jeltz
/
hostap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
hostap/src/common/defs.h

479 lines
13 KiB
C
Raw Normal View History

Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/*
* WPA Supplicant - Common definitions
FT: SHA384-based AKM in RSNE processing This defines key lengths for SHA384-based FT AKM and handles writing and parsing for RSNE AKMs with the new value. Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-04 14:16:54 +02:00
* Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
*
Remove the GPL notification from files contributed by Jouni Malinen Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 15:46:35 +01:00
* This software may be distributed under the terms of the BSD license.
* See README for more details.
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
*/
#ifndef DEFS_H
#define DEFS_H
#define WPA_CIPHER_NONE BIT(0)
#define WPA_CIPHER_WEP40 BIT(1)
#define WPA_CIPHER_WEP104 BIT(2)
#define WPA_CIPHER_TKIP BIT(3)
#define WPA_CIPHER_CCMP BIT(4)
#define WPA_CIPHER_AES_128_CMAC BIT(5)
Add support for using GCMP cipher from IEEE 802.11ad This allows both hostapd and wpa_supplicant to be used to derive and configure keys for GCMP. This is quite similar to CCMP key configuration, but a different cipher suite and somewhat different rules are used in cipher selection. It should be noted that GCMP is not included in default parameters at least for now, so explicit pairwise/group configuration is needed to enable it. This may change in the future to allow GCMP to be selected automatically in cases where CCMP could have been used. This commit does not included changes to WPS or P2P to allow GCMP to be used. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 10:52:15 +02:00
#define WPA_CIPHER_GCMP BIT(6)
Reserve AKM and cipher suite values These values are used with WAPI and CCX and reserving the definitions here reduces the number of merge conflicts with repositories that include these functions. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:26:55 +02:00
#define WPA_CIPHER_SMS4 BIT(7)
Add definitions for new cipher suites from IEEE Std 802.11ac-2013 This adds initial parts for supporting the new GCMP-256, CCMP-256, BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 cipher suites. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 21:21:04 +01:00
#define WPA_CIPHER_GCMP_256 BIT(8)
#define WPA_CIPHER_CCMP_256 BIT(9)
#define WPA_CIPHER_BIP_GMAC_128 BIT(11)
#define WPA_CIPHER_BIP_GMAC_256 BIT(12)
#define WPA_CIPHER_BIP_CMAC_256 BIT(13)
Initial handling of GTK-not-used cipher suite This prepares wpa_supplicant for accepting cases where the AP does not use group addressed frames. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-23 20:24:05 +02:00
#define WPA_CIPHER_GTK_NOT_USED BIT(14)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#define WPA_KEY_MGMT_IEEE8021X BIT(0)
#define WPA_KEY_MGMT_PSK BIT(1)
#define WPA_KEY_MGMT_NONE BIT(2)
#define WPA_KEY_MGMT_IEEE8021X_NO_WPA BIT(3)
#define WPA_KEY_MGMT_WPA_NONE BIT(4)
#define WPA_KEY_MGMT_FT_IEEE8021X BIT(5)
#define WPA_KEY_MGMT_FT_PSK BIT(6)
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
#define WPA_KEY_MGMT_IEEE8021X_SHA256 BIT(7)
#define WPA_KEY_MGMT_PSK_SHA256 BIT(8)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
2008-11-23 18:34:26 +01:00
#define WPA_KEY_MGMT_WPS BIT(9)
Add initial parts for SAE This introduces new AKM for SAE and FT-SAE and adds the initial parts for going through the SAE Authentication frame exchange. The actual SAE algorithm and new fields in Authentication frames are not yet included in this commit and will be added separately. This version is able to complete a dummy authentication with the correct authentication algorithm and transaction values to allow cfg80211/mac80211 drivers to be tested (all the missing parts can be handled with hostapd/wpa_supplicant changes). Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 18:51:07 +02:00
#define WPA_KEY_MGMT_SAE BIT(10)
#define WPA_KEY_MGMT_FT_SAE BIT(11)
Reserve AKM and cipher suite values These values are used with WAPI and CCX and reserving the definitions here reduces the number of merge conflicts with repositories that include these functions. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:26:55 +02:00
#define WPA_KEY_MGMT_WAPI_PSK BIT(12)
#define WPA_KEY_MGMT_WAPI_CERT BIT(13)
#define WPA_KEY_MGMT_CCKM BIT(14)
HS 2.0R2: Add common OSEN definitions Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-23 20:23:25 +02:00
#define WPA_KEY_MGMT_OSEN BIT(15)
Suite B: Add AKM 00-0F-AC:11 This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 12:20:51 +01:00
#define WPA_KEY_MGMT_IEEE8021X_SUITE_B BIT(16)
Add Suite B 192-bit AKM WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-25 22:32:01 +01:00
#define WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 BIT(17)
FILS: Add AKM definitions This adds definitions for the new AKM suite values from P802.11ai/D11.0. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 16:50:04 +02:00
#define WPA_KEY_MGMT_FILS_SHA256 BIT(18)
#define WPA_KEY_MGMT_FILS_SHA384 BIT(19)
#define WPA_KEY_MGMT_FT_FILS_SHA256 BIT(20)
#define WPA_KEY_MGMT_FT_FILS_SHA384 BIT(21)
OWE: Define and parse OWE AKM selector This adds a new RSN AKM "OWE". Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-11 23:32:23 +01:00
#define WPA_KEY_MGMT_OWE BIT(22)
DPP: Add new AKM This new AKM is used with DPP when using the signed Connector to derive a PMK. Since the KCK, KEK, and MIC lengths are variable within a single AKM, this needs number of additional changes to get the PMK length delivered to places that need to figure out the lengths of the PTK components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-17 22:48:52 +02:00
#define WPA_KEY_MGMT_DPP BIT(23)
FT: SHA384-based AKM in RSNE processing This defines key lengths for SHA384-based FT AKM and handles writing and parsing for RSNE AKMs with the new value. Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-04 14:16:54 +02:00
#define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24)
PASN: Add functions to compute PTK, MIC and hash 1. Add a function to derive the PTK from a PMK and additional data. 2. Add a function to calculate the MIC for a PASN frames. 3. Add a function to compute the hash of an authentication frame body. The above are built only in case that CONFIG_PASN is enabled at build time. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2020-12-16 12:00:21 +01:00
#define WPA_KEY_MGMT_PASN BIT(25)
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
hostapd: Work around an interop connection issue in FT-PSK + WPA-PSK While the AP is configured to enable both FT-PSK and WPA-PSK, an HP printer request both AKMs (copied from AP?) in Association Request frame, but don't add MDIE and don't use FT. This results in the connection failing. Next in logs we see: RSN: Trying to use FT, but MDIE not included IE - hexdump(len=26): 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04 02 00 00 0f ac 02 00 0f ac 04 00 00 This is seen with some HP and Epson printers. Work around this by stripping FT AKM(s) when MDE is not present and there is still a non-FT AKM available. Signed-off-by: Janusz Dziedzic <janusz@plumewifi.com>
2018-03-05 15:37:10 +01:00
#define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_PSK | \
WPA_KEY_MGMT_FT_IEEE8021X | \
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | \
WPA_KEY_MGMT_FT_SAE | \
WPA_KEY_MGMT_FT_FILS_SHA256 | \
WPA_KEY_MGMT_FT_FILS_SHA384)
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
{
Fix wpa_key_mgmt_*() helper functions to handle multiple bits These can be used in some cases with a bitfield having multiple AKMs enabled (e.g., WPA-PSK and WPA-PSK-SHA256). Address those cases by checking whether any of the matching AKM are included.
2011-04-08 18:11:54 +02:00
return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
WPA_KEY_MGMT_FT_IEEE8021X |
FT: SHA384-based AKM in RSNE processing This defines key lengths for SHA384-based FT AKM and handles writing and parsing for RSNE AKMs with the new value. Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-04 14:16:54 +02:00
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
Reserve AKM and cipher suite values These values are used with WAPI and CCX and reserving the definitions here reduces the number of merge conflicts with repositories that include these functions. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:26:55 +02:00
WPA_KEY_MGMT_CCKM |
HS 2.0R2: Add common OSEN definitions Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-23 20:23:25 +02:00
WPA_KEY_MGMT_OSEN |
Suite B: Add AKM 00-0F-AC:11 This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 12:20:51 +01:00
WPA_KEY_MGMT_IEEE8021X_SHA256 |
Add Suite B 192-bit AKM WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-25 22:32:01 +01:00
WPA_KEY_MGMT_IEEE8021X_SUITE_B |
FILS: Add AKM definitions This adds definitions for the new AKM suite values from P802.11ai/D11.0. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 16:50:04 +02:00
WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
WPA_KEY_MGMT_FILS_SHA256 |
WPA_KEY_MGMT_FILS_SHA384 |
WPA_KEY_MGMT_FT_FILS_SHA256 |
WPA_KEY_MGMT_FT_FILS_SHA384));
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
}
SAE: Allow SAE-only network profile with sae_password to be written The commit a34ca59e (SAE: Allow SAE password to be configured separately (STA)) added sae_password configuration option. We should also consider sae_password in the wpa_config_write() function which stores the valid network block details to an external database. Fixes: a34ca59e4db0 ("SAE: Allow SAE password to be configured separately (STA)") Signed-off-by: Sachin Shelke <sachin.shelke@nxp.com> Signed-off-by: Cathy Luo <xiaohua.luo@nxp.com> Signed-off-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
2020-03-02 00:48:41 +01:00
static inline int wpa_key_mgmt_wpa_psk_no_sae(int akm)
{
return !!(akm & (WPA_KEY_MGMT_PSK |
WPA_KEY_MGMT_FT_PSK |
WPA_KEY_MGMT_PSK_SHA256));
}
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
static inline int wpa_key_mgmt_wpa_psk(int akm)
{
Fix wpa_key_mgmt_*() helper functions to handle multiple bits These can be used in some cases with a bitfield having multiple AKMs enabled (e.g., WPA-PSK and WPA-PSK-SHA256). Address those cases by checking whether any of the matching AKM are included.
2011-04-08 18:11:54 +02:00
return !!(akm & (WPA_KEY_MGMT_PSK |
WPA_KEY_MGMT_FT_PSK |
Add initial parts for SAE This introduces new AKM for SAE and FT-SAE and adds the initial parts for going through the SAE Authentication frame exchange. The actual SAE algorithm and new fields in Authentication frames are not yet included in this commit and will be added separately. This version is able to complete a dummy authentication with the correct authentication algorithm and transaction values to allow cfg80211/mac80211 drivers to be tested (all the missing parts can be handled with hostapd/wpa_supplicant changes). Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 18:51:07 +02:00
WPA_KEY_MGMT_PSK_SHA256 |
Enable FT with SAE It was already possible to configure hostapd and wpa_supplicant to use FT-SAE for the key management, but number of places were missing proper AKM checks to allow FT to be used with the new AKM. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 12:41:02 +01:00
WPA_KEY_MGMT_SAE |
WPA_KEY_MGMT_FT_SAE));
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
}
static inline int wpa_key_mgmt_ft(int akm)
{
hostapd: Work around an interop connection issue in FT-PSK + WPA-PSK While the AP is configured to enable both FT-PSK and WPA-PSK, an HP printer request both AKMs (copied from AP?) in Association Request frame, but don't add MDIE and don't use FT. This results in the connection failing. Next in logs we see: RSN: Trying to use FT, but MDIE not included IE - hexdump(len=26): 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04 02 00 00 0f ac 02 00 0f ac 04 00 00 This is seen with some HP and Epson printers. Work around this by stripping FT AKM(s) when MDE is not present and there is still a non-FT AKM available. Signed-off-by: Janusz Dziedzic <janusz@plumewifi.com>
2018-03-05 15:37:10 +01:00
return !!(akm & WPA_KEY_MGMT_FT);
}
static inline int wpa_key_mgmt_only_ft(int akm)
{
int ft = wpa_key_mgmt_ft(akm);
akm &= ~WPA_KEY_MGMT_FT;
return ft && !akm;
Add initial parts for SAE This introduces new AKM for SAE and FT-SAE and adds the initial parts for going through the SAE Authentication frame exchange. The actual SAE algorithm and new fields in Authentication frames are not yet included in this commit and will be added separately. This version is able to complete a dummy authentication with the correct authentication algorithm and transaction values to allow cfg80211/mac80211 drivers to be tested (all the missing parts can be handled with hostapd/wpa_supplicant changes). Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 18:51:07 +02:00
}
FT: Allow PMK-R0 and PMK-R1 for FT-PSK to be generated locally Station should be able to connect initially without ft_pmk_cache filled, so the target AP has the PSK available and thus the same information as the origin AP. Therefore neither caching nor communication between the APs with respect to PMK-R0 or PMK-R1 or VLANs is required if the target AP derives the required PMKs locally. This patch introduces the generation of the required PMKs locally for FT-PSK. Additionally, PMK-R0 is not stored (and thus pushed) for FT-PSK. So for FT-PSK networks, no configuration of inter-AP communication is needed anymore when using ft_psk_generate_local=1 configuration. The default behavior (ft_psk_generate_local=0) remains to use the pull/push protocol. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-09-24 22:53:42 +02:00
static inline int wpa_key_mgmt_ft_psk(int akm)
{
return !!(akm & WPA_KEY_MGMT_FT_PSK);
}
Add initial parts for SAE This introduces new AKM for SAE and FT-SAE and adds the initial parts for going through the SAE Authentication frame exchange. The actual SAE algorithm and new fields in Authentication frames are not yet included in this commit and will be added separately. This version is able to complete a dummy authentication with the correct authentication algorithm and transaction values to allow cfg80211/mac80211 drivers to be tested (all the missing parts can be handled with hostapd/wpa_supplicant changes). Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 18:51:07 +02:00
static inline int wpa_key_mgmt_sae(int akm)
{
return !!(akm & (WPA_KEY_MGMT_SAE |
WPA_KEY_MGMT_FT_SAE));
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
}
FILS: Add AKM definitions This adds definitions for the new AKM suite values from P802.11ai/D11.0. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 16:50:04 +02:00
static inline int wpa_key_mgmt_fils(int akm)
{
return !!(akm & (WPA_KEY_MGMT_FILS_SHA256 |
WPA_KEY_MGMT_FILS_SHA384 |
WPA_KEY_MGMT_FT_FILS_SHA256 |
WPA_KEY_MGMT_FT_FILS_SHA384));
}
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
static inline int wpa_key_mgmt_sha256(int akm)
{
Fix wpa_key_mgmt_*() helper functions to handle multiple bits These can be used in some cases with a bitfield having multiple AKMs enabled (e.g., WPA-PSK and WPA-PSK-SHA256). Address those cases by checking whether any of the matching AKM are included.
2011-04-08 18:11:54 +02:00
return !!(akm & (WPA_KEY_MGMT_PSK_SHA256 |
HS 2.0R2: Add common OSEN definitions Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-23 20:23:25 +02:00
WPA_KEY_MGMT_IEEE8021X_SHA256 |
SAE: Fix PTK derivation to use KDF-SHA256 The previous implementation ended up defaulting to using PRF-SHA1 for deriving PTK from PMK when SAE was used. This is not correct since the SAE AKM is defined to be using SHA-256 -based KDF instead. Fix that. Note: This change is not backwards compatible. Both the AP and station side implementations will need to be updated at the same time to maintain functionality. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-23 16:57:14 +01:00
WPA_KEY_MGMT_SAE |
WPA_KEY_MGMT_FT_SAE |
Suite B: Add AKM 00-0F-AC:11 This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 12:20:51 +01:00
WPA_KEY_MGMT_OSEN |
FILS: Add AKM definitions This adds definitions for the new AKM suite values from P802.11ai/D11.0. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 16:50:04 +02:00
WPA_KEY_MGMT_IEEE8021X_SUITE_B |
WPA_KEY_MGMT_FILS_SHA256 |
WPA_KEY_MGMT_FT_FILS_SHA256));
Suite B: Add AKM 00-0F-AC:11 This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 12:20:51 +01:00
}
Add Suite B 192-bit AKM WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-25 22:32:01 +01:00
static inline int wpa_key_mgmt_sha384(int akm)
{
FILS: Add AKM definitions This adds definitions for the new AKM suite values from P802.11ai/D11.0. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 16:50:04 +02:00
return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
FT: SHA384-based AKM in RSNE processing This defines key lengths for SHA384-based FT AKM and handles writing and parsing for RSNE AKMs with the new value. Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-04 14:16:54 +02:00
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
FILS: Add AKM definitions This adds definitions for the new AKM suite values from P802.11ai/D11.0. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 16:50:04 +02:00
WPA_KEY_MGMT_FILS_SHA384 |
WPA_KEY_MGMT_FT_FILS_SHA384));
Add Suite B 192-bit AKM WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-25 22:32:01 +01:00
}
Suite B: Add AKM 00-0F-AC:11 This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 12:20:51 +01:00
static inline int wpa_key_mgmt_suite_b(int akm)
{
Add Suite B 192-bit AKM WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-25 22:32:01 +01:00
return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B |
WPA_KEY_MGMT_IEEE8021X_SUITE_B_192));
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
}
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
2010-11-08 20:14:32 +01:00
static inline int wpa_key_mgmt_wpa(int akm)
{
return wpa_key_mgmt_wpa_ieee8021x(akm) ||
Enable FT with SAE It was already possible to configure hostapd and wpa_supplicant to use FT-SAE for the key management, but number of places were missing proper AKM checks to allow FT to be used with the new AKM. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 12:41:02 +01:00
wpa_key_mgmt_wpa_psk(akm) ||
FILS: Add AKM definitions This adds definitions for the new AKM suite values from P802.11ai/D11.0. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 16:50:04 +02:00
wpa_key_mgmt_fils(akm) ||
OWE: Define and parse OWE AKM selector This adds a new RSN AKM "OWE". Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-11 23:32:23 +01:00
wpa_key_mgmt_sae(akm) ||
DPP: Add new AKM This new AKM is used with DPP when using the signed Connector to derive a PMK. Since the KCK, KEK, and MIC lengths are variable within a single AKM, this needs number of additional changes to get the PMK length delivered to places that need to figure out the lengths of the PTK components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-17 22:48:52 +02:00
akm == WPA_KEY_MGMT_OWE ||
akm == WPA_KEY_MGMT_DPP;
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
2010-11-08 20:14:32 +01:00
}
Use wpa_key_mgmt_*() helpers This cleans up the source code and makes it less likely that new AKM addition misses some needed changes in the future. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 21:46:14 +01:00
static inline int wpa_key_mgmt_wpa_any(int akm)
{
return wpa_key_mgmt_wpa(akm) || (akm & WPA_KEY_MGMT_WPA_NONE);
}
Reserve AKM and cipher suite values These values are used with WAPI and CCX and reserving the definitions here reduces the number of merge conflicts with repositories that include these functions. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:26:55 +02:00
static inline int wpa_key_mgmt_cckm(int akm)
{
return akm == WPA_KEY_MGMT_CCKM;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#define WPA_PROTO_WPA BIT(0)
#define WPA_PROTO_RSN BIT(1)
Reserve AKM and cipher suite values These values are used with WAPI and CCX and reserving the definitions here reduces the number of merge conflicts with repositories that include these functions. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:26:55 +02:00
#define WPA_PROTO_WAPI BIT(2)
HS 2.0R2: Add common OSEN definitions Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-23 20:23:25 +02:00
#define WPA_PROTO_OSEN BIT(3)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#define WPA_AUTH_ALG_OPEN BIT(0)
#define WPA_AUTH_ALG_SHARED BIT(1)
#define WPA_AUTH_ALG_LEAP BIT(2)
Fix typo in WPA_AUTH_ALG_FT definition This was not supposed to have duplicate value with WPA_AUTH_ALG_LEAP. The previous version was unable to set FT as the authentication algorithm with nl80211.
2010-03-07 20:02:55 +01:00
#define WPA_AUTH_ALG_FT BIT(3)
Add initial parts for SAE This introduces new AKM for SAE and FT-SAE and adds the initial parts for going through the SAE Authentication frame exchange. The actual SAE algorithm and new fields in Authentication frames are not yet included in this commit and will be added separately. This version is able to complete a dummy authentication with the correct authentication algorithm and transaction values to allow cfg80211/mac80211 drivers to be tested (all the missing parts can be handled with hostapd/wpa_supplicant changes). Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 18:51:07 +02:00
#define WPA_AUTH_ALG_SAE BIT(4)
FILS: Add definitions for new frames and values This adds definitions for various management frame elements and values from P802.11ai/D11.0. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 16:50:04 +02:00
#define WPA_AUTH_ALG_FILS BIT(5)
FILS: Define authentication algorithm for FILS SK auth with PFS This is needed to add PFS support into hostapd and wpa_supplicant FILS shared key authentication. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 21:39:38 +01:00
#define WPA_AUTH_ALG_FILS_SK_PFS BIT(6)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
FILS: Specify if FILS HLP was sent in connect This adds a string "FILS_HLP_SENT" to connect event when HLP is sent as part of ASSOC/CONNECT request. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-20 14:08:49 +02:00
static inline int wpa_auth_alg_fils(int alg)
{
return !!(alg & (WPA_AUTH_ALG_FILS | WPA_AUTH_ALG_FILS_SK_PFS));
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
enum wpa_alg {
WPA_ALG_NONE,
WPA_ALG_WEP,
WPA_ALG_TKIP,
WPA_ALG_CCMP,
Rename WPA_ALG_IGTK to use the correct cipher name for BIP IGTK is the key that is used a BIP cipher. WPA_ALG_IGTK was the historical name used for this enum value when only the AES-128-CMAC based BIP algorithm was supported. Rename this to match the style used with the other BIP options. Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 23:11:59 +02:00
WPA_ALG_BIP_CMAC_128,
Reserve AKM and cipher suite values These values are used with WAPI and CCX and reserving the definitions here reduces the number of merge conflicts with repositories that include these functions. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:26:55 +02:00
WPA_ALG_GCMP,
WPA_ALG_SMS4,
Add definitions for new cipher suites from IEEE Std 802.11ac-2013 This adds initial parts for supporting the new GCMP-256, CCMP-256, BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 cipher suites. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 21:21:04 +01:00
WPA_ALG_KRK,
WPA_ALG_GCMP_256,
WPA_ALG_CCMP_256,
WPA_ALG_BIP_GMAC_128,
WPA_ALG_BIP_GMAC_256,
WPA_ALG_BIP_CMAC_256
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
};
Add a helper function for recognizing BIP enum wpa_alg values Use a shared wpa_alg_bip() function for this and fix the case in nl_add_key() to cover all BIP algorithms. That fix does not change any behavior since the function is not currently used with any BIP algorithm, but it is better to avoid surprises should it ever be needed with IGTK. Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 23:17:55 +02:00
static inline int wpa_alg_bip(enum wpa_alg alg)
{
return alg == WPA_ALG_BIP_CMAC_128 ||
alg == WPA_ALG_BIP_GMAC_128 ||
alg == WPA_ALG_BIP_GMAC_256 ||
alg == WPA_ALG_BIP_CMAC_256;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/**
* enum wpa_states - wpa_supplicant state
*
* These enumeration values are used to indicate the current wpa_supplicant
* state (wpa_s->wpa_state). The current state can be retrieved with
* wpa_supplicant_get_state() function and the state can be changed by calling
* wpa_supplicant_set_state(). In WPA state machine (wpa.c and preauth.c), the
* wrapper functions wpa_sm_get_state() and wpa_sm_set_state() should be used
* to access the state variable.
*/
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
enum wpa_states {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/**
* WPA_DISCONNECTED - Disconnected state
*
* This state indicates that client is not associated, but is likely to
* start looking for an access point. This state is entered when a
* connection is lost.
*/
WPA_DISCONNECTED,
Add Linux rfkill support Add a new wpa_supplicant state: interface disabled. This can be used to allow wpa_supplicant to be running with the network interface even when the driver does not actually allow any radio operations (e.g., due to rfkill). Allow driver_nl80211.c and driver_wext.c to start while rfkill is in blocked state (i.e., when ifconfig up fails) and process rfkill events to block/unblock WLAN.
2010-05-23 09:27:32 +02:00
/**
* WPA_INTERFACE_DISABLED - Interface disabled
*
Fix a typo in enum wpa_states comment Signed-off-by: Amit Khatri <amit.khatri@samsung.com> Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
2015-08-06 09:04:51 +02:00
* This state is entered if the network interface is disabled, e.g.,
Add Linux rfkill support Add a new wpa_supplicant state: interface disabled. This can be used to allow wpa_supplicant to be running with the network interface even when the driver does not actually allow any radio operations (e.g., due to rfkill). Allow driver_nl80211.c and driver_wext.c to start while rfkill is in blocked state (i.e., when ifconfig up fails) and process rfkill events to block/unblock WLAN.
2010-05-23 09:27:32 +02:00
* due to rfkill. wpa_supplicant refuses any new operations that would
* use the radio until the interface has been enabled.
*/
WPA_INTERFACE_DISABLED,
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/**
* WPA_INACTIVE - Inactive state (wpa_supplicant disabled)
*
* This state is entered if there are no enabled networks in the
* configuration. wpa_supplicant is not trying to associate with a new
* network and external interaction (e.g., ctrl_iface call to add or
* enable a network) is needed to start association.
*/
WPA_INACTIVE,
/**
* WPA_SCANNING - Scanning for a network
*
* This state is entered when wpa_supplicant starts scanning for a
* network.
*/
WPA_SCANNING,
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
2009-03-20 21:26:41 +01:00
/**
* WPA_AUTHENTICATING - Trying to authenticate with a BSS/SSID
*
* This state is entered when wpa_supplicant has found a suitable BSS
* to authenticate with and the driver is configured to try to
* authenticate with this BSS. This state is used only with drivers
* that use wpa_supplicant as the SME.
*/
WPA_AUTHENTICATING,
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/**
* WPA_ASSOCIATING - Trying to associate with a BSS/SSID
*
* This state is entered when wpa_supplicant has found a suitable BSS
* to associate with and the driver is configured to try to associate
* with this BSS in ap_scan=1 mode. When using ap_scan=2 mode, this
* state is entered when the driver is configured to try to associate
* with a network using the configured SSID and security policy.
*/
WPA_ASSOCIATING,
/**
* WPA_ASSOCIATED - Association completed
*
* This state is entered when the driver reports that association has
* been successfully completed with an AP. If IEEE 802.1X is used
* (with or without WPA/WPA2), wpa_supplicant remains in this state
* until the IEEE 802.1X/EAPOL authentication has been completed.
*/
WPA_ASSOCIATED,
/**
* WPA_4WAY_HANDSHAKE - WPA 4-Way Key Handshake in progress
*
* This state is entered when WPA/WPA2 4-Way Handshake is started. In
* case of WPA-PSK, this happens when receiving the first EAPOL-Key
* frame after association. In case of WPA-EAP, this state is entered
* when the IEEE 802.1X/EAPOL authentication has been completed.
*/
WPA_4WAY_HANDSHAKE,
/**
* WPA_GROUP_HANDSHAKE - WPA Group Key Handshake in progress
*
* This state is entered when 4-Way Key Handshake has been completed
* (i.e., when the supplicant sends out message 4/4) and when Group
* Key rekeying is started by the AP (i.e., when supplicant receives
* message 1/2).
*/
WPA_GROUP_HANDSHAKE,
/**
* WPA_COMPLETED - All authentication completed
*
* This state is entered when the full authentication process is
* completed. In case of WPA2, this happens when the 4-Way Handshake is
* successfully completed. With WPA, this state is entered after the
* Group Key Handshake; with IEEE 802.1X (non-WPA) connection is
* completed after dynamic keys are received (or if not used, after
* the EAP authentication has been completed). With static WEP keys and
* plaintext connections, this state is entered when an association
* has been completed.
*
* This state indicates that the supplicant has completed its
* processing for the association phase and that data connection is
* fully configured.
*/
WPA_COMPLETED
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
};
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#define MLME_SETPROTECTION_PROTECT_TYPE_NONE 0
#define MLME_SETPROTECTION_PROTECT_TYPE_RX 1
#define MLME_SETPROTECTION_PROTECT_TYPE_TX 2
#define MLME_SETPROTECTION_PROTECT_TYPE_RX_TX 3
#define MLME_SETPROTECTION_KEY_TYPE_GROUP 0
#define MLME_SETPROTECTION_KEY_TYPE_PAIRWISE 1
Allow hostapd/config.h and wpa_supplicant/config_ssid.h coexist Move the shared IEEE 802.11w enum definition into src/common/defs.h to avoid redefinition when both configuration structures are included into the same file.
2009-03-26 15:06:15 +01:00
Share the same enum for MFP configuration The three existing enums were already depending on using the same values in couple of places and it is just simpler to standardize on one of these to avoid need for mapping between different enums for the exact same thing.
2010-01-03 20:02:51 +01:00
/**
* enum mfp_options - Management frame protection (IEEE 802.11w) options
*/
Allow hostapd/config.h and wpa_supplicant/config_ssid.h coexist Move the shared IEEE 802.11w enum definition into src/common/defs.h to avoid redefinition when both configuration structures are included into the same file.
2009-03-26 15:06:15 +01:00
enum mfp_options {
Share the same enum for MFP configuration The three existing enums were already depending on using the same values in couple of places and it is just simpler to standardize on one of these to avoid need for mapping between different enums for the exact same thing.
2010-01-03 20:02:51 +01:00
NO_MGMT_FRAME_PROTECTION = 0,
MGMT_FRAME_PROTECTION_OPTIONAL = 1,
Allow PMF to be enabled by default Previously, PMF (protected management frames, IEEE 802.11w) could be enabled only with a per-network parameter (ieee80211w). The new global parameter (pmf) can now be used to change the default behavior to be PMF enabled (pmf=1) or required (pmf=2) for network blocks that do not override this with the ieee80211w parameter. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 21:21:29 +01:00
MGMT_FRAME_PROTECTION_REQUIRED = 2,
Allow hostapd/config.h and wpa_supplicant/config_ssid.h coexist Move the shared IEEE 802.11w enum definition into src/common/defs.h to avoid redefinition when both configuration structures are included into the same file.
2009-03-26 15:06:15 +01:00
};
Allow PMF to be enabled by default Previously, PMF (protected management frames, IEEE 802.11w) could be enabled only with a per-network parameter (ieee80211w). The new global parameter (pmf) can now be used to change the default behavior to be PMF enabled (pmf=1) or required (pmf=2) for network blocks that do not override this with the ieee80211w parameter. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 21:21:29 +01:00
#define MGMT_FRAME_PROTECTION_DEFAULT 3
Allow hostapd/config.h and wpa_supplicant/config_ssid.h coexist Move the shared IEEE 802.11w enum definition into src/common/defs.h to avoid redefinition when both configuration structures are included into the same file.
2009-03-26 15:06:15 +01:00
More Doxygen documentation for the driver interface
2010-01-03 19:49:48 +01:00
/**
* enum hostapd_hw_mode - Hardware mode
*/
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
enum hostapd_hw_mode {
Share same hw_feature definitions between hostapd and wpa_supplicant
2009-04-03 18:04:20 +02:00
HOSTAPD_MODE_IEEE80211B,
HOSTAPD_MODE_IEEE80211G,
HOSTAPD_MODE_IEEE80211A,
Introduce 60 GHz band Basic support for the 60 GHz band. Neither P2P nor WPS are yet taken care off. Allows to start AP with very simple config: network={ ssid="test" mode=2 frequency=60480 key_mgmt=NONE } Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-18 10:50:35 +01:00
HOSTAPD_MODE_IEEE80211AD,
Extend hw_mode to support any band for offloaded ACS case When device supports dual band operations with offloaded ACS, hw_mode can now be set to any band (hw_mode=any) in order to allow ACS to select the best channel from any band. After a channel is selected, the hw_mode is updated for hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-05-08 19:53:08 +02:00
HOSTAPD_MODE_IEEE80211ANY,
Share same hw_feature definitions between hostapd and wpa_supplicant
2009-04-03 18:04:20 +02:00
NUM_HOSTAPD_MODES
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
};
Share same hw_feature definitions between hostapd and wpa_supplicant
2009-04-03 18:04:20 +02:00
Use an enum for EAP SM requests Control requests will be extended for non-EAP uses later, so it makes sense to have them be generic. Furthermore, having them defined as an enum is easier for processing internally, and more generic for control interfaces that may not use field names. The public ctrl_req_type / field_name conversion function will be used later by the D-Bus control interface too. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:00:19 +02:00
/**
* enum wpa_ctrl_req_type - Control interface request types
*/
enum wpa_ctrl_req_type {
Add wpa_supplicant_ctrl_req_from_string() Converts from a string to a control request enum when input from a control interface is received. Will be used by a subsequent patch. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:04:40 +02:00
WPA_CTRL_REQ_UNKNOWN,
Use an enum for EAP SM requests Control requests will be extended for non-EAP uses later, so it makes sense to have them be generic. Furthermore, having them defined as an enum is easier for processing internally, and more generic for control interfaces that may not use field names. The public ctrl_req_type / field_name conversion function will be used later by the D-Bus control interface too. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:00:19 +02:00
WPA_CTRL_REQ_EAP_IDENTITY,
WPA_CTRL_REQ_EAP_PASSWORD,
WPA_CTRL_REQ_EAP_NEW_PASSWORD,
WPA_CTRL_REQ_EAP_PIN,
WPA_CTRL_REQ_EAP_OTP,
WPA_CTRL_REQ_EAP_PASSPHRASE,
EAP peer: Add framework for external SIM/USIM processing The new configuration parameter external_sim=<0/1> can now be used to configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM authentication for EAP-SIM or UMTS authentication for EAP-AKA). The requests and responses for such operations are sent over the ctrl_iface CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing password query mechanism. Changes to the EAP methods to use this new mechanism will be added in separate commits. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-19 16:32:05 +02:00
WPA_CTRL_REQ_SIM,
Allow PSK/passphrase to be set only when needed The new network profile parameter mem_only_psk=1 can be used to specify that the PSK/passphrase for that network is requested over the control interface (ctrl_iface or D-Bus) similarly to the EAP network parameter requests. The PSK/passphrase can then be configured temporarily in a way that prevents it from getting stored to the configuration file. For example: Event: CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk Response: CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop" Note: The response value uses the same encoding as the psk network profile parameter, i.e., passphrase is within double quotation marks. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-28 10:05:13 +01:00
WPA_CTRL_REQ_PSK_PASSPHRASE,
EAP peer: External server certificate chain validation This adds support for optional functionality to validate server certificate chain in TLS-based EAP methods in an external program. wpa_supplicant control interface is used to indicate when such validation is needed and what the result of the external validation is. This external validation can extend or replace the internal validation. When ca_cert or ca_path parameter is set, the internal validation is used. If these parameters are omitted, only the external validation is used. It needs to be understood that leaving those parameters out will disable most of the validation steps done with the TLS library and that configuration is not really recommend. By default, the external validation is not used. It can be enabled by addingtls_ext_cert_check=1 into the network profile phase1 parameter. When enabled, external validation is required through the CTRL-REQ/RSP mechanism similarly to other EAP authentication parameters through the control interface. The request to perform external validation is indicated by the following event: CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid> Before that event, the server certificate chain is provided with the CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump> parameter. depth=# indicates which certificate is in question (0 for the server certificate, 1 for its issues, and so on). The result of the external validation is provided with the following command: CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad> It should be noted that this is currently enabled only for OpenSSL (and BoringSSL/LibreSSL). Due to the constraints in the library API, the validation result from external processing cannot be reported cleanly with TLS alert. In other words, if the external validation reject the server certificate chain, the pending TLS handshake is terminated without sending more messages to the server. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 17:16:54 +01:00
WPA_CTRL_REQ_EXT_CERT_CHECK,
Use an enum for EAP SM requests Control requests will be extended for non-EAP uses later, so it makes sense to have them be generic. Furthermore, having them defined as an enum is easier for processing internally, and more generic for control interfaces that may not use field names. The public ctrl_req_type / field_name conversion function will be used later by the D-Bus control interface too. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:00:19 +02:00
NUM_WPA_CTRL_REQS
};
Use a single define for maximum number of EAP methods This cleans up the code a bit by not having to deal with theoretical possibility of maximum number of EAP methods to be different between various components in hostapd. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 19:06:33 +01:00
/* Maximum number of EAP methods to store for EAP server user information */
#define EAP_MAX_METHODS 8
nl80211: Add plink_action_field to hostapd_sta_add_params Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-09-01 06:23:23 +02:00
enum mesh_plink_state {
mesh: Rename MPM FSM states to match the standard During the P802.11s draft development, there were separate LISTEN and IDLE states. However, the current IEEE 802.11 standards uses only the IDLE state while the implementation called this LISTEN. Rename the state in the implementation to match the one used in the standard to avoid confusion. In addition, rename OPEN_{SENT,RCVD} to OPN_{SNT,RCVD} to match the exact spelling of these states in the standard. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-28 21:53:05 +02:00
PLINK_IDLE = 1,
PLINK_OPN_SNT,
PLINK_OPN_RCVD,
nl80211: Add plink_action_field to hostapd_sta_add_params Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-09-01 06:23:23 +02:00
PLINK_CNF_RCVD,
PLINK_ESTAB,
PLINK_HOLDING,
mesh: Rename MPM FSM states to match the standard During the P802.11s draft development, there were separate LISTEN and IDLE states. However, the current IEEE 802.11 standards uses only the IDLE state while the implementation called this LISTEN. Rename the state in the implementation to match the one used in the standard to avoid confusion. In addition, rename OPEN_{SENT,RCVD} to OPN_{SNT,RCVD} to match the exact spelling of these states in the standard. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-28 21:53:05 +02:00
PLINK_BLOCKED, /* not defined in the IEEE 802.11 standard */
nl80211: Add plink_action_field to hostapd_sta_add_params Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-09-01 06:23:23 +02:00
};
QCA vendor command support to set band to driver Add vendor command to pass SET setband command to the driver and read the updated channel list from driver when this notification succeeds. This allows the driver to update its internal channel lists based on setband configuration. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-27 12:14:22 +02:00
enum set_band {
Extend the setband support for 6 GHz and band combinations Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards compatibility with old drivers that are using QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz and 5 GHz bands. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-08-06 08:34:48 +02:00
WPA_SETBAND_AUTO = 0,
WPA_SETBAND_5G = BIT(0),
WPA_SETBAND_2G = BIT(1),
WPA_SETBAND_6G = BIT(2),
QCA vendor command support to set band to driver Add vendor command to pass SET setband command to the driver and read the updated channel list from driver when this notification succeeds. This allows the driver to update its internal channel lists based on setband configuration. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-27 12:14:22 +02:00
};
wpa_supplicant: Expose wpas_get_bands() and related API Expose the functions wpas_get_bands() and wpas_freq_to_band() and the enum wpa_radio_work_band, since they will be needed outside wpa_supplicant.c. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-20 12:46:10 +01:00
enum wpa_radio_work_band {
BAND_2_4_GHZ = BIT(0),
BAND_5_GHZ = BIT(1),
BAND_60_GHZ = BIT(2),
};
Add support for user configurable Beacon frame data rate for AP mode Allow configuration of Beacon frame TX rate from hostapd.conf with "beacon_rate=xx" option. The following format is used to set legacy/HT/VHT beacon rates: Legacy (CCK/OFDM rates): beacon_rate=<legacy rate in 100 kbps> HT: beacon_rate=ht:<HT MCS> VHT: beacon_rate=vht:<VHT MCS> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-22 10:10:35 +01:00
enum beacon_rate_type {
BEACON_RATE_LEGACY,
BEACON_RATE_HT,
Allow HE MCS rate selection for Beacon frames Allow HE MCS rate to be used for beacon transmission when the driver advertises the support. The rate is specified with a new beacon_rate option "he:<HE MCS>" in hostapd configuration. Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-10-03 11:31:15 +02:00
BEACON_RATE_VHT,
BEACON_RATE_HE
Add support for user configurable Beacon frame data rate for AP mode Allow configuration of Beacon frame TX rate from hostapd.conf with "beacon_rate=xx" option. The following format is used to set legacy/HT/VHT beacon rates: Legacy (CCK/OFDM rates): beacon_rate=<legacy rate in 100 kbps> HT: beacon_rate=ht:<HT MCS> VHT: beacon_rate=vht:<VHT MCS> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-22 10:10:35 +01:00
};
eap_proxy: Add support for SIM state change indication from eap_proxy This registers a new callback to indicate change in SIM state. This helps to do some clean up (more specifically pmksa_flush) based on the state change of the SIM. Without this, the reconnection using the cached PMKSA could happen though the SIM is changed. Currently eap_proxy_sim_state corresponds to only SIM_STATE_ERROR. This can be further extended. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 14:00:21 +01:00
enum eap_proxy_sim_state {
SIM_STATE_ERROR,
};
STA: Add OCE capability indication attribute Add OCE capability indication attribute in Probe Request and (Re)Association Request frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-10 14:05:31 +02:00
#define OCE_STA BIT(0)
#define OCE_STA_CFON BIT(1)
OCE: Add hostapd mode OCE capability indication if enabled Add OCE IE in Beacon, Probe Response, and (Re)Association Response frames if OCE is enabled in the configuration. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-16 14:17:03 +02:00
#define OCE_AP BIT(2)
STA: Add OCE capability indication attribute Add OCE capability indication attribute in Probe Request and (Re)Association Request frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-10 14:05:31 +02:00
Avoid forward references to enum types in ieee802_11_common.h These are not allowed in ISO C++ (and well, not really in ISO C either, but that does not result in compiler warning without pedantic compilation). Since ieee802_11_common.h may end up getting pulled into C++ code for some external interfaces, it is more convenient to keep it free of these cases. Pull in ieee802_11_defs.h to get enum phy_type defined and move enum chan_width to common/defs.h (which was already pulled in into src/drivers/driver.h and src/common/ieee802_11_common.h). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-07 16:26:40 +01:00
/* enum chan_width - Channel width definitions */
enum chan_width {
CHAN_WIDTH_20_NOHT,
CHAN_WIDTH_20,
CHAN_WIDTH_40,
CHAN_WIDTH_80,
CHAN_WIDTH_80P80,
CHAN_WIDTH_160,
Add EDMG bandwidth to channel frequency APIs Add EDMG bandwidth to CHANWIDTH_ defines. Update API ieee80211_freq_to_channel_ext() to support EDMG bandwidth for EDMG channels. Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2019-11-10 11:04:43 +01:00
CHAN_WIDTH_2160,
CHAN_WIDTH_4320,
CHAN_WIDTH_6480,
CHAN_WIDTH_8640,
Avoid forward references to enum types in ieee802_11_common.h These are not allowed in ISO C++ (and well, not really in ISO C either, but that does not result in compiler warning without pedantic compilation). Since ieee802_11_common.h may end up getting pulled into C++ code for some external interfaces, it is more convenient to keep it free of these cases. Pull in ieee802_11_defs.h to get enum phy_type defined and move enum chan_width to common/defs.h (which was already pulled in into src/drivers/driver.h and src/common/ieee802_11_common.h). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-07 16:26:40 +01:00
CHAN_WIDTH_UNKNOWN
};
Introduce and add key_flag Add the new set_key() parameter "key_flag" to provide more specific description of what type of a key is being configured. This is needed to be able to add support for "Extended Key ID for Individually Addressed Frames" from IEEE Std 802.11-2016. In addition, this may be used to replace the set_tx boolean eventually once all the driver wrappers have moved to using the new key_flag. The following flag are defined: KEY_FLAG_MODIFY Set when an already installed key must be updated. So far the only use-case is changing RX/TX status of installed keys. Must not be set when deleting a key. KEY_FLAG_DEFAULT Set when the key is also a default key. Must not be set when deleting a key. (This is the replacement for set_tx.) KEY_FLAG_RX The key is valid for RX. Must not be set when deleting a key. KEY_FLAG_TX The key is valid for TX. Must not be set when deleting a key. KEY_FLAG_GROUP The key is a broadcast or group key. KEY_FLAG_PAIRWISE The key is a pairwise key. KEY_FLAG_PMK The key is a Pairwise Master Key (PMK). Predefined and needed flag combinations so far are: KEY_FLAG_GROUP_RX_TX WEP key not used as default key (yet). KEY_FLAG_GROUP_RX_TX_DEFAULT Default WEP or WPA-NONE key. KEY_FLAG_GROUP_RX GTK key valid for RX only. KEY_FLAG_GROUP_TX_DEFAULT GTK key valid for TX only, immediately taking over TX. KEY_FLAG_PAIRWISE_RX_TX Pairwise key immediately becoming the active pairwise key. KEY_FLAG_PAIRWISE_RX Pairwise key not yet valid for TX. (Only usable with Extended Key ID support.) KEY_FLAG_PAIRWISE_RX_TX_MODIFY Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX. KEY_FLAG_RX_TX Not a valid standalone key type and can only used in combination with other flags to mark a key for RX/TX. This commit is not changing any functionality. It just adds the new key_flag to all hostapd/wpa_supplicant set_key() functions without using it, yet. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-01-04 23:10:04 +01:00
enum key_flag {
Add KEY_FLAG_MODIFY for Extended Key ID support KEY_FLAG_MODIFY was initial added for the planned Extended Key ID support with commit a919a260352a ("Introduce and add key_flag") and then removed with commit 82eaa3e6882f ("Remove the not yet needed KEY_FLAG_MODIFY") to simplify commit e9e69221c1d1 ("Validity checking function for key_flag API"). Add it again and update check_key_flag() accordingly. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-15 20:04:19 +01:00
KEY_FLAG_MODIFY = BIT(0),
Introduce and add key_flag Add the new set_key() parameter "key_flag" to provide more specific description of what type of a key is being configured. This is needed to be able to add support for "Extended Key ID for Individually Addressed Frames" from IEEE Std 802.11-2016. In addition, this may be used to replace the set_tx boolean eventually once all the driver wrappers have moved to using the new key_flag. The following flag are defined: KEY_FLAG_MODIFY Set when an already installed key must be updated. So far the only use-case is changing RX/TX status of installed keys. Must not be set when deleting a key. KEY_FLAG_DEFAULT Set when the key is also a default key. Must not be set when deleting a key. (This is the replacement for set_tx.) KEY_FLAG_RX The key is valid for RX. Must not be set when deleting a key. KEY_FLAG_TX The key is valid for TX. Must not be set when deleting a key. KEY_FLAG_GROUP The key is a broadcast or group key. KEY_FLAG_PAIRWISE The key is a pairwise key. KEY_FLAG_PMK The key is a Pairwise Master Key (PMK). Predefined and needed flag combinations so far are: KEY_FLAG_GROUP_RX_TX WEP key not used as default key (yet). KEY_FLAG_GROUP_RX_TX_DEFAULT Default WEP or WPA-NONE key. KEY_FLAG_GROUP_RX GTK key valid for RX only. KEY_FLAG_GROUP_TX_DEFAULT GTK key valid for TX only, immediately taking over TX. KEY_FLAG_PAIRWISE_RX_TX Pairwise key immediately becoming the active pairwise key. KEY_FLAG_PAIRWISE_RX Pairwise key not yet valid for TX. (Only usable with Extended Key ID support.) KEY_FLAG_PAIRWISE_RX_TX_MODIFY Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX. KEY_FLAG_RX_TX Not a valid standalone key type and can only used in combination with other flags to mark a key for RX/TX. This commit is not changing any functionality. It just adds the new key_flag to all hostapd/wpa_supplicant set_key() functions without using it, yet. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-01-04 23:10:04 +01:00
KEY_FLAG_DEFAULT = BIT(1),
KEY_FLAG_RX = BIT(2),
KEY_FLAG_TX = BIT(3),
KEY_FLAG_GROUP = BIT(4),
KEY_FLAG_PAIRWISE = BIT(5),
KEY_FLAG_PMK = BIT(6),
/* Used flag combinations */
KEY_FLAG_RX_TX = KEY_FLAG_RX | KEY_FLAG_TX,
KEY_FLAG_GROUP_RX_TX = KEY_FLAG_GROUP | KEY_FLAG_RX_TX,
KEY_FLAG_GROUP_RX_TX_DEFAULT = KEY_FLAG_GROUP_RX_TX |
KEY_FLAG_DEFAULT,
KEY_FLAG_GROUP_RX = KEY_FLAG_GROUP | KEY_FLAG_RX,
KEY_FLAG_GROUP_TX_DEFAULT = KEY_FLAG_GROUP | KEY_FLAG_TX |
KEY_FLAG_DEFAULT,
KEY_FLAG_PAIRWISE_RX_TX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX_TX,
KEY_FLAG_PAIRWISE_RX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX,
Add KEY_FLAG_MODIFY for Extended Key ID support KEY_FLAG_MODIFY was initial added for the planned Extended Key ID support with commit a919a260352a ("Introduce and add key_flag") and then removed with commit 82eaa3e6882f ("Remove the not yet needed KEY_FLAG_MODIFY") to simplify commit e9e69221c1d1 ("Validity checking function for key_flag API"). Add it again and update check_key_flag() accordingly. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-15 20:04:19 +01:00
KEY_FLAG_PAIRWISE_RX_TX_MODIFY = KEY_FLAG_PAIRWISE_RX_TX |
KEY_FLAG_MODIFY,
Validity checking function for key_flag API Add masks for each key type to define which flags can be combined and add a helper function to validate key_flag values. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-04 18:16:51 +01:00
/* Max allowed flags for each key type */
Add KEY_FLAG_MODIFY for Extended Key ID support KEY_FLAG_MODIFY was initial added for the planned Extended Key ID support with commit a919a260352a ("Introduce and add key_flag") and then removed with commit 82eaa3e6882f ("Remove the not yet needed KEY_FLAG_MODIFY") to simplify commit e9e69221c1d1 ("Validity checking function for key_flag API"). Add it again and update check_key_flag() accordingly. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-15 20:04:19 +01:00
KEY_FLAG_PAIRWISE_MASK = KEY_FLAG_PAIRWISE_RX_TX_MODIFY,
Validity checking function for key_flag API Add masks for each key type to define which flags can be combined and add a helper function to validate key_flag values. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-04 18:16:51 +01:00
KEY_FLAG_GROUP_MASK = KEY_FLAG_GROUP_RX_TX_DEFAULT,
KEY_FLAG_PMK_MASK = KEY_FLAG_PMK,
Introduce and add key_flag Add the new set_key() parameter "key_flag" to provide more specific description of what type of a key is being configured. This is needed to be able to add support for "Extended Key ID for Individually Addressed Frames" from IEEE Std 802.11-2016. In addition, this may be used to replace the set_tx boolean eventually once all the driver wrappers have moved to using the new key_flag. The following flag are defined: KEY_FLAG_MODIFY Set when an already installed key must be updated. So far the only use-case is changing RX/TX status of installed keys. Must not be set when deleting a key. KEY_FLAG_DEFAULT Set when the key is also a default key. Must not be set when deleting a key. (This is the replacement for set_tx.) KEY_FLAG_RX The key is valid for RX. Must not be set when deleting a key. KEY_FLAG_TX The key is valid for TX. Must not be set when deleting a key. KEY_FLAG_GROUP The key is a broadcast or group key. KEY_FLAG_PAIRWISE The key is a pairwise key. KEY_FLAG_PMK The key is a Pairwise Master Key (PMK). Predefined and needed flag combinations so far are: KEY_FLAG_GROUP_RX_TX WEP key not used as default key (yet). KEY_FLAG_GROUP_RX_TX_DEFAULT Default WEP or WPA-NONE key. KEY_FLAG_GROUP_RX GTK key valid for RX only. KEY_FLAG_GROUP_TX_DEFAULT GTK key valid for TX only, immediately taking over TX. KEY_FLAG_PAIRWISE_RX_TX Pairwise key immediately becoming the active pairwise key. KEY_FLAG_PAIRWISE_RX Pairwise key not yet valid for TX. (Only usable with Extended Key ID support.) KEY_FLAG_PAIRWISE_RX_TX_MODIFY Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX. KEY_FLAG_RX_TX Not a valid standalone key type and can only used in combination with other flags to mark a key for RX/TX. This commit is not changing any functionality. It just adds the new key_flag to all hostapd/wpa_supplicant set_key() functions without using it, yet. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-01-04 23:10:04 +01:00
};
Validity checking function for key_flag API Add masks for each key type to define which flags can be combined and add a helper function to validate key_flag values. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-04 18:16:51 +01:00
static inline int check_key_flag(enum key_flag key_flag)
{
return !!(!key_flag ||
Add KEY_FLAG_MODIFY for Extended Key ID support KEY_FLAG_MODIFY was initial added for the planned Extended Key ID support with commit a919a260352a ("Introduce and add key_flag") and then removed with commit 82eaa3e6882f ("Remove the not yet needed KEY_FLAG_MODIFY") to simplify commit e9e69221c1d1 ("Validity checking function for key_flag API"). Add it again and update check_key_flag() accordingly. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-15 20:04:19 +01:00
((key_flag & (KEY_FLAG_PAIRWISE | KEY_FLAG_MODIFY)) &&
Validity checking function for key_flag API Add masks for each key type to define which flags can be combined and add a helper function to validate key_flag values. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-04 18:16:51 +01:00
(key_flag & ~KEY_FLAG_PAIRWISE_MASK)) ||
((key_flag & KEY_FLAG_GROUP) &&
(key_flag & ~KEY_FLAG_GROUP_MASK)) ||
((key_flag & KEY_FLAG_PMK) &&
(key_flag & ~KEY_FLAG_PMK_MASK)));
}
AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new hostapd configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with disconnection. This requires the station to reassociate to get connected again and as such, can result in connectivity issues as well. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-01-10 23:19:08 +01:00
enum ptk0_rekey_handling {
PTK0_REKEY_ALLOW_ALWAYS,
PTK0_REKEY_ALLOW_LOCAL_OK,
PTK0_REKEY_ALLOW_NEVER
};
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#endif /* DEFS_H */