2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "common/defs.h"
13 #include "common/eapol_common.h"
14 #include "common/wpa_common.h"
20 /* IEEE Std 802.11r-2008, 11A.10.3 - Remote request/response frame definition
23 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
24 u8 packet_type; /* FT_PACKET_REQUEST/FT_PACKET_RESPONSE */
25 le16 action_length; /* little endian length of action_frame */
26 u8 ap_address[ETH_ALEN];
28 * Followed by action_length bytes of FT Action frame (from Category
29 * field to the end of Action Frame body.
33 #define RSN_REMOTE_FRAME_TYPE_FT_RRB 1
35 #define FT_PACKET_REQUEST 0
36 #define FT_PACKET_RESPONSE 1
37 /* Vendor-specific types for R0KH-R1KH protocol; not defined in 802.11r */
38 #define FT_PACKET_R0KH_R1KH_PULL 200
39 #define FT_PACKET_R0KH_R1KH_RESP 201
40 #define FT_PACKET_R0KH_R1KH_PUSH 202
42 #define FT_R0KH_R1KH_PULL_DATA_LEN 44
43 #define FT_R0KH_R1KH_RESP_DATA_LEN 76
44 #define FT_R0KH_R1KH_PUSH_DATA_LEN 88
45 #define FT_R0KH_R1KH_PULL_NONCE_LEN 16
47 struct ft_r0kh_r1kh_pull_frame {
48 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
49 u8 packet_type; /* FT_PACKET_R0KH_R1KH_PULL */
50 le16 data_length; /* little endian length of data (44) */
51 u8 ap_address[ETH_ALEN];
53 u8 nonce[FT_R0KH_R1KH_PULL_NONCE_LEN];
54 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
55 u8 r1kh_id[FT_R1KH_ID_LEN];
57 u8 pad[4]; /* 8-octet boundary for AES key wrap */
61 struct ft_r0kh_r1kh_resp_frame {
62 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
63 u8 packet_type; /* FT_PACKET_R0KH_R1KH_RESP */
64 le16 data_length; /* little endian length of data (76) */
65 u8 ap_address[ETH_ALEN];
67 u8 nonce[FT_R0KH_R1KH_PULL_NONCE_LEN]; /* copied from pull */
68 u8 r1kh_id[FT_R1KH_ID_LEN]; /* copied from pull */
69 u8 s1kh_id[ETH_ALEN]; /* copied from pull */
71 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
73 u8 pad[2]; /* 8-octet boundary for AES key wrap */
77 struct ft_r0kh_r1kh_push_frame {
78 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
79 u8 packet_type; /* FT_PACKET_R0KH_R1KH_PUSH */
80 le16 data_length; /* little endian length of data (88) */
81 u8 ap_address[ETH_ALEN];
83 /* Encrypted with AES key-wrap */
84 u8 timestamp[4]; /* current time in seconds since unix epoch, little
86 u8 r1kh_id[FT_R1KH_ID_LEN];
88 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
90 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
92 u8 pad[6]; /* 8-octet boundary for AES key wrap */
101 /* per STA state machine data */
103 struct wpa_authenticator;
104 struct wpa_state_machine;
105 struct rsn_pmksa_cache_entry;
106 struct eapol_state_machine;
109 struct ft_remote_r0kh {
110 struct ft_remote_r0kh *next;
112 u8 id[FT_R0KH_ID_MAX_LEN];
118 struct ft_remote_r1kh {
119 struct ft_remote_r1kh *next;
121 u8 id[FT_R1KH_ID_LEN];
126 struct wpa_auth_config {
132 int wpa_strict_rekey;
141 int disable_pmksa_caching;
144 #ifdef CONFIG_IEEE80211W
145 enum mfp_options ieee80211w;
146 int group_mgmt_cipher;
147 #endif /* CONFIG_IEEE80211W */
148 #ifdef CONFIG_IEEE80211R
152 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
153 u8 r0_key_holder[FT_R0KH_ID_MAX_LEN];
154 size_t r0_key_holder_len;
155 u8 r1_key_holder[FT_R1KH_ID_LEN];
157 u32 reassociation_deadline;
158 struct ft_remote_r0kh *r0kh_list;
159 struct ft_remote_r1kh *r1kh_list;
162 #endif /* CONFIG_IEEE80211R */
165 #ifdef CONFIG_TESTING_OPTIONS
166 double corrupt_gtk_rekey_mic_probability;
167 #endif /* CONFIG_TESTING_OPTIONS */
173 #endif /* CONFIG_P2P */
177 LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING
181 WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized,
182 WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable,
183 WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx
184 } wpa_eapol_variable;
186 struct wpa_auth_callbacks {
188 void (*logger)(void *ctx, const u8 *addr, logger_level level,
190 void (*disconnect)(void *ctx, const u8 *addr, u16 reason);
191 int (*mic_failure_report)(void *ctx, const u8 *addr);
192 void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var,
194 int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
195 const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *p2p_dev_addr,
197 int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len);
198 int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg,
199 const u8 *addr, int idx, u8 *key, size_t key_len);
200 int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq);
201 int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data,
202 size_t data_len, int encrypt);
203 int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm,
204 void *ctx), void *cb_ctx);
205 int (*for_each_auth)(void *ctx, int (*cb)(struct wpa_authenticator *a,
206 void *ctx), void *cb_ctx);
207 int (*send_ether)(void *ctx, const u8 *dst, u16 proto, const u8 *data,
209 #ifdef CONFIG_IEEE80211R
210 struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr);
211 int (*send_ft_action)(void *ctx, const u8 *dst,
212 const u8 *data, size_t data_len);
213 int (*add_tspec)(void *ctx, const u8 *sta_addr, u8 *tspec_ie,
215 #endif /* CONFIG_IEEE80211R */
217 int (*start_ampe)(void *ctx, const u8 *sta_addr);
218 #endif /* CONFIG_MESH */
221 struct wpa_authenticator * wpa_init(const u8 *addr,
222 struct wpa_auth_config *conf,
223 struct wpa_auth_callbacks *cb);
224 int wpa_init_keys(struct wpa_authenticator *wpa_auth);
225 void wpa_deinit(struct wpa_authenticator *wpa_auth);
226 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
227 struct wpa_auth_config *conf);
230 WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE,
231 WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL,
232 WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER,
233 WPA_INVALID_MDIE, WPA_INVALID_PROTO
236 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
237 struct wpa_state_machine *sm,
238 const u8 *wpa_ie, size_t wpa_ie_len,
239 const u8 *mdie, size_t mdie_len);
240 int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
241 struct wpa_state_machine *sm,
242 const u8 *osen_ie, size_t osen_ie_len);
243 int wpa_auth_uses_mfp(struct wpa_state_machine *sm);
244 struct wpa_state_machine *
245 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
246 const u8 *p2p_dev_addr);
247 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
248 struct wpa_state_machine *sm);
249 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm);
250 void wpa_auth_sta_deinit(struct wpa_state_machine *sm);
251 void wpa_receive(struct wpa_authenticator *wpa_auth,
252 struct wpa_state_machine *sm,
253 u8 *data, size_t data_len);
255 WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
256 WPA_REAUTH_EAPOL, WPA_ASSOC_FT
258 void wpa_remove_ptk(struct wpa_state_machine *sm);
259 int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event);
260 void wpa_auth_sm_notify(struct wpa_state_machine *sm);
261 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth);
262 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen);
263 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
264 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
265 int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
266 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
267 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
268 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
269 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
270 struct rsn_pmksa_cache_entry *entry);
271 struct rsn_pmksa_cache_entry *
272 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm);
273 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm);
274 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth,
276 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
277 int session_timeout, struct eapol_state_machine *eapol);
278 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
279 const u8 *pmk, size_t len, const u8 *sta_addr,
281 struct eapol_state_machine *eapol);
282 int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
284 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
286 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
287 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
288 struct wpa_state_machine *sm, int ack);
290 #ifdef CONFIG_IEEE80211R
291 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
292 size_t max_len, int auth_alg,
293 const u8 *req_ies, size_t req_ies_len);
294 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
295 u16 auth_transaction, const u8 *ies, size_t ies_len,
296 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
297 u16 auth_transaction, u16 resp,
298 const u8 *ies, size_t ies_len),
300 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
302 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len);
303 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
304 const u8 *data, size_t data_len);
305 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr);
306 #endif /* CONFIG_IEEE80211R */
308 void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm);
309 void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag);
310 int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos);
311 int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos);
313 int wpa_auth_uses_sae(struct wpa_state_machine *sm);
314 int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm);
316 int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr);
318 struct radius_das_attrs;
319 int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
320 struct radius_das_attrs *attr);
321 void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth);
323 #endif /* WPA_AUTH_H */