$search
00001 /* 00002 * hostapd - IEEE 802.11i-2004 / WPA Authenticator 00003 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> 00004 * 00005 * This program is free software; you can redistribute it and/or modify 00006 * it under the terms of the GNU General Public License version 2 as 00007 * published by the Free Software Foundation. 00008 * 00009 * Alternatively, this software may be distributed under the terms of BSD 00010 * license. 00011 * 00012 * See README and COPYING for more details. 00013 */ 00014 00015 #ifndef WPA_AUTH_H 00016 #define WPA_AUTH_H 00017 00018 #include "common/defs.h" 00019 #include "common/eapol_common.h" 00020 #include "common/wpa_common.h" 00021 00022 #ifdef _MSC_VER 00023 #pragma pack(push, 1) 00024 #endif /* _MSC_VER */ 00025 00026 /* IEEE Std 802.11r-2008, 11A.10.3 - Remote request/response frame definition 00027 */ 00028 struct ft_rrb_frame { 00029 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */ 00030 u8 packet_type; /* FT_PACKET_REQUEST/FT_PACKET_RESPONSE */ 00031 le16 action_length; /* little endian length of action_frame */ 00032 u8 ap_address[ETH_ALEN]; 00033 /* 00034 * Followed by action_length bytes of FT Action frame (from Category 00035 * field to the end of Action Frame body. 00036 */ 00037 } STRUCT_PACKED; 00038 00039 #define RSN_REMOTE_FRAME_TYPE_FT_RRB 1 00040 00041 #define FT_PACKET_REQUEST 0 00042 #define FT_PACKET_RESPONSE 1 00043 /* Vendor-specific types for R0KH-R1KH protocol; not defined in 802.11r */ 00044 #define FT_PACKET_R0KH_R1KH_PULL 200 00045 #define FT_PACKET_R0KH_R1KH_RESP 201 00046 #define FT_PACKET_R0KH_R1KH_PUSH 202 00047 00048 #define FT_R0KH_R1KH_PULL_DATA_LEN 44 00049 #define FT_R0KH_R1KH_RESP_DATA_LEN 76 00050 #define FT_R0KH_R1KH_PUSH_DATA_LEN 88 00051 00052 struct ft_r0kh_r1kh_pull_frame { 00053 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */ 00054 u8 packet_type; /* FT_PACKET_R0KH_R1KH_PULL */ 00055 le16 data_length; /* little endian length of data (44) */ 00056 u8 ap_address[ETH_ALEN]; 00057 00058 u8 nonce[16]; 00059 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 00060 u8 r1kh_id[FT_R1KH_ID_LEN]; 00061 u8 s1kh_id[ETH_ALEN]; 00062 u8 pad[4]; /* 8-octet boundary for AES key wrap */ 00063 u8 key_wrap_extra[8]; 00064 } STRUCT_PACKED; 00065 00066 struct ft_r0kh_r1kh_resp_frame { 00067 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */ 00068 u8 packet_type; /* FT_PACKET_R0KH_R1KH_RESP */ 00069 le16 data_length; /* little endian length of data (76) */ 00070 u8 ap_address[ETH_ALEN]; 00071 00072 u8 nonce[16]; /* copied from pull */ 00073 u8 r1kh_id[FT_R1KH_ID_LEN]; /* copied from pull */ 00074 u8 s1kh_id[ETH_ALEN]; /* copied from pull */ 00075 u8 pmk_r1[PMK_LEN]; 00076 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 00077 le16 pairwise; 00078 u8 pad[2]; /* 8-octet boundary for AES key wrap */ 00079 u8 key_wrap_extra[8]; 00080 } STRUCT_PACKED; 00081 00082 struct ft_r0kh_r1kh_push_frame { 00083 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */ 00084 u8 packet_type; /* FT_PACKET_R0KH_R1KH_PUSH */ 00085 le16 data_length; /* little endian length of data (88) */ 00086 u8 ap_address[ETH_ALEN]; 00087 00088 /* Encrypted with AES key-wrap */ 00089 u8 timestamp[4]; /* current time in seconds since unix epoch, little 00090 * endian */ 00091 u8 r1kh_id[FT_R1KH_ID_LEN]; 00092 u8 s1kh_id[ETH_ALEN]; 00093 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 00094 u8 pmk_r1[PMK_LEN]; 00095 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 00096 le16 pairwise; 00097 u8 pad[6]; /* 8-octet boundary for AES key wrap */ 00098 u8 key_wrap_extra[8]; 00099 } STRUCT_PACKED; 00100 00101 #ifdef _MSC_VER 00102 #pragma pack(pop) 00103 #endif /* _MSC_VER */ 00104 00105 00106 /* per STA state machine data */ 00107 00108 struct wpa_authenticator; 00109 struct wpa_state_machine; 00110 struct rsn_pmksa_cache_entry; 00111 struct eapol_state_machine; 00112 00113 00114 struct ft_remote_r0kh { 00115 struct ft_remote_r0kh *next; 00116 u8 addr[ETH_ALEN]; 00117 u8 id[FT_R0KH_ID_MAX_LEN]; 00118 size_t id_len; 00119 u8 key[16]; 00120 }; 00121 00122 00123 struct ft_remote_r1kh { 00124 struct ft_remote_r1kh *next; 00125 u8 addr[ETH_ALEN]; 00126 u8 id[FT_R1KH_ID_LEN]; 00127 u8 key[16]; 00128 }; 00129 00130 00131 struct wpa_auth_config { 00132 int wpa; 00133 int wpa_key_mgmt; 00134 int wpa_pairwise; 00135 int wpa_group; 00136 int wpa_group_rekey; 00137 int wpa_strict_rekey; 00138 int wpa_gmk_rekey; 00139 int wpa_ptk_rekey; 00140 int rsn_pairwise; 00141 int rsn_preauth; 00142 int eapol_version; 00143 int peerkey; 00144 int wmm_enabled; 00145 int wmm_uapsd; 00146 int okc; 00147 #ifdef CONFIG_IEEE80211W 00148 enum mfp_options ieee80211w; 00149 #endif /* CONFIG_IEEE80211W */ 00150 #ifdef CONFIG_IEEE80211R 00151 #define SSID_LEN 32 00152 u8 ssid[SSID_LEN]; 00153 size_t ssid_len; 00154 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; 00155 u8 r0_key_holder[FT_R0KH_ID_MAX_LEN]; 00156 size_t r0_key_holder_len; 00157 u8 r1_key_holder[FT_R1KH_ID_LEN]; 00158 u32 r0_key_lifetime; 00159 u32 reassociation_deadline; 00160 struct ft_remote_r0kh *r0kh_list; 00161 struct ft_remote_r1kh *r1kh_list; 00162 int pmk_r1_push; 00163 #endif /* CONFIG_IEEE80211R */ 00164 }; 00165 00166 typedef enum { 00167 LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING 00168 } logger_level; 00169 00170 typedef enum { 00171 WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized, 00172 WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable, 00173 WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx 00174 } wpa_eapol_variable; 00175 00176 struct wpa_auth_callbacks { 00177 void *ctx; 00178 void (*logger)(void *ctx, const u8 *addr, logger_level level, 00179 const char *txt); 00180 void (*disconnect)(void *ctx, const u8 *addr, u16 reason); 00181 void (*mic_failure_report)(void *ctx, const u8 *addr); 00182 void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var, 00183 int value); 00184 int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var); 00185 const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *prev_psk); 00186 int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len); 00187 int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg, 00188 const u8 *addr, int idx, u8 *key, size_t key_len); 00189 int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq); 00190 int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data, 00191 size_t data_len, int encrypt); 00192 int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm, 00193 void *ctx), void *cb_ctx); 00194 int (*for_each_auth)(void *ctx, int (*cb)(struct wpa_authenticator *a, 00195 void *ctx), void *cb_ctx); 00196 int (*send_ether)(void *ctx, const u8 *dst, u16 proto, const u8 *data, 00197 size_t data_len); 00198 #ifdef CONFIG_IEEE80211R 00199 struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr); 00200 int (*send_ft_action)(void *ctx, const u8 *dst, 00201 const u8 *data, size_t data_len); 00202 #endif /* CONFIG_IEEE80211R */ 00203 }; 00204 00205 struct wpa_authenticator * wpa_init(const u8 *addr, 00206 struct wpa_auth_config *conf, 00207 struct wpa_auth_callbacks *cb); 00208 void wpa_deinit(struct wpa_authenticator *wpa_auth); 00209 int wpa_reconfig(struct wpa_authenticator *wpa_auth, 00210 struct wpa_auth_config *conf); 00211 00212 enum { 00213 WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE, 00214 WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL, 00215 WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER, 00216 WPA_INVALID_MDIE, WPA_INVALID_PROTO 00217 }; 00218 00219 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, 00220 struct wpa_state_machine *sm, 00221 const u8 *wpa_ie, size_t wpa_ie_len, 00222 const u8 *mdie, size_t mdie_len); 00223 int wpa_auth_uses_mfp(struct wpa_state_machine *sm); 00224 struct wpa_state_machine * 00225 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr); 00226 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, 00227 struct wpa_state_machine *sm); 00228 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm); 00229 void wpa_auth_sta_deinit(struct wpa_state_machine *sm); 00230 void wpa_receive(struct wpa_authenticator *wpa_auth, 00231 struct wpa_state_machine *sm, 00232 u8 *data, size_t data_len); 00233 typedef enum { 00234 WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, 00235 WPA_REAUTH_EAPOL, WPA_ASSOC_FT 00236 } wpa_event; 00237 void wpa_remove_ptk(struct wpa_state_machine *sm); 00238 int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event); 00239 void wpa_auth_sm_notify(struct wpa_state_machine *sm); 00240 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth); 00241 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen); 00242 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen); 00243 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth); 00244 int wpa_auth_pairwise_set(struct wpa_state_machine *sm); 00245 int wpa_auth_get_pairwise(struct wpa_state_machine *sm); 00246 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); 00247 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); 00248 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 00249 struct rsn_pmksa_cache_entry *entry); 00250 struct rsn_pmksa_cache_entry * 00251 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm); 00252 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm); 00253 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, 00254 size_t *len); 00255 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, 00256 int session_timeout, struct eapol_state_machine *eapol); 00257 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, 00258 const u8 *pmk, size_t len, const u8 *sta_addr, 00259 int session_timeout, 00260 struct eapol_state_machine *eapol); 00261 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id); 00262 00263 #ifdef CONFIG_IEEE80211R 00264 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, 00265 size_t max_len, int auth_alg, 00266 const u8 *req_ies, size_t req_ies_len); 00267 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid, 00268 u16 auth_transaction, const u8 *ies, size_t ies_len, 00269 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid, 00270 u16 auth_transaction, u16 resp, 00271 const u8 *ies, size_t ies_len), 00272 void *ctx); 00273 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, 00274 size_t ies_len); 00275 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len); 00276 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 00277 const u8 *data, size_t data_len); 00278 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr); 00279 #endif /* CONFIG_IEEE80211R */ 00280 00281 #endif /* WPA_AUTH_H */