225*e28a4053SRui Paulo struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void); 226*e28a4053SRui Paulo void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache); 227*e28a4053SRui Paulo void wpa_ft_install_ptk(struct wpa_state_machine *sm); 228*e28a4053SRui Paulo #endif /* CONFIG_IEEE80211R */ 229*e28a4053SRui Paulo 230*e28a4053SRui Paulo #endif /* WPA_AUTH_I_H */ 231