summaryrefslogtreecommitdiffstats
path: root/contrib/hostapd/wpa.h
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/hostapd/wpa.h')
-rw-r--r--contrib/hostapd/wpa.h236
1 files changed, 113 insertions, 123 deletions
diff --git a/contrib/hostapd/wpa.h b/contrib/hostapd/wpa.h
index 62159e7..633b2c5 100644
--- a/contrib/hostapd/wpa.h
+++ b/contrib/hostapd/wpa.h
@@ -1,33 +1,30 @@
+/*
+ * hostapd - IEEE 802.11i-2004 / WPA Authenticator
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
#ifndef WPA_H
#define WPA_H
-#define WPA_NONCE_LEN 32
+#include "wpa_common.h"
+
#define WPA_PMK_LEN PMK_LEN
-#define WPA_REPLAY_COUNTER_LEN 8
#define WPA_GMK_LEN 32
#define WPA_GTK_MAX_LEN 32
-#define WPA_KEY_RSC_LEN 8
#define PMKID_LEN 16
-struct rsn_pmksa_cache {
- struct rsn_pmksa_cache *next, *hnext;
- u8 pmkid[PMKID_LEN];
- u8 pmk[PMK_LEN];
- time_t expiration;
- int akmp; /* WPA_KEY_MGMT_* */
- u8 spa[ETH_ALEN];
- u8 *identity;
- size_t identity_len;
- struct radius_class_data radius_class;
-};
-
-struct rsn_preauth_interface {
- struct rsn_preauth_interface *next;
- struct hostapd_data *hapd;
- struct l2_packet_data *l2;
- char *ifname;
- int ifindex;
-};
+#define WPA_CAPABILITY_PREAUTH BIT(0)
+#define WPA_CAPABILITY_MGMT_FRAME_PROTECTION BIT(6)
+#define WPA_CAPABILITY_PEERKEY_ENABLED BIT(9)
struct wpa_eapol_key {
u8 type;
@@ -58,6 +55,7 @@ struct wpa_eapol_key {
#define WPA_KEY_INFO_ERROR BIT(10)
#define WPA_KEY_INFO_REQUEST BIT(11)
#define WPA_KEY_INFO_ENCR_KEY_DATA BIT(12)
+#define WPA_KEY_INFO_SMK_MESSAGE BIT(13)
/* per STA state machine data */
@@ -75,122 +73,114 @@ struct wpa_ptk {
} u;
} __attribute__ ((packed));
-struct wpa_state_machine {
- struct hostapd_data *hapd;
- struct sta_info *sta;
-
+struct wpa_authenticator;
+struct wpa_state_machine;
+struct rsn_pmksa_cache_entry;
+
+
+struct wpa_auth_config {
+ int wpa;
+ int wpa_key_mgmt;
+ int wpa_pairwise;
+ int wpa_group;
+ int wpa_group_rekey;
+ int wpa_strict_rekey;
+ int wpa_gmk_rekey;
+ int rsn_preauth;
+ int eapol_version;
+ int peerkey;
+ int wme_enabled;
+#ifdef CONFIG_IEEE80211W
enum {
- WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED,
- WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2,
- WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART,
- WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2,
- WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE
- } wpa_ptk_state;
-
- enum {
- WPA_PTK_GROUP_IDLE = 0,
- WPA_PTK_GROUP_REKEYNEGOTIATING,
- WPA_PTK_GROUP_REKEYESTABLISHED,
- WPA_PTK_GROUP_KEYERROR
- } wpa_ptk_group_state;
-
- Boolean Init;
- Boolean DeauthenticationRequest;
- Boolean AuthenticationRequest;
- Boolean ReAuthenticationRequest;
- Boolean Disconnect;
- int TimeoutCtr;
- int GTimeoutCtr;
- Boolean TimeoutEvt;
- Boolean EAPOLKeyReceived;
- Boolean EAPOLKeyPairwise;
- Boolean EAPOLKeyRequest;
- Boolean MICVerified;
- Boolean GUpdateStationKeys;
- u8 ANonce[WPA_NONCE_LEN];
- u8 SNonce[WPA_NONCE_LEN];
- u8 PMK[WPA_PMK_LEN];
- struct wpa_ptk PTK;
- Boolean PTK_valid;
- Boolean pairwise_set;
- int keycount;
- Boolean Pair;
- u8 key_replay_counter[WPA_REPLAY_COUNTER_LEN];
- Boolean key_replay_counter_valid;
- Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i/D8 */
- Boolean PTKRequest; /* not in IEEE 802.11i state machine */
- Boolean has_GTK;
-
- u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
- size_t last_rx_eapol_key_len;
-
- Boolean changed;
+ WPA_NO_IEEE80211W = 0,
+ WPA_IEEE80211W_OPTIONAL = 1,
+ WPA_IEEE80211W_REQUIRED = 2
+ } ieee80211w;
+#endif /* CONFIG_IEEE80211W */
};
-/* per authenticator data */
-struct wpa_authenticator {
- Boolean GInit;
- int GNoStations;
- int GKeyDoneStations;
- Boolean GTKReKey;
- int GTK_len;
- int GN, GM;
- Boolean GTKAuthenticator;
- u8 Counter[WPA_NONCE_LEN];
+typedef enum {
+ LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING
+} logger_level;
- enum {
- WPA_GROUP_GTK_INIT = 0,
- WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE
- } wpa_group_state;
-
- u8 GMK[WPA_GMK_LEN];
- u8 GTK[2][WPA_GTK_MAX_LEN];
- u8 GNonce[WPA_NONCE_LEN];
- Boolean changed;
-
- unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
- u8 dot11RSNAAuthenticationSuiteSelected[4];
- u8 dot11RSNAPairwiseCipherSelected[4];
- u8 dot11RSNAGroupCipherSelected[4];
- u8 dot11RSNAPMKIDUsed[PMKID_LEN];
- u8 dot11RSNAAuthenticationSuiteRequested[4]; /* FIX: update */
- u8 dot11RSNAPairwiseCipherRequested[4]; /* FIX: update */
- u8 dot11RSNAGroupCipherRequested[4]; /* FIX: update */
- unsigned int dot11RSNATKIPCounterMeasuresInvoked;
- unsigned int dot11RSNA4WayHandshakeFailures;
+typedef enum {
+ WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized,
+ WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable,
+ WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx
+} wpa_eapol_variable;
+
+struct wpa_auth_callbacks {
+ void *ctx;
+ void (*logger)(void *ctx, const u8 *addr, logger_level level,
+ const char *txt);
+ void (*disconnect)(void *ctx, const u8 *addr, u16 reason);
+ void (*mic_failure_report)(void *ctx, const u8 *addr);
+ void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var,
+ int value);
+ int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
+ const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *prev_psk);
+ int (*get_pmk)(void *ctx, const u8 *addr, u8 *pmk, size_t *len);
+ int (*set_key)(void *ctx, int vlan_id, const char *alg, const u8 *addr,
+ int idx, u8 *key, size_t key_len);
+ int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq);
+ int (*get_seqnum_igtk)(void *ctx, const u8 *addr, int idx, u8 *seq);
+ int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data,
+ size_t data_len, int encrypt);
+ int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm,
+ void *ctx), void *cb_ctx);
};
-
-int wpa_init(struct hostapd_data *hapd);
-void wpa_deinit(struct hostapd_data *hapd);
+struct wpa_authenticator * wpa_init(const u8 *addr,
+ struct wpa_auth_config *conf,
+ struct wpa_auth_callbacks *cb);
+void wpa_deinit(struct wpa_authenticator *wpa_auth);
+int wpa_reconfig(struct wpa_authenticator *wpa_auth,
+ struct wpa_auth_config *conf);
enum {
WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE,
- WPA_INVALID_AKMP
+ WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL,
+ WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER
};
-int wpa_validate_wpa_ie(struct hostapd_data *hapd, struct sta_info *sta,
- const u8 *wpa_ie, size_t wpa_ie_len, int version);
-void wpa_new_station(struct hostapd_data *hapd, struct sta_info *sta);
-void wpa_free_station(struct sta_info *sta);
-void wpa_receive(struct hostapd_data *hapd, struct sta_info *sta,
+int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
+ struct wpa_state_machine *sm,
+ const u8 *wpa_ie, size_t wpa_ie_len);
+struct wpa_state_machine *
+wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr);
+void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
+ struct wpa_state_machine *sm);
+void wpa_auth_sta_deinit(struct wpa_state_machine *sm);
+void wpa_receive(struct wpa_authenticator *wpa_auth,
+ struct wpa_state_machine *sm,
u8 *data, size_t data_len);
typedef enum {
WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
WPA_REAUTH_EAPOL
} wpa_event;
-void wpa_sm_event(struct hostapd_data *hapd, struct sta_info *sta,
- wpa_event event);
-void wpa_sm_notify(struct hostapd_data *hapd, struct sta_info *sta);
-void pmksa_cache_add(struct hostapd_data *hapd, struct sta_info *sta, u8 *pmk,
- int session_timeout);
-void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta,
- int success);
-void rsn_preauth_send(struct hostapd_data *hapd, struct sta_info *sta,
- u8 *buf, size_t len);
-void wpa_gtk_rekey(struct hostapd_data *hapd);
-int wpa_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen);
-int wpa_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
- char *buf, size_t buflen);
+void wpa_remove_ptk(struct wpa_state_machine *sm);
+void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event);
+void wpa_auth_sm_notify(struct wpa_state_machine *sm);
+void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth);
+int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen);
+int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
+void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
+int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
+int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry);
+struct rsn_pmksa_cache_entry *
+wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm);
+void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm);
+const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth,
+ size_t *len);
+int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
+ int session_timeout, struct eapol_state_machine *eapol);
+int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
+ const u8 *pmk, size_t len, const u8 *sta_addr,
+ int session_timeout,
+ struct eapol_state_machine *eapol);
+int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
#endif /* WPA_H */
OpenPOWER on IntegriCloud