2
* WPA definitions shared between hostapd and wpa_supplicant
3
* Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
18
#define WPA_MAX_SSID_LEN 32
23
#define WPA_REPLAY_COUNTER_LEN 8
24
#define WPA_NONCE_LEN 32
25
#define WPA_KEY_RSC_LEN 8
26
#define WPA_GMK_LEN 32
27
#define WPA_GTK_MAX_LEN 32
29
#define WPA_SELECTOR_LEN 4
31
#define RSN_SELECTOR_LEN 4
34
#define RSN_SELECTOR(a, b, c, d) \
35
((((u32) (a)) << 24) | (((u32) (b)) << 16) | (((u32) (c)) << 8) | \
38
#define WPA_AUTH_KEY_MGMT_NONE RSN_SELECTOR(0x00, 0x50, 0xf2, 0)
39
#define WPA_AUTH_KEY_MGMT_UNSPEC_802_1X RSN_SELECTOR(0x00, 0x50, 0xf2, 1)
40
#define WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X RSN_SELECTOR(0x00, 0x50, 0xf2, 2)
41
#define WPA_CIPHER_SUITE_NONE RSN_SELECTOR(0x00, 0x50, 0xf2, 0)
42
#define WPA_CIPHER_SUITE_WEP40 RSN_SELECTOR(0x00, 0x50, 0xf2, 1)
43
#define WPA_CIPHER_SUITE_TKIP RSN_SELECTOR(0x00, 0x50, 0xf2, 2)
45
#define WPA_CIPHER_SUITE_WRAP RSN_SELECTOR(0x00, 0x50, 0xf2, 3)
47
#define WPA_CIPHER_SUITE_CCMP RSN_SELECTOR(0x00, 0x50, 0xf2, 4)
48
#define WPA_CIPHER_SUITE_WEP104 RSN_SELECTOR(0x00, 0x50, 0xf2, 5)
51
#define RSN_AUTH_KEY_MGMT_UNSPEC_802_1X RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
52
#define RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X RSN_SELECTOR(0x00, 0x0f, 0xac, 2)
53
#ifdef CONFIG_IEEE80211R
54
#define RSN_AUTH_KEY_MGMT_FT_802_1X RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
55
#define RSN_AUTH_KEY_MGMT_FT_PSK RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
56
#endif /* CONFIG_IEEE80211R */
57
#define RSN_AUTH_KEY_MGMT_802_1X_SHA256 RSN_SELECTOR(0x00, 0x0f, 0xac, 5)
58
#define RSN_AUTH_KEY_MGMT_PSK_SHA256 RSN_SELECTOR(0x00, 0x0f, 0xac, 6)
60
#define RSN_CIPHER_SUITE_NONE RSN_SELECTOR(0x00, 0x0f, 0xac, 0)
61
#define RSN_CIPHER_SUITE_WEP40 RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
62
#define RSN_CIPHER_SUITE_TKIP RSN_SELECTOR(0x00, 0x0f, 0xac, 2)
64
#define RSN_CIPHER_SUITE_WRAP RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
66
#define RSN_CIPHER_SUITE_CCMP RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
67
#define RSN_CIPHER_SUITE_WEP104 RSN_SELECTOR(0x00, 0x0f, 0xac, 5)
68
#ifdef CONFIG_IEEE80211W
69
#define RSN_CIPHER_SUITE_AES_128_CMAC RSN_SELECTOR(0x00, 0x0f, 0xac, 6)
70
#endif /* CONFIG_IEEE80211W */
72
/* EAPOL-Key Key Data Encapsulation
73
* GroupKey and PeerKey require encryption, otherwise, encryption is optional.
75
#define RSN_KEY_DATA_GROUPKEY RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
77
#define RSN_KEY_DATA_STAKEY RSN_SELECTOR(0x00, 0x0f, 0xac, 2)
79
#define RSN_KEY_DATA_MAC_ADDR RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
80
#define RSN_KEY_DATA_PMKID RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
82
#define RSN_KEY_DATA_SMK RSN_SELECTOR(0x00, 0x0f, 0xac, 5)
83
#define RSN_KEY_DATA_NONCE RSN_SELECTOR(0x00, 0x0f, 0xac, 6)
84
#define RSN_KEY_DATA_LIFETIME RSN_SELECTOR(0x00, 0x0f, 0xac, 7)
85
#define RSN_KEY_DATA_ERROR RSN_SELECTOR(0x00, 0x0f, 0xac, 8)
86
#endif /* CONFIG_PEERKEY */
87
#ifdef CONFIG_IEEE80211W
88
#define RSN_KEY_DATA_IGTK RSN_SELECTOR(0x00, 0x0f, 0xac, 9)
89
#endif /* CONFIG_IEEE80211W */
91
#define WPA_OUI_TYPE RSN_SELECTOR(0x00, 0x50, 0xf2, 1)
93
#define RSN_SELECTOR_PUT(a, val) WPA_PUT_BE32((u8 *) (a), (val))
94
#define RSN_SELECTOR_GET(a) WPA_GET_BE32((const u8 *) (a))
96
#define RSN_NUM_REPLAY_COUNTERS_1 0
97
#define RSN_NUM_REPLAY_COUNTERS_2 1
98
#define RSN_NUM_REPLAY_COUNTERS_4 2
99
#define RSN_NUM_REPLAY_COUNTERS_16 3
103
#pragma pack(push, 1)
104
#endif /* _MSC_VER */
106
#ifdef CONFIG_IEEE80211W
107
#define WPA_IGTK_LEN 16
108
#endif /* CONFIG_IEEE80211W */
111
/* IEEE 802.11, 7.3.2.25.3 RSN Capabilities */
112
#define WPA_CAPABILITY_PREAUTH BIT(0)
113
#define WPA_CAPABILITY_NO_PAIRWISE BIT(1)
114
/* B2-B3: PTKSA Replay Counter */
115
/* B4-B5: GTKSA Replay Counter */
116
#define WPA_CAPABILITY_MFPR BIT(6)
117
#define WPA_CAPABILITY_MFPC BIT(7)
118
#define WPA_CAPABILITY_PEERKEY_ENABLED BIT(9)
122
#define MOBILITY_DOMAIN_ID_LEN 2
123
#define FT_R0KH_ID_MAX_LEN 48
124
#define FT_R1KH_ID_LEN 6
125
#define WPA_PMK_NAME_LEN 16
128
/* IEEE 802.11, 8.5.2 EAPOL-Key frames */
129
#define WPA_KEY_INFO_TYPE_MASK ((u16) (BIT(0) | BIT(1) | BIT(2)))
130
#define WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 BIT(0)
131
#define WPA_KEY_INFO_TYPE_HMAC_SHA1_AES BIT(1)
132
#define WPA_KEY_INFO_TYPE_AES_128_CMAC 3
133
#define WPA_KEY_INFO_KEY_TYPE BIT(3) /* 1 = Pairwise, 0 = Group key */
134
/* bit4..5 is used in WPA, but is reserved in IEEE 802.11i/RSN */
135
#define WPA_KEY_INFO_KEY_INDEX_MASK (BIT(4) | BIT(5))
136
#define WPA_KEY_INFO_KEY_INDEX_SHIFT 4
137
#define WPA_KEY_INFO_INSTALL BIT(6) /* pairwise */
138
#define WPA_KEY_INFO_TXRX BIT(6) /* group */
139
#define WPA_KEY_INFO_ACK BIT(7)
140
#define WPA_KEY_INFO_MIC BIT(8)
141
#define WPA_KEY_INFO_SECURE BIT(9)
142
#define WPA_KEY_INFO_ERROR BIT(10)
143
#define WPA_KEY_INFO_REQUEST BIT(11)
144
#define WPA_KEY_INFO_ENCR_KEY_DATA BIT(12) /* IEEE 802.11i/RSN only */
145
#define WPA_KEY_INFO_SMK_MESSAGE BIT(13)
148
struct wpa_eapol_key {
150
/* Note: key_info, key_length, and key_data_length are unaligned */
151
u8 key_info[2]; /* big endian */
152
u8 key_length[2]; /* big endian */
153
u8 replay_counter[WPA_REPLAY_COUNTER_LEN];
154
u8 key_nonce[WPA_NONCE_LEN];
156
u8 key_rsc[WPA_KEY_RSC_LEN];
157
u8 key_id[8]; /* Reserved in IEEE 802.11i/RSN */
159
u8 key_data_length[2]; /* big endian */
160
/* followed by key_data_length bytes of key_data */
164
* struct wpa_ptk - WPA Pairwise Transient Key
165
* IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
168
u8 kck[16]; /* EAPOL-Key Key Confirmation Key (KCK) */
169
u8 kek[16]; /* EAPOL-Key Key Encryption Key (KEK) */
170
u8 tk1[16]; /* Temporal Key 1 (TK1) */
172
u8 tk2[16]; /* Temporal Key 2 (TK2) */
182
* 00-50-f2:1 (OUI:OUI type)
183
* 0x01 0x00 (version; little endian)
184
* (all following fields are optional:)
185
* Group Suite Selector (4 octets) (default: TKIP)
186
* Pairwise Suite Count (2 octets, little endian) (default: 1)
187
* Pairwise Suite List (4 * n octets) (default: TKIP)
188
* Authenticated Key Management Suite Count (2 octets, little endian)
190
* Authenticated Key Management Suite List (4 * n octets)
191
* (default: unspec 802.1X)
192
* WPA Capabilities (2 octets, little endian) (default: 0)
198
u8 oui[4]; /* 24-bit OUI followed by 8-bit OUI type */
199
u8 version[2]; /* little endian */
205
* 3/4: one or two RSN IEs + GTK IE (encrypted)
207
* 1/2: GTK IE (encrypted)
212
* 0x01 0x00 (version; little endian)
213
* (all following fields are optional:)
214
* Group Suite Selector (4 octets) (default: CCMP)
215
* Pairwise Suite Count (2 octets, little endian) (default: 1)
216
* Pairwise Suite List (4 * n octets) (default: CCMP)
217
* Authenticated Key Management Suite Count (2 octets, little endian)
219
* Authenticated Key Management Suite List (4 * n octets)
220
* (default: unspec 802.1X)
221
* RSN Capabilities (2 octets, little endian) (default: 0)
222
* PMKID Count (2 octets) (default: 0)
223
* PMKID List (16 * n octets)
224
* Management Group Cipher Suite (4 octets) (default: AES-128-CMAC)
228
u8 elem_id; /* WLAN_EID_RSN */
230
u8 version[2]; /* little endian */
234
#ifdef CONFIG_PEERKEY
236
STK_MUI_4WAY_STA_AP = 1,
237
STK_MUI_4WAY_STAT_STA = 2,
244
STK_ERR_STA_NRSN = 2,
248
#endif /* CONFIG_PEERKEY */
250
struct rsn_error_kde {
255
#ifdef CONFIG_IEEE80211W
256
struct wpa_igtk_kde {
259
u8 igtk[WPA_IGTK_LEN];
261
#endif /* CONFIG_IEEE80211W */
263
#ifdef CONFIG_IEEE80211R
265
u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
269
#define RSN_FT_CAPAB_FT_OVER_DS BIT(0)
270
#define RSN_FT_CAPAB_FT_RESOURCE_REQ_SUPP BIT(1)
275
u8 anonce[WPA_NONCE_LEN];
276
u8 snonce[WPA_NONCE_LEN];
277
/* followed by optional parameters */
280
#define FTIE_SUBELEM_R1KH_ID 1
281
#define FTIE_SUBELEM_GTK 2
282
#define FTIE_SUBELEM_R0KH_ID 3
283
#define FTIE_SUBELEM_IGTK 4
291
#endif /* CONFIG_IEEE80211R */
295
#endif /* _MSC_VER */
298
int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len,
300
void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
301
const u8 *addr1, const u8 *addr2,
302
const u8 *nonce1, const u8 *nonce2,
303
u8 *ptk, size_t ptk_len, int use_sha256);
305
#ifdef CONFIG_IEEE80211R
306
int wpa_ft_mic(const u8 *kck, const u8 *sta_addr, const u8 *ap_addr,
307
u8 transaction_seqnum, const u8 *mdie, size_t mdie_len,
308
const u8 *ftie, size_t ftie_len,
309
const u8 *rsnie, size_t rsnie_len,
310
const u8 *ric, size_t ric_len, u8 *mic);
311
void wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
312
const u8 *ssid, size_t ssid_len,
313
const u8 *mdid, const u8 *r0kh_id, size_t r0kh_id_len,
314
const u8 *s0kh_id, u8 *pmk_r0, u8 *pmk_r0_name);
315
void wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
316
const u8 *s1kh_id, u8 *pmk_r1_name);
317
void wpa_derive_pmk_r1(const u8 *pmk_r0, const u8 *pmk_r0_name,
318
const u8 *r1kh_id, const u8 *s1kh_id,
319
u8 *pmk_r1, u8 *pmk_r1_name);
320
void wpa_pmk_r1_to_ptk(const u8 *pmk_r1, const u8 *snonce, const u8 *anonce,
321
const u8 *sta_addr, const u8 *bssid,
322
const u8 *pmk_r1_name,
323
u8 *ptk, size_t ptk_len, u8 *ptk_name);
324
#endif /* CONFIG_IEEE80211R */
334
int mgmt_group_cipher;
338
int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
339
struct wpa_ie_data *data);
341
void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa,
342
u8 *pmkid, int use_sha256);
344
const char * wpa_cipher_txt(int cipher);
345
const char * wpa_key_mgmt_txt(int key_mgmt, int proto);
346
int wpa_compare_rsn_ie(int ft_initial_assoc,
347
const u8 *ie1, size_t ie1len,
348
const u8 *ie2, size_t ie2len);
349
int wpa_insert_pmkid(u8 *ies, size_t ies_len, const u8 *pmkid);
351
#endif /* WPA_COMMON_H */