Import of hostapd 0.5.8

1 files changed, 113 insertions, 123 deletions

diff --git a/contrib/hostapd/wpa.h b/contrib/hostapd/wpa.h
index 62159e7..633b2c5 100644
--- a/contrib/hostapd/wpa.h
+++ b/contrib/hostapd/wpa.h
@@ -1,33 +1,30 @@
+/*
+ * hostapd - IEEE 802.11i-2004 / WPA Authenticator
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
 #ifndef WPA_H
 #define WPA_H
 
-#define WPA_NONCE_LEN 32
+#include "wpa_common.h"
+
 #define WPA_PMK_LEN PMK_LEN
-#define WPA_REPLAY_COUNTER_LEN 8
 #define WPA_GMK_LEN 32
 #define WPA_GTK_MAX_LEN 32
-#define WPA_KEY_RSC_LEN 8
 #define PMKID_LEN 16
 
-struct rsn_pmksa_cache {
-	struct rsn_pmksa_cache *next, *hnext;
-	u8 pmkid[PMKID_LEN];
-	u8 pmk[PMK_LEN];
-	time_t expiration;
-	int akmp; /* WPA_KEY_MGMT_* */
-	u8 spa[ETH_ALEN];
-	u8 *identity;
-	size_t identity_len;
-	struct radius_class_data radius_class;
-};
-
-struct rsn_preauth_interface {
-	struct rsn_preauth_interface *next;
-	struct hostapd_data *hapd;
-	struct l2_packet_data *l2;
-	char *ifname;
-	int ifindex;
-};
+#define WPA_CAPABILITY_PREAUTH BIT(0)
+#define WPA_CAPABILITY_MGMT_FRAME_PROTECTION BIT(6)
+#define WPA_CAPABILITY_PEERKEY_ENABLED BIT(9)
 
 struct wpa_eapol_key {
 	u8 type;
@@ -58,6 +55,7 @@ struct wpa_eapol_key {
 #define WPA_KEY_INFO_ERROR BIT(10)
 #define WPA_KEY_INFO_REQUEST BIT(11)
 #define WPA_KEY_INFO_ENCR_KEY_DATA BIT(12)
+#define WPA_KEY_INFO_SMK_MESSAGE BIT(13)
 
 
 /* per STA state machine data */
@@ -75,122 +73,114 @@ struct wpa_ptk {
 	} u;
 } __attribute__ ((packed));
 
-struct wpa_state_machine {
-	struct hostapd_data *hapd;
-	struct sta_info *sta;
-
+struct wpa_authenticator;
+struct wpa_state_machine;
+struct rsn_pmksa_cache_entry;
+
+
+struct wpa_auth_config {
+	int wpa;
+	int wpa_key_mgmt;
+	int wpa_pairwise;
+	int wpa_group;
+	int wpa_group_rekey;
+	int wpa_strict_rekey;
+	int wpa_gmk_rekey;
+	int rsn_preauth;
+	int eapol_version;
+	int peerkey;
+	int wme_enabled;
+#ifdef CONFIG_IEEE80211W
 	enum {
-		WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED,
-		WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2,
-		WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART,
-		WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2,
-		WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE
-	} wpa_ptk_state;
-
-	enum {
-		WPA_PTK_GROUP_IDLE = 0,
-		WPA_PTK_GROUP_REKEYNEGOTIATING,
-		WPA_PTK_GROUP_REKEYESTABLISHED,
-		WPA_PTK_GROUP_KEYERROR
-	} wpa_ptk_group_state;
-
-	Boolean Init;
-	Boolean DeauthenticationRequest;
-	Boolean AuthenticationRequest;
-	Boolean ReAuthenticationRequest;
-	Boolean Disconnect;
-	int TimeoutCtr;
-	int GTimeoutCtr;
-	Boolean TimeoutEvt;
-	Boolean EAPOLKeyReceived;
-	Boolean EAPOLKeyPairwise;
-	Boolean EAPOLKeyRequest;
-	Boolean MICVerified;
-	Boolean GUpdateStationKeys;
-	u8 ANonce[WPA_NONCE_LEN];
-	u8 SNonce[WPA_NONCE_LEN];
-	u8 PMK[WPA_PMK_LEN];
-	struct wpa_ptk PTK;
-	Boolean PTK_valid;
-	Boolean pairwise_set;
-	int keycount;
-	Boolean Pair;
-	u8 key_replay_counter[WPA_REPLAY_COUNTER_LEN];
-	Boolean key_replay_counter_valid;
-	Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i/D8 */
-	Boolean PTKRequest; /* not in IEEE 802.11i state machine */
-	Boolean has_GTK;
-
-	u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
-	size_t last_rx_eapol_key_len;
-
-	Boolean changed;
+		WPA_NO_IEEE80211W = 0,
+		WPA_IEEE80211W_OPTIONAL = 1,
+		WPA_IEEE80211W_REQUIRED = 2
+	} ieee80211w;
+#endif /* CONFIG_IEEE80211W */
 };
 
-/* per authenticator data */
-struct wpa_authenticator {
-	Boolean GInit;
-	int GNoStations;
-	int GKeyDoneStations;
-	Boolean GTKReKey;
-	int GTK_len;
-	int GN, GM;
-	Boolean GTKAuthenticator;
-	u8 Counter[WPA_NONCE_LEN];
+typedef enum {
+	LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING
+} logger_level;
 
-	enum {
-		WPA_GROUP_GTK_INIT = 0,
-		WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE
-	} wpa_group_state;
-
-	u8 GMK[WPA_GMK_LEN];
-	u8 GTK[2][WPA_GTK_MAX_LEN];
-	u8 GNonce[WPA_NONCE_LEN];
-	Boolean changed;
-
-	unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
-	u8 dot11RSNAAuthenticationSuiteSelected[4];
-	u8 dot11RSNAPairwiseCipherSelected[4];
-	u8 dot11RSNAGroupCipherSelected[4];
-	u8 dot11RSNAPMKIDUsed[PMKID_LEN];
-	u8 dot11RSNAAuthenticationSuiteRequested[4]; /* FIX: update */
-	u8 dot11RSNAPairwiseCipherRequested[4]; /* FIX: update */
-	u8 dot11RSNAGroupCipherRequested[4]; /* FIX: update */
-	unsigned int dot11RSNATKIPCounterMeasuresInvoked;
-	unsigned int dot11RSNA4WayHandshakeFailures;
+typedef enum {
+	WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized,
+	WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable,
+	WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx
+} wpa_eapol_variable;
+
+struct wpa_auth_callbacks {
+	void *ctx;
+	void (*logger)(void *ctx, const u8 *addr, logger_level level,
+		       const char *txt);
+	void (*disconnect)(void *ctx, const u8 *addr, u16 reason);
+	void (*mic_failure_report)(void *ctx, const u8 *addr);
+	void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var,
+			  int value);
+	int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
+	const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *prev_psk);
+	int (*get_pmk)(void *ctx, const u8 *addr, u8 *pmk, size_t *len);
+	int (*set_key)(void *ctx, int vlan_id, const char *alg, const u8 *addr,
+		       int idx, u8 *key, size_t key_len);
+	int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq);
+	int (*get_seqnum_igtk)(void *ctx, const u8 *addr, int idx, u8 *seq);
+	int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data,
+			  size_t data_len, int encrypt);
+	int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm,
+						 void *ctx), void *cb_ctx);
 };
 
-
-int wpa_init(struct hostapd_data *hapd);
-void wpa_deinit(struct hostapd_data *hapd);
+struct wpa_authenticator * wpa_init(const u8 *addr,
+				    struct wpa_auth_config *conf,
+				    struct wpa_auth_callbacks *cb);
+void wpa_deinit(struct wpa_authenticator *wpa_auth);
+int wpa_reconfig(struct wpa_authenticator *wpa_auth,
+		 struct wpa_auth_config *conf);
 
 enum {
 	WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE,
-	WPA_INVALID_AKMP
+	WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL,
+	WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER
 };
 	
-int wpa_validate_wpa_ie(struct hostapd_data *hapd, struct sta_info *sta,
-			const u8 *wpa_ie, size_t wpa_ie_len, int version);
-void wpa_new_station(struct hostapd_data *hapd, struct sta_info *sta);
-void wpa_free_station(struct sta_info *sta);
-void wpa_receive(struct hostapd_data *hapd, struct sta_info *sta,
+int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
+			struct wpa_state_machine *sm,
+			const u8 *wpa_ie, size_t wpa_ie_len);
+struct wpa_state_machine *
+wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr);
+void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
+			     struct wpa_state_machine *sm);
+void wpa_auth_sta_deinit(struct wpa_state_machine *sm);
+void wpa_receive(struct wpa_authenticator *wpa_auth,
+		 struct wpa_state_machine *sm,
 		 u8 *data, size_t data_len);
 typedef enum {
 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
 	WPA_REAUTH_EAPOL
 } wpa_event;
-void wpa_sm_event(struct hostapd_data *hapd, struct sta_info *sta,
-		  wpa_event event);
-void wpa_sm_notify(struct hostapd_data *hapd, struct sta_info *sta);
-void pmksa_cache_add(struct hostapd_data *hapd, struct sta_info *sta, u8 *pmk,
-		     int session_timeout);
-void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta,
-			  int success);
-void rsn_preauth_send(struct hostapd_data *hapd, struct sta_info *sta,
-		      u8 *buf, size_t len);
-void wpa_gtk_rekey(struct hostapd_data *hapd);
-int wpa_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen);
-int wpa_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
-		    char *buf, size_t buflen);
+void wpa_remove_ptk(struct wpa_state_machine *sm);
+void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event);
+void wpa_auth_sm_notify(struct wpa_state_machine *sm);
+void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth);
+int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen);
+int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
+void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
+int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
+int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+			     struct rsn_pmksa_cache_entry *entry);
+struct rsn_pmksa_cache_entry *
+wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm);
+void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm);
+const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth,
+			       size_t *len);
+int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
+		       int session_timeout, struct eapol_state_machine *eapol);
+int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
+			       const u8 *pmk, size_t len, const u8 *sta_addr,
+			       int session_timeout,
+			       struct eapol_state_machine *eapol);
+int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
 
 #endif /* WPA_H */