13ff40c12SJohn Marino /* 23ff40c12SJohn Marino * hostapd - IEEE 802.11i-2004 / WPA Authenticator 3*a1157835SDaniel Fojt * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> 43ff40c12SJohn Marino * 53ff40c12SJohn Marino * This software may be distributed under the terms of the BSD license. 63ff40c12SJohn Marino * See README for more details. 73ff40c12SJohn Marino */ 83ff40c12SJohn Marino 93ff40c12SJohn Marino #ifndef WPA_AUTH_H 103ff40c12SJohn Marino #define WPA_AUTH_H 113ff40c12SJohn Marino 123ff40c12SJohn Marino #include "common/defs.h" 133ff40c12SJohn Marino #include "common/eapol_common.h" 143ff40c12SJohn Marino #include "common/wpa_common.h" 15*a1157835SDaniel Fojt #include "common/ieee802_11_defs.h" 16*a1157835SDaniel Fojt 17*a1157835SDaniel Fojt struct vlan_description; 18*a1157835SDaniel Fojt 19*a1157835SDaniel Fojt #define MAX_OWN_IE_OVERRIDE 256 203ff40c12SJohn Marino 213ff40c12SJohn Marino #ifdef _MSC_VER 223ff40c12SJohn Marino #pragma pack(push, 1) 233ff40c12SJohn Marino #endif /* _MSC_VER */ 243ff40c12SJohn Marino 253ff40c12SJohn Marino /* IEEE Std 802.11r-2008, 11A.10.3 - Remote request/response frame definition 263ff40c12SJohn Marino */ 273ff40c12SJohn Marino struct ft_rrb_frame { 283ff40c12SJohn Marino u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */ 293ff40c12SJohn Marino u8 packet_type; /* FT_PACKET_REQUEST/FT_PACKET_RESPONSE */ 303ff40c12SJohn Marino le16 action_length; /* little endian length of action_frame */ 313ff40c12SJohn Marino u8 ap_address[ETH_ALEN]; 323ff40c12SJohn Marino /* 333ff40c12SJohn Marino * Followed by action_length bytes of FT Action frame (from Category 343ff40c12SJohn Marino * field to the end of Action Frame body. 353ff40c12SJohn Marino */ 363ff40c12SJohn Marino } STRUCT_PACKED; 373ff40c12SJohn Marino 383ff40c12SJohn Marino #define RSN_REMOTE_FRAME_TYPE_FT_RRB 1 393ff40c12SJohn Marino 403ff40c12SJohn Marino #define FT_PACKET_REQUEST 0 413ff40c12SJohn Marino #define FT_PACKET_RESPONSE 1 423ff40c12SJohn Marino 43*a1157835SDaniel Fojt /* Vendor-specific types for R0KH-R1KH protocol; not defined in 802.11r. These 44*a1157835SDaniel Fojt * use OUI Extended EtherType as the encapsulating format. */ 45*a1157835SDaniel Fojt #define FT_PACKET_R0KH_R1KH_PULL 0x01 46*a1157835SDaniel Fojt #define FT_PACKET_R0KH_R1KH_RESP 0x02 47*a1157835SDaniel Fojt #define FT_PACKET_R0KH_R1KH_PUSH 0x03 48*a1157835SDaniel Fojt #define FT_PACKET_R0KH_R1KH_SEQ_REQ 0x04 49*a1157835SDaniel Fojt #define FT_PACKET_R0KH_R1KH_SEQ_RESP 0x05 503ff40c12SJohn Marino 51*a1157835SDaniel Fojt /* packet layout 52*a1157835SDaniel Fojt * IEEE 802 extended OUI ethertype frame header 53*a1157835SDaniel Fojt * u16 authlen (little endian) 54*a1157835SDaniel Fojt * multiple of struct ft_rrb_tlv (authenticated only, length = authlen) 55*a1157835SDaniel Fojt * multiple of struct ft_rrb_tlv (AES-SIV encrypted, AES-SIV needs an extra 56*a1157835SDaniel Fojt * blocksize length) 57*a1157835SDaniel Fojt * 58*a1157835SDaniel Fojt * AES-SIV AAD; 59*a1157835SDaniel Fojt * source MAC address (6) 60*a1157835SDaniel Fojt * authenticated-only TLVs (authlen) 61*a1157835SDaniel Fojt * subtype (1; FT_PACKET_*) 62*a1157835SDaniel Fojt */ 633ff40c12SJohn Marino 64*a1157835SDaniel Fojt #define FT_RRB_NONCE_LEN 16 65*a1157835SDaniel Fojt 66*a1157835SDaniel Fojt #define FT_RRB_LAST_EMPTY 0 /* placeholder or padding */ 67*a1157835SDaniel Fojt 68*a1157835SDaniel Fojt #define FT_RRB_SEQ 1 /* struct ft_rrb_seq */ 69*a1157835SDaniel Fojt #define FT_RRB_NONCE 2 /* size FT_RRB_NONCE_LEN */ 70*a1157835SDaniel Fojt #define FT_RRB_TIMESTAMP 3 /* le32 unix seconds */ 71*a1157835SDaniel Fojt 72*a1157835SDaniel Fojt #define FT_RRB_R0KH_ID 4 /* FT_R0KH_ID_MAX_LEN */ 73*a1157835SDaniel Fojt #define FT_RRB_R1KH_ID 5 /* FT_R1KH_ID_LEN */ 74*a1157835SDaniel Fojt #define FT_RRB_S1KH_ID 6 /* ETH_ALEN */ 75*a1157835SDaniel Fojt 76*a1157835SDaniel Fojt #define FT_RRB_PMK_R0_NAME 7 /* WPA_PMK_NAME_LEN */ 77*a1157835SDaniel Fojt #define FT_RRB_PMK_R0 8 /* PMK_LEN */ 78*a1157835SDaniel Fojt #define FT_RRB_PMK_R1_NAME 9 /* WPA_PMK_NAME_LEN */ 79*a1157835SDaniel Fojt #define FT_RRB_PMK_R1 10 /* PMK_LEN */ 80*a1157835SDaniel Fojt 81*a1157835SDaniel Fojt #define FT_RRB_PAIRWISE 11 /* le16 */ 82*a1157835SDaniel Fojt #define FT_RRB_EXPIRES_IN 12 /* le16 seconds */ 83*a1157835SDaniel Fojt 84*a1157835SDaniel Fojt #define FT_RRB_VLAN_UNTAGGED 13 /* le16 */ 85*a1157835SDaniel Fojt #define FT_RRB_VLAN_TAGGED 14 /* n times le16 */ 86*a1157835SDaniel Fojt 87*a1157835SDaniel Fojt #define FT_RRB_IDENTITY 15 88*a1157835SDaniel Fojt #define FT_RRB_RADIUS_CUI 16 89*a1157835SDaniel Fojt #define FT_RRB_SESSION_TIMEOUT 17 /* le32 seconds */ 90*a1157835SDaniel Fojt 91*a1157835SDaniel Fojt struct ft_rrb_tlv { 92*a1157835SDaniel Fojt le16 type; 93*a1157835SDaniel Fojt le16 len; 94*a1157835SDaniel Fojt /* followed by data of length len */ 953ff40c12SJohn Marino } STRUCT_PACKED; 963ff40c12SJohn Marino 97*a1157835SDaniel Fojt struct ft_rrb_seq { 98*a1157835SDaniel Fojt le32 dom; 99*a1157835SDaniel Fojt le32 seq; 100*a1157835SDaniel Fojt le32 ts; 1013ff40c12SJohn Marino } STRUCT_PACKED; 1023ff40c12SJohn Marino 103*a1157835SDaniel Fojt /* session TLVs: 104*a1157835SDaniel Fojt * required: PMK_R1, PMK_R1_NAME, PAIRWISE 105*a1157835SDaniel Fojt * optional: VLAN_UNTAGGED, VLAN_TAGGED, EXPIRES_IN, IDENTITY, RADIUS_CUI, 106*a1157835SDaniel Fojt * SESSION_TIMEOUT 107*a1157835SDaniel Fojt * 108*a1157835SDaniel Fojt * pull frame TLVs: 109*a1157835SDaniel Fojt * auth: 110*a1157835SDaniel Fojt * required: SEQ, NONCE, R0KH_ID, R1KH_ID 111*a1157835SDaniel Fojt * encrypted: 112*a1157835SDaniel Fojt * required: PMK_R0_NAME, S1KH_ID 113*a1157835SDaniel Fojt * 114*a1157835SDaniel Fojt * response frame TLVs: 115*a1157835SDaniel Fojt * auth: 116*a1157835SDaniel Fojt * required: SEQ, NONCE, R0KH_ID, R1KH_ID 117*a1157835SDaniel Fojt * encrypted: 118*a1157835SDaniel Fojt * required: S1KH_ID 119*a1157835SDaniel Fojt * optional: session TLVs 120*a1157835SDaniel Fojt * 121*a1157835SDaniel Fojt * push frame TLVs: 122*a1157835SDaniel Fojt * auth: 123*a1157835SDaniel Fojt * required: SEQ, R0KH_ID, R1KH_ID 124*a1157835SDaniel Fojt * encrypted: 125*a1157835SDaniel Fojt * required: S1KH_ID, PMK_R0_NAME, session TLVs 126*a1157835SDaniel Fojt * 127*a1157835SDaniel Fojt * sequence number request frame TLVs: 128*a1157835SDaniel Fojt * auth: 129*a1157835SDaniel Fojt * required: R0KH_ID, R1KH_ID, NONCE 130*a1157835SDaniel Fojt * 131*a1157835SDaniel Fojt * sequence number response frame TLVs: 132*a1157835SDaniel Fojt * auth: 133*a1157835SDaniel Fojt * required: SEQ, NONCE, R0KH_ID, R1KH_ID 134*a1157835SDaniel Fojt */ 1353ff40c12SJohn Marino 1363ff40c12SJohn Marino #ifdef _MSC_VER 1373ff40c12SJohn Marino #pragma pack(pop) 1383ff40c12SJohn Marino #endif /* _MSC_VER */ 1393ff40c12SJohn Marino 1403ff40c12SJohn Marino 1413ff40c12SJohn Marino /* per STA state machine data */ 1423ff40c12SJohn Marino 1433ff40c12SJohn Marino struct wpa_authenticator; 1443ff40c12SJohn Marino struct wpa_state_machine; 1453ff40c12SJohn Marino struct rsn_pmksa_cache_entry; 1463ff40c12SJohn Marino struct eapol_state_machine; 147*a1157835SDaniel Fojt struct ft_remote_seq; 148*a1157835SDaniel Fojt struct wpa_channel_info; 1493ff40c12SJohn Marino 1503ff40c12SJohn Marino 1513ff40c12SJohn Marino struct ft_remote_r0kh { 1523ff40c12SJohn Marino struct ft_remote_r0kh *next; 1533ff40c12SJohn Marino u8 addr[ETH_ALEN]; 1543ff40c12SJohn Marino u8 id[FT_R0KH_ID_MAX_LEN]; 1553ff40c12SJohn Marino size_t id_len; 156*a1157835SDaniel Fojt u8 key[32]; 157*a1157835SDaniel Fojt struct ft_remote_seq *seq; 1583ff40c12SJohn Marino }; 1593ff40c12SJohn Marino 1603ff40c12SJohn Marino 1613ff40c12SJohn Marino struct ft_remote_r1kh { 1623ff40c12SJohn Marino struct ft_remote_r1kh *next; 1633ff40c12SJohn Marino u8 addr[ETH_ALEN]; 1643ff40c12SJohn Marino u8 id[FT_R1KH_ID_LEN]; 165*a1157835SDaniel Fojt u8 key[32]; 166*a1157835SDaniel Fojt struct ft_remote_seq *seq; 1673ff40c12SJohn Marino }; 1683ff40c12SJohn Marino 1693ff40c12SJohn Marino 1703ff40c12SJohn Marino struct wpa_auth_config { 1713ff40c12SJohn Marino int wpa; 1723ff40c12SJohn Marino int wpa_key_mgmt; 1733ff40c12SJohn Marino int wpa_pairwise; 1743ff40c12SJohn Marino int wpa_group; 1753ff40c12SJohn Marino int wpa_group_rekey; 1763ff40c12SJohn Marino int wpa_strict_rekey; 1773ff40c12SJohn Marino int wpa_gmk_rekey; 1783ff40c12SJohn Marino int wpa_ptk_rekey; 179*a1157835SDaniel Fojt u32 wpa_group_update_count; 180*a1157835SDaniel Fojt u32 wpa_pairwise_update_count; 181*a1157835SDaniel Fojt int wpa_disable_eapol_key_retries; 1823ff40c12SJohn Marino int rsn_pairwise; 1833ff40c12SJohn Marino int rsn_preauth; 1843ff40c12SJohn Marino int eapol_version; 1853ff40c12SJohn Marino int wmm_enabled; 1863ff40c12SJohn Marino int wmm_uapsd; 1873ff40c12SJohn Marino int disable_pmksa_caching; 1883ff40c12SJohn Marino int okc; 1893ff40c12SJohn Marino int tx_status; 1903ff40c12SJohn Marino #ifdef CONFIG_IEEE80211W 1913ff40c12SJohn Marino enum mfp_options ieee80211w; 192*a1157835SDaniel Fojt int group_mgmt_cipher; 193*a1157835SDaniel Fojt int sae_require_mfp; 1943ff40c12SJohn Marino #endif /* CONFIG_IEEE80211W */ 195*a1157835SDaniel Fojt #ifdef CONFIG_OCV 196*a1157835SDaniel Fojt int ocv; /* Operating Channel Validation */ 197*a1157835SDaniel Fojt #endif /* CONFIG_OCV */ 198*a1157835SDaniel Fojt #ifdef CONFIG_IEEE80211R_AP 199*a1157835SDaniel Fojt u8 ssid[SSID_MAX_LEN]; 2003ff40c12SJohn Marino size_t ssid_len; 2013ff40c12SJohn Marino u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; 2023ff40c12SJohn Marino u8 r0_key_holder[FT_R0KH_ID_MAX_LEN]; 2033ff40c12SJohn Marino size_t r0_key_holder_len; 2043ff40c12SJohn Marino u8 r1_key_holder[FT_R1KH_ID_LEN]; 205*a1157835SDaniel Fojt u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */ 206*a1157835SDaniel Fojt int rkh_pos_timeout; 207*a1157835SDaniel Fojt int rkh_neg_timeout; 208*a1157835SDaniel Fojt int rkh_pull_timeout; /* ms */ 209*a1157835SDaniel Fojt int rkh_pull_retries; 210*a1157835SDaniel Fojt int r1_max_key_lifetime; 2113ff40c12SJohn Marino u32 reassociation_deadline; 212*a1157835SDaniel Fojt struct ft_remote_r0kh **r0kh_list; 213*a1157835SDaniel Fojt struct ft_remote_r1kh **r1kh_list; 2143ff40c12SJohn Marino int pmk_r1_push; 2153ff40c12SJohn Marino int ft_over_ds; 216*a1157835SDaniel Fojt int ft_psk_generate_local; 217*a1157835SDaniel Fojt #endif /* CONFIG_IEEE80211R_AP */ 2183ff40c12SJohn Marino int disable_gtk; 2193ff40c12SJohn Marino int ap_mlme; 2203ff40c12SJohn Marino #ifdef CONFIG_TESTING_OPTIONS 2213ff40c12SJohn Marino double corrupt_gtk_rekey_mic_probability; 222*a1157835SDaniel Fojt u8 own_ie_override[MAX_OWN_IE_OVERRIDE]; 223*a1157835SDaniel Fojt size_t own_ie_override_len; 2243ff40c12SJohn Marino #endif /* CONFIG_TESTING_OPTIONS */ 2253ff40c12SJohn Marino #ifdef CONFIG_P2P 2263ff40c12SJohn Marino u8 ip_addr_go[4]; 2273ff40c12SJohn Marino u8 ip_addr_mask[4]; 2283ff40c12SJohn Marino u8 ip_addr_start[4]; 2293ff40c12SJohn Marino u8 ip_addr_end[4]; 2303ff40c12SJohn Marino #endif /* CONFIG_P2P */ 231*a1157835SDaniel Fojt #ifdef CONFIG_FILS 232*a1157835SDaniel Fojt unsigned int fils_cache_id_set:1; 233*a1157835SDaniel Fojt u8 fils_cache_id[FILS_CACHE_ID_LEN]; 234*a1157835SDaniel Fojt #endif /* CONFIG_FILS */ 2353ff40c12SJohn Marino }; 2363ff40c12SJohn Marino 2373ff40c12SJohn Marino typedef enum { 2383ff40c12SJohn Marino LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING 2393ff40c12SJohn Marino } logger_level; 2403ff40c12SJohn Marino 2413ff40c12SJohn Marino typedef enum { 2423ff40c12SJohn Marino WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized, 2433ff40c12SJohn Marino WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable, 2443ff40c12SJohn Marino WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx 2453ff40c12SJohn Marino } wpa_eapol_variable; 2463ff40c12SJohn Marino 2473ff40c12SJohn Marino struct wpa_auth_callbacks { 2483ff40c12SJohn Marino void (*logger)(void *ctx, const u8 *addr, logger_level level, 2493ff40c12SJohn Marino const char *txt); 2503ff40c12SJohn Marino void (*disconnect)(void *ctx, const u8 *addr, u16 reason); 2513ff40c12SJohn Marino int (*mic_failure_report)(void *ctx, const u8 *addr); 252*a1157835SDaniel Fojt void (*psk_failure_report)(void *ctx, const u8 *addr); 2533ff40c12SJohn Marino void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var, 2543ff40c12SJohn Marino int value); 2553ff40c12SJohn Marino int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var); 2563ff40c12SJohn Marino const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *p2p_dev_addr, 257*a1157835SDaniel Fojt const u8 *prev_psk, size_t *psk_len, 258*a1157835SDaniel Fojt int *vlan_id); 2593ff40c12SJohn Marino int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len); 2603ff40c12SJohn Marino int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg, 2613ff40c12SJohn Marino const u8 *addr, int idx, u8 *key, size_t key_len); 2623ff40c12SJohn Marino int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq); 2633ff40c12SJohn Marino int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data, 2643ff40c12SJohn Marino size_t data_len, int encrypt); 2653ff40c12SJohn Marino int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm, 2663ff40c12SJohn Marino void *ctx), void *cb_ctx); 2673ff40c12SJohn Marino int (*for_each_auth)(void *ctx, int (*cb)(struct wpa_authenticator *a, 2683ff40c12SJohn Marino void *ctx), void *cb_ctx); 2693ff40c12SJohn Marino int (*send_ether)(void *ctx, const u8 *dst, u16 proto, const u8 *data, 2703ff40c12SJohn Marino size_t data_len); 271*a1157835SDaniel Fojt int (*send_oui)(void *ctx, const u8 *dst, u8 oui_suffix, const u8 *data, 272*a1157835SDaniel Fojt size_t data_len); 273*a1157835SDaniel Fojt int (*channel_info)(void *ctx, struct wpa_channel_info *ci); 274*a1157835SDaniel Fojt int (*update_vlan)(void *ctx, const u8 *addr, int vlan_id); 275*a1157835SDaniel Fojt int (*get_sta_tx_params)(void *ctx, const u8 *addr, 276*a1157835SDaniel Fojt int ap_max_chanwidth, int ap_seg1_idx, 277*a1157835SDaniel Fojt int *bandwidth, int *seg1_idx); 278*a1157835SDaniel Fojt #ifdef CONFIG_IEEE80211R_AP 2793ff40c12SJohn Marino struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr); 280*a1157835SDaniel Fojt int (*set_vlan)(void *ctx, const u8 *sta_addr, 281*a1157835SDaniel Fojt struct vlan_description *vlan); 282*a1157835SDaniel Fojt int (*get_vlan)(void *ctx, const u8 *sta_addr, 283*a1157835SDaniel Fojt struct vlan_description *vlan); 284*a1157835SDaniel Fojt int (*set_identity)(void *ctx, const u8 *sta_addr, 285*a1157835SDaniel Fojt const u8 *identity, size_t identity_len); 286*a1157835SDaniel Fojt size_t (*get_identity)(void *ctx, const u8 *sta_addr, const u8 **buf); 287*a1157835SDaniel Fojt int (*set_radius_cui)(void *ctx, const u8 *sta_addr, 288*a1157835SDaniel Fojt const u8 *radius_cui, size_t radius_cui_len); 289*a1157835SDaniel Fojt size_t (*get_radius_cui)(void *ctx, const u8 *sta_addr, const u8 **buf); 290*a1157835SDaniel Fojt void (*set_session_timeout)(void *ctx, const u8 *sta_addr, 291*a1157835SDaniel Fojt int session_timeout); 292*a1157835SDaniel Fojt int (*get_session_timeout)(void *ctx, const u8 *sta_addr); 293*a1157835SDaniel Fojt 2943ff40c12SJohn Marino int (*send_ft_action)(void *ctx, const u8 *dst, 2953ff40c12SJohn Marino const u8 *data, size_t data_len); 2963ff40c12SJohn Marino int (*add_tspec)(void *ctx, const u8 *sta_addr, u8 *tspec_ie, 2973ff40c12SJohn Marino size_t tspec_ielen); 298*a1157835SDaniel Fojt #endif /* CONFIG_IEEE80211R_AP */ 299*a1157835SDaniel Fojt #ifdef CONFIG_MESH 300*a1157835SDaniel Fojt int (*start_ampe)(void *ctx, const u8 *sta_addr); 301*a1157835SDaniel Fojt #endif /* CONFIG_MESH */ 3023ff40c12SJohn Marino }; 3033ff40c12SJohn Marino 3043ff40c12SJohn Marino struct wpa_authenticator * wpa_init(const u8 *addr, 3053ff40c12SJohn Marino struct wpa_auth_config *conf, 306*a1157835SDaniel Fojt const struct wpa_auth_callbacks *cb, 307*a1157835SDaniel Fojt void *cb_ctx); 3083ff40c12SJohn Marino int wpa_init_keys(struct wpa_authenticator *wpa_auth); 3093ff40c12SJohn Marino void wpa_deinit(struct wpa_authenticator *wpa_auth); 3103ff40c12SJohn Marino int wpa_reconfig(struct wpa_authenticator *wpa_auth, 3113ff40c12SJohn Marino struct wpa_auth_config *conf); 3123ff40c12SJohn Marino 3133ff40c12SJohn Marino enum { 3143ff40c12SJohn Marino WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE, 3153ff40c12SJohn Marino WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL, 3163ff40c12SJohn Marino WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER, 317*a1157835SDaniel Fojt WPA_INVALID_MDIE, WPA_INVALID_PROTO, WPA_INVALID_PMKID 3183ff40c12SJohn Marino }; 3193ff40c12SJohn Marino 3203ff40c12SJohn Marino int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, 321*a1157835SDaniel Fojt struct wpa_state_machine *sm, int freq, 3223ff40c12SJohn Marino const u8 *wpa_ie, size_t wpa_ie_len, 323*a1157835SDaniel Fojt const u8 *mdie, size_t mdie_len, 324*a1157835SDaniel Fojt const u8 *owe_dh, size_t owe_dh_len); 325*a1157835SDaniel Fojt int wpa_validate_osen(struct wpa_authenticator *wpa_auth, 326*a1157835SDaniel Fojt struct wpa_state_machine *sm, 327*a1157835SDaniel Fojt const u8 *osen_ie, size_t osen_ie_len); 3283ff40c12SJohn Marino int wpa_auth_uses_mfp(struct wpa_state_machine *sm); 329*a1157835SDaniel Fojt void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv); 330*a1157835SDaniel Fojt int wpa_auth_uses_ocv(struct wpa_state_machine *sm); 3313ff40c12SJohn Marino struct wpa_state_machine * 3323ff40c12SJohn Marino wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, 3333ff40c12SJohn Marino const u8 *p2p_dev_addr); 3343ff40c12SJohn Marino int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, 3353ff40c12SJohn Marino struct wpa_state_machine *sm); 3363ff40c12SJohn Marino void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm); 3373ff40c12SJohn Marino void wpa_auth_sta_deinit(struct wpa_state_machine *sm); 3383ff40c12SJohn Marino void wpa_receive(struct wpa_authenticator *wpa_auth, 3393ff40c12SJohn Marino struct wpa_state_machine *sm, 3403ff40c12SJohn Marino u8 *data, size_t data_len); 341*a1157835SDaniel Fojt enum wpa_event { 3423ff40c12SJohn Marino WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, 343*a1157835SDaniel Fojt WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS, WPA_DRV_STA_REMOVED 344*a1157835SDaniel Fojt }; 3453ff40c12SJohn Marino void wpa_remove_ptk(struct wpa_state_machine *sm); 346*a1157835SDaniel Fojt int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); 3473ff40c12SJohn Marino void wpa_auth_sm_notify(struct wpa_state_machine *sm); 3483ff40c12SJohn Marino void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth); 3493ff40c12SJohn Marino int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen); 3503ff40c12SJohn Marino int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen); 3513ff40c12SJohn Marino void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth); 3523ff40c12SJohn Marino int wpa_auth_pairwise_set(struct wpa_state_machine *sm); 3533ff40c12SJohn Marino int wpa_auth_get_pairwise(struct wpa_state_machine *sm); 354*a1157835SDaniel Fojt const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len); 3553ff40c12SJohn Marino int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); 3563ff40c12SJohn Marino int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); 357*a1157835SDaniel Fojt int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); 358*a1157835SDaniel Fojt int wpa_auth_sta_fils_tk_already_set(struct wpa_state_machine *sm); 3593ff40c12SJohn Marino int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 3603ff40c12SJohn Marino struct rsn_pmksa_cache_entry *entry); 3613ff40c12SJohn Marino struct rsn_pmksa_cache_entry * 3623ff40c12SJohn Marino wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm); 3633ff40c12SJohn Marino void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm); 3643ff40c12SJohn Marino const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, 3653ff40c12SJohn Marino size_t *len); 3663ff40c12SJohn Marino int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, 367*a1157835SDaniel Fojt unsigned int pmk_len, 3683ff40c12SJohn Marino int session_timeout, struct eapol_state_machine *eapol); 3693ff40c12SJohn Marino int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, 3703ff40c12SJohn Marino const u8 *pmk, size_t len, const u8 *sta_addr, 3713ff40c12SJohn Marino int session_timeout, 3723ff40c12SJohn Marino struct eapol_state_machine *eapol); 373*a1157835SDaniel Fojt int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr, 374*a1157835SDaniel Fojt const u8 *pmk, const u8 *pmkid); 375*a1157835SDaniel Fojt void wpa_auth_add_sae_pmkid(struct wpa_state_machine *sm, const u8 *pmkid); 376*a1157835SDaniel Fojt int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr, 377*a1157835SDaniel Fojt const u8 *pmk, size_t pmk_len, const u8 *pmkid, 378*a1157835SDaniel Fojt int session_timeout, int akmp); 3793ff40c12SJohn Marino void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, 3803ff40c12SJohn Marino const u8 *sta_addr); 381*a1157835SDaniel Fojt int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf, 382*a1157835SDaniel Fojt size_t len); 383*a1157835SDaniel Fojt void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth); 384*a1157835SDaniel Fojt int wpa_auth_pmksa_list_mesh(struct wpa_authenticator *wpa_auth, const u8 *addr, 385*a1157835SDaniel Fojt char *buf, size_t len); 386*a1157835SDaniel Fojt struct rsn_pmksa_cache_entry * 387*a1157835SDaniel Fojt wpa_auth_pmksa_create_entry(const u8 *aa, const u8 *spa, const u8 *pmk, 388*a1157835SDaniel Fojt const u8 *pmkid, int expiration); 389*a1157835SDaniel Fojt int wpa_auth_pmksa_add_entry(struct wpa_authenticator *wpa_auth, 390*a1157835SDaniel Fojt struct rsn_pmksa_cache_entry *entry); 391*a1157835SDaniel Fojt struct rsn_pmksa_cache_entry * 392*a1157835SDaniel Fojt wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, 393*a1157835SDaniel Fojt const u8 *pmkid); 394*a1157835SDaniel Fojt struct rsn_pmksa_cache_entry * 395*a1157835SDaniel Fojt wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth, 396*a1157835SDaniel Fojt const u8 *sta_addr, const u8 *pmkid); 397*a1157835SDaniel Fojt void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa, 398*a1157835SDaniel Fojt struct wpa_state_machine *sm, 399*a1157835SDaniel Fojt struct wpa_authenticator *wpa_auth, 400*a1157835SDaniel Fojt u8 *pmkid, u8 *pmk); 4013ff40c12SJohn Marino int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id); 4023ff40c12SJohn Marino void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth, 4033ff40c12SJohn Marino struct wpa_state_machine *sm, int ack); 4043ff40c12SJohn Marino 405*a1157835SDaniel Fojt #ifdef CONFIG_IEEE80211R_AP 4063ff40c12SJohn Marino u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, 4073ff40c12SJohn Marino size_t max_len, int auth_alg, 4083ff40c12SJohn Marino const u8 *req_ies, size_t req_ies_len); 4093ff40c12SJohn Marino void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid, 4103ff40c12SJohn Marino u16 auth_transaction, const u8 *ies, size_t ies_len, 4113ff40c12SJohn Marino void (*cb)(void *ctx, const u8 *dst, const u8 *bssid, 4123ff40c12SJohn Marino u16 auth_transaction, u16 resp, 4133ff40c12SJohn Marino const u8 *ies, size_t ies_len), 4143ff40c12SJohn Marino void *ctx); 4153ff40c12SJohn Marino u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, 4163ff40c12SJohn Marino size_t ies_len); 4173ff40c12SJohn Marino int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len); 4183ff40c12SJohn Marino int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 4193ff40c12SJohn Marino const u8 *data, size_t data_len); 420*a1157835SDaniel Fojt void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 421*a1157835SDaniel Fojt const u8 *dst_addr, u8 oui_suffix, const u8 *data, 422*a1157835SDaniel Fojt size_t data_len); 4233ff40c12SJohn Marino void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr); 424*a1157835SDaniel Fojt void wpa_ft_deinit(struct wpa_authenticator *wpa_auth); 425*a1157835SDaniel Fojt void wpa_ft_sta_deinit(struct wpa_state_machine *sm); 426*a1157835SDaniel Fojt #endif /* CONFIG_IEEE80211R_AP */ 4273ff40c12SJohn Marino 4283ff40c12SJohn Marino void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm); 4293ff40c12SJohn Marino void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag); 4303ff40c12SJohn Marino int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos); 4313ff40c12SJohn Marino int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos); 4323ff40c12SJohn Marino 4333ff40c12SJohn Marino int wpa_auth_uses_sae(struct wpa_state_machine *sm); 4343ff40c12SJohn Marino int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm); 4353ff40c12SJohn Marino 4363ff40c12SJohn Marino int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr); 4373ff40c12SJohn Marino 438*a1157835SDaniel Fojt struct radius_das_attrs; 439*a1157835SDaniel Fojt int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth, 440*a1157835SDaniel Fojt struct radius_das_attrs *attr); 441*a1157835SDaniel Fojt void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth); 442*a1157835SDaniel Fojt 443*a1157835SDaniel Fojt int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id); 444*a1157835SDaniel Fojt int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id); 445*a1157835SDaniel Fojt int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk, 446*a1157835SDaniel Fojt size_t pmk_len, const u8 *snonce, const u8 *anonce, 447*a1157835SDaniel Fojt const u8 *dhss, size_t dhss_len, 448*a1157835SDaniel Fojt struct wpabuf *g_sta, struct wpabuf *g_ap); 449*a1157835SDaniel Fojt int fils_decrypt_assoc(struct wpa_state_machine *sm, const u8 *fils_session, 450*a1157835SDaniel Fojt const struct ieee80211_mgmt *mgmt, size_t frame_len, 451*a1157835SDaniel Fojt u8 *pos, size_t left); 452*a1157835SDaniel Fojt int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf, 453*a1157835SDaniel Fojt size_t current_len, size_t max_len, 454*a1157835SDaniel Fojt const struct wpabuf *hlp); 455*a1157835SDaniel Fojt int fils_set_tk(struct wpa_state_machine *sm); 456*a1157835SDaniel Fojt u8 * hostapd_eid_assoc_fils_session(struct wpa_state_machine *sm, u8 *eid, 457*a1157835SDaniel Fojt const u8 *fils_session, 458*a1157835SDaniel Fojt struct wpabuf *fils_hlp_resp); 459*a1157835SDaniel Fojt const u8 * wpa_fils_validate_fils_session(struct wpa_state_machine *sm, 460*a1157835SDaniel Fojt const u8 *ies, size_t ies_len, 461*a1157835SDaniel Fojt const u8 *fils_session); 462*a1157835SDaniel Fojt int wpa_fils_validate_key_confirm(struct wpa_state_machine *sm, const u8 *ies, 463*a1157835SDaniel Fojt size_t ies_len); 464*a1157835SDaniel Fojt 465*a1157835SDaniel Fojt int get_sta_tx_parameters(struct wpa_state_machine *sm, int ap_max_chanwidth, 466*a1157835SDaniel Fojt int ap_seg1_idx, int *bandwidth, int *seg1_idx); 467*a1157835SDaniel Fojt 468*a1157835SDaniel Fojt int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, int use_sha384, 469*a1157835SDaniel Fojt u8 *buf, size_t len); 470*a1157835SDaniel Fojt void wpa_auth_get_fils_aead_params(struct wpa_state_machine *sm, 471*a1157835SDaniel Fojt u8 *fils_anonce, u8 *fils_snonce, 472*a1157835SDaniel Fojt u8 *fils_kek, size_t *fils_kek_len); 473*a1157835SDaniel Fojt void wpa_auth_add_fils_pmk_pmkid(struct wpa_state_machine *sm, const u8 *pmk, 474*a1157835SDaniel Fojt size_t pmk_len, const u8 *pmkid); 475*a1157835SDaniel Fojt u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm, 476*a1157835SDaniel Fojt u8 *pos, size_t max_len, 477*a1157835SDaniel Fojt const u8 *req_ies, size_t req_ies_len); 478*a1157835SDaniel Fojt u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm, 479*a1157835SDaniel Fojt u8 *pos, size_t max_len, 480*a1157835SDaniel Fojt const u8 *req_ies, size_t req_ies_len); 481*a1157835SDaniel Fojt void wpa_auth_set_auth_alg(struct wpa_state_machine *sm, u16 auth_alg); 482*a1157835SDaniel Fojt void wpa_auth_set_dpp_z(struct wpa_state_machine *sm, const struct wpabuf *z); 483*a1157835SDaniel Fojt 484*a1157835SDaniel Fojt int wpa_auth_resend_m1(struct wpa_state_machine *sm, int change_anonce, 485*a1157835SDaniel Fojt void (*cb)(void *ctx1, void *ctx2), 486*a1157835SDaniel Fojt void *ctx1, void *ctx2); 487*a1157835SDaniel Fojt int wpa_auth_resend_m3(struct wpa_state_machine *sm, 488*a1157835SDaniel Fojt void (*cb)(void *ctx1, void *ctx2), 489*a1157835SDaniel Fojt void *ctx1, void *ctx2); 490*a1157835SDaniel Fojt int wpa_auth_resend_group_m1(struct wpa_state_machine *sm, 491*a1157835SDaniel Fojt void (*cb)(void *ctx1, void *ctx2), 492*a1157835SDaniel Fojt void *ctx1, void *ctx2); 493*a1157835SDaniel Fojt int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth); 494*a1157835SDaniel Fojt void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm); 495*a1157835SDaniel Fojt 4963ff40c12SJohn Marino #endif /* WPA_AUTH_H */ 497