1 /*
2 * Internal WPA/RSN supplicant state machine definitions
3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #ifndef WPA_I_H
10 #define WPA_I_H
11
12 extern struct wpa_sm gWpaSm;
13 #define DEFAULT_EAPOL_VERSION 1
14
15 struct install_key {
16 int keys_cleared;
17 enum wpa_alg alg;
18 u8 addr[ETH_ALEN];
19 int key_idx;
20 int set_tx;
21 u8 seq[10];
22 u8 key[32];
23 };
24
25 /**
26 * struct wpa_sm - Internal WPA state machine data
27 */
28 struct wpa_sm {
29 u8 pmk[PMK_LEN_MAX];
30 size_t pmk_len;
31 struct wpa_ptk ptk, tptk;
32 int ptk_set, tptk_set;
33 u8 snonce[WPA_NONCE_LEN];
34 u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
35 int renew_snonce;
36 u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
37 int rx_replay_counter_set;
38 u8 request_counter[WPA_REPLAY_COUNTER_LEN];
39 struct wpa_gtk gtk;
40 #ifdef CONFIG_IEEE80211W
41 struct wpa_igtk igtk;
42 #endif /* CONFIG_IEEE80211W */
43
44 struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
45 struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */
46 u8 ssid[32];
47 size_t ssid_len;
48
49 unsigned int pairwise_cipher;
50 unsigned int group_cipher;
51 unsigned int key_mgmt;
52 unsigned int mgmt_group_cipher;
53 void *network_ctx;
54
55 int rsn_enabled; /* Whether RSN is enabled in configuration */
56 enum sae_pwe sae_pwe; /* SAE PWE generation options */
57
58 bool sae_pk; /* whether SAE-PK is used */
59
60 int countermeasures; /*TKIP countermeasures state flag, 1:in countermeasures state*/
61
62 u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */
63 size_t assoc_wpa_ie_len;
64 u8 *assoc_rsnxe; /* Own RSNXE from (Re)AssocReq */
65 size_t assoc_rsnxe_len;
66
67 u8 eapol_version;
68
69 int wpa_ptk_rekey;
70 u8 own_addr[ETH_ALEN];
71
72 u8 bssid[ETH_ALEN];
73
74 unsigned int proto;
75 enum wpa_states wpa_state;
76
77 u8 *ap_wpa_ie, *ap_rsn_ie, *ap_rsnxe;
78 size_t ap_wpa_ie_len, ap_rsn_ie_len, ap_rsnxe_len;
79
80 bool key_install;
81
82 struct install_key install_ptk;
83 struct install_key install_gtk;
84 int mic_errors_seen; /* Michael MIC errors with the current PTK */
85 int use_ext_key_id; /* Enabled only for WPA PSK first key exchange */
86 struct wpa_gtk_data gd; //used for calllback save param
87 u16 key_info; //used for txcallback param
88 u16 txcb_flags;
89 bool ap_notify_completed_rsne;
90 wifi_pmf_config_t pmf_cfg;
91 u8 eapol1_count;
92 struct rsn_sppamsdu_sup spp_sup;
93 #ifdef CONFIG_IEEE80211R
94 u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
95 size_t xxkey_len;
96 u8 pmk_r0[PMK_LEN];
97 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
98 u8 pmk_r1[PMK_LEN];
99 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
100 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
101 u8 r0kh_id[FT_R0KH_ID_MAX_LEN];
102 size_t r0kh_id_len;
103 u8 r1kh_id[FT_R1KH_ID_LEN];
104 unsigned int ft_completed:1;
105 unsigned int ft_reassoc_completed:1;
106 unsigned int ft_protocol:1;
107 int over_the_ds_in_progress;
108 u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
109 int set_ptk_after_assoc;
110 u8 mdie_ft_capab; /* FT Capability and Policy from target AP MDIE */
111 u8 *assoc_resp_ies; /* MDIE and FTIE from (Re)Association Response */
112 size_t assoc_resp_ies_len;
113 #endif /* CONFIG_IEEE80211R */
114 #ifdef CONFIG_OWE_STA
115 struct crypto_ecdh *owe_ecdh;
116 u16 owe_group;
117 struct wpabuf *owe_ie;
118 #endif /* CONFIG_OWE_STA */
119 int (*wpa_sm_wps_disable)(void);
120 esp_err_t (*wpa_sm_eap_disable)(void);
121 };
122
123 /**
124 * set_key - Configure encryption key
125 * @ifname: Interface name (for multi-SSID/VLAN support)
126 * @priv: private driver interface data
127 * @alg: encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
128 * %WPA_ALG_TKIP, %WPA_ALG_CCMP, %WPA_ALG_IGTK, %WPA_ALG_PMK);
129 * %WPA_ALG_NONE clears the key.
130 * @addr: address of the peer STA or ff:ff:ff:ff:ff:ff for
131 * broadcast/default keys
132 * @key_idx: key index (0..3), usually 0 for unicast keys; 0..4095 for
133 * IGTK
134 * @set_tx: configure this key as the default Tx key (only used when
135 * driver does not support separate unicast/individual key
136 * @seq: sequence number/packet number, seq_len octets, the next
137 * packet number to be used for in replay protection; configured
138 * for Rx keys (in most cases, this is only used with broadcast
139 * keys and set to zero for unicast keys)
140 * @seq_len: length of the seq, depends on the algorithm:
141 * TKIP: 6 octets, CCMP: 6 octets, IGTK: 6 octets
142 * @key: key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
143 * 8-byte Rx Mic Key
144 * @key_len: length of the key buffer in octets (WEP: 5 or 13,
145 * TKIP: 32, CCMP: 16, IGTK: 16)
146 *
147 * Returns: 0 on success, -1 on failure
148 *
149 * Configure the given key for the kernel driver. If the driver
150 * supports separate individual keys (4 default keys + 1 individual),
151 * addr can be used to determine whether the key is default or
152 * individual. If only 4 keys are supported, the default key with key
153 * index 0 is used as the individual key. STA must be configured to use
154 * it as the default Tx key (set_tx is set) and accept Rx for all the
155 * key indexes. In most cases, WPA uses only key indexes 1 and 2 for
156 * broadcast keys, so key index 0 is available for this kind of
157 * configuration.
158 *
159 * Please note that TKIP keys include separate TX and RX MIC keys and
160 * some drivers may expect them in different order than wpa_supplicant
161 * is using. If the TX/RX keys are swapped, all TKIP encrypted packets
162 * will tricker Michael MIC errors. This can be fixed by changing the
163 * order of MIC keys by swapping te bytes 16..23 and 24..31 of the key
164 * in driver_*.c set_key() implementation, see driver_ndis.c for an
165 * example on how this can be done.
166 */
167
168
169 int wpa_sm_update_ft_ies(struct wpa_sm *sm, const u8 *md,
170 const u8 *ies, size_t ies_len, bool auth_ie);
171
wpa_sm_send_ft_action(struct wpa_sm * sm,u8 action,const u8 * target_ap,const u8 * ies,size_t ies_len)172 static inline int wpa_sm_send_ft_action(struct wpa_sm *sm, u8 action,
173 const u8 *target_ap,
174 const u8 *ies, size_t ies_len)
175 {
176 return -1;
177 }
178
wpa_sm_mark_authenticated(struct wpa_sm * sm,const u8 * target_ap)179 static inline int wpa_sm_mark_authenticated(struct wpa_sm *sm,
180 const u8 *target_ap)
181 {
182 return 0;
183 }
184
185 void wpa_config_assoc_ie(u8 proto, u8 *assoc_buf, u32 assoc_wpa_ie_len);
186
187 void wpa_install_key(enum wpa_alg alg, u8 *addr, int key_idx, int set_tx,
188 u8 *seq, size_t seq_len, u8 *key, size_t key_len, enum key_flag key_flag);
189
190 int wpa_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx,
191 u8 *key, size_t key_len, enum key_flag key_flag);
192
193 void wpa_deauthenticate(u8 reason_code);
194
195 void wpa_neg_complete(void);
196
197
198 bool wpa_sm_init(void);
199
200 void wpa_sm_deinit(void);
201
202 void eapol_txcb(uint8_t *eapol_payload, size_t len, bool tx_failure);
203
204 void wpa_set_profile(u32 wpa_proto, u8 auth_mode);
205
206 int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, char *passphrase, u8 *ssid, size_t ssid_len);
207
208 int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len);
209
210 int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
211 const struct wpa_eapol_key *key, struct wpa_ptk *ptk);
212 #endif /* WPA_I_H */
213
