hostapd
wpa_auth_i.h
1 /*
2  * hostapd - IEEE 802.11i-2004 / WPA Authenticator: Internal definitions
3  * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef WPA_AUTH_I_H
10 #define WPA_AUTH_I_H
11 
12 /* max(dot11RSNAConfigGroupUpdateCount,dot11RSNAConfigPairwiseUpdateCount) */
13 #define RSNA_MAX_EAPOL_RETRIES 4
14 
15 struct wpa_group;
16 
17 struct wpa_stsl_negotiation {
18  struct wpa_stsl_negotiation *next;
19  u8 initiator[ETH_ALEN];
20  u8 peer[ETH_ALEN];
21 };
22 
23 
24 struct wpa_state_machine {
25  struct wpa_authenticator *wpa_auth;
26  struct wpa_group *group;
27 
28  u8 addr[ETH_ALEN];
29  u8 p2p_dev_addr[ETH_ALEN];
30 
31  enum {
32  WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED,
33  WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2,
34  WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART,
35  WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2,
36  WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE
37  } wpa_ptk_state;
38 
39  enum {
40  WPA_PTK_GROUP_IDLE = 0,
41  WPA_PTK_GROUP_REKEYNEGOTIATING,
42  WPA_PTK_GROUP_REKEYESTABLISHED,
43  WPA_PTK_GROUP_KEYERROR
44  } wpa_ptk_group_state;
45 
46  Boolean Init;
47  Boolean DeauthenticationRequest;
48  Boolean AuthenticationRequest;
49  Boolean ReAuthenticationRequest;
50  Boolean Disconnect;
51  int TimeoutCtr;
52  int GTimeoutCtr;
53  Boolean TimeoutEvt;
54  Boolean EAPOLKeyReceived;
55  Boolean EAPOLKeyPairwise;
56  Boolean EAPOLKeyRequest;
57  Boolean MICVerified;
58  Boolean GUpdateStationKeys;
59  u8 ANonce[WPA_NONCE_LEN];
60  u8 SNonce[WPA_NONCE_LEN];
61  u8 alt_SNonce[WPA_NONCE_LEN];
62  u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN];
63  u8 PMK[PMK_LEN_MAX];
64  unsigned int pmk_len;
65  struct wpa_ptk PTK;
66  Boolean PTK_valid;
67  Boolean pairwise_set;
68  int keycount;
69  Boolean Pair;
70  struct wpa_key_replay_counter {
71  u8 counter[WPA_REPLAY_COUNTER_LEN];
72  Boolean valid;
73  } key_replay[RSNA_MAX_EAPOL_RETRIES],
74  prev_key_replay[RSNA_MAX_EAPOL_RETRIES];
75  Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */
76  Boolean PTKRequest; /* not in IEEE 802.11i state machine */
77  Boolean has_GTK;
78  Boolean PtkGroupInit; /* init request for PTK Group state machine */
79 
80  u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
81  size_t last_rx_eapol_key_len;
82 
83  unsigned int changed:1;
84  unsigned int in_step_loop:1;
85  unsigned int pending_deinit:1;
86  unsigned int started:1;
87  unsigned int mgmt_frame_prot:1;
88  unsigned int rx_eapol_key_secure:1;
89  unsigned int update_snonce:1;
90  unsigned int alt_snonce_valid:1;
91 #ifdef CONFIG_IEEE80211R_AP
92  unsigned int ft_completed:1;
93  unsigned int pmk_r1_name_valid:1;
94 #endif /* CONFIG_IEEE80211R_AP */
95  unsigned int is_wnmsleep:1;
96 
97  u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
98  int req_replay_counter_used;
99 
100  u8 *wpa_ie;
101  size_t wpa_ie_len;
102 
103  enum {
104  WPA_VERSION_NO_WPA = 0 /* WPA not used */,
105  WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */,
106  WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */
107  } wpa;
108  int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
109  int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */
110  struct rsn_pmksa_cache_entry *pmksa;
111 
112  u32 dot11RSNAStatsTKIPLocalMICFailures;
113  u32 dot11RSNAStatsTKIPRemoteMICFailures;
114 
115 #ifdef CONFIG_IEEE80211R_AP
116  u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
117  size_t xxkey_len;
118  u8 pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name derived from FT Auth
119  * Request */
120  u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; /* R0KH-ID from FT Auth Request */
121  size_t r0kh_id_len;
122  u8 sup_pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name from EAPOL-Key
123  * message 2/4 */
124  u8 *assoc_resp_ftie;
125 
126  void (*ft_pending_cb)(void *ctx, const u8 *dst, const u8 *bssid,
127  u16 auth_transaction, u16 status,
128  const u8 *ies, size_t ies_len);
129  void *ft_pending_cb_ctx;
130  struct wpabuf *ft_pending_req_ies;
131  u8 ft_pending_pull_nonce[FT_R0KH_R1KH_PULL_NONCE_LEN];
132  u8 ft_pending_auth_transaction;
133  u8 ft_pending_current_ap[ETH_ALEN];
134 #endif /* CONFIG_IEEE80211R_AP */
135 
136  int pending_1_of_4_timeout;
137 
138 #ifdef CONFIG_P2P
139  u8 ip_addr[4];
140 #endif /* CONFIG_P2P */
141 
142 #ifdef CONFIG_FILS
143  u8 fils_key_auth_sta[FILS_MAX_KEY_AUTH_LEN];
144  u8 fils_key_auth_ap[FILS_MAX_KEY_AUTH_LEN];
145  size_t fils_key_auth_len;
146  unsigned int fils_completed:1;
147 #endif /* CONFIG_FILS */
148 };
149 
150 
151 /* per group key state machine data */
152 struct wpa_group {
153  struct wpa_group *next;
154  int vlan_id;
155 
156  Boolean GInit;
157  int GKeyDoneStations;
158  Boolean GTKReKey;
159  int GTK_len;
160  int GN, GM;
161  Boolean GTKAuthenticator;
162  u8 Counter[WPA_NONCE_LEN];
163 
164  enum {
165  WPA_GROUP_GTK_INIT = 0,
166  WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE,
167  WPA_GROUP_FATAL_FAILURE
168  } wpa_group_state;
169 
170  u8 GMK[WPA_GMK_LEN];
171  u8 GTK[2][WPA_GTK_MAX_LEN];
172  u8 GNonce[WPA_NONCE_LEN];
173  Boolean changed;
174  Boolean first_sta_seen;
175  Boolean reject_4way_hs_for_entropy;
176 #ifdef CONFIG_IEEE80211W
177  u8 IGTK[2][WPA_IGTK_MAX_LEN];
178  int GN_igtk, GM_igtk;
179 #endif /* CONFIG_IEEE80211W */
180  /* Number of references except those in struct wpa_group->next */
181  unsigned int references;
182  unsigned int num_setup_iface;
183 };
184 
185 
186 struct wpa_ft_pmk_cache;
187 
188 /* per authenticator data */
189 struct wpa_authenticator {
190  struct wpa_group *group;
191 
192  unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
193  u32 dot11RSNAAuthenticationSuiteSelected;
194  u32 dot11RSNAPairwiseCipherSelected;
195  u32 dot11RSNAGroupCipherSelected;
196  u8 dot11RSNAPMKIDUsed[PMKID_LEN];
197  u32 dot11RSNAAuthenticationSuiteRequested; /* FIX: update */
198  u32 dot11RSNAPairwiseCipherRequested; /* FIX: update */
199  u32 dot11RSNAGroupCipherRequested; /* FIX: update */
200  unsigned int dot11RSNATKIPCounterMeasuresInvoked;
201  unsigned int dot11RSNA4WayHandshakeFailures;
202 
203  struct wpa_stsl_negotiation *stsl_negotiations;
204 
205  struct wpa_auth_config conf;
206  struct wpa_auth_callbacks cb;
207 
208  u8 *wpa_ie;
209  size_t wpa_ie_len;
210 
211  u8 addr[ETH_ALEN];
212 
213  struct rsn_pmksa_cache *pmksa;
214  struct wpa_ft_pmk_cache *ft_pmk_cache;
215 
216 #ifdef CONFIG_P2P
217  struct bitfield *ip_pool;
218 #endif /* CONFIG_P2P */
219 };
220 
221 
222 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
223  const u8 *pmkid);
224 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
225  logger_level level, const char *txt);
226 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
227  logger_level level, const char *fmt, ...);
228 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
229  struct wpa_state_machine *sm, int key_info,
230  const u8 *key_rsc, const u8 *nonce,
231  const u8 *kde, size_t kde_len,
232  int keyidx, int encr, int force_version);
233 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
234  int (*cb)(struct wpa_state_machine *sm, void *ctx),
235  void *cb_ctx);
236 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
237  int (*cb)(struct wpa_authenticator *a, void *ctx),
238  void *cb_ctx);
239 
240 #ifdef CONFIG_PEERKEY
241 int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
242  struct wpa_stsl_negotiation *neg);
243 void wpa_smk_error(struct wpa_authenticator *wpa_auth,
244  struct wpa_state_machine *sm,
245  const u8 *key_data, size_t key_data_len);
246 void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
247  struct wpa_state_machine *sm, struct wpa_eapol_key *key,
248  const u8 *key_data, size_t key_data_len);
249 void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
250  struct wpa_state_machine *sm, struct wpa_eapol_key *key,
251  const u8 *key_data, size_t key_data_len);
252 #endif /* CONFIG_PEERKEY */
253 
254 #ifdef CONFIG_IEEE80211R_AP
255 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
256 int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
257  size_t r0kh_id_len,
258  const u8 *anonce, const u8 *snonce,
259  u8 *buf, size_t len, const u8 *subelem,
260  size_t subelem_len);
261 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
262  struct wpa_ptk *ptk);
263 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void);
264 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache);
265 void wpa_ft_install_ptk(struct wpa_state_machine *sm);
266 #endif /* CONFIG_IEEE80211R_AP */
267 
268 #endif /* WPA_AUTH_I_H */
wpa_stsl_negotiation
Definition: wpa_auth_i.h:17
wpa_auth_callbacks
Definition: wpa_auth.h:200
wpa_state_machine
Definition: wpa_auth_i.h:24
wpabuf
Definition: wpabuf.h:20
rsn_pmksa_cache
Definition: pmksa_cache_auth.c:24
wpa_eapol_key
Definition: wpa_common.h:176
wpa_state_machine::wpa_key_replay_counter
Definition: wpa_auth_i.h:70
wpa_ptk
struct wpa_ptk - WPA Pairwise Transient Key IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy ...
Definition: wpa_common.h:201
wpa_authenticator
Definition: wpa_auth_i.h:189
wpa_auth_config
Definition: wpa_auth.h:138
rsn_pmksa_cache_entry
struct rsn_pmksa_cache_entry - PMKSA cache entry
Definition: pmksa_cache_auth.h:17
wpa_group
Definition: wpa_auth_i.h:152
bitfield
Definition: bitfield.c:15
Generated by   doxygen 1.8.12