xref: /freebsd/contrib/wpa/wpa_supplicant/config_ssid.h (revision 7aa383846770374466b1dcb2cefd71bde9acf463)
1 /*
2  * WPA Supplicant / Network configuration structures
3  * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  *
9  * Alternatively, this software may be distributed under the terms of BSD
10  * license.
11  *
12  * See README and COPYING for more details.
13  */
14 
15 #ifndef CONFIG_SSID_H
16 #define CONFIG_SSID_H
17 
18 #include "defs.h"
19 #include "eap_peer/eap_config.h"
20 
21 #define MAX_SSID_LEN 32
22 
23 
24 #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
25 #define DEFAULT_EAPOL_FLAGS (EAPOL_FLAG_REQUIRE_KEY_UNICAST | \
26 			     EAPOL_FLAG_REQUIRE_KEY_BROADCAST)
27 #define DEFAULT_PROTO (WPA_PROTO_WPA | WPA_PROTO_RSN)
28 #define DEFAULT_KEY_MGMT (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X)
29 #define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP)
30 #define DEFAULT_GROUP (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP | \
31 		       WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)
32 #define DEFAULT_FRAGMENT_SIZE 1398
33 
34 /**
35  * struct wpa_ssid - Network configuration data
36  *
37  * This structure includes all the configuration variables for a network. This
38  * data is included in the per-interface configuration data as an element of
39  * the network list, struct wpa_config::ssid. Each network block in the
40  * configuration is mapped to a struct wpa_ssid instance.
41  */
42 struct wpa_ssid {
43 	/**
44 	 * next - Next network in global list
45 	 *
46 	 * This pointer can be used to iterate over all networks. The head of
47 	 * this list is stored in the ssid field of struct wpa_config.
48 	 */
49 	struct wpa_ssid *next;
50 
51 	/**
52 	 * pnext - Next network in per-priority list
53 	 *
54 	 * This pointer can be used to iterate over all networks in the same
55 	 * priority class. The heads of these list are stored in the pssid
56 	 * fields of struct wpa_config.
57 	 */
58 	struct wpa_ssid *pnext;
59 
60 	/**
61 	 * id - Unique id for the network
62 	 *
63 	 * This identifier is used as a unique identifier for each network
64 	 * block when using the control interface. Each network is allocated an
65 	 * id when it is being created, either when reading the configuration
66 	 * file or when a new network is added through the control interface.
67 	 */
68 	int id;
69 
70 	/**
71 	 * priority - Priority group
72 	 *
73 	 * By default, all networks will get same priority group (0). If some
74 	 * of the networks are more desirable, this field can be used to change
75 	 * the order in which wpa_supplicant goes through the networks when
76 	 * selecting a BSS. The priority groups will be iterated in decreasing
77 	 * priority (i.e., the larger the priority value, the sooner the
78 	 * network is matched against the scan results). Within each priority
79 	 * group, networks will be selected based on security policy, signal
80 	 * strength, etc.
81 	 *
82 	 * Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are
83 	 * not using this priority to select the order for scanning. Instead,
84 	 * they try the networks in the order that used in the configuration
85 	 * file.
86 	 */
87 	int priority;
88 
89 	/**
90 	 * ssid - Service set identifier (network name)
91 	 *
92 	 * This is the SSID for the network. For wireless interfaces, this is
93 	 * used to select which network will be used. If set to %NULL (or
94 	 * ssid_len=0), any SSID can be used. For wired interfaces, this must
95 	 * be set to %NULL. Note: SSID may contain any characters, even nul
96 	 * (ASCII 0) and as such, this should not be assumed to be a nul
97 	 * terminated string. ssid_len defines how many characters are valid
98 	 * and the ssid field is not guaranteed to be nul terminated.
99 	 */
100 	u8 *ssid;
101 
102 	/**
103 	 * ssid_len - Length of the SSID
104 	 */
105 	size_t ssid_len;
106 
107 	/**
108 	 * bssid - BSSID
109 	 *
110 	 * If set, this network block is used only when associating with the AP
111 	 * using the configured BSSID
112 	 */
113 	u8 bssid[ETH_ALEN];
114 
115 	/**
116 	 * bssid_set - Whether BSSID is configured for this network
117 	 */
118 	int bssid_set;
119 
120 	/**
121 	 * psk - WPA pre-shared key (256 bits)
122 	 */
123 	u8 psk[32];
124 
125 	/**
126 	 * psk_set - Whether PSK field is configured
127 	 */
128 	int psk_set;
129 
130 	/**
131 	 * passphrase - WPA ASCII passphrase
132 	 *
133 	 * If this is set, psk will be generated using the SSID and passphrase
134 	 * configured for the network. ASCII passphrase must be between 8 and
135 	 * 63 characters (inclusive).
136 	 */
137 	char *passphrase;
138 
139 	/**
140 	 * pairwise_cipher - Bitfield of allowed pairwise ciphers, WPA_CIPHER_*
141 	 */
142 	int pairwise_cipher;
143 
144 	/**
145 	 * group_cipher - Bitfield of allowed group ciphers, WPA_CIPHER_*
146 	 */
147 	int group_cipher;
148 
149 	/**
150 	 * key_mgmt - Bitfield of allowed key management protocols
151 	 *
152 	 * WPA_KEY_MGMT_*
153 	 */
154 	int key_mgmt;
155 
156 	/**
157 	 * proto - Bitfield of allowed protocols, WPA_PROTO_*
158 	 */
159 	int proto;
160 
161 	/**
162 	 * auth_alg -  Bitfield of allowed authentication algorithms
163 	 *
164 	 * WPA_AUTH_ALG_*
165 	 */
166 	int auth_alg;
167 
168 	/**
169 	 * scan_ssid - Scan this SSID with Probe Requests
170 	 *
171 	 * scan_ssid can be used to scan for APs using hidden SSIDs.
172 	 * Note: Many drivers do not support this. ap_mode=2 can be used with
173 	 * such drivers to use hidden SSIDs.
174 	 */
175 	int scan_ssid;
176 
177 #ifdef IEEE8021X_EAPOL
178 #define EAPOL_FLAG_REQUIRE_KEY_UNICAST BIT(0)
179 #define EAPOL_FLAG_REQUIRE_KEY_BROADCAST BIT(1)
180 	/**
181 	 * eapol_flags - Bit field of IEEE 802.1X/EAPOL options (EAPOL_FLAG_*)
182 	 */
183 	int eapol_flags;
184 
185 	/**
186 	 * eap - EAP peer configuration for this network
187 	 */
188 	struct eap_peer_config eap;
189 #endif /* IEEE8021X_EAPOL */
190 
191 #define NUM_WEP_KEYS 4
192 #define MAX_WEP_KEY_LEN 16
193 	/**
194 	 * wep_key - WEP keys
195 	 */
196 	u8 wep_key[NUM_WEP_KEYS][MAX_WEP_KEY_LEN];
197 
198 	/**
199 	 * wep_key_len - WEP key lengths
200 	 */
201 	size_t wep_key_len[NUM_WEP_KEYS];
202 
203 	/**
204 	 * wep_tx_keyidx - Default key index for TX frames using WEP
205 	 */
206 	int wep_tx_keyidx;
207 
208 	/**
209 	 * proactive_key_caching - Enable proactive key caching
210 	 *
211 	 * This field can be used to enable proactive key caching which is also
212 	 * known as opportunistic PMKSA caching for WPA2. This is disabled (0)
213 	 * by default. Enable by setting this to 1.
214 	 *
215 	 * Proactive key caching is used to make supplicant assume that the APs
216 	 * are using the same PMK and generate PMKSA cache entries without
217 	 * doing RSN pre-authentication. This requires support from the AP side
218 	 * and is normally used with wireless switches that co-locate the
219 	 * authenticator.
220 	 */
221 	int proactive_key_caching;
222 
223 	/**
224 	 * mixed_cell - Whether mixed cells are allowed
225 	 *
226 	 * This option can be used to configure whether so called mixed cells,
227 	 * i.e., networks that use both plaintext and encryption in the same
228 	 * SSID, are allowed. This is disabled (0) by default. Enable by
229 	 * setting this to 1.
230 	 */
231 	int mixed_cell;
232 
233 #ifdef IEEE8021X_EAPOL
234 
235 	/**
236 	 * leap - Number of EAP methods using LEAP
237 	 *
238 	 * This field should be set to 1 if LEAP is enabled. This is used to
239 	 * select IEEE 802.11 authentication algorithm.
240 	 */
241 	int leap;
242 
243 	/**
244 	 * non_leap - Number of EAP methods not using LEAP
245 	 *
246 	 * This field should be set to >0 if any EAP method other than LEAP is
247 	 * enabled. This is used to select IEEE 802.11 authentication
248 	 * algorithm.
249 	 */
250 	int non_leap;
251 
252 	/**
253 	 * eap_workaround - EAP workarounds enabled
254 	 *
255 	 * wpa_supplicant supports number of "EAP workarounds" to work around
256 	 * interoperability issues with incorrectly behaving authentication
257 	 * servers. This is recommended to be enabled by default because some
258 	 * of the issues are present in large number of authentication servers.
259 	 *
260 	 * Strict EAP conformance mode can be configured by disabling
261 	 * workarounds with eap_workaround = 0.
262 	 */
263 	unsigned int eap_workaround;
264 
265 #endif /* IEEE8021X_EAPOL */
266 
267 	/**
268 	 * mode - IEEE 802.11 operation mode (Infrastucture/IBSS)
269 	 *
270 	 * 0 = infrastructure (Managed) mode, i.e., associate with an AP.
271 	 *
272 	 * 1 = IBSS (ad-hoc, peer-to-peer)
273 	 *
274 	 * Note: IBSS can only be used with key_mgmt NONE (plaintext and
275 	 * static WEP) and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In
276 	 * addition, ap_scan has to be set to 2 for IBSS. WPA-None requires
277 	 * following network block options: proto=WPA, key_mgmt=WPA-NONE,
278 	 * pairwise=NONE, group=TKIP (or CCMP, but not both), and psk must also
279 	 * be set (either directly or using ASCII passphrase).
280 	 */
281 	int mode;
282 
283 	/**
284 	 * disabled - Whether this network is currently disabled
285 	 *
286 	 * 0 = this network can be used (default).
287 	 * 1 = this network block is disabled (can be enabled through
288 	 * ctrl_iface, e.g., with wpa_cli or wpa_gui).
289 	 */
290 	int disabled;
291 
292 	/**
293 	 * peerkey -  Whether PeerKey handshake for direct links is allowed
294 	 *
295 	 * This is only used when both RSN/WPA2 and IEEE 802.11e (QoS) are
296 	 * enabled.
297 	 *
298 	 * 0 = disabled (default)
299 	 * 1 = enabled
300 	 */
301 	int peerkey;
302 
303 	/**
304 	 * id_str - Network identifier string for external scripts
305 	 *
306 	 * This value is passed to external ctrl_iface monitors in
307 	 * WPA_EVENT_CONNECTED event and wpa_cli sets this as WPA_ID_STR
308 	 * environment variable for action scripts.
309 	 */
310 	char *id_str;
311 
312 #ifdef CONFIG_IEEE80211W
313 	/**
314 	 * ieee80211w - Whether management frame protection is enabled
315 	 *
316 	 * This value is used to configure policy for management frame
317 	 * protection (IEEE 802.11w). 0 = disabled, 1 = optional, 2 = required.
318 	 */
319 	enum {
320 		NO_IEEE80211W = 0,
321 		IEEE80211W_OPTIONAL = 1,
322 		IEEE80211W_REQUIRED = 2
323 	} ieee80211w;
324 #endif /* CONFIG_IEEE80211W */
325 
326 	/**
327 	 * frequency - Channel frequency in megahertz (MHz) for IBSS
328 	 *
329 	 * This value is used to configure the initial channel for IBSS (adhoc)
330 	 * networks, e.g., 2412 = IEEE 802.11b/g channel 1. It is ignored in
331 	 * the infrastructure mode. In addition, this value is only used by the
332 	 * station that creates the IBSS. If an IBSS network with the
333 	 * configured SSID is already present, the frequency of the network
334 	 * will be used instead of this configured value.
335 	 */
336 	int frequency;
337 
338 	/**
339 	 * wpa_ptk_rekey - Maximum lifetime for PTK in seconds
340 	 *
341 	 * This value can be used to enforce rekeying of PTK to mitigate some
342 	 * attacks against TKIP deficiencies.
343 	 */
344 	int wpa_ptk_rekey;
345 };
346 
347 #endif /* CONFIG_SSID_H */
348