1 /*
2 * Internal WPA/RSN supplicant state machine definitions
3 * Copyright (c) 2004-2010, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #ifndef WPA_I_H
10 #define WPA_I_H
11
12 #include "utils/list.h"
13
14 struct wpa_peerkey;
15 struct wpa_tdls_peer;
16 struct wpa_eapol_key;
17
18 /**
19 * struct wpa_sm - Internal WPA state machine data
20 */
21 struct wpa_sm {
22 u8 pmk[PMK_LEN];
23 size_t pmk_len;
24 struct wpa_ptk ptk, tptk;
25 int ptk_set, tptk_set;
26 u8 snonce[WPA_NONCE_LEN];
27 u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
28 int renew_snonce;
29 u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
30 int rx_replay_counter_set;
31 u8 request_counter[WPA_REPLAY_COUNTER_LEN];
32
33 struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
34
35 struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
36 struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */
37 struct dl_list pmksa_candidates;
38
39 struct l2_packet_data *l2_preauth;
40 struct l2_packet_data *l2_preauth_br;
41 struct l2_packet_data *l2_tdls;
42 u8 preauth_bssid[ETH_ALEN]; /* current RSN pre-auth peer or
43 * 00:00:00:00:00:00 if no pre-auth is
44 * in progress */
45 struct eapol_sm *preauth_eapol;
46
47 struct wpa_sm_ctx *ctx;
48
49 void *scard_ctx; /* context for smartcard callbacks */
50 int fast_reauth; /* whether EAP fast re-authentication is enabled */
51
52 void *network_ctx;
53 int peerkey_enabled;
54 int allowed_pairwise_cipher; /* bitfield of WPA_CIPHER_* */
55 int proactive_key_caching;
56 int eap_workaround;
57 void *eap_conf_ctx;
58 u8 ssid[32];
59 size_t ssid_len;
60 int wpa_ptk_rekey;
61
62 u8 own_addr[ETH_ALEN];
63 const char *ifname;
64 const char *bridge_ifname;
65 u8 bssid[ETH_ALEN];
66
67 unsigned int dot11RSNAConfigPMKLifetime;
68 unsigned int dot11RSNAConfigPMKReauthThreshold;
69 unsigned int dot11RSNAConfigSATimeout;
70
71 unsigned int dot11RSNA4WayHandshakeFailures;
72
73 /* Selected configuration (based on Beacon/ProbeResp WPA IE) */
74 unsigned int proto;
75 unsigned int pairwise_cipher;
76 unsigned int group_cipher;
77 unsigned int key_mgmt;
78 unsigned int mgmt_group_cipher;
79
80 int rsn_enabled; /* Whether RSN is enabled in configuration */
81 int mfp; /* 0 = disabled, 1 = optional, 2 = mandatory */
82
83 u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */
84 size_t assoc_wpa_ie_len;
85 u8 *ap_wpa_ie, *ap_rsn_ie;
86 size_t ap_wpa_ie_len, ap_rsn_ie_len;
87
88 #ifdef CONFIG_PEERKEY
89 struct wpa_peerkey *peerkey;
90 #endif /* CONFIG_PEERKEY */
91 #ifdef CONFIG_TDLS
92 struct wpa_tdls_peer *tdls;
93 int tdls_prohibited;
94 int tdls_disabled;
95
96 /* The driver supports TDLS */
97 int tdls_supported;
98
99 /*
100 * The driver requires explicit discovery/setup/teardown frames sent
101 * to it via tdls_mgmt.
102 */
103 int tdls_external_setup;
104 #endif /* CONFIG_TDLS */
105
106 #ifdef CONFIG_IEEE80211R
107 u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
108 size_t xxkey_len;
109 u8 pmk_r0[PMK_LEN];
110 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
111 u8 pmk_r1[PMK_LEN];
112 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
113 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
114 u8 r0kh_id[FT_R0KH_ID_MAX_LEN];
115 size_t r0kh_id_len;
116 u8 r1kh_id[FT_R1KH_ID_LEN];
117 int ft_completed;
118 int over_the_ds_in_progress;
119 u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
120 int set_ptk_after_assoc;
121 u8 mdie_ft_capab; /* FT Capability and Policy from target AP MDIE */
122 u8 *assoc_resp_ies; /* MDIE and FTIE from (Re)Association Response */
123 size_t assoc_resp_ies_len;
124 #endif /* CONFIG_IEEE80211R */
125 };
126
127
wpa_sm_set_state(struct wpa_sm * sm,enum wpa_states state)128 static inline void wpa_sm_set_state(struct wpa_sm *sm, enum wpa_states state)
129 {
130 WPA_ASSERT(sm->ctx->set_state);
131 sm->ctx->set_state(sm->ctx->ctx, state);
132 }
133
wpa_sm_get_state(struct wpa_sm * sm)134 static inline enum wpa_states wpa_sm_get_state(struct wpa_sm *sm)
135 {
136 WPA_ASSERT(sm->ctx->get_state);
137 return sm->ctx->get_state(sm->ctx->ctx);
138 }
139
wpa_sm_deauthenticate(struct wpa_sm * sm,int reason_code)140 static inline void wpa_sm_deauthenticate(struct wpa_sm *sm, int reason_code)
141 {
142 WPA_ASSERT(sm->ctx->deauthenticate);
143 sm->ctx->deauthenticate(sm->ctx->ctx, reason_code);
144 }
145
wpa_sm_set_key(struct wpa_sm * sm,enum wpa_alg alg,const u8 * addr,int key_idx,int set_tx,const u8 * seq,size_t seq_len,const u8 * key,size_t key_len)146 static inline int wpa_sm_set_key(struct wpa_sm *sm, enum wpa_alg alg,
147 const u8 *addr, int key_idx, int set_tx,
148 const u8 *seq, size_t seq_len,
149 const u8 *key, size_t key_len)
150 {
151 WPA_ASSERT(sm->ctx->set_key);
152 return sm->ctx->set_key(sm->ctx->ctx, alg, addr, key_idx, set_tx,
153 seq, seq_len, key, key_len);
154 }
155
wpa_sm_get_network_ctx(struct wpa_sm * sm)156 static inline void * wpa_sm_get_network_ctx(struct wpa_sm *sm)
157 {
158 WPA_ASSERT(sm->ctx->get_network_ctx);
159 return sm->ctx->get_network_ctx(sm->ctx->ctx);
160 }
161
wpa_sm_get_bssid(struct wpa_sm * sm,u8 * bssid)162 static inline int wpa_sm_get_bssid(struct wpa_sm *sm, u8 *bssid)
163 {
164 WPA_ASSERT(sm->ctx->get_bssid);
165 return sm->ctx->get_bssid(sm->ctx->ctx, bssid);
166 }
167
wpa_sm_ether_send(struct wpa_sm * sm,const u8 * dest,u16 proto,const u8 * buf,size_t len)168 static inline int wpa_sm_ether_send(struct wpa_sm *sm, const u8 *dest,
169 u16 proto, const u8 *buf, size_t len)
170 {
171 WPA_ASSERT(sm->ctx->ether_send);
172 return sm->ctx->ether_send(sm->ctx->ctx, dest, proto, buf, len);
173 }
174
wpa_sm_get_beacon_ie(struct wpa_sm * sm)175 static inline int wpa_sm_get_beacon_ie(struct wpa_sm *sm)
176 {
177 WPA_ASSERT(sm->ctx->get_beacon_ie);
178 return sm->ctx->get_beacon_ie(sm->ctx->ctx);
179 }
180
wpa_sm_cancel_auth_timeout(struct wpa_sm * sm)181 static inline void wpa_sm_cancel_auth_timeout(struct wpa_sm *sm)
182 {
183 WPA_ASSERT(sm->ctx->cancel_auth_timeout);
184 sm->ctx->cancel_auth_timeout(sm->ctx->ctx);
185 }
186
wpa_sm_alloc_eapol(struct wpa_sm * sm,u8 type,const void * data,u16 data_len,size_t * msg_len,void ** data_pos)187 static inline u8 * wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type,
188 const void *data, u16 data_len,
189 size_t *msg_len, void **data_pos)
190 {
191 WPA_ASSERT(sm->ctx->alloc_eapol);
192 return sm->ctx->alloc_eapol(sm->ctx->ctx, type, data, data_len,
193 msg_len, data_pos);
194 }
195
wpa_sm_add_pmkid(struct wpa_sm * sm,const u8 * bssid,const u8 * pmkid)196 static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, const u8 *bssid,
197 const u8 *pmkid)
198 {
199 WPA_ASSERT(sm->ctx->add_pmkid);
200 return sm->ctx->add_pmkid(sm->ctx->ctx, bssid, pmkid);
201 }
202
wpa_sm_remove_pmkid(struct wpa_sm * sm,const u8 * bssid,const u8 * pmkid)203 static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, const u8 *bssid,
204 const u8 *pmkid)
205 {
206 WPA_ASSERT(sm->ctx->remove_pmkid);
207 return sm->ctx->remove_pmkid(sm->ctx->ctx, bssid, pmkid);
208 }
209
wpa_sm_mlme_setprotection(struct wpa_sm * sm,const u8 * addr,int protect_type,int key_type)210 static inline int wpa_sm_mlme_setprotection(struct wpa_sm *sm, const u8 *addr,
211 int protect_type, int key_type)
212 {
213 WPA_ASSERT(sm->ctx->mlme_setprotection);
214 return sm->ctx->mlme_setprotection(sm->ctx->ctx, addr, protect_type,
215 key_type);
216 }
217
wpa_sm_update_ft_ies(struct wpa_sm * sm,const u8 * md,const u8 * ies,size_t ies_len)218 static inline int wpa_sm_update_ft_ies(struct wpa_sm *sm, const u8 *md,
219 const u8 *ies, size_t ies_len)
220 {
221 if (sm->ctx->update_ft_ies)
222 return sm->ctx->update_ft_ies(sm->ctx->ctx, md, ies, ies_len);
223 return -1;
224 }
225
wpa_sm_send_ft_action(struct wpa_sm * sm,u8 action,const u8 * target_ap,const u8 * ies,size_t ies_len)226 static inline int wpa_sm_send_ft_action(struct wpa_sm *sm, u8 action,
227 const u8 *target_ap,
228 const u8 *ies, size_t ies_len)
229 {
230 if (sm->ctx->send_ft_action)
231 return sm->ctx->send_ft_action(sm->ctx->ctx, action, target_ap,
232 ies, ies_len);
233 return -1;
234 }
235
wpa_sm_mark_authenticated(struct wpa_sm * sm,const u8 * target_ap)236 static inline int wpa_sm_mark_authenticated(struct wpa_sm *sm,
237 const u8 *target_ap)
238 {
239 if (sm->ctx->mark_authenticated)
240 return sm->ctx->mark_authenticated(sm->ctx->ctx, target_ap);
241 return -1;
242 }
243
wpa_sm_set_rekey_offload(struct wpa_sm * sm)244 static inline void wpa_sm_set_rekey_offload(struct wpa_sm *sm)
245 {
246 if (!sm->ctx->set_rekey_offload)
247 return;
248 sm->ctx->set_rekey_offload(sm->ctx->ctx, sm->ptk.kek,
249 sm->ptk.kck, sm->rx_replay_counter);
250 }
251
252 #ifdef CONFIG_TDLS
wpa_sm_tdls_get_capa(struct wpa_sm * sm,int * tdls_supported,int * tdls_ext_setup)253 static inline int wpa_sm_tdls_get_capa(struct wpa_sm *sm,
254 int *tdls_supported,
255 int *tdls_ext_setup)
256 {
257 if (sm->ctx->tdls_get_capa)
258 return sm->ctx->tdls_get_capa(sm->ctx->ctx, tdls_supported,
259 tdls_ext_setup);
260 return -1;
261 }
262
wpa_sm_send_tdls_mgmt(struct wpa_sm * sm,const u8 * dst,u8 action_code,u8 dialog_token,u16 status_code,const u8 * buf,size_t len)263 static inline int wpa_sm_send_tdls_mgmt(struct wpa_sm *sm, const u8 *dst,
264 u8 action_code, u8 dialog_token,
265 u16 status_code, const u8 *buf,
266 size_t len)
267 {
268 if (sm->ctx->send_tdls_mgmt)
269 return sm->ctx->send_tdls_mgmt(sm->ctx->ctx, dst, action_code,
270 dialog_token, status_code,
271 buf, len);
272 return -1;
273 }
274
wpa_sm_tdls_oper(struct wpa_sm * sm,int oper,const u8 * peer)275 static inline int wpa_sm_tdls_oper(struct wpa_sm *sm, int oper,
276 const u8 *peer)
277 {
278 if (sm->ctx->tdls_oper)
279 return sm->ctx->tdls_oper(sm->ctx->ctx, oper, peer);
280 return -1;
281 }
282
283 static inline int
wpa_sm_tdls_peer_addset(struct wpa_sm * sm,const u8 * addr,int add,u16 aid,u16 capability,const u8 * supp_rates,size_t supp_rates_len,const struct ieee80211_ht_capabilities * ht_capab,const struct ieee80211_vht_capabilities * vht_capab,u8 qosinfo,const u8 * ext_capab,size_t ext_capab_len)284 wpa_sm_tdls_peer_addset(struct wpa_sm *sm, const u8 *addr, int add,
285 u16 aid, u16 capability, const u8 *supp_rates,
286 size_t supp_rates_len,
287 const struct ieee80211_ht_capabilities *ht_capab,
288 const struct ieee80211_vht_capabilities *vht_capab,
289 u8 qosinfo, const u8 *ext_capab, size_t ext_capab_len)
290 {
291 if (sm->ctx->tdls_peer_addset)
292 return sm->ctx->tdls_peer_addset(sm->ctx->ctx, addr, add,
293 aid, capability, supp_rates,
294 supp_rates_len, ht_capab,
295 vht_capab, qosinfo,
296 ext_capab, ext_capab_len);
297 return -1;
298 }
299 #endif /* CONFIG_TDLS */
300
301 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
302 int ver, const u8 *dest, u16 proto,
303 u8 *msg, size_t msg_len, u8 *key_mic);
304 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
305 const struct wpa_eapol_key *key,
306 int ver, const u8 *nonce,
307 const u8 *wpa_ie, size_t wpa_ie_len,
308 struct wpa_ptk *ptk);
309 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
310 const struct wpa_eapol_key *key,
311 u16 ver, u16 key_info,
312 const u8 *kde, size_t kde_len,
313 struct wpa_ptk *ptk);
314
315 int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
316 const struct wpa_eapol_key *key,
317 struct wpa_ptk *ptk, size_t ptk_len);
318
319 void wpa_tdls_assoc(struct wpa_sm *sm);
320 void wpa_tdls_disassoc(struct wpa_sm *sm);
321
322 #endif /* WPA_I_H */
323