mirror of
https://git.rtems.org/rtems-libbsd/
synced 2025-07-24 02:02:30 +08:00
wpa: Import all files for KRACK patch.
This commit is contained in:
parent
a506ba970a
commit
b0f0b2f493
67
freebsd/contrib/wpa/src/ap/pmksa_cache_auth.h
Normal file
67
freebsd/contrib/wpa/src/ap/pmksa_cache_auth.h
Normal file
@ -0,0 +1,67 @@
|
||||
/*
|
||||
* hostapd - PMKSA cache for IEEE 802.11i RSN
|
||||
* Copyright (c) 2004-2008, 2012, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#ifndef PMKSA_CACHE_H
|
||||
#define PMKSA_CACHE_H
|
||||
|
||||
#include "radius/radius.h"
|
||||
|
||||
/**
|
||||
* struct rsn_pmksa_cache_entry - PMKSA cache entry
|
||||
*/
|
||||
struct rsn_pmksa_cache_entry {
|
||||
struct rsn_pmksa_cache_entry *next, *hnext;
|
||||
u8 pmkid[PMKID_LEN];
|
||||
u8 pmk[PMK_LEN];
|
||||
size_t pmk_len;
|
||||
os_time_t expiration;
|
||||
int akmp; /* WPA_KEY_MGMT_* */
|
||||
u8 spa[ETH_ALEN];
|
||||
|
||||
u8 *identity;
|
||||
size_t identity_len;
|
||||
struct wpabuf *cui;
|
||||
struct radius_class_data radius_class;
|
||||
u8 eap_type_authsrv;
|
||||
int vlan_id;
|
||||
int opportunistic;
|
||||
|
||||
u32 acct_multi_session_id_hi;
|
||||
u32 acct_multi_session_id_lo;
|
||||
};
|
||||
|
||||
struct rsn_pmksa_cache;
|
||||
|
||||
struct rsn_pmksa_cache *
|
||||
pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
|
||||
void *ctx), void *ctx);
|
||||
void pmksa_cache_auth_deinit(struct rsn_pmksa_cache *pmksa);
|
||||
struct rsn_pmksa_cache_entry *
|
||||
pmksa_cache_auth_get(struct rsn_pmksa_cache *pmksa,
|
||||
const u8 *spa, const u8 *pmkid);
|
||||
struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
|
||||
struct rsn_pmksa_cache *pmksa, const u8 *spa, const u8 *aa,
|
||||
const u8 *pmkid);
|
||||
struct rsn_pmksa_cache_entry *
|
||||
pmksa_cache_auth_add(struct rsn_pmksa_cache *pmksa,
|
||||
const u8 *pmk, size_t pmk_len,
|
||||
const u8 *kck, size_t kck_len,
|
||||
const u8 *aa, const u8 *spa, int session_timeout,
|
||||
struct eapol_state_machine *eapol, int akmp);
|
||||
struct rsn_pmksa_cache_entry *
|
||||
pmksa_cache_add_okc(struct rsn_pmksa_cache *pmksa,
|
||||
const struct rsn_pmksa_cache_entry *old_entry,
|
||||
const u8 *aa, const u8 *pmkid);
|
||||
void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
|
||||
struct eapol_state_machine *eapol);
|
||||
void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
|
||||
struct rsn_pmksa_cache_entry *entry);
|
||||
int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa,
|
||||
struct radius_das_attrs *attr);
|
||||
|
||||
#endif /* PMKSA_CACHE_H */
|
23
freebsd/contrib/wpa/src/ap/wmm.h
Normal file
23
freebsd/contrib/wpa/src/ap/wmm.h
Normal file
@ -0,0 +1,23 @@
|
||||
/*
|
||||
* hostapd / WMM (Wi-Fi Multimedia)
|
||||
* Copyright 2002-2003, Instant802 Networks, Inc.
|
||||
* Copyright 2005-2006, Devicescape Software, Inc.
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#ifndef WME_H
|
||||
#define WME_H
|
||||
|
||||
struct ieee80211_mgmt;
|
||||
struct wmm_tspec_element;
|
||||
|
||||
u8 * hostapd_eid_wmm(struct hostapd_data *hapd, u8 *eid);
|
||||
int hostapd_eid_wmm_valid(struct hostapd_data *hapd, const u8 *eid,
|
||||
size_t len);
|
||||
void hostapd_wmm_action(struct hostapd_data *hapd,
|
||||
const struct ieee80211_mgmt *mgmt, size_t len);
|
||||
int wmm_process_tspec(struct wmm_tspec_element *tspec);
|
||||
|
||||
#endif /* WME_H */
|
3502
freebsd/contrib/wpa/src/ap/wpa_auth.c
Normal file
3502
freebsd/contrib/wpa/src/ap/wpa_auth.c
Normal file
File diff suppressed because it is too large
Load Diff
328
freebsd/contrib/wpa/src/ap/wpa_auth.h
Normal file
328
freebsd/contrib/wpa/src/ap/wpa_auth.h
Normal file
@ -0,0 +1,328 @@
|
||||
/*
|
||||
* hostapd - IEEE 802.11i-2004 / WPA Authenticator
|
||||
* Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#ifndef WPA_AUTH_H
|
||||
#define WPA_AUTH_H
|
||||
|
||||
#include "common/defs.h"
|
||||
#include "common/eapol_common.h"
|
||||
#include "common/wpa_common.h"
|
||||
#include "common/ieee802_11_defs.h"
|
||||
|
||||
#define MAX_OWN_IE_OVERRIDE 256
|
||||
|
||||
#ifdef _MSC_VER
|
||||
#pragma pack(push, 1)
|
||||
#endif /* _MSC_VER */
|
||||
|
||||
/* IEEE Std 802.11r-2008, 11A.10.3 - Remote request/response frame definition
|
||||
*/
|
||||
struct ft_rrb_frame {
|
||||
u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
|
||||
u8 packet_type; /* FT_PACKET_REQUEST/FT_PACKET_RESPONSE */
|
||||
le16 action_length; /* little endian length of action_frame */
|
||||
u8 ap_address[ETH_ALEN];
|
||||
/*
|
||||
* Followed by action_length bytes of FT Action frame (from Category
|
||||
* field to the end of Action Frame body.
|
||||
*/
|
||||
} STRUCT_PACKED;
|
||||
|
||||
#define RSN_REMOTE_FRAME_TYPE_FT_RRB 1
|
||||
|
||||
#define FT_PACKET_REQUEST 0
|
||||
#define FT_PACKET_RESPONSE 1
|
||||
/* Vendor-specific types for R0KH-R1KH protocol; not defined in 802.11r */
|
||||
#define FT_PACKET_R0KH_R1KH_PULL 200
|
||||
#define FT_PACKET_R0KH_R1KH_RESP 201
|
||||
#define FT_PACKET_R0KH_R1KH_PUSH 202
|
||||
|
||||
#define FT_R0KH_R1KH_PULL_DATA_LEN 44
|
||||
#define FT_R0KH_R1KH_RESP_DATA_LEN 76
|
||||
#define FT_R0KH_R1KH_PUSH_DATA_LEN 88
|
||||
#define FT_R0KH_R1KH_PULL_NONCE_LEN 16
|
||||
|
||||
struct ft_r0kh_r1kh_pull_frame {
|
||||
u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
|
||||
u8 packet_type; /* FT_PACKET_R0KH_R1KH_PULL */
|
||||
le16 data_length; /* little endian length of data (44) */
|
||||
u8 ap_address[ETH_ALEN];
|
||||
|
||||
u8 nonce[FT_R0KH_R1KH_PULL_NONCE_LEN];
|
||||
u8 pmk_r0_name[WPA_PMK_NAME_LEN];
|
||||
u8 r1kh_id[FT_R1KH_ID_LEN];
|
||||
u8 s1kh_id[ETH_ALEN];
|
||||
u8 pad[4]; /* 8-octet boundary for AES key wrap */
|
||||
u8 key_wrap_extra[8];
|
||||
} STRUCT_PACKED;
|
||||
|
||||
struct ft_r0kh_r1kh_resp_frame {
|
||||
u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
|
||||
u8 packet_type; /* FT_PACKET_R0KH_R1KH_RESP */
|
||||
le16 data_length; /* little endian length of data (76) */
|
||||
u8 ap_address[ETH_ALEN];
|
||||
|
||||
u8 nonce[FT_R0KH_R1KH_PULL_NONCE_LEN]; /* copied from pull */
|
||||
u8 r1kh_id[FT_R1KH_ID_LEN]; /* copied from pull */
|
||||
u8 s1kh_id[ETH_ALEN]; /* copied from pull */
|
||||
u8 pmk_r1[PMK_LEN];
|
||||
u8 pmk_r1_name[WPA_PMK_NAME_LEN];
|
||||
le16 pairwise;
|
||||
u8 pad[2]; /* 8-octet boundary for AES key wrap */
|
||||
u8 key_wrap_extra[8];
|
||||
} STRUCT_PACKED;
|
||||
|
||||
struct ft_r0kh_r1kh_push_frame {
|
||||
u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
|
||||
u8 packet_type; /* FT_PACKET_R0KH_R1KH_PUSH */
|
||||
le16 data_length; /* little endian length of data (88) */
|
||||
u8 ap_address[ETH_ALEN];
|
||||
|
||||
/* Encrypted with AES key-wrap */
|
||||
u8 timestamp[4]; /* current time in seconds since unix epoch, little
|
||||
* endian */
|
||||
u8 r1kh_id[FT_R1KH_ID_LEN];
|
||||
u8 s1kh_id[ETH_ALEN];
|
||||
u8 pmk_r0_name[WPA_PMK_NAME_LEN];
|
||||
u8 pmk_r1[PMK_LEN];
|
||||
u8 pmk_r1_name[WPA_PMK_NAME_LEN];
|
||||
le16 pairwise;
|
||||
u8 pad[6]; /* 8-octet boundary for AES key wrap */
|
||||
u8 key_wrap_extra[8];
|
||||
} STRUCT_PACKED;
|
||||
|
||||
#ifdef _MSC_VER
|
||||
#pragma pack(pop)
|
||||
#endif /* _MSC_VER */
|
||||
|
||||
|
||||
/* per STA state machine data */
|
||||
|
||||
struct wpa_authenticator;
|
||||
struct wpa_state_machine;
|
||||
struct rsn_pmksa_cache_entry;
|
||||
struct eapol_state_machine;
|
||||
|
||||
|
||||
struct ft_remote_r0kh {
|
||||
struct ft_remote_r0kh *next;
|
||||
u8 addr[ETH_ALEN];
|
||||
u8 id[FT_R0KH_ID_MAX_LEN];
|
||||
size_t id_len;
|
||||
u8 key[16];
|
||||
};
|
||||
|
||||
|
||||
struct ft_remote_r1kh {
|
||||
struct ft_remote_r1kh *next;
|
||||
u8 addr[ETH_ALEN];
|
||||
u8 id[FT_R1KH_ID_LEN];
|
||||
u8 key[16];
|
||||
};
|
||||
|
||||
|
||||
struct wpa_auth_config {
|
||||
int wpa;
|
||||
int wpa_key_mgmt;
|
||||
int wpa_pairwise;
|
||||
int wpa_group;
|
||||
int wpa_group_rekey;
|
||||
int wpa_strict_rekey;
|
||||
int wpa_gmk_rekey;
|
||||
int wpa_ptk_rekey;
|
||||
int rsn_pairwise;
|
||||
int rsn_preauth;
|
||||
int eapol_version;
|
||||
int peerkey;
|
||||
int wmm_enabled;
|
||||
int wmm_uapsd;
|
||||
int disable_pmksa_caching;
|
||||
int okc;
|
||||
int tx_status;
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
enum mfp_options ieee80211w;
|
||||
int group_mgmt_cipher;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
u8 ssid[SSID_MAX_LEN];
|
||||
size_t ssid_len;
|
||||
u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
|
||||
u8 r0_key_holder[FT_R0KH_ID_MAX_LEN];
|
||||
size_t r0_key_holder_len;
|
||||
u8 r1_key_holder[FT_R1KH_ID_LEN];
|
||||
u32 r0_key_lifetime;
|
||||
u32 reassociation_deadline;
|
||||
struct ft_remote_r0kh *r0kh_list;
|
||||
struct ft_remote_r1kh *r1kh_list;
|
||||
int pmk_r1_push;
|
||||
int ft_over_ds;
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
int disable_gtk;
|
||||
int ap_mlme;
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
double corrupt_gtk_rekey_mic_probability;
|
||||
u8 own_ie_override[MAX_OWN_IE_OVERRIDE];
|
||||
size_t own_ie_override_len;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
#ifdef CONFIG_P2P
|
||||
u8 ip_addr_go[4];
|
||||
u8 ip_addr_mask[4];
|
||||
u8 ip_addr_start[4];
|
||||
u8 ip_addr_end[4];
|
||||
#endif /* CONFIG_P2P */
|
||||
};
|
||||
|
||||
typedef enum {
|
||||
LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING
|
||||
} logger_level;
|
||||
|
||||
typedef enum {
|
||||
WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized,
|
||||
WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable,
|
||||
WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx
|
||||
} wpa_eapol_variable;
|
||||
|
||||
struct wpa_auth_callbacks {
|
||||
void *ctx;
|
||||
void (*logger)(void *ctx, const u8 *addr, logger_level level,
|
||||
const char *txt);
|
||||
void (*disconnect)(void *ctx, const u8 *addr, u16 reason);
|
||||
int (*mic_failure_report)(void *ctx, const u8 *addr);
|
||||
void (*psk_failure_report)(void *ctx, const u8 *addr);
|
||||
void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var,
|
||||
int value);
|
||||
int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
|
||||
const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *p2p_dev_addr,
|
||||
const u8 *prev_psk);
|
||||
int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len);
|
||||
int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg,
|
||||
const u8 *addr, int idx, u8 *key, size_t key_len);
|
||||
int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq);
|
||||
int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data,
|
||||
size_t data_len, int encrypt);
|
||||
int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm,
|
||||
void *ctx), void *cb_ctx);
|
||||
int (*for_each_auth)(void *ctx, int (*cb)(struct wpa_authenticator *a,
|
||||
void *ctx), void *cb_ctx);
|
||||
int (*send_ether)(void *ctx, const u8 *dst, u16 proto, const u8 *data,
|
||||
size_t data_len);
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr);
|
||||
int (*send_ft_action)(void *ctx, const u8 *dst,
|
||||
const u8 *data, size_t data_len);
|
||||
int (*add_tspec)(void *ctx, const u8 *sta_addr, u8 *tspec_ie,
|
||||
size_t tspec_ielen);
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
#ifdef CONFIG_MESH
|
||||
int (*start_ampe)(void *ctx, const u8 *sta_addr);
|
||||
#endif /* CONFIG_MESH */
|
||||
};
|
||||
|
||||
struct wpa_authenticator * wpa_init(const u8 *addr,
|
||||
struct wpa_auth_config *conf,
|
||||
struct wpa_auth_callbacks *cb);
|
||||
int wpa_init_keys(struct wpa_authenticator *wpa_auth);
|
||||
void wpa_deinit(struct wpa_authenticator *wpa_auth);
|
||||
int wpa_reconfig(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_auth_config *conf);
|
||||
|
||||
enum {
|
||||
WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE,
|
||||
WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL,
|
||||
WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER,
|
||||
WPA_INVALID_MDIE, WPA_INVALID_PROTO
|
||||
};
|
||||
|
||||
int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm,
|
||||
const u8 *wpa_ie, size_t wpa_ie_len,
|
||||
const u8 *mdie, size_t mdie_len);
|
||||
int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm,
|
||||
const u8 *osen_ie, size_t osen_ie_len);
|
||||
int wpa_auth_uses_mfp(struct wpa_state_machine *sm);
|
||||
struct wpa_state_machine *
|
||||
wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
|
||||
const u8 *p2p_dev_addr);
|
||||
int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm);
|
||||
void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm);
|
||||
void wpa_auth_sta_deinit(struct wpa_state_machine *sm);
|
||||
void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm,
|
||||
u8 *data, size_t data_len);
|
||||
enum wpa_event {
|
||||
WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
|
||||
WPA_REAUTH_EAPOL, WPA_ASSOC_FT
|
||||
};
|
||||
void wpa_remove_ptk(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
|
||||
void wpa_auth_sm_notify(struct wpa_state_machine *sm);
|
||||
void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth);
|
||||
int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen);
|
||||
int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
|
||||
void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
|
||||
int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
|
||||
int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
|
||||
struct rsn_pmksa_cache_entry *entry);
|
||||
struct rsn_pmksa_cache_entry *
|
||||
wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm);
|
||||
void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm);
|
||||
const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||
size_t *len);
|
||||
int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
|
||||
int session_timeout, struct eapol_state_machine *eapol);
|
||||
int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
|
||||
const u8 *pmk, size_t len, const u8 *sta_addr,
|
||||
int session_timeout,
|
||||
struct eapol_state_machine *eapol);
|
||||
int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
|
||||
const u8 *pmk);
|
||||
void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
|
||||
const u8 *sta_addr);
|
||||
int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
|
||||
void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm, int ack);
|
||||
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
|
||||
size_t max_len, int auth_alg,
|
||||
const u8 *req_ies, size_t req_ies_len);
|
||||
void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
|
||||
u16 auth_transaction, const u8 *ies, size_t ies_len,
|
||||
void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
|
||||
u16 auth_transaction, u16 resp,
|
||||
const u8 *ies, size_t ies_len),
|
||||
void *ctx);
|
||||
u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
|
||||
size_t ies_len);
|
||||
int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len);
|
||||
int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
|
||||
const u8 *data, size_t data_len);
|
||||
void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr);
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
|
||||
void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm);
|
||||
void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag);
|
||||
int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos);
|
||||
int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos);
|
||||
|
||||
int wpa_auth_uses_sae(struct wpa_state_machine *sm);
|
||||
int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm);
|
||||
|
||||
int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr);
|
||||
|
||||
struct radius_das_attrs;
|
||||
int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
|
||||
struct radius_das_attrs *attr);
|
||||
void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth);
|
||||
|
||||
#endif /* WPA_AUTH_H */
|
1794
freebsd/contrib/wpa/src/ap/wpa_auth_ft.c
Normal file
1794
freebsd/contrib/wpa/src/ap/wpa_auth_ft.c
Normal file
File diff suppressed because it is too large
Load Diff
259
freebsd/contrib/wpa/src/ap/wpa_auth_i.h
Normal file
259
freebsd/contrib/wpa/src/ap/wpa_auth_i.h
Normal file
@ -0,0 +1,259 @@
|
||||
/*
|
||||
* hostapd - IEEE 802.11i-2004 / WPA Authenticator: Internal definitions
|
||||
* Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#ifndef WPA_AUTH_I_H
|
||||
#define WPA_AUTH_I_H
|
||||
|
||||
/* max(dot11RSNAConfigGroupUpdateCount,dot11RSNAConfigPairwiseUpdateCount) */
|
||||
#define RSNA_MAX_EAPOL_RETRIES 4
|
||||
|
||||
struct wpa_group;
|
||||
|
||||
struct wpa_stsl_negotiation {
|
||||
struct wpa_stsl_negotiation *next;
|
||||
u8 initiator[ETH_ALEN];
|
||||
u8 peer[ETH_ALEN];
|
||||
};
|
||||
|
||||
|
||||
struct wpa_state_machine {
|
||||
struct wpa_authenticator *wpa_auth;
|
||||
struct wpa_group *group;
|
||||
|
||||
u8 addr[ETH_ALEN];
|
||||
u8 p2p_dev_addr[ETH_ALEN];
|
||||
|
||||
enum {
|
||||
WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED,
|
||||
WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2,
|
||||
WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART,
|
||||
WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2,
|
||||
WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE
|
||||
} wpa_ptk_state;
|
||||
|
||||
enum {
|
||||
WPA_PTK_GROUP_IDLE = 0,
|
||||
WPA_PTK_GROUP_REKEYNEGOTIATING,
|
||||
WPA_PTK_GROUP_REKEYESTABLISHED,
|
||||
WPA_PTK_GROUP_KEYERROR
|
||||
} wpa_ptk_group_state;
|
||||
|
||||
Boolean Init;
|
||||
Boolean DeauthenticationRequest;
|
||||
Boolean AuthenticationRequest;
|
||||
Boolean ReAuthenticationRequest;
|
||||
Boolean Disconnect;
|
||||
int TimeoutCtr;
|
||||
int GTimeoutCtr;
|
||||
Boolean TimeoutEvt;
|
||||
Boolean EAPOLKeyReceived;
|
||||
Boolean EAPOLKeyPairwise;
|
||||
Boolean EAPOLKeyRequest;
|
||||
Boolean MICVerified;
|
||||
Boolean GUpdateStationKeys;
|
||||
u8 ANonce[WPA_NONCE_LEN];
|
||||
u8 SNonce[WPA_NONCE_LEN];
|
||||
u8 alt_SNonce[WPA_NONCE_LEN];
|
||||
u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN];
|
||||
u8 PMK[PMK_LEN];
|
||||
struct wpa_ptk PTK;
|
||||
Boolean PTK_valid;
|
||||
Boolean pairwise_set;
|
||||
int keycount;
|
||||
Boolean Pair;
|
||||
struct wpa_key_replay_counter {
|
||||
u8 counter[WPA_REPLAY_COUNTER_LEN];
|
||||
Boolean valid;
|
||||
} key_replay[RSNA_MAX_EAPOL_RETRIES],
|
||||
prev_key_replay[RSNA_MAX_EAPOL_RETRIES];
|
||||
Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */
|
||||
Boolean PTKRequest; /* not in IEEE 802.11i state machine */
|
||||
Boolean has_GTK;
|
||||
Boolean PtkGroupInit; /* init request for PTK Group state machine */
|
||||
|
||||
u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
|
||||
size_t last_rx_eapol_key_len;
|
||||
|
||||
unsigned int changed:1;
|
||||
unsigned int in_step_loop:1;
|
||||
unsigned int pending_deinit:1;
|
||||
unsigned int started:1;
|
||||
unsigned int mgmt_frame_prot:1;
|
||||
unsigned int rx_eapol_key_secure:1;
|
||||
unsigned int update_snonce:1;
|
||||
unsigned int alt_snonce_valid:1;
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
unsigned int ft_completed:1;
|
||||
unsigned int pmk_r1_name_valid:1;
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
unsigned int is_wnmsleep:1;
|
||||
|
||||
u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
|
||||
int req_replay_counter_used;
|
||||
|
||||
u8 *wpa_ie;
|
||||
size_t wpa_ie_len;
|
||||
|
||||
enum {
|
||||
WPA_VERSION_NO_WPA = 0 /* WPA not used */,
|
||||
WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */,
|
||||
WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */
|
||||
} wpa;
|
||||
int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
|
||||
int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */
|
||||
struct rsn_pmksa_cache_entry *pmksa;
|
||||
|
||||
u32 dot11RSNAStatsTKIPLocalMICFailures;
|
||||
u32 dot11RSNAStatsTKIPRemoteMICFailures;
|
||||
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
|
||||
size_t xxkey_len;
|
||||
u8 pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name derived from FT Auth
|
||||
* Request */
|
||||
u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; /* R0KH-ID from FT Auth Request */
|
||||
size_t r0kh_id_len;
|
||||
u8 sup_pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name from EAPOL-Key
|
||||
* message 2/4 */
|
||||
u8 *assoc_resp_ftie;
|
||||
|
||||
void (*ft_pending_cb)(void *ctx, const u8 *dst, const u8 *bssid,
|
||||
u16 auth_transaction, u16 status,
|
||||
const u8 *ies, size_t ies_len);
|
||||
void *ft_pending_cb_ctx;
|
||||
struct wpabuf *ft_pending_req_ies;
|
||||
u8 ft_pending_pull_nonce[FT_R0KH_R1KH_PULL_NONCE_LEN];
|
||||
u8 ft_pending_auth_transaction;
|
||||
u8 ft_pending_current_ap[ETH_ALEN];
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
|
||||
int pending_1_of_4_timeout;
|
||||
|
||||
#ifdef CONFIG_P2P
|
||||
u8 ip_addr[4];
|
||||
#endif /* CONFIG_P2P */
|
||||
};
|
||||
|
||||
|
||||
/* per group key state machine data */
|
||||
struct wpa_group {
|
||||
struct wpa_group *next;
|
||||
int vlan_id;
|
||||
|
||||
Boolean GInit;
|
||||
int GKeyDoneStations;
|
||||
Boolean GTKReKey;
|
||||
int GTK_len;
|
||||
int GN, GM;
|
||||
Boolean GTKAuthenticator;
|
||||
u8 Counter[WPA_NONCE_LEN];
|
||||
|
||||
enum {
|
||||
WPA_GROUP_GTK_INIT = 0,
|
||||
WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE,
|
||||
WPA_GROUP_FATAL_FAILURE
|
||||
} wpa_group_state;
|
||||
|
||||
u8 GMK[WPA_GMK_LEN];
|
||||
u8 GTK[2][WPA_GTK_MAX_LEN];
|
||||
u8 GNonce[WPA_NONCE_LEN];
|
||||
Boolean changed;
|
||||
Boolean first_sta_seen;
|
||||
Boolean reject_4way_hs_for_entropy;
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
u8 IGTK[2][WPA_IGTK_MAX_LEN];
|
||||
int GN_igtk, GM_igtk;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
/* Number of references except those in struct wpa_group->next */
|
||||
unsigned int references;
|
||||
};
|
||||
|
||||
|
||||
struct wpa_ft_pmk_cache;
|
||||
|
||||
/* per authenticator data */
|
||||
struct wpa_authenticator {
|
||||
struct wpa_group *group;
|
||||
|
||||
unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
|
||||
u32 dot11RSNAAuthenticationSuiteSelected;
|
||||
u32 dot11RSNAPairwiseCipherSelected;
|
||||
u32 dot11RSNAGroupCipherSelected;
|
||||
u8 dot11RSNAPMKIDUsed[PMKID_LEN];
|
||||
u32 dot11RSNAAuthenticationSuiteRequested; /* FIX: update */
|
||||
u32 dot11RSNAPairwiseCipherRequested; /* FIX: update */
|
||||
u32 dot11RSNAGroupCipherRequested; /* FIX: update */
|
||||
unsigned int dot11RSNATKIPCounterMeasuresInvoked;
|
||||
unsigned int dot11RSNA4WayHandshakeFailures;
|
||||
|
||||
struct wpa_stsl_negotiation *stsl_negotiations;
|
||||
|
||||
struct wpa_auth_config conf;
|
||||
struct wpa_auth_callbacks cb;
|
||||
|
||||
u8 *wpa_ie;
|
||||
size_t wpa_ie_len;
|
||||
|
||||
u8 addr[ETH_ALEN];
|
||||
|
||||
struct rsn_pmksa_cache *pmksa;
|
||||
struct wpa_ft_pmk_cache *ft_pmk_cache;
|
||||
|
||||
#ifdef CONFIG_P2P
|
||||
struct bitfield *ip_pool;
|
||||
#endif /* CONFIG_P2P */
|
||||
};
|
||||
|
||||
|
||||
int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
|
||||
const u8 *pmkid);
|
||||
void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
|
||||
logger_level level, const char *txt);
|
||||
void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
|
||||
logger_level level, const char *fmt, ...);
|
||||
void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm, int key_info,
|
||||
const u8 *key_rsc, const u8 *nonce,
|
||||
const u8 *kde, size_t kde_len,
|
||||
int keyidx, int encr, int force_version);
|
||||
int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
|
||||
int (*cb)(struct wpa_state_machine *sm, void *ctx),
|
||||
void *cb_ctx);
|
||||
int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
|
||||
int (*cb)(struct wpa_authenticator *a, void *ctx),
|
||||
void *cb_ctx);
|
||||
|
||||
#ifdef CONFIG_PEERKEY
|
||||
int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_stsl_negotiation *neg);
|
||||
void wpa_smk_error(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm,
|
||||
const u8 *key_data, size_t key_data_len);
|
||||
void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm, struct wpa_eapol_key *key,
|
||||
const u8 *key_data, size_t key_data_len);
|
||||
void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm, struct wpa_eapol_key *key,
|
||||
const u8 *key_data, size_t key_data_len);
|
||||
#endif /* CONFIG_PEERKEY */
|
||||
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
|
||||
int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
|
||||
size_t r0kh_id_len,
|
||||
const u8 *anonce, const u8 *snonce,
|
||||
u8 *buf, size_t len, const u8 *subelem,
|
||||
size_t subelem_len);
|
||||
int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
|
||||
struct wpa_ptk *ptk);
|
||||
struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void);
|
||||
void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache);
|
||||
void wpa_ft_install_ptk(struct wpa_state_machine *sm);
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
|
||||
#endif /* WPA_AUTH_I_H */
|
57
freebsd/contrib/wpa/src/ap/wpa_auth_ie.h
Normal file
57
freebsd/contrib/wpa/src/ap/wpa_auth_ie.h
Normal file
@ -0,0 +1,57 @@
|
||||
/*
|
||||
* hostapd - WPA/RSN IE and KDE definitions
|
||||
* Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#ifndef WPA_AUTH_IE_H
|
||||
#define WPA_AUTH_IE_H
|
||||
|
||||
struct wpa_eapol_ie_parse {
|
||||
const u8 *wpa_ie;
|
||||
size_t wpa_ie_len;
|
||||
const u8 *rsn_ie;
|
||||
size_t rsn_ie_len;
|
||||
const u8 *pmkid;
|
||||
const u8 *gtk;
|
||||
size_t gtk_len;
|
||||
const u8 *mac_addr;
|
||||
size_t mac_addr_len;
|
||||
#ifdef CONFIG_PEERKEY
|
||||
const u8 *smk;
|
||||
size_t smk_len;
|
||||
const u8 *nonce;
|
||||
size_t nonce_len;
|
||||
const u8 *lifetime;
|
||||
size_t lifetime_len;
|
||||
const u8 *error;
|
||||
size_t error_len;
|
||||
#endif /* CONFIG_PEERKEY */
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
const u8 *igtk;
|
||||
size_t igtk_len;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
const u8 *mdie;
|
||||
size_t mdie_len;
|
||||
const u8 *ftie;
|
||||
size_t ftie_len;
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
#ifdef CONFIG_P2P
|
||||
const u8 *ip_addr_req;
|
||||
const u8 *ip_addr_alloc;
|
||||
#endif /* CONFIG_P2P */
|
||||
|
||||
const u8 *osen;
|
||||
size_t osen_len;
|
||||
};
|
||||
|
||||
int wpa_parse_kde_ies(const u8 *buf, size_t len,
|
||||
struct wpa_eapol_ie_parse *ie);
|
||||
u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
|
||||
const u8 *data2, size_t data2_len);
|
||||
int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth);
|
||||
|
||||
#endif /* WPA_AUTH_IE_H */
|
102
freebsd/contrib/wpa/src/eapol_auth/eapol_auth_sm.h
Normal file
102
freebsd/contrib/wpa/src/eapol_auth/eapol_auth_sm.h
Normal file
@ -0,0 +1,102 @@
|
||||
/*
|
||||
* IEEE 802.1X-2004 Authenticator - EAPOL state machine
|
||||
* Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#ifndef EAPOL_AUTH_SM_H
|
||||
#define EAPOL_AUTH_SM_H
|
||||
|
||||
#define EAPOL_SM_PREAUTH BIT(0)
|
||||
#define EAPOL_SM_WAIT_START BIT(1)
|
||||
#define EAPOL_SM_USES_WPA BIT(2)
|
||||
#define EAPOL_SM_FROM_PMKSA_CACHE BIT(3)
|
||||
|
||||
struct eapol_auth_config {
|
||||
int eap_reauth_period;
|
||||
int wpa;
|
||||
int individual_wep_key_len;
|
||||
int eap_server;
|
||||
void *ssl_ctx;
|
||||
void *msg_ctx;
|
||||
void *eap_sim_db_priv;
|
||||
char *eap_req_id_text; /* a copy of this will be allocated */
|
||||
size_t eap_req_id_text_len;
|
||||
int erp_send_reauth_start;
|
||||
char *erp_domain; /* a copy of this will be allocated */
|
||||
int erp; /* Whether ERP is enabled on authentication server */
|
||||
unsigned int tls_session_lifetime;
|
||||
u8 *pac_opaque_encr_key;
|
||||
u8 *eap_fast_a_id;
|
||||
size_t eap_fast_a_id_len;
|
||||
char *eap_fast_a_id_info;
|
||||
int eap_fast_prov;
|
||||
int pac_key_lifetime;
|
||||
int pac_key_refresh_time;
|
||||
int eap_sim_aka_result_ind;
|
||||
int tnc;
|
||||
struct wps_context *wps;
|
||||
int fragment_size;
|
||||
u16 pwd_group;
|
||||
int pbc_in_m1;
|
||||
const u8 *server_id;
|
||||
size_t server_id_len;
|
||||
|
||||
/* Opaque context pointer to owner data for callback functions */
|
||||
void *ctx;
|
||||
};
|
||||
|
||||
struct eap_user;
|
||||
struct eap_server_erp_key;
|
||||
|
||||
typedef enum {
|
||||
EAPOL_LOGGER_DEBUG, EAPOL_LOGGER_INFO, EAPOL_LOGGER_WARNING
|
||||
} eapol_logger_level;
|
||||
|
||||
enum eapol_event {
|
||||
EAPOL_AUTH_SM_CHANGE,
|
||||
EAPOL_AUTH_REAUTHENTICATE
|
||||
};
|
||||
|
||||
struct eapol_auth_cb {
|
||||
void (*eapol_send)(void *ctx, void *sta_ctx, u8 type, const u8 *data,
|
||||
size_t datalen);
|
||||
void (*aaa_send)(void *ctx, void *sta_ctx, const u8 *data,
|
||||
size_t datalen);
|
||||
void (*finished)(void *ctx, void *sta_ctx, int success, int preauth,
|
||||
int remediation);
|
||||
int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
|
||||
int phase2, struct eap_user *user);
|
||||
int (*sta_entry_alive)(void *ctx, const u8 *addr);
|
||||
void (*logger)(void *ctx, const u8 *addr, eapol_logger_level level,
|
||||
const char *txt);
|
||||
void (*set_port_authorized)(void *ctx, void *sta_ctx, int authorized);
|
||||
void (*abort_auth)(void *ctx, void *sta_ctx);
|
||||
void (*tx_key)(void *ctx, void *sta_ctx);
|
||||
void (*eapol_event)(void *ctx, void *sta_ctx, enum eapol_event type);
|
||||
struct eap_server_erp_key * (*erp_get_key)(void *ctx,
|
||||
const char *keyname);
|
||||
int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp);
|
||||
};
|
||||
|
||||
|
||||
struct eapol_authenticator * eapol_auth_init(struct eapol_auth_config *conf,
|
||||
struct eapol_auth_cb *cb);
|
||||
void eapol_auth_deinit(struct eapol_authenticator *eapol);
|
||||
struct eapol_state_machine *
|
||||
eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
|
||||
int flags, const struct wpabuf *assoc_wps_ie,
|
||||
const struct wpabuf *assoc_p2p_ie, void *sta_ctx,
|
||||
const char *identity, const char *radius_cui);
|
||||
void eapol_auth_free(struct eapol_state_machine *sm);
|
||||
void eapol_auth_step(struct eapol_state_machine *sm);
|
||||
int eapol_auth_dump_state(struct eapol_state_machine *sm, char *buf,
|
||||
size_t buflen);
|
||||
int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx);
|
||||
void eapol_auth_reauthenticate(struct eapol_state_machine *sm);
|
||||
int eapol_auth_set_conf(struct eapol_state_machine *sm, const char *param,
|
||||
const char *value);
|
||||
|
||||
#endif /* EAPOL_AUTH_SM_H */
|
322
freebsd/contrib/wpa/src/radius/radius.h
Normal file
322
freebsd/contrib/wpa/src/radius/radius.h
Normal file
@ -0,0 +1,322 @@
|
||||
/*
|
||||
* RADIUS message processing
|
||||
* Copyright (c) 2002-2009, 2012, 2014, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#ifndef RADIUS_H
|
||||
#define RADIUS_H
|
||||
|
||||
/* RFC 2865 - RADIUS */
|
||||
|
||||
#ifdef _MSC_VER
|
||||
#pragma pack(push, 1)
|
||||
#endif /* _MSC_VER */
|
||||
|
||||
struct radius_hdr {
|
||||
u8 code;
|
||||
u8 identifier;
|
||||
be16 length; /* including this header */
|
||||
u8 authenticator[16];
|
||||
/* followed by length-20 octets of attributes */
|
||||
} STRUCT_PACKED;
|
||||
|
||||
enum { RADIUS_CODE_ACCESS_REQUEST = 1,
|
||||
RADIUS_CODE_ACCESS_ACCEPT = 2,
|
||||
RADIUS_CODE_ACCESS_REJECT = 3,
|
||||
RADIUS_CODE_ACCOUNTING_REQUEST = 4,
|
||||
RADIUS_CODE_ACCOUNTING_RESPONSE = 5,
|
||||
RADIUS_CODE_ACCESS_CHALLENGE = 11,
|
||||
RADIUS_CODE_STATUS_SERVER = 12,
|
||||
RADIUS_CODE_STATUS_CLIENT = 13,
|
||||
RADIUS_CODE_DISCONNECT_REQUEST = 40,
|
||||
RADIUS_CODE_DISCONNECT_ACK = 41,
|
||||
RADIUS_CODE_DISCONNECT_NAK = 42,
|
||||
RADIUS_CODE_COA_REQUEST = 43,
|
||||
RADIUS_CODE_COA_ACK = 44,
|
||||
RADIUS_CODE_COA_NAK = 45,
|
||||
RADIUS_CODE_RESERVED = 255
|
||||
};
|
||||
|
||||
struct radius_attr_hdr {
|
||||
u8 type;
|
||||
u8 length; /* including this header */
|
||||
/* followed by length-2 octets of attribute value */
|
||||
} STRUCT_PACKED;
|
||||
|
||||
#define RADIUS_MAX_ATTR_LEN (255 - sizeof(struct radius_attr_hdr))
|
||||
|
||||
enum { RADIUS_ATTR_USER_NAME = 1,
|
||||
RADIUS_ATTR_USER_PASSWORD = 2,
|
||||
RADIUS_ATTR_NAS_IP_ADDRESS = 4,
|
||||
RADIUS_ATTR_NAS_PORT = 5,
|
||||
RADIUS_ATTR_FRAMED_MTU = 12,
|
||||
RADIUS_ATTR_REPLY_MESSAGE = 18,
|
||||
RADIUS_ATTR_STATE = 24,
|
||||
RADIUS_ATTR_CLASS = 25,
|
||||
RADIUS_ATTR_VENDOR_SPECIFIC = 26,
|
||||
RADIUS_ATTR_SESSION_TIMEOUT = 27,
|
||||
RADIUS_ATTR_IDLE_TIMEOUT = 28,
|
||||
RADIUS_ATTR_TERMINATION_ACTION = 29,
|
||||
RADIUS_ATTR_CALLED_STATION_ID = 30,
|
||||
RADIUS_ATTR_CALLING_STATION_ID = 31,
|
||||
RADIUS_ATTR_NAS_IDENTIFIER = 32,
|
||||
RADIUS_ATTR_PROXY_STATE = 33,
|
||||
RADIUS_ATTR_ACCT_STATUS_TYPE = 40,
|
||||
RADIUS_ATTR_ACCT_DELAY_TIME = 41,
|
||||
RADIUS_ATTR_ACCT_INPUT_OCTETS = 42,
|
||||
RADIUS_ATTR_ACCT_OUTPUT_OCTETS = 43,
|
||||
RADIUS_ATTR_ACCT_SESSION_ID = 44,
|
||||
RADIUS_ATTR_ACCT_AUTHENTIC = 45,
|
||||
RADIUS_ATTR_ACCT_SESSION_TIME = 46,
|
||||
RADIUS_ATTR_ACCT_INPUT_PACKETS = 47,
|
||||
RADIUS_ATTR_ACCT_OUTPUT_PACKETS = 48,
|
||||
RADIUS_ATTR_ACCT_TERMINATE_CAUSE = 49,
|
||||
RADIUS_ATTR_ACCT_MULTI_SESSION_ID = 50,
|
||||
RADIUS_ATTR_ACCT_LINK_COUNT = 51,
|
||||
RADIUS_ATTR_ACCT_INPUT_GIGAWORDS = 52,
|
||||
RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS = 53,
|
||||
RADIUS_ATTR_EVENT_TIMESTAMP = 55,
|
||||
RADIUS_ATTR_NAS_PORT_TYPE = 61,
|
||||
RADIUS_ATTR_TUNNEL_TYPE = 64,
|
||||
RADIUS_ATTR_TUNNEL_MEDIUM_TYPE = 65,
|
||||
RADIUS_ATTR_TUNNEL_PASSWORD = 69,
|
||||
RADIUS_ATTR_CONNECT_INFO = 77,
|
||||
RADIUS_ATTR_EAP_MESSAGE = 79,
|
||||
RADIUS_ATTR_MESSAGE_AUTHENTICATOR = 80,
|
||||
RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID = 81,
|
||||
RADIUS_ATTR_ACCT_INTERIM_INTERVAL = 85,
|
||||
RADIUS_ATTR_CHARGEABLE_USER_IDENTITY = 89,
|
||||
RADIUS_ATTR_NAS_IPV6_ADDRESS = 95,
|
||||
RADIUS_ATTR_ERROR_CAUSE = 101,
|
||||
RADIUS_ATTR_EAP_KEY_NAME = 102,
|
||||
RADIUS_ATTR_OPERATOR_NAME = 126,
|
||||
RADIUS_ATTR_LOCATION_INFO = 127,
|
||||
RADIUS_ATTR_LOCATION_DATA = 128,
|
||||
RADIUS_ATTR_BASIC_LOCATION_POLICY_RULES = 129,
|
||||
RADIUS_ATTR_EXTENDED_LOCATION_POLICY_RULES = 130,
|
||||
RADIUS_ATTR_LOCATION_CAPABLE = 131,
|
||||
RADIUS_ATTR_REQUESTED_LOCATION_INFO = 132,
|
||||
RADIUS_ATTR_MOBILITY_DOMAIN_ID = 177,
|
||||
RADIUS_ATTR_WLAN_HESSID = 181,
|
||||
RADIUS_ATTR_WLAN_PAIRWISE_CIPHER = 186,
|
||||
RADIUS_ATTR_WLAN_GROUP_CIPHER = 187,
|
||||
RADIUS_ATTR_WLAN_AKM_SUITE = 188,
|
||||
RADIUS_ATTR_WLAN_GROUP_MGMT_CIPHER = 189,
|
||||
};
|
||||
|
||||
|
||||
/* Termination-Action */
|
||||
#define RADIUS_TERMINATION_ACTION_DEFAULT 0
|
||||
#define RADIUS_TERMINATION_ACTION_RADIUS_REQUEST 1
|
||||
|
||||
/* NAS-Port-Type */
|
||||
#define RADIUS_NAS_PORT_TYPE_IEEE_802_11 19
|
||||
|
||||
/* Acct-Status-Type */
|
||||
#define RADIUS_ACCT_STATUS_TYPE_START 1
|
||||
#define RADIUS_ACCT_STATUS_TYPE_STOP 2
|
||||
#define RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE 3
|
||||
#define RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON 7
|
||||
#define RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF 8
|
||||
|
||||
/* Acct-Authentic */
|
||||
#define RADIUS_ACCT_AUTHENTIC_RADIUS 1
|
||||
#define RADIUS_ACCT_AUTHENTIC_LOCAL 2
|
||||
#define RADIUS_ACCT_AUTHENTIC_REMOTE 3
|
||||
|
||||
/* Acct-Terminate-Cause */
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST 1
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_LOST_CARRIER 2
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_LOST_SERVICE 3
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT 4
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT 5
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_RESET 6
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT 7
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_ERROR 8
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_NAS_ERROR 9
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_NAS_REQUEST 10
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT 11
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_UNNEEDED 12
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_PREEMPTED 13
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_SUSPENDED 14
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_SERVICE_UNAVAILABLE 15
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_CALLBACK 16
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_USER_ERROR 17
|
||||
#define RADIUS_ACCT_TERMINATE_CAUSE_HOST_REQUEST 18
|
||||
|
||||
#define RADIUS_TUNNEL_TAGS 32
|
||||
|
||||
/* Tunnel-Type */
|
||||
#define RADIUS_TUNNEL_TYPE_PPTP 1
|
||||
#define RADIUS_TUNNEL_TYPE_L2TP 3
|
||||
#define RADIUS_TUNNEL_TYPE_IPIP 7
|
||||
#define RADIUS_TUNNEL_TYPE_GRE 10
|
||||
#define RADIUS_TUNNEL_TYPE_VLAN 13
|
||||
|
||||
/* Tunnel-Medium-Type */
|
||||
#define RADIUS_TUNNEL_MEDIUM_TYPE_IPV4 1
|
||||
#define RADIUS_TUNNEL_MEDIUM_TYPE_IPV6 2
|
||||
#define RADIUS_TUNNEL_MEDIUM_TYPE_802 6
|
||||
|
||||
|
||||
struct radius_attr_vendor {
|
||||
u8 vendor_type;
|
||||
u8 vendor_length;
|
||||
} STRUCT_PACKED;
|
||||
|
||||
#define RADIUS_VENDOR_ID_CISCO 9
|
||||
#define RADIUS_CISCO_AV_PAIR 1
|
||||
|
||||
/* RFC 2548 - Microsoft Vendor-specific RADIUS Attributes */
|
||||
#define RADIUS_VENDOR_ID_MICROSOFT 311
|
||||
|
||||
enum { RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY = 16,
|
||||
RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY = 17
|
||||
};
|
||||
|
||||
|
||||
/* Hotspot 2.0 - WFA Vendor-specific RADIUS Attributes */
|
||||
#define RADIUS_VENDOR_ID_WFA 40808
|
||||
|
||||
enum {
|
||||
RADIUS_VENDOR_ATTR_WFA_HS20_SUBSCR_REMEDIATION = 1,
|
||||
RADIUS_VENDOR_ATTR_WFA_HS20_AP_VERSION = 2,
|
||||
RADIUS_VENDOR_ATTR_WFA_HS20_STA_VERSION = 3,
|
||||
RADIUS_VENDOR_ATTR_WFA_HS20_DEAUTH_REQ = 4,
|
||||
RADIUS_VENDOR_ATTR_WFA_HS20_SESSION_INFO_URL = 5,
|
||||
};
|
||||
|
||||
#ifdef _MSC_VER
|
||||
#pragma pack(pop)
|
||||
#endif /* _MSC_VER */
|
||||
|
||||
struct radius_ms_mppe_keys {
|
||||
u8 *send;
|
||||
size_t send_len;
|
||||
u8 *recv;
|
||||
size_t recv_len;
|
||||
};
|
||||
|
||||
|
||||
struct radius_msg;
|
||||
|
||||
/* Default size to be allocated for new RADIUS messages */
|
||||
#define RADIUS_DEFAULT_MSG_SIZE 1024
|
||||
|
||||
/* Default size to be allocated for attribute array */
|
||||
#define RADIUS_DEFAULT_ATTR_COUNT 16
|
||||
|
||||
|
||||
/* MAC address ASCII format for IEEE 802.1X use
|
||||
* (draft-congdon-radius-8021x-20.txt) */
|
||||
#define RADIUS_802_1X_ADDR_FORMAT "%02X-%02X-%02X-%02X-%02X-%02X"
|
||||
/* MAC address ASCII format for non-802.1X use */
|
||||
#define RADIUS_ADDR_FORMAT "%02x%02x%02x%02x%02x%02x"
|
||||
|
||||
struct radius_hdr * radius_msg_get_hdr(struct radius_msg *msg);
|
||||
struct wpabuf * radius_msg_get_buf(struct radius_msg *msg);
|
||||
struct radius_msg * radius_msg_new(u8 code, u8 identifier);
|
||||
void radius_msg_free(struct radius_msg *msg);
|
||||
void radius_msg_dump(struct radius_msg *msg);
|
||||
int radius_msg_finish(struct radius_msg *msg, const u8 *secret,
|
||||
size_t secret_len);
|
||||
int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
|
||||
size_t secret_len, const u8 *req_authenticator);
|
||||
int radius_msg_finish_das_resp(struct radius_msg *msg, const u8 *secret,
|
||||
size_t secret_len,
|
||||
const struct radius_hdr *req_hdr);
|
||||
void radius_msg_finish_acct(struct radius_msg *msg, const u8 *secret,
|
||||
size_t secret_len);
|
||||
void radius_msg_finish_acct_resp(struct radius_msg *msg, const u8 *secret,
|
||||
size_t secret_len,
|
||||
const u8 *req_authenticator);
|
||||
int radius_msg_verify_acct_req(struct radius_msg *msg, const u8 *secret,
|
||||
size_t secret_len);
|
||||
int radius_msg_verify_das_req(struct radius_msg *msg, const u8 *secret,
|
||||
size_t secret_len);
|
||||
struct radius_attr_hdr * radius_msg_add_attr(struct radius_msg *msg, u8 type,
|
||||
const u8 *data, size_t data_len);
|
||||
struct radius_msg * radius_msg_parse(const u8 *data, size_t len);
|
||||
int radius_msg_add_eap(struct radius_msg *msg, const u8 *data,
|
||||
size_t data_len);
|
||||
struct wpabuf * radius_msg_get_eap(struct radius_msg *msg);
|
||||
int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
|
||||
size_t secret_len, struct radius_msg *sent_msg,
|
||||
int auth);
|
||||
int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
|
||||
size_t secret_len, const u8 *req_auth);
|
||||
int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src,
|
||||
u8 type);
|
||||
void radius_msg_make_authenticator(struct radius_msg *msg,
|
||||
const u8 *data, size_t len);
|
||||
struct radius_ms_mppe_keys *
|
||||
radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
|
||||
const u8 *secret, size_t secret_len);
|
||||
struct radius_ms_mppe_keys *
|
||||
radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
|
||||
const u8 *secret, size_t secret_len);
|
||||
int radius_msg_add_mppe_keys(struct radius_msg *msg,
|
||||
const u8 *req_authenticator,
|
||||
const u8 *secret, size_t secret_len,
|
||||
const u8 *send_key, size_t send_key_len,
|
||||
const u8 *recv_key, size_t recv_key_len);
|
||||
int radius_msg_add_wfa(struct radius_msg *msg, u8 subtype, const u8 *data,
|
||||
size_t len);
|
||||
int radius_user_password_hide(struct radius_msg *msg,
|
||||
const u8 *data, size_t data_len,
|
||||
const u8 *secret, size_t secret_len,
|
||||
u8 *buf, size_t buf_len);
|
||||
struct radius_attr_hdr *
|
||||
radius_msg_add_attr_user_password(struct radius_msg *msg,
|
||||
const u8 *data, size_t data_len,
|
||||
const u8 *secret, size_t secret_len);
|
||||
int radius_msg_get_attr(struct radius_msg *msg, u8 type, u8 *buf, size_t len);
|
||||
int radius_msg_get_vlanid(struct radius_msg *msg);
|
||||
char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen,
|
||||
const u8 *secret, size_t secret_len,
|
||||
struct radius_msg *sent_msg, size_t n);
|
||||
|
||||
static inline int radius_msg_add_attr_int32(struct radius_msg *msg, u8 type,
|
||||
u32 value)
|
||||
{
|
||||
u32 val = htonl(value);
|
||||
return radius_msg_add_attr(msg, type, (u8 *) &val, 4) != NULL;
|
||||
}
|
||||
|
||||
static inline int radius_msg_get_attr_int32(struct radius_msg *msg, u8 type,
|
||||
u32 *value)
|
||||
{
|
||||
u32 val;
|
||||
int res;
|
||||
res = radius_msg_get_attr(msg, type, (u8 *) &val, 4);
|
||||
if (res != 4)
|
||||
return -1;
|
||||
|
||||
*value = ntohl(val);
|
||||
return 0;
|
||||
}
|
||||
int radius_msg_get_attr_ptr(struct radius_msg *msg, u8 type, u8 **buf,
|
||||
size_t *len, const u8 *start);
|
||||
int radius_msg_count_attr(struct radius_msg *msg, u8 type, int min_len);
|
||||
|
||||
|
||||
struct radius_attr_data {
|
||||
u8 *data;
|
||||
size_t len;
|
||||
};
|
||||
|
||||
struct radius_class_data {
|
||||
struct radius_attr_data *attr;
|
||||
size_t count;
|
||||
};
|
||||
|
||||
void radius_free_class(struct radius_class_data *c);
|
||||
int radius_copy_class(struct radius_class_data *dst,
|
||||
const struct radius_class_data *src);
|
||||
|
||||
u8 radius_msg_find_unlisted_attr(struct radius_msg *msg, u8 *attrs);
|
||||
|
||||
#endif /* RADIUS_H */
|
3010
freebsd/contrib/wpa/src/rsn_supp/tdls.c
Normal file
3010
freebsd/contrib/wpa/src/rsn_supp/tdls.c
Normal file
File diff suppressed because it is too large
Load Diff
21
freebsd/contrib/wpa/src/utils/bitfield.h
Normal file
21
freebsd/contrib/wpa/src/utils/bitfield.h
Normal file
@ -0,0 +1,21 @@
|
||||
/*
|
||||
* Bitfield
|
||||
* Copyright (c) 2013, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#ifndef BITFIELD_H
|
||||
#define BITFIELD_H
|
||||
|
||||
struct bitfield;
|
||||
|
||||
struct bitfield * bitfield_alloc(size_t max_bits);
|
||||
void bitfield_free(struct bitfield *bf);
|
||||
void bitfield_set(struct bitfield *bf, size_t bit);
|
||||
void bitfield_clear(struct bitfield *bf, size_t bit);
|
||||
int bitfield_is_set(struct bitfield *bf, size_t bit);
|
||||
int bitfield_get_first_zero(struct bitfield *bf);
|
||||
|
||||
#endif /* BITFIELD_H */
|
1150
freebsd/contrib/wpa/wpa_supplicant/wnm_sta.c
Normal file
1150
freebsd/contrib/wpa/wpa_supplicant/wnm_sta.c
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user