Disconnect hostapd from building in base
[dragonfly.git] / contrib / hostapd / src / ap / wpa_auth.h
CommitLineData
a875087d
JL
1/*
2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
4 *
4781064b
JM
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
a875087d
JL
7 */
8
9#ifndef WPA_AUTH_H
10#define WPA_AUTH_H
11
4781064b
JM
12#include "common/defs.h"
13#include "common/eapol_common.h"
14#include "common/wpa_common.h"
a875087d
JL
15
16#ifdef _MSC_VER
17#pragma pack(push, 1)
18#endif /* _MSC_VER */
19
20/* IEEE Std 802.11r-2008, 11A.10.3 - Remote request/response frame definition
21 */
22struct ft_rrb_frame {
23 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
24 u8 packet_type; /* FT_PACKET_REQUEST/FT_PACKET_RESPONSE */
25 le16 action_length; /* little endian length of action_frame */
26 u8 ap_address[ETH_ALEN];
27 /*
28 * Followed by action_length bytes of FT Action frame (from Category
29 * field to the end of Action Frame body.
30 */
31} STRUCT_PACKED;
32
33#define RSN_REMOTE_FRAME_TYPE_FT_RRB 1
34
35#define FT_PACKET_REQUEST 0
36#define FT_PACKET_RESPONSE 1
37/* Vendor-specific types for R0KH-R1KH protocol; not defined in 802.11r */
38#define FT_PACKET_R0KH_R1KH_PULL 200
39#define FT_PACKET_R0KH_R1KH_RESP 201
40#define FT_PACKET_R0KH_R1KH_PUSH 202
41
a875087d
JL
42#define FT_R0KH_R1KH_PULL_DATA_LEN 44
43#define FT_R0KH_R1KH_RESP_DATA_LEN 76
4781064b 44#define FT_R0KH_R1KH_PUSH_DATA_LEN 88
a875087d
JL
45
46struct ft_r0kh_r1kh_pull_frame {
47 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
48 u8 packet_type; /* FT_PACKET_R0KH_R1KH_PULL */
49 le16 data_length; /* little endian length of data (44) */
50 u8 ap_address[ETH_ALEN];
51
52 u8 nonce[16];
53 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
54 u8 r1kh_id[FT_R1KH_ID_LEN];
55 u8 s1kh_id[ETH_ALEN];
56 u8 pad[4]; /* 8-octet boundary for AES key wrap */
57 u8 key_wrap_extra[8];
58} STRUCT_PACKED;
59
60struct ft_r0kh_r1kh_resp_frame {
61 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
62 u8 packet_type; /* FT_PACKET_R0KH_R1KH_RESP */
63 le16 data_length; /* little endian length of data (76) */
64 u8 ap_address[ETH_ALEN];
65
66 u8 nonce[16]; /* copied from pull */
67 u8 r1kh_id[FT_R1KH_ID_LEN]; /* copied from pull */
68 u8 s1kh_id[ETH_ALEN]; /* copied from pull */
69 u8 pmk_r1[PMK_LEN];
70 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
4781064b
JM
71 le16 pairwise;
72 u8 pad[2]; /* 8-octet boundary for AES key wrap */
a875087d
JL
73 u8 key_wrap_extra[8];
74} STRUCT_PACKED;
75
76struct ft_r0kh_r1kh_push_frame {
77 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
78 u8 packet_type; /* FT_PACKET_R0KH_R1KH_PUSH */
4781064b 79 le16 data_length; /* little endian length of data (88) */
a875087d
JL
80 u8 ap_address[ETH_ALEN];
81
82 /* Encrypted with AES key-wrap */
83 u8 timestamp[4]; /* current time in seconds since unix epoch, little
84 * endian */
85 u8 r1kh_id[FT_R1KH_ID_LEN];
86 u8 s1kh_id[ETH_ALEN];
87 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
88 u8 pmk_r1[PMK_LEN];
89 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
4781064b
JM
90 le16 pairwise;
91 u8 pad[6]; /* 8-octet boundary for AES key wrap */
a875087d
JL
92 u8 key_wrap_extra[8];
93} STRUCT_PACKED;
94
95#ifdef _MSC_VER
96#pragma pack(pop)
97#endif /* _MSC_VER */
98
99
100/* per STA state machine data */
101
102struct wpa_authenticator;
103struct wpa_state_machine;
104struct rsn_pmksa_cache_entry;
105struct eapol_state_machine;
106
107
108struct ft_remote_r0kh {
109 struct ft_remote_r0kh *next;
110 u8 addr[ETH_ALEN];
111 u8 id[FT_R0KH_ID_MAX_LEN];
112 size_t id_len;
113 u8 key[16];
114};
115
116
117struct ft_remote_r1kh {
118 struct ft_remote_r1kh *next;
119 u8 addr[ETH_ALEN];
120 u8 id[FT_R1KH_ID_LEN];
121 u8 key[16];
122};
123
124
125struct wpa_auth_config {
126 int wpa;
127 int wpa_key_mgmt;
128 int wpa_pairwise;
129 int wpa_group;
130 int wpa_group_rekey;
131 int wpa_strict_rekey;
132 int wpa_gmk_rekey;
133 int wpa_ptk_rekey;
134 int rsn_pairwise;
135 int rsn_preauth;
136 int eapol_version;
137 int peerkey;
138 int wmm_enabled;
4781064b
JM
139 int wmm_uapsd;
140 int disable_pmksa_caching;
a875087d 141 int okc;
4781064b 142 int tx_status;
a875087d 143#ifdef CONFIG_IEEE80211W
4781064b 144 enum mfp_options ieee80211w;
a875087d
JL
145#endif /* CONFIG_IEEE80211W */
146#ifdef CONFIG_IEEE80211R
147#define SSID_LEN 32
148 u8 ssid[SSID_LEN];
149 size_t ssid_len;
150 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
151 u8 r0_key_holder[FT_R0KH_ID_MAX_LEN];
152 size_t r0_key_holder_len;
153 u8 r1_key_holder[FT_R1KH_ID_LEN];
154 u32 r0_key_lifetime;
155 u32 reassociation_deadline;
156 struct ft_remote_r0kh *r0kh_list;
157 struct ft_remote_r1kh *r1kh_list;
158 int pmk_r1_push;
4781064b 159 int ft_over_ds;
a875087d 160#endif /* CONFIG_IEEE80211R */
4781064b
JM
161 int disable_gtk;
162 int ap_mlme;
163#ifdef CONFIG_TESTING_OPTIONS
164 double corrupt_gtk_rekey_mic_probability;
165#endif /* CONFIG_TESTING_OPTIONS */
166#ifdef CONFIG_P2P
167 u8 ip_addr_go[4];
168 u8 ip_addr_mask[4];
169 u8 ip_addr_start[4];
170 u8 ip_addr_end[4];
171#endif /* CONFIG_P2P */
a875087d
JL
172};
173
174typedef enum {
175 LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING
176} logger_level;
177
178typedef enum {
179 WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized,
180 WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable,
181 WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx
182} wpa_eapol_variable;
183
184struct wpa_auth_callbacks {
185 void *ctx;
186 void (*logger)(void *ctx, const u8 *addr, logger_level level,
187 const char *txt);
188 void (*disconnect)(void *ctx, const u8 *addr, u16 reason);
4781064b 189 int (*mic_failure_report)(void *ctx, const u8 *addr);
a875087d
JL
190 void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var,
191 int value);
192 int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
4781064b
JM
193 const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *p2p_dev_addr,
194 const u8 *prev_psk);
a875087d 195 int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len);
4781064b
JM
196 int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg,
197 const u8 *addr, int idx, u8 *key, size_t key_len);
a875087d 198 int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq);
a875087d
JL
199 int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data,
200 size_t data_len, int encrypt);
201 int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm,
202 void *ctx), void *cb_ctx);
203 int (*for_each_auth)(void *ctx, int (*cb)(struct wpa_authenticator *a,
204 void *ctx), void *cb_ctx);
205 int (*send_ether)(void *ctx, const u8 *dst, u16 proto, const u8 *data,
206 size_t data_len);
207#ifdef CONFIG_IEEE80211R
208 struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr);
209 int (*send_ft_action)(void *ctx, const u8 *dst,
210 const u8 *data, size_t data_len);
4781064b
JM
211 int (*add_tspec)(void *ctx, const u8 *sta_addr, u8 *tspec_ie,
212 size_t tspec_ielen);
a875087d
JL
213#endif /* CONFIG_IEEE80211R */
214};
215
216struct wpa_authenticator * wpa_init(const u8 *addr,
217 struct wpa_auth_config *conf,
218 struct wpa_auth_callbacks *cb);
4781064b 219int wpa_init_keys(struct wpa_authenticator *wpa_auth);
a875087d
JL
220void wpa_deinit(struct wpa_authenticator *wpa_auth);
221int wpa_reconfig(struct wpa_authenticator *wpa_auth,
222 struct wpa_auth_config *conf);
223
224enum {
225 WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE,
226 WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL,
227 WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER,
228 WPA_INVALID_MDIE, WPA_INVALID_PROTO
229};
230
231int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
232 struct wpa_state_machine *sm,
233 const u8 *wpa_ie, size_t wpa_ie_len,
234 const u8 *mdie, size_t mdie_len);
235int wpa_auth_uses_mfp(struct wpa_state_machine *sm);
236struct wpa_state_machine *
4781064b
JM
237wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
238 const u8 *p2p_dev_addr);
239int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
240 struct wpa_state_machine *sm);
a875087d
JL
241void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm);
242void wpa_auth_sta_deinit(struct wpa_state_machine *sm);
243void wpa_receive(struct wpa_authenticator *wpa_auth,
244 struct wpa_state_machine *sm,
245 u8 *data, size_t data_len);
246typedef enum {
247 WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
248 WPA_REAUTH_EAPOL, WPA_ASSOC_FT
249} wpa_event;
250void wpa_remove_ptk(struct wpa_state_machine *sm);
4781064b 251int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event);
a875087d
JL
252void wpa_auth_sm_notify(struct wpa_state_machine *sm);
253void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth);
254int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen);
255int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
256void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
257int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
258int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
259int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
260int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
261int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
262 struct rsn_pmksa_cache_entry *entry);
263struct rsn_pmksa_cache_entry *
264wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm);
265void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm);
266const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth,
267 size_t *len);
268int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
269 int session_timeout, struct eapol_state_machine *eapol);
270int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
271 const u8 *pmk, size_t len, const u8 *sta_addr,
272 int session_timeout,
273 struct eapol_state_machine *eapol);
4781064b
JM
274void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
275 const u8 *sta_addr);
a875087d 276int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
4781064b
JM
277void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
278 struct wpa_state_machine *sm, int ack);
a875087d
JL
279
280#ifdef CONFIG_IEEE80211R
281u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
4781064b
JM
282 size_t max_len, int auth_alg,
283 const u8 *req_ies, size_t req_ies_len);
a875087d
JL
284void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
285 u16 auth_transaction, const u8 *ies, size_t ies_len,
286 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
287 u16 auth_transaction, u16 resp,
288 const u8 *ies, size_t ies_len),
289 void *ctx);
290u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
291 size_t ies_len);
292int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len);
293int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
294 const u8 *data, size_t data_len);
295void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr);
296#endif /* CONFIG_IEEE80211R */
297
4781064b
JM
298void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm);
299void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag);
300int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos);
301int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos);
302
303int wpa_auth_uses_sae(struct wpa_state_machine *sm);
304int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm);
305
306int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr);
307
a875087d 308#endif /* WPA_AUTH_H */