2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator: Internal definitions
3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "utils/list.h"
14 /* max(dot11RSNAConfigGroupUpdateCount,dot11RSNAConfigPairwiseUpdateCount) */
15 #define RSNA_MAX_EAPOL_RETRIES 4
19 struct wpa_state_machine {
20 struct wpa_authenticator *wpa_auth;
21 struct wpa_group *group;
24 u8 p2p_dev_addr[ETH_ALEN];
27 WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED,
28 WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2,
29 WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART,
30 WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2,
31 WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE
35 WPA_PTK_GROUP_IDLE = 0,
36 WPA_PTK_GROUP_REKEYNEGOTIATING,
37 WPA_PTK_GROUP_REKEYESTABLISHED,
38 WPA_PTK_GROUP_KEYERROR
39 } wpa_ptk_group_state;
42 Boolean DeauthenticationRequest;
43 Boolean AuthenticationRequest;
44 Boolean ReAuthenticationRequest;
46 u16 disconnect_reason; /* specific reason code to use with Disconnect */
50 Boolean EAPOLKeyReceived;
51 Boolean EAPOLKeyPairwise;
52 Boolean EAPOLKeyRequest;
54 Boolean GUpdateStationKeys;
55 u8 ANonce[WPA_NONCE_LEN];
56 u8 SNonce[WPA_NONCE_LEN];
57 u8 alt_SNonce[WPA_NONCE_LEN];
58 u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN];
61 u8 pmkid[PMKID_LEN]; /* valid if pmkid_set == 1 */
65 Boolean tk_already_set;
68 struct wpa_key_replay_counter {
69 u8 counter[WPA_REPLAY_COUNTER_LEN];
71 } key_replay[RSNA_MAX_EAPOL_RETRIES],
72 prev_key_replay[RSNA_MAX_EAPOL_RETRIES];
73 Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */
74 Boolean PTKRequest; /* not in IEEE 802.11i state machine */
76 Boolean PtkGroupInit; /* init request for PTK Group state machine */
78 u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
79 size_t last_rx_eapol_key_len;
81 unsigned int changed:1;
82 unsigned int in_step_loop:1;
83 unsigned int pending_deinit:1;
84 unsigned int started:1;
85 unsigned int mgmt_frame_prot:1;
86 unsigned int rx_eapol_key_secure:1;
87 unsigned int update_snonce:1;
88 unsigned int alt_snonce_valid:1;
89 #ifdef CONFIG_IEEE80211R_AP
90 unsigned int ft_completed:1;
91 unsigned int pmk_r1_name_valid:1;
92 #endif /* CONFIG_IEEE80211R_AP */
93 unsigned int is_wnmsleep:1;
94 unsigned int pmkid_set:1;
96 u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
97 int req_replay_counter_used;
103 WPA_VERSION_NO_WPA = 0 /* WPA not used */,
104 WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */,
105 WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */
107 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
108 int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */
109 struct rsn_pmksa_cache_entry *pmksa;
111 u32 dot11RSNAStatsTKIPLocalMICFailures;
112 u32 dot11RSNAStatsTKIPRemoteMICFailures;
114 #ifdef CONFIG_IEEE80211R_AP
115 u8 xxkey[PMK_LEN_MAX]; /* PSK or the second 256 bits of MSK, or the
116 * first 384 bits of MSK */
118 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name derived from FT Auth
120 u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; /* R0KH-ID from FT Auth Request */
122 u8 sup_pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name from EAPOL-Key
126 void (*ft_pending_cb)(void *ctx, const u8 *dst, const u8 *bssid,
127 u16 auth_transaction, u16 status,
128 const u8 *ies, size_t ies_len);
129 void *ft_pending_cb_ctx;
130 struct wpabuf *ft_pending_req_ies;
131 u8 ft_pending_pull_nonce[FT_RRB_NONCE_LEN];
132 u8 ft_pending_auth_transaction;
133 u8 ft_pending_current_ap[ETH_ALEN];
134 int ft_pending_pull_left_retries;
135 #endif /* CONFIG_IEEE80211R_AP */
137 int pending_1_of_4_timeout;
141 #endif /* CONFIG_P2P */
144 u8 fils_key_auth_sta[FILS_MAX_KEY_AUTH_LEN];
145 u8 fils_key_auth_ap[FILS_MAX_KEY_AUTH_LEN];
146 size_t fils_key_auth_len;
147 unsigned int fils_completed:1;
148 #endif /* CONFIG_FILS */
150 #ifdef CONFIG_TESTING_OPTIONS
151 void (*eapol_status_cb)(void *ctx1, void *ctx2);
152 void *eapol_status_cb_ctx1;
153 void *eapol_status_cb_ctx2;
154 #endif /* CONFIG_TESTING_OPTIONS */
158 /* per group key state machine data */
160 struct wpa_group *next;
164 int GKeyDoneStations;
168 Boolean GTKAuthenticator;
169 u8 Counter[WPA_NONCE_LEN];
172 WPA_GROUP_GTK_INIT = 0,
173 WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE,
174 WPA_GROUP_FATAL_FAILURE
178 u8 GTK[2][WPA_GTK_MAX_LEN];
179 u8 GNonce[WPA_NONCE_LEN];
181 Boolean first_sta_seen;
182 Boolean reject_4way_hs_for_entropy;
183 #ifdef CONFIG_IEEE80211W
184 u8 IGTK[2][WPA_IGTK_MAX_LEN];
185 int GN_igtk, GM_igtk;
186 #endif /* CONFIG_IEEE80211W */
187 /* Number of references except those in struct wpa_group->next */
188 unsigned int references;
189 unsigned int num_setup_iface;
193 struct wpa_ft_pmk_cache;
195 /* per authenticator data */
196 struct wpa_authenticator {
197 struct wpa_group *group;
199 unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
200 u32 dot11RSNAAuthenticationSuiteSelected;
201 u32 dot11RSNAPairwiseCipherSelected;
202 u32 dot11RSNAGroupCipherSelected;
203 u8 dot11RSNAPMKIDUsed[PMKID_LEN];
204 u32 dot11RSNAAuthenticationSuiteRequested; /* FIX: update */
205 u32 dot11RSNAPairwiseCipherRequested; /* FIX: update */
206 u32 dot11RSNAGroupCipherRequested; /* FIX: update */
207 unsigned int dot11RSNATKIPCounterMeasuresInvoked;
208 unsigned int dot11RSNA4WayHandshakeFailures;
210 struct wpa_auth_config conf;
211 const struct wpa_auth_callbacks *cb;
219 struct rsn_pmksa_cache *pmksa;
220 struct wpa_ft_pmk_cache *ft_pmk_cache;
223 struct bitfield *ip_pool;
224 #endif /* CONFIG_P2P */
228 #ifdef CONFIG_IEEE80211R_AP
230 #define FT_REMOTE_SEQ_BACKLOG 16
231 struct ft_remote_seq_rx {
233 struct os_reltime time_offset; /* local time - offset = remote time */
235 /* accepted sequence numbers: (offset ... offset + 0x40000000]
236 * (except those in last)
237 * dropped sequence numbers: (offset - 0x40000000 ... offset]
238 * all others trigger SEQ_REQ message (except first message)
240 u32 last[FT_REMOTE_SEQ_BACKLOG];
241 unsigned int num_last;
244 struct dl_list queue; /* send nonces + rrb msgs awaiting seq resp */
247 struct ft_remote_seq_tx {
248 u32 dom; /* non zero if initialized */
252 struct ft_remote_seq {
253 struct ft_remote_seq_rx rx;
254 struct ft_remote_seq_tx tx;
257 #endif /* CONFIG_IEEE80211R_AP */
260 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
262 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
263 logger_level level, const char *txt);
264 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
265 logger_level level, const char *fmt, ...);
266 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
267 struct wpa_state_machine *sm, int key_info,
268 const u8 *key_rsc, const u8 *nonce,
269 const u8 *kde, size_t kde_len,
270 int keyidx, int encr, int force_version);
271 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
272 int (*cb)(struct wpa_state_machine *sm, void *ctx),
274 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
275 int (*cb)(struct wpa_authenticator *a, void *ctx),
278 #ifdef CONFIG_IEEE80211R_AP
279 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
280 int wpa_write_ftie(struct wpa_auth_config *conf, int use_sha384,
281 const u8 *r0kh_id, size_t r0kh_id_len,
282 const u8 *anonce, const u8 *snonce,
283 u8 *buf, size_t len, const u8 *subelem,
285 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
286 struct wpa_ptk *ptk);
287 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void);
288 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache);
289 void wpa_ft_install_ptk(struct wpa_state_machine *sm);
290 int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm, const u8 *pmk_r0,
291 const u8 *pmk_r0_name);
292 #endif /* CONFIG_IEEE80211R_AP */
294 #endif /* WPA_AUTH_I_H */