1 /* 2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator 3 * Copyright (c) 2004-2022, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef WPA_AUTH_H 10 #define WPA_AUTH_H 11 12 #include "common/defs.h" 13 #include "common/eapol_common.h" 14 #include "common/wpa_common.h" 15 #include "common/ieee802_11_defs.h" 16 17 struct vlan_description; 18 struct mld_info; 19 20 #define MAX_OWN_IE_OVERRIDE 256 21 22 #ifdef _MSC_VER 23 #pragma pack(push, 1) 24 #endif /* _MSC_VER */ 25 26 /* IEEE Std 802.11r-2008, 11A.10.3 - Remote request/response frame definition 27 */ 28 struct ft_rrb_frame { 29 u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */ 30 u8 packet_type; /* FT_PACKET_REQUEST/FT_PACKET_RESPONSE */ 31 le16 action_length; /* little endian length of action_frame */ 32 u8 ap_address[ETH_ALEN]; 33 /* 34 * Followed by action_length bytes of FT Action frame (from Category 35 * field to the end of Action Frame body. 36 */ 37 } STRUCT_PACKED; 38 39 #define RSN_REMOTE_FRAME_TYPE_FT_RRB 1 40 41 #define FT_PACKET_REQUEST 0 42 #define FT_PACKET_RESPONSE 1 43 44 /* Vendor-specific types for R0KH-R1KH protocol; not defined in 802.11r. These 45 * use OUI Extended EtherType as the encapsulating format. */ 46 #define FT_PACKET_R0KH_R1KH_PULL 0x01 47 #define FT_PACKET_R0KH_R1KH_RESP 0x02 48 #define FT_PACKET_R0KH_R1KH_PUSH 0x03 49 #define FT_PACKET_R0KH_R1KH_SEQ_REQ 0x04 50 #define FT_PACKET_R0KH_R1KH_SEQ_RESP 0x05 51 52 /* packet layout 53 * IEEE 802 extended OUI ethertype frame header 54 * u16 authlen (little endian) 55 * multiple of struct ft_rrb_tlv (authenticated only, length = authlen) 56 * multiple of struct ft_rrb_tlv (AES-SIV encrypted, AES-SIV needs an extra 57 * blocksize length) 58 * 59 * AES-SIV AAD; 60 * source MAC address (6) 61 * authenticated-only TLVs (authlen) 62 * subtype (1; FT_PACKET_*) 63 */ 64 65 #define FT_RRB_NONCE_LEN 16 66 67 #define FT_RRB_LAST_EMPTY 0 /* placeholder or padding */ 68 69 #define FT_RRB_SEQ 1 /* struct ft_rrb_seq */ 70 #define FT_RRB_NONCE 2 /* size FT_RRB_NONCE_LEN */ 71 #define FT_RRB_TIMESTAMP 3 /* le32 unix seconds */ 72 73 #define FT_RRB_R0KH_ID 4 /* FT_R0KH_ID_MAX_LEN */ 74 #define FT_RRB_R1KH_ID 5 /* FT_R1KH_ID_LEN */ 75 #define FT_RRB_S1KH_ID 6 /* ETH_ALEN */ 76 77 #define FT_RRB_PMK_R0_NAME 7 /* WPA_PMK_NAME_LEN */ 78 #define FT_RRB_PMK_R0 8 /* PMK_LEN */ 79 #define FT_RRB_PMK_R1_NAME 9 /* WPA_PMK_NAME_LEN */ 80 #define FT_RRB_PMK_R1 10 /* PMK_LEN */ 81 82 #define FT_RRB_PAIRWISE 11 /* le16 */ 83 #define FT_RRB_EXPIRES_IN 12 /* le16 seconds */ 84 85 #define FT_RRB_VLAN_UNTAGGED 13 /* le16 */ 86 #define FT_RRB_VLAN_TAGGED 14 /* n times le16 */ 87 88 #define FT_RRB_IDENTITY 15 89 #define FT_RRB_RADIUS_CUI 16 90 #define FT_RRB_SESSION_TIMEOUT 17 /* le32 seconds */ 91 92 struct ft_rrb_tlv { 93 le16 type; 94 le16 len; 95 /* followed by data of length len */ 96 } STRUCT_PACKED; 97 98 struct ft_rrb_seq { 99 le32 dom; 100 le32 seq; 101 le32 ts; 102 } STRUCT_PACKED; 103 104 /* session TLVs: 105 * required: PMK_R1, PMK_R1_NAME, PAIRWISE 106 * optional: VLAN_UNTAGGED, VLAN_TAGGED, EXPIRES_IN, IDENTITY, RADIUS_CUI, 107 * SESSION_TIMEOUT 108 * 109 * pull frame TLVs: 110 * auth: 111 * required: SEQ, NONCE, R0KH_ID, R1KH_ID 112 * encrypted: 113 * required: PMK_R0_NAME, S1KH_ID 114 * 115 * response frame TLVs: 116 * auth: 117 * required: SEQ, NONCE, R0KH_ID, R1KH_ID 118 * encrypted: 119 * required: S1KH_ID 120 * optional: session TLVs 121 * 122 * push frame TLVs: 123 * auth: 124 * required: SEQ, R0KH_ID, R1KH_ID 125 * encrypted: 126 * required: S1KH_ID, PMK_R0_NAME, session TLVs 127 * 128 * sequence number request frame TLVs: 129 * auth: 130 * required: R0KH_ID, R1KH_ID, NONCE 131 * 132 * sequence number response frame TLVs: 133 * auth: 134 * required: SEQ, NONCE, R0KH_ID, R1KH_ID 135 */ 136 137 #ifdef _MSC_VER 138 #pragma pack(pop) 139 #endif /* _MSC_VER */ 140 141 142 /* per STA state machine data */ 143 144 struct wpa_authenticator; 145 struct wpa_state_machine; 146 struct rsn_pmksa_cache_entry; 147 struct eapol_state_machine; 148 struct ft_remote_seq; 149 struct wpa_channel_info; 150 151 152 struct ft_remote_r0kh { 153 struct ft_remote_r0kh *next; 154 u8 addr[ETH_ALEN]; 155 u8 id[FT_R0KH_ID_MAX_LEN]; 156 size_t id_len; 157 u8 key[32]; 158 struct ft_remote_seq *seq; 159 }; 160 161 162 struct ft_remote_r1kh { 163 struct ft_remote_r1kh *next; 164 u8 addr[ETH_ALEN]; 165 u8 id[FT_R1KH_ID_LEN]; 166 u8 key[32]; 167 struct ft_remote_seq *seq; 168 }; 169 170 171 struct wpa_auth_config { 172 void *msg_ctx; 173 int wpa; 174 int extended_key_id; 175 int wpa_key_mgmt; 176 int wpa_pairwise; 177 int wpa_group; 178 int wpa_group_rekey; 179 int wpa_strict_rekey; 180 int wpa_gmk_rekey; 181 int wpa_ptk_rekey; 182 int wpa_deny_ptk0_rekey; 183 u32 wpa_group_update_count; 184 u32 wpa_pairwise_update_count; 185 int wpa_disable_eapol_key_retries; 186 int rsn_pairwise; 187 int rsn_preauth; 188 int eapol_version; 189 int wmm_enabled; 190 int wmm_uapsd; 191 int disable_pmksa_caching; 192 int okc; 193 int tx_status; 194 enum mfp_options ieee80211w; 195 int beacon_prot; 196 int group_mgmt_cipher; 197 int sae_require_mfp; 198 #ifdef CONFIG_OCV 199 int ocv; /* Operating Channel Validation */ 200 #endif /* CONFIG_OCV */ 201 u8 ssid[SSID_MAX_LEN]; 202 size_t ssid_len; 203 #ifdef CONFIG_IEEE80211R_AP 204 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; 205 u8 r0_key_holder[FT_R0KH_ID_MAX_LEN]; 206 size_t r0_key_holder_len; 207 u8 r1_key_holder[FT_R1KH_ID_LEN]; 208 u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */ 209 int rkh_pos_timeout; 210 int rkh_neg_timeout; 211 int rkh_pull_timeout; /* ms */ 212 int rkh_pull_retries; 213 int r1_max_key_lifetime; 214 u32 reassociation_deadline; 215 struct ft_remote_r0kh **r0kh_list; 216 struct ft_remote_r1kh **r1kh_list; 217 int pmk_r1_push; 218 int ft_over_ds; 219 int ft_psk_generate_local; 220 #endif /* CONFIG_IEEE80211R_AP */ 221 int disable_gtk; 222 int ap_mlme; 223 #ifdef CONFIG_TESTING_OPTIONS 224 double corrupt_gtk_rekey_mic_probability; 225 u8 own_ie_override[MAX_OWN_IE_OVERRIDE]; 226 size_t own_ie_override_len; 227 u8 rsne_override_eapol[MAX_OWN_IE_OVERRIDE]; 228 size_t rsne_override_eapol_len; 229 u8 rsnxe_override_eapol[MAX_OWN_IE_OVERRIDE]; 230 size_t rsnxe_override_eapol_len; 231 u8 rsne_override_ft[MAX_OWN_IE_OVERRIDE]; 232 size_t rsne_override_ft_len; 233 u8 rsnxe_override_ft[MAX_OWN_IE_OVERRIDE]; 234 size_t rsnxe_override_ft_len; 235 u8 gtk_rsc_override[WPA_KEY_RSC_LEN]; 236 u8 igtk_rsc_override[WPA_KEY_RSC_LEN]; 237 unsigned int rsne_override_eapol_set:1; 238 unsigned int rsnxe_override_eapol_set:1; 239 unsigned int rsne_override_ft_set:1; 240 unsigned int rsnxe_override_ft_set:1; 241 unsigned int gtk_rsc_override_set:1; 242 unsigned int igtk_rsc_override_set:1; 243 int ft_rsnxe_used; 244 bool delay_eapol_tx; 245 struct wpabuf *eapol_m1_elements; 246 struct wpabuf *eapol_m3_elements; 247 bool eapol_m3_no_encrypt; 248 #endif /* CONFIG_TESTING_OPTIONS */ 249 unsigned int oci_freq_override_eapol_m3; 250 unsigned int oci_freq_override_eapol_g1; 251 unsigned int oci_freq_override_ft_assoc; 252 unsigned int oci_freq_override_fils_assoc; 253 #ifdef CONFIG_P2P 254 u8 ip_addr_go[4]; 255 u8 ip_addr_mask[4]; 256 u8 ip_addr_start[4]; 257 u8 ip_addr_end[4]; 258 #endif /* CONFIG_P2P */ 259 #ifdef CONFIG_FILS 260 unsigned int fils_cache_id_set:1; 261 u8 fils_cache_id[FILS_CACHE_ID_LEN]; 262 #endif /* CONFIG_FILS */ 263 enum sae_pwe sae_pwe; 264 bool sae_pk; 265 266 unsigned int secure_ltf:1; 267 unsigned int secure_rtt:1; 268 unsigned int prot_range_neg:1; 269 270 int owe_ptk_workaround; 271 u8 transition_disable; 272 #ifdef CONFIG_DPP2 273 int dpp_pfs; 274 #endif /* CONFIG_DPP2 */ 275 276 /* 277 * If set Key Derivation Key should be derived as part of PMK to 278 * PTK derivation regardless of advertised capabilities. 279 */ 280 bool force_kdk_derivation; 281 282 bool radius_psk; 283 284 bool no_disconnect_on_group_keyerror; 285 286 /* Pointer to Multi-BSSID transmitted BSS authenticator instance. 287 * Set only in nontransmitted BSSs, i.e., is NULL for transmitted BSS 288 * and in BSSs that are not part of a Multi-BSSID set. */ 289 struct wpa_authenticator *tx_bss_auth; 290 291 #ifdef CONFIG_IEEE80211BE 292 const u8 *mld_addr; 293 int link_id; 294 struct wpa_authenticator *first_link_auth; 295 #endif /* CONFIG_IEEE80211BE */ 296 297 bool ssid_protection; 298 }; 299 300 typedef enum { 301 LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING 302 } logger_level; 303 304 typedef enum { 305 WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized, 306 WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable, 307 WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx 308 } wpa_eapol_variable; 309 310 struct wpa_auth_ml_key_info { 311 unsigned int n_mld_links; 312 bool mgmt_frame_prot; 313 bool beacon_prot; 314 315 struct wpa_auth_ml_link_key_info { 316 u8 link_id; 317 318 u8 gtkidx; 319 u8 gtk_len; 320 u8 pn[6]; 321 const u8 *gtk; 322 323 u8 igtkidx; 324 u8 igtk_len; 325 const u8 *igtk; 326 u8 ipn[6]; 327 328 u8 bigtkidx; 329 const u8 *bigtk; 330 u8 bipn[6]; 331 } links[MAX_NUM_MLD_LINKS]; 332 }; 333 334 struct wpa_auth_callbacks { 335 void (*logger)(void *ctx, const u8 *addr, logger_level level, 336 const char *txt); 337 void (*disconnect)(void *ctx, const u8 *addr, u16 reason); 338 int (*mic_failure_report)(void *ctx, const u8 *addr); 339 void (*psk_failure_report)(void *ctx, const u8 *addr); 340 void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var, 341 int value); 342 int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var); 343 const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *p2p_dev_addr, 344 const u8 *prev_psk, size_t *psk_len, 345 int *vlan_id); 346 int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len); 347 int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg, 348 const u8 *addr, int idx, u8 *key, size_t key_len, 349 enum key_flag key_flag); 350 int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq); 351 int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data, 352 size_t data_len, int encrypt); 353 int (*get_sta_count)(void *ctx); 354 int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm, 355 void *ctx), void *cb_ctx); 356 int (*for_each_auth)(void *ctx, int (*cb)(struct wpa_authenticator *a, 357 void *ctx), void *cb_ctx); 358 int (*send_ether)(void *ctx, const u8 *dst, u16 proto, const u8 *data, 359 size_t data_len); 360 int (*send_oui)(void *ctx, const u8 *dst, u8 oui_suffix, const u8 *data, 361 size_t data_len); 362 int (*channel_info)(void *ctx, struct wpa_channel_info *ci); 363 int (*update_vlan)(void *ctx, const u8 *addr, int vlan_id); 364 int (*get_sta_tx_params)(void *ctx, const u8 *addr, 365 int ap_max_chanwidth, int ap_seg1_idx, 366 int *bandwidth, int *seg1_idx); 367 void (*store_ptksa)(void *ctx, const u8 *addr, int cipher, 368 u32 life_time, const struct wpa_ptk *ptk); 369 void (*clear_ptksa)(void *ctx, const u8 *addr, int cipher); 370 void (*request_radius_psk)(void *ctx, const u8 *addr, int key_mgmt, 371 const u8 *anonce, 372 const u8 *eapol, size_t eapol_len); 373 #ifdef CONFIG_IEEE80211R_AP 374 struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr); 375 int (*add_sta_ft)(void *ctx, const u8 *sta_addr); 376 int (*set_vlan)(void *ctx, const u8 *sta_addr, 377 struct vlan_description *vlan); 378 int (*get_vlan)(void *ctx, const u8 *sta_addr, 379 struct vlan_description *vlan); 380 int (*set_identity)(void *ctx, const u8 *sta_addr, 381 const u8 *identity, size_t identity_len); 382 size_t (*get_identity)(void *ctx, const u8 *sta_addr, const u8 **buf); 383 int (*set_radius_cui)(void *ctx, const u8 *sta_addr, 384 const u8 *radius_cui, size_t radius_cui_len); 385 size_t (*get_radius_cui)(void *ctx, const u8 *sta_addr, const u8 **buf); 386 void (*set_session_timeout)(void *ctx, const u8 *sta_addr, 387 int session_timeout); 388 int (*get_session_timeout)(void *ctx, const u8 *sta_addr); 389 390 int (*send_ft_action)(void *ctx, const u8 *dst, 391 const u8 *data, size_t data_len); 392 int (*add_tspec)(void *ctx, const u8 *sta_addr, u8 *tspec_ie, 393 size_t tspec_ielen); 394 #endif /* CONFIG_IEEE80211R_AP */ 395 #ifdef CONFIG_MESH 396 int (*start_ampe)(void *ctx, const u8 *sta_addr); 397 #endif /* CONFIG_MESH */ 398 #ifdef CONFIG_PASN 399 int (*set_ltf_keyseed)(void *ctx, const u8 *addr, const u8 *ltf_keyseed, 400 size_t ltf_keyseed_len); 401 #endif /* CONFIG_PASN */ 402 #ifdef CONFIG_IEEE80211BE 403 int (*get_ml_key_info)(void *ctx, struct wpa_auth_ml_key_info *info); 404 #endif /* CONFIG_IEEE80211BE */ 405 int (*get_drv_flags)(void *ctx, u64 *drv_flags, u64 *drv_flags2); 406 }; 407 408 struct wpa_authenticator * wpa_init(const u8 *addr, 409 struct wpa_auth_config *conf, 410 const struct wpa_auth_callbacks *cb, 411 void *cb_ctx); 412 int wpa_init_keys(struct wpa_authenticator *wpa_auth); 413 void wpa_deinit(struct wpa_authenticator *wpa_auth); 414 int wpa_reconfig(struct wpa_authenticator *wpa_auth, 415 struct wpa_auth_config *conf); 416 417 enum wpa_validate_result { 418 WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE, 419 WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL, 420 WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER, 421 WPA_INVALID_MDIE, WPA_INVALID_PROTO, WPA_INVALID_PMKID, 422 WPA_DENIED_OTHER_REASON 423 }; 424 425 enum wpa_validate_result 426 wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, 427 struct wpa_state_machine *sm, int freq, 428 const u8 *wpa_ie, size_t wpa_ie_len, 429 const u8 *rsnxe, size_t rsnxe_len, 430 const u8 *mdie, size_t mdie_len, 431 const u8 *owe_dh, size_t owe_dh_len, 432 struct wpa_state_machine *assoc_sm); 433 int wpa_validate_osen(struct wpa_authenticator *wpa_auth, 434 struct wpa_state_machine *sm, 435 const u8 *osen_ie, size_t osen_ie_len); 436 int wpa_auth_uses_mfp(struct wpa_state_machine *sm); 437 void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv); 438 int wpa_auth_uses_ocv(struct wpa_state_machine *sm); 439 struct wpa_state_machine * 440 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, 441 const u8 *p2p_dev_addr); 442 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, 443 struct wpa_state_machine *sm); 444 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm); 445 void wpa_auth_sta_deinit(struct wpa_state_machine *sm); 446 void wpa_receive(struct wpa_authenticator *wpa_auth, 447 struct wpa_state_machine *sm, 448 u8 *data, size_t data_len); 449 enum wpa_event { 450 WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, 451 WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS, WPA_DRV_STA_REMOVED 452 }; 453 void wpa_remove_ptk(struct wpa_state_machine *sm); 454 int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); 455 void wpa_auth_sm_notify(struct wpa_state_machine *sm); 456 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth); 457 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen); 458 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen); 459 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth); 460 int wpa_auth_pairwise_set(struct wpa_state_machine *sm); 461 int wpa_auth_get_pairwise(struct wpa_state_machine *sm); 462 const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len); 463 const u8 * wpa_auth_get_dpp_pkhash(struct wpa_state_machine *sm); 464 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); 465 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); 466 int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); 467 int wpa_auth_sta_fils_tk_already_set(struct wpa_state_machine *sm); 468 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 469 struct rsn_pmksa_cache_entry *entry); 470 struct rsn_pmksa_cache_entry * 471 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm); 472 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm); 473 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, 474 size_t *len); 475 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, 476 unsigned int pmk_len, 477 int session_timeout, struct eapol_state_machine *eapol); 478 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, 479 const u8 *pmk, size_t len, const u8 *sta_addr, 480 int session_timeout, 481 struct eapol_state_machine *eapol); 482 int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr, 483 const u8 *pmk, size_t pmk_len, const u8 *pmkid, 484 int akmp); 485 void wpa_auth_add_sae_pmkid(struct wpa_state_machine *sm, const u8 *pmkid); 486 int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr, 487 const u8 *pmk, size_t pmk_len, const u8 *pmkid, 488 int session_timeout, int akmp, const u8 *dpp_pkhash); 489 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, 490 const u8 *sta_addr); 491 int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf, 492 size_t len); 493 void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth); 494 int wpa_auth_pmksa_list_mesh(struct wpa_authenticator *wpa_auth, const u8 *addr, 495 char *buf, size_t len); 496 struct rsn_pmksa_cache_entry * 497 wpa_auth_pmksa_create_entry(const u8 *aa, const u8 *spa, const u8 *pmk, 498 size_t pmk_len, int akmp, 499 const u8 *pmkid, int expiration); 500 int wpa_auth_pmksa_add_entry(struct wpa_authenticator *wpa_auth, 501 struct rsn_pmksa_cache_entry *entry); 502 struct rsn_pmksa_cache * 503 wpa_auth_get_pmksa_cache(struct wpa_authenticator *wpa_auth); 504 struct rsn_pmksa_cache_entry * 505 wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, 506 const u8 *pmkid); 507 struct rsn_pmksa_cache_entry * 508 wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth, 509 const u8 *sta_addr, const u8 *pmkid); 510 void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa, 511 struct wpa_state_machine *sm, 512 struct wpa_authenticator *wpa_auth, 513 u8 *pmkid, u8 *pmk, size_t *pmk_len); 514 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id); 515 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth, 516 struct wpa_state_machine *sm, int ack); 517 518 #ifdef CONFIG_IEEE80211R_AP 519 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, 520 size_t max_len, int auth_alg, 521 const u8 *req_ies, size_t req_ies_len, 522 int omit_rsnxe); 523 void wpa_ft_process_auth(struct wpa_state_machine *sm, 524 u16 auth_transaction, const u8 *ies, size_t ies_len, 525 void (*cb)(void *ctx, const u8 *dst, 526 u16 auth_transaction, u16 resp, 527 const u8 *ies, size_t ies_len), 528 void *ctx); 529 int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, 530 size_t ies_len); 531 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len); 532 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 533 const u8 *data, size_t data_len); 534 void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 535 const u8 *dst_addr, u8 oui_suffix, const u8 *data, 536 size_t data_len); 537 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr); 538 void wpa_ft_deinit(struct wpa_authenticator *wpa_auth); 539 void wpa_ft_sta_deinit(struct wpa_state_machine *sm); 540 int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth, 541 const u8 *spa, const u8 *pmk_r1_name, 542 u8 *pmk_r1, size_t *pmk_r1_len, int *pairwise, 543 struct vlan_description *vlan, 544 const u8 **identity, size_t *identity_len, 545 const u8 **radius_cui, size_t *radius_cui_len, 546 int *session_timeout); 547 548 #endif /* CONFIG_IEEE80211R_AP */ 549 550 void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm); 551 void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag); 552 int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos); 553 int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos); 554 int wpa_wnmsleep_bigtk_subelem(struct wpa_state_machine *sm, u8 *pos); 555 556 int wpa_auth_uses_sae(struct wpa_state_machine *sm); 557 int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm); 558 559 int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr); 560 561 struct radius_das_attrs; 562 int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth, 563 struct radius_das_attrs *attr); 564 void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth); 565 566 int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id); 567 int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id); 568 int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk, 569 size_t pmk_len, const u8 *snonce, const u8 *anonce, 570 const u8 *dhss, size_t dhss_len, 571 struct wpabuf *g_sta, struct wpabuf *g_ap); 572 int fils_decrypt_assoc(struct wpa_state_machine *sm, const u8 *fils_session, 573 const struct ieee80211_mgmt *mgmt, size_t frame_len, 574 u8 *pos, size_t left); 575 int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf, 576 size_t current_len, size_t max_len, 577 const struct wpabuf *hlp); 578 int fils_set_tk(struct wpa_state_machine *sm); 579 u8 * hostapd_eid_assoc_fils_session(struct wpa_state_machine *sm, u8 *eid, 580 const u8 *fils_session, 581 struct wpabuf *fils_hlp_resp); 582 const u8 * wpa_fils_validate_fils_session(struct wpa_state_machine *sm, 583 const u8 *ies, size_t ies_len, 584 const u8 *fils_session); 585 int wpa_fils_validate_key_confirm(struct wpa_state_machine *sm, const u8 *ies, 586 size_t ies_len); 587 588 int get_sta_tx_parameters(struct wpa_state_machine *sm, int ap_max_chanwidth, 589 int ap_seg1_idx, int *bandwidth, int *seg1_idx); 590 591 int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, 592 struct wpa_state_machine *sm, 593 u8 *buf, size_t len); 594 void wpa_auth_get_fils_aead_params(struct wpa_state_machine *sm, 595 u8 *fils_anonce, u8 *fils_snonce, 596 u8 *fils_kek, size_t *fils_kek_len); 597 void wpa_auth_add_fils_pmk_pmkid(struct wpa_state_machine *sm, const u8 *pmk, 598 size_t pmk_len, const u8 *pmkid); 599 u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm, 600 u8 *pos, size_t max_len, 601 const u8 *req_ies, size_t req_ies_len); 602 u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm, 603 u8 *pos, size_t max_len, 604 const u8 *req_ies, size_t req_ies_len); 605 bool wpa_auth_write_fd_rsn_info(struct wpa_authenticator *wpa_auth, 606 u8 *fd_rsn_info); 607 void wpa_auth_set_auth_alg(struct wpa_state_machine *sm, u16 auth_alg); 608 void wpa_auth_set_dpp_z(struct wpa_state_machine *sm, const struct wpabuf *z); 609 void wpa_auth_set_ssid_protection(struct wpa_state_machine *sm, bool val); 610 void wpa_auth_set_transition_disable(struct wpa_authenticator *wpa_auth, 611 u8 val); 612 613 int wpa_auth_resend_m1(struct wpa_state_machine *sm, int change_anonce, 614 void (*cb)(void *ctx1, void *ctx2), 615 void *ctx1, void *ctx2); 616 int wpa_auth_resend_m3(struct wpa_state_machine *sm, 617 void (*cb)(void *ctx1, void *ctx2), 618 void *ctx1, void *ctx2); 619 int wpa_auth_resend_group_m1(struct wpa_state_machine *sm, 620 void (*cb)(void *ctx1, void *ctx2), 621 void *ctx1, void *ctx2); 622 int wpa_auth_rekey_ptk(struct wpa_authenticator *wpa_auth, 623 struct wpa_state_machine *sm); 624 int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth); 625 int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr, 626 const u8 *data, size_t data_len, 627 int encrypt); 628 void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm); 629 void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val); 630 631 enum wpa_auth_ocv_override_frame { 632 WPA_AUTH_OCV_OVERRIDE_EAPOL_M3, 633 WPA_AUTH_OCV_OVERRIDE_EAPOL_G1, 634 WPA_AUTH_OCV_OVERRIDE_FT_ASSOC, 635 WPA_AUTH_OCV_OVERRIDE_FILS_ASSOC, 636 }; 637 void wpa_auth_set_ocv_override_freq(struct wpa_authenticator *wpa_auth, 638 enum wpa_auth_ocv_override_frame frame, 639 unsigned int freq); 640 641 void wpa_auth_sta_radius_psk_resp(struct wpa_state_machine *sm, bool success); 642 643 void wpa_auth_set_ml_info(struct wpa_state_machine *sm, 644 u8 mld_assoc_link_id, struct mld_info *info); 645 void wpa_auth_ml_get_key_info(struct wpa_authenticator *a, 646 struct wpa_auth_ml_link_key_info *info, 647 bool mgmt_frame_prot, bool beacon_prot); 648 649 void wpa_release_link_auth_ref(struct wpa_state_machine *sm, 650 int release_link_id); 651 652 #define for_each_sm_auth(sm, link_id) \ 653 for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) \ 654 if (sm->mld_links[link_id].valid && \ 655 sm->mld_links[link_id].wpa_auth && \ 656 sm->wpa_auth != sm->mld_links[link_id].wpa_auth) 657 658 #endif /* WPA_AUTH_H */ 659
Indexes created Tue Feb 24 01:34:59 UTC 2026