search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nl80211: Fix a typo
[hostap-gosc2009.git] / src / ap / wpa_auth.h
blob3a88d586ce687b27a5ffc3e01ed2173ead29c6f2
1 /*
2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #ifndef WPA_AUTH_H
16 #define WPA_AUTH_H
17
18 #include "common/defs.h"
19 #include "common/eapol_common.h"
20 #include "common/wpa_common.h"
21
22 #ifdef _MSC_VER
23 #pragma pack(push, 1)
24 #endif /* _MSC_VER */
25
26 /* IEEE Std 802.11r-2008, 11A.10.3 - Remote request/response frame definition
27 */
28 struct ft_rrb_frame {
29 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
30 u8 packet_type; /* FT_PACKET_REQUEST/FT_PACKET_RESPONSE */
31 le16 action_length; /* little endian length of action_frame */
32 u8 ap_address[ETH_ALEN];
33 /*
34 * Followed by action_length bytes of FT Action frame (from Category
35 * field to the end of Action Frame body.
36 */
37 } STRUCT_PACKED;
38
39 #define RSN_REMOTE_FRAME_TYPE_FT_RRB 1
40
41 #define FT_PACKET_REQUEST 0
42 #define FT_PACKET_RESPONSE 1
43 /* Vendor-specific types for R0KH-R1KH protocol; not defined in 802.11r */
44 #define FT_PACKET_R0KH_R1KH_PULL 200
45 #define FT_PACKET_R0KH_R1KH_RESP 201
46 #define FT_PACKET_R0KH_R1KH_PUSH 202
47
48 #define FT_R0KH_R1KH_PULL_DATA_LEN 44
49 #define FT_R0KH_R1KH_RESP_DATA_LEN 76
50 #define FT_R0KH_R1KH_PUSH_DATA_LEN 80
51
52 struct ft_r0kh_r1kh_pull_frame {
53 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
54 u8 packet_type; /* FT_PACKET_R0KH_R1KH_PULL */
55 le16 data_length; /* little endian length of data (44) */
56 u8 ap_address[ETH_ALEN];
57
58 u8 nonce[16];
59 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
60 u8 r1kh_id[FT_R1KH_ID_LEN];
61 u8 s1kh_id[ETH_ALEN];
62 u8 pad[4]; /* 8-octet boundary for AES key wrap */
63 u8 key_wrap_extra[8];
64 } STRUCT_PACKED;
65
66 struct ft_r0kh_r1kh_resp_frame {
67 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
68 u8 packet_type; /* FT_PACKET_R0KH_R1KH_RESP */
69 le16 data_length; /* little endian length of data (76) */
70 u8 ap_address[ETH_ALEN];
71
72 u8 nonce[16]; /* copied from pull */
73 u8 r1kh_id[FT_R1KH_ID_LEN]; /* copied from pull */
74 u8 s1kh_id[ETH_ALEN]; /* copied from pull */
75 u8 pmk_r1[PMK_LEN];
76 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
77 u8 pad[4]; /* 8-octet boundary for AES key wrap */
78 u8 key_wrap_extra[8];
79 } STRUCT_PACKED;
80
81 struct ft_r0kh_r1kh_push_frame {
82 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
83 u8 packet_type; /* FT_PACKET_R0KH_R1KH_PUSH */
84 le16 data_length; /* little endian length of data (80) */
85 u8 ap_address[ETH_ALEN];
86
87 /* Encrypted with AES key-wrap */
88 u8 timestamp[4]; /* current time in seconds since unix epoch, little
89 * endian */
90 u8 r1kh_id[FT_R1KH_ID_LEN];
91 u8 s1kh_id[ETH_ALEN];
92 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
93 u8 pmk_r1[PMK_LEN];
94 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
95 u8 key_wrap_extra[8];
96 } STRUCT_PACKED;
97
98 #ifdef _MSC_VER
99 #pragma pack(pop)
100 #endif /* _MSC_VER */
101
102
103 /* per STA state machine data */
104
105 struct wpa_authenticator;
106 struct wpa_state_machine;
107 struct rsn_pmksa_cache_entry;
108 struct eapol_state_machine;
109
110
111 struct ft_remote_r0kh {
112 struct ft_remote_r0kh *next;
113 u8 addr[ETH_ALEN];
114 u8 id[FT_R0KH_ID_MAX_LEN];
115 size_t id_len;
116 u8 key[16];
117 };
118
119
120 struct ft_remote_r1kh {
121 struct ft_remote_r1kh *next;
122 u8 addr[ETH_ALEN];
123 u8 id[FT_R1KH_ID_LEN];
124 u8 key[16];
125 };
126
127
128 struct wpa_auth_config {
129 int wpa;
130 int wpa_key_mgmt;
131 int wpa_pairwise;
132 int wpa_group;
133 int wpa_group_rekey;
134 int wpa_strict_rekey;
135 int wpa_gmk_rekey;
136 int wpa_ptk_rekey;
137 int rsn_pairwise;
138 int rsn_preauth;
139 int eapol_version;
140 int peerkey;
141 int wmm_enabled;
142 int okc;
143 #ifdef CONFIG_IEEE80211W
144 enum mfp_options ieee80211w;
145 #endif /* CONFIG_IEEE80211W */
146 #ifdef CONFIG_IEEE80211R
147 #define SSID_LEN 32
148 u8 ssid[SSID_LEN];
149 size_t ssid_len;
150 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
151 u8 r0_key_holder[FT_R0KH_ID_MAX_LEN];
152 size_t r0_key_holder_len;
153 u8 r1_key_holder[FT_R1KH_ID_LEN];
154 u32 r0_key_lifetime;
155 u32 reassociation_deadline;
156 struct ft_remote_r0kh *r0kh_list;
157 struct ft_remote_r1kh *r1kh_list;
158 int pmk_r1_push;
159 #endif /* CONFIG_IEEE80211R */
160 };
161
162 typedef enum {
163 LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING
164 } logger_level;
165
166 typedef enum {
167 WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized,
168 WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable,
169 WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx
170 } wpa_eapol_variable;
171
172 struct wpa_auth_callbacks {
173 void *ctx;
174 void (*logger)(void *ctx, const u8 *addr, logger_level level,
175 const char *txt);
176 void (*disconnect)(void *ctx, const u8 *addr, u16 reason);
177 void (*mic_failure_report)(void *ctx, const u8 *addr);
178 void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var,
179 int value);
180 int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
181 const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *prev_psk);
182 int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len);
183 int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg,
184 const u8 *addr, int idx, u8 *key, size_t key_len);
185 int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq);
186 int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data,
187 size_t data_len, int encrypt);
188 int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm,
189 void *ctx), void *cb_ctx);
190 int (*for_each_auth)(void *ctx, int (*cb)(struct wpa_authenticator *a,
191 void *ctx), void *cb_ctx);
192 int (*send_ether)(void *ctx, const u8 *dst, u16 proto, const u8 *data,
193 size_t data_len);
194 #ifdef CONFIG_IEEE80211R
195 struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr);
196 int (*send_ft_action)(void *ctx, const u8 *dst,
197 const u8 *data, size_t data_len);
198 #endif /* CONFIG_IEEE80211R */
199 };
200
201 struct wpa_authenticator * wpa_init(const u8 *addr,
202 struct wpa_auth_config *conf,
203 struct wpa_auth_callbacks *cb);
204 void wpa_deinit(struct wpa_authenticator *wpa_auth);
205 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
206 struct wpa_auth_config *conf);
207
208 enum {
209 WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE,
210 WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL,
211 WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER,
212 WPA_INVALID_MDIE, WPA_INVALID_PROTO
213 };
214
215 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
216 struct wpa_state_machine *sm,
217 const u8 *wpa_ie, size_t wpa_ie_len,
218 const u8 *mdie, size_t mdie_len);
219 int wpa_auth_uses_mfp(struct wpa_state_machine *sm);
220 struct wpa_state_machine *
221 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr);
222 void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
223 struct wpa_state_machine *sm);
224 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm);
225 void wpa_auth_sta_deinit(struct wpa_state_machine *sm);
226 void wpa_receive(struct wpa_authenticator *wpa_auth,
227 struct wpa_state_machine *sm,
228 u8 *data, size_t data_len);
229 typedef enum {
230 WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
231 WPA_REAUTH_EAPOL, WPA_ASSOC_FT
232 } wpa_event;
233 void wpa_remove_ptk(struct wpa_state_machine *sm);
234 void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event);
235 void wpa_auth_sm_notify(struct wpa_state_machine *sm);
236 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth);
237 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen);
238 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
239 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
240 int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
241 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
242 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
243 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
244 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
245 struct rsn_pmksa_cache_entry *entry);
246 struct rsn_pmksa_cache_entry *
247 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm);
248 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm);
249 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth,
250 size_t *len);
251 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
252 int session_timeout, struct eapol_state_machine *eapol);
253 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
254 const u8 *pmk, size_t len, const u8 *sta_addr,
255 int session_timeout,
256 struct eapol_state_machine *eapol);
257 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
258
259 #ifdef CONFIG_IEEE80211R
260 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
261 size_t max_len, int auth_alg,
262 const u8 *req_ies, size_t req_ies_len);
263 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
264 u16 auth_transaction, const u8 *ies, size_t ies_len,
265 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
266 u16 auth_transaction, u16 resp,
267 const u8 *ies, size_t ies_len),
268 void *ctx);
269 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
270 size_t ies_len);
271 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len);
272 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
273 const u8 *data, size_t data_len);
274 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr);
275 #endif /* CONFIG_IEEE80211R */
276
277 #endif /* WPA_AUTH_H */