2 * Internal WPA/RSN supplicant state machine definitions
3 * Copyright (c) 2004-2010, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "utils/list.h"
19 * struct wpa_sm - Internal WPA state machine data
24 struct wpa_ptk ptk, tptk;
25 int ptk_set, tptk_set;
26 u8 snonce[WPA_NONCE_LEN];
27 u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
29 u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
30 int rx_replay_counter_set;
31 u8 request_counter[WPA_REPLAY_COUNTER_LEN];
33 struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
35 struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
36 struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */
37 struct dl_list pmksa_candidates;
39 struct l2_packet_data *l2_preauth;
40 struct l2_packet_data *l2_preauth_br;
41 struct l2_packet_data *l2_tdls;
42 u8 preauth_bssid[ETH_ALEN]; /* current RSN pre-auth peer or
43 * 00:00:00:00:00:00 if no pre-auth is
45 struct eapol_sm *preauth_eapol;
47 struct wpa_sm_ctx *ctx;
49 void *scard_ctx; /* context for smartcard callbacks */
50 int fast_reauth; /* whether EAP fast re-authentication is enabled */
54 int allowed_pairwise_cipher; /* bitfield of WPA_CIPHER_* */
55 int proactive_key_caching;
62 u8 own_addr[ETH_ALEN];
64 const char *bridge_ifname;
67 unsigned int dot11RSNAConfigPMKLifetime;
68 unsigned int dot11RSNAConfigPMKReauthThreshold;
69 unsigned int dot11RSNAConfigSATimeout;
71 unsigned int dot11RSNA4WayHandshakeFailures;
73 /* Selected configuration (based on Beacon/ProbeResp WPA IE) */
75 unsigned int pairwise_cipher;
76 unsigned int group_cipher;
77 unsigned int key_mgmt;
78 unsigned int mgmt_group_cipher;
80 int rsn_enabled; /* Whether RSN is enabled in configuration */
81 int mfp; /* 0 = disabled, 1 = optional, 2 = mandatory */
83 u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */
84 size_t assoc_wpa_ie_len;
85 u8 *ap_wpa_ie, *ap_rsn_ie;
86 size_t ap_wpa_ie_len, ap_rsn_ie_len;
89 struct wpa_peerkey *peerkey;
90 #endif /* CONFIG_PEERKEY */
92 struct wpa_tdls_peer *tdls;
96 /* The driver supports TDLS */
100 * The driver requires explicit discovery/setup/teardown frames sent
101 * to it via tdls_mgmt.
103 int tdls_external_setup;
104 #endif /* CONFIG_TDLS */
106 #ifdef CONFIG_IEEE80211R
107 u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
110 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
112 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
113 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
114 u8 r0kh_id[FT_R0KH_ID_MAX_LEN];
116 u8 r1kh_id[FT_R1KH_ID_LEN];
118 int over_the_ds_in_progress;
119 u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
120 int set_ptk_after_assoc;
121 u8 mdie_ft_capab; /* FT Capability and Policy from target AP MDIE */
122 u8 *assoc_resp_ies; /* MDIE and FTIE from (Re)Association Response */
123 size_t assoc_resp_ies_len;
124 #endif /* CONFIG_IEEE80211R */
128 static inline void wpa_sm_set_state(struct wpa_sm *sm, enum wpa_states state)
130 WPA_ASSERT(sm->ctx->set_state);
131 sm->ctx->set_state(sm->ctx->ctx, state);
134 static inline enum wpa_states wpa_sm_get_state(struct wpa_sm *sm)
136 WPA_ASSERT(sm->ctx->get_state);
137 return sm->ctx->get_state(sm->ctx->ctx);
140 static inline void wpa_sm_deauthenticate(struct wpa_sm *sm, int reason_code)
142 WPA_ASSERT(sm->ctx->deauthenticate);
143 sm->ctx->deauthenticate(sm->ctx->ctx, reason_code);
146 static inline void wpa_sm_disassociate(struct wpa_sm *sm, int reason_code)
148 WPA_ASSERT(sm->ctx->disassociate);
149 sm->ctx->disassociate(sm->ctx->ctx, reason_code);
152 static inline int wpa_sm_set_key(struct wpa_sm *sm, enum wpa_alg alg,
153 const u8 *addr, int key_idx, int set_tx,
154 const u8 *seq, size_t seq_len,
155 const u8 *key, size_t key_len)
157 WPA_ASSERT(sm->ctx->set_key);
158 return sm->ctx->set_key(sm->ctx->ctx, alg, addr, key_idx, set_tx,
159 seq, seq_len, key, key_len);
162 static inline void * wpa_sm_get_network_ctx(struct wpa_sm *sm)
164 WPA_ASSERT(sm->ctx->get_network_ctx);
165 return sm->ctx->get_network_ctx(sm->ctx->ctx);
168 static inline int wpa_sm_get_bssid(struct wpa_sm *sm, u8 *bssid)
170 WPA_ASSERT(sm->ctx->get_bssid);
171 return sm->ctx->get_bssid(sm->ctx->ctx, bssid);
174 static inline int wpa_sm_ether_send(struct wpa_sm *sm, const u8 *dest,
175 u16 proto, const u8 *buf, size_t len)
177 WPA_ASSERT(sm->ctx->ether_send);
178 return sm->ctx->ether_send(sm->ctx->ctx, dest, proto, buf, len);
181 static inline int wpa_sm_get_beacon_ie(struct wpa_sm *sm)
183 WPA_ASSERT(sm->ctx->get_beacon_ie);
184 return sm->ctx->get_beacon_ie(sm->ctx->ctx);
187 static inline void wpa_sm_cancel_auth_timeout(struct wpa_sm *sm)
189 WPA_ASSERT(sm->ctx->cancel_auth_timeout);
190 sm->ctx->cancel_auth_timeout(sm->ctx->ctx);
193 static inline u8 * wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type,
194 const void *data, u16 data_len,
195 size_t *msg_len, void **data_pos)
197 WPA_ASSERT(sm->ctx->alloc_eapol);
198 return sm->ctx->alloc_eapol(sm->ctx->ctx, type, data, data_len,
202 static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, const u8 *bssid,
205 WPA_ASSERT(sm->ctx->add_pmkid);
206 return sm->ctx->add_pmkid(sm->ctx->ctx, bssid, pmkid);
209 static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, const u8 *bssid,
212 WPA_ASSERT(sm->ctx->remove_pmkid);
213 return sm->ctx->remove_pmkid(sm->ctx->ctx, bssid, pmkid);
216 static inline int wpa_sm_mlme_setprotection(struct wpa_sm *sm, const u8 *addr,
217 int protect_type, int key_type)
219 WPA_ASSERT(sm->ctx->mlme_setprotection);
220 return sm->ctx->mlme_setprotection(sm->ctx->ctx, addr, protect_type,
224 static inline int wpa_sm_update_ft_ies(struct wpa_sm *sm, const u8 *md,
225 const u8 *ies, size_t ies_len)
227 if (sm->ctx->update_ft_ies)
228 return sm->ctx->update_ft_ies(sm->ctx->ctx, md, ies, ies_len);
232 static inline int wpa_sm_send_ft_action(struct wpa_sm *sm, u8 action,
234 const u8 *ies, size_t ies_len)
236 if (sm->ctx->send_ft_action)
237 return sm->ctx->send_ft_action(sm->ctx->ctx, action, target_ap,
242 static inline int wpa_sm_mark_authenticated(struct wpa_sm *sm,
245 if (sm->ctx->mark_authenticated)
246 return sm->ctx->mark_authenticated(sm->ctx->ctx, target_ap);
250 static inline void wpa_sm_set_rekey_offload(struct wpa_sm *sm)
252 if (!sm->ctx->set_rekey_offload)
254 sm->ctx->set_rekey_offload(sm->ctx->ctx, sm->ptk.kek,
255 sm->ptk.kck, sm->rx_replay_counter);
259 static inline int wpa_sm_tdls_get_capa(struct wpa_sm *sm,
263 if (sm->ctx->tdls_get_capa)
264 return sm->ctx->tdls_get_capa(sm->ctx->ctx, tdls_supported,
269 static inline int wpa_sm_send_tdls_mgmt(struct wpa_sm *sm, const u8 *dst,
270 u8 action_code, u8 dialog_token,
271 u16 status_code, const u8 *buf,
274 if (sm->ctx->send_tdls_mgmt)
275 return sm->ctx->send_tdls_mgmt(sm->ctx->ctx, dst, action_code,
276 dialog_token, status_code,
281 static inline int wpa_sm_tdls_oper(struct wpa_sm *sm, int oper,
284 if (sm->ctx->tdls_oper)
285 return sm->ctx->tdls_oper(sm->ctx->ctx, oper, peer);
290 wpa_sm_tdls_peer_addset(struct wpa_sm *sm, const u8 *addr, int add,
291 u16 capability, const u8 *supp_rates,
292 size_t supp_rates_len)
294 if (sm->ctx->tdls_peer_addset)
295 return sm->ctx->tdls_peer_addset(sm->ctx->ctx, addr, add,
296 capability, supp_rates,
300 #endif /* CONFIG_TDLS */
302 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
303 int ver, const u8 *dest, u16 proto,
304 u8 *msg, size_t msg_len, u8 *key_mic);
305 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
306 const struct wpa_eapol_key *key,
307 int ver, const u8 *nonce,
308 const u8 *wpa_ie, size_t wpa_ie_len,
309 struct wpa_ptk *ptk);
310 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
311 const struct wpa_eapol_key *key,
312 u16 ver, u16 key_info,
313 const u8 *kde, size_t kde_len,
314 struct wpa_ptk *ptk);
316 int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
317 const struct wpa_eapol_key *key,
318 struct wpa_ptk *ptk, size_t ptk_len);
320 void wpa_tdls_assoc(struct wpa_sm *sm);
321 void wpa_tdls_disassoc(struct wpa_sm *sm);