Context Navigation

source: bootcd/isolinux/syslinux-6.03/gpxe/src/include/gpxe/wpa.h @ dd1be7c

Last change on this file since dd1be7c was e16e8f2, checked in by Edwin Eefting <edwin@datux.nl>, 3 years ago
bootstuff
Property mode set to `100644`
File size: 12.9 KB

Line
1	/*
2	* Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
3	*
4	* This program is free software; you can redistribute it and/or
5	* modify it under the terms of the GNU General Public License as
6	* published by the Free Software Foundation; either version 2 of the
7	* License, or any later version.
8	*
9	* This program is distributed in the hope that it will be useful, but
10	* WITHOUT ANY WARRANTY; without even the implied warranty of
11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12	* General Public License for more details.
13	*
14	* You should have received a copy of the GNU General Public License
15	* along with this program; if not, write to the Free Software
16	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17	*/
18
19	#ifndef _GPXE_WPA_H
20	#define _GPXE_WPA_H
21
22	#include <gpxe/ieee80211.h>
23	#include <gpxe/list.h>
24
25	FILE_LICENCE ( GPL2_OR_LATER );
26
27	/** @file
28	*
29	* Common definitions for all types of WPA-protected networks.
30	*/
31
32
33	/** EAPOL-Key type field for modern 802.11i/RSN WPA packets */
34	#define EAPOL_KEY_TYPE_RSN 2
35
36	/** Old EAPOL-Key type field used by WPA1 hardware before 802.11i ratified */
37	#define EAPOL_KEY_TYPE_WPA 254
38
39
40	/**
41	* @defgroup eapol_key_info EAPOL-Key Info field bits
42	* @{
43	*/
44
45	/** Key descriptor version, indicating WPA or WPA2 */
46	#define EAPOL_KEY_INFO_VERSION 0x0007
47
48	/** Key type bit, indicating pairwise or group */
49	#define EAPOL_KEY_INFO_TYPE 0x0008
50
51	/** Key install bit; set on message 3 except when legacy hacks are used */
52	#define EAPOL_KEY_INFO_INSTALL 0x0040
53
54	/** Key ACK bit; set when a response is required, on all messages except #4 */
55	#define EAPOL_KEY_INFO_KEY_ACK 0x0080
56
57	/** Key MIC bit; set when the MIC field is valid, on messages 3 and 4 */
58	#define EAPOL_KEY_INFO_KEY_MIC 0x0100
59
60	/** Secure bit; set when both sides have both keys, on messages 3 and 4 */
61	#define EAPOL_KEY_INFO_SECURE 0x0200
62
63	/** Error bit; set on a MIC failure for TKIP */
64	#define EAPOL_KEY_INFO_ERROR 0x0400
65
66	/** Request bit; set when authentication is initiated by the Peer (unusual) */
67	#define EAPOL_KEY_INFO_REQUEST 0x0800
68
69	/** Key Encrypted bit; set when the Key Data field is encrypted */
70	#define EAPOL_KEY_INFO_KEY_ENC 0x1000
71
72	/** SMC Message bit; set when this frame is part of an IBSS SMK handshake */
73	#define EAPOL_KEY_INFO_SMC_MESS 0x2000
74
75
76	/** Key descriptor version field value for WPA (TKIP) */
77	#define EAPOL_KEY_VERSION_WPA 1
78
79	/** Key descriptor version field value for WPA2 (CCMP) */
80	#define EAPOL_KEY_VERSION_WPA2 2
81
82	/** Key type field value for a PTK (pairwise) key handshake */
83	#define EAPOL_KEY_TYPE_PTK 0x0008
84
85	/** Key type field value for a GTK (group) key handshake */
86	#define EAPOL_KEY_TYPE_GTK 0x0000
87
88	/** @} */
89
90
91
92	/** An EAPOL-Key packet.
93	*
94	* These are used for the WPA 4-Way Handshake, whether or not prior
95	* authentication has been performed using EAP.
96	*
97	* On LANs, an eapol_key_pkt is always encapsulated in the data field
98	* of an eapol_frame, with the frame's type code set to EAPOL_TYPE_KEY.
99	*
100	* Unlike 802.11 frame headers, the fields in this structure are
101	* stored in big-endian!
102	*/
103	struct eapol_key_pkt
104	{
105	/** One of the EAPOL_KEY_TYPE_* defines. */
106	u8 type;
107
108	/** Bitfield of key characteristics, network byte order */
109	u16 info;
110
111	/** Length of encryption key to be used, network byte order
112	*
113	* This is 16 for CCMP, 32 for TKIP, and 5 or 13 for WEP.
114	*/
115	u16 keysize;
116
117	/** Monotonically increasing value for EAPOL-Key conversations
118	*
119	* In another classic demonstration of overengineering, this
120	* 8-byte value will rarely be anything above 1. It's stored
121	* in network byte order.
122	*/
123	u64 replay;
124
125	/** Nonce value
126	*
127	* This is the authenticator's ANonce in frame 1, the peer's
128	* SNonce in frame 2, and 0 in frames 3 and 4.
129	*/
130	u8 nonce[32];
131
132	/** Initialization vector
133	*
134	* This contains the IV used with the Key Encryption Key, or 0
135	* if the key is unencrypted or encrypted using an algorithm
136	* that does not require an IV.
137	*/
138	u8 iv[16];
139
140	/** Receive sequence counter for GTK
141	*
142	* This is used to synchronize the client's replay counter for
143	* ordinary data packets. The first six bytes contain PN0
144	* through PN5 for CCMP mode, or TSC0 through TSC5 for TKIP
145	* mode. The last two bytes are zero.
146	*/
147	u8 rsc[8];
148
149	/** Reserved bytes */
150	u8 _reserved[8];
151
152	/** Message integrity code over the entire EAPOL frame
153	*
154	* This is calculated using HMAC-MD5 when the key descriptor
155	* version field in @a info is 1, and HMAC-SHA1 ignoring the
156	* last 4 bytes of the hash when the version field in @a info
157	* is 2.
158	*/
159	u8 mic[16];
160
161	/** Length of the @a data field in bytes, network byte order */
162	u16 datalen;
163
164	/** Key data
165	*
166	* This is formatted as a series of 802.11 information
167	* elements, with cryptographic data encapsulated using a
168	* "vendor-specific IE" code and an IEEE-specified OUI.
169	*/
170	u8 data[0];
171	} __attribute__ (( packed ));
172
173
174	/** WPA handshaking state */
175	enum wpa_state {
176	/** Waiting for PMK to be set */
177	WPA_WAITING = 0,
178
179	/** Ready for 4-Way Handshake */
180	WPA_READY,
181
182	/** Performing 4-Way Handshake */
183	WPA_WORKING,
184
185	/** 4-Way Handshake succeeded */
186	WPA_SUCCESS,
187
188	/** 4-Way Handshake failed */
189	WPA_FAILURE,
190	};
191
192	/** Bitfield indicating a selection of WPA transient keys */
193	enum wpa_keymask {
194	/** Pairwise transient key */
195	WPA_PTK = 1,
196
197	/** Group transient key */
198	WPA_GTK = 2,
199	};
200
201
202	/** Length of a nonce */
203	#define WPA_NONCE_LEN 32
204
205	/** Length of a TKIP main key */
206	#define WPA_TKIP_KEY_LEN 16
207
208	/** Length of a TKIP MIC key */
209	#define WPA_TKIP_MIC_KEY_LEN 8
210
211	/** Length of a CCMP key */
212	#define WPA_CCMP_KEY_LEN 16
213
214	/** Length of an EAPOL Key Confirmation Key */
215	#define WPA_KCK_LEN 16
216
217	/** Length of an EAPOL Key Encryption Key */
218	#define WPA_KEK_LEN 16
219
220	/** Usual length of a Pairwise Master Key */
221	#define WPA_PMK_LEN 32
222
223	/** Length of a PMKID */
224	#define WPA_PMKID_LEN 16
225
226
227	/** Structure of the Temporal Key for TKIP encryption */
228	struct tkip_tk
229	{
230	/** Main key: input to TKIP Phase 1 and Phase 2 key mixing functions */
231	u8 key[WPA_TKIP_KEY_LEN];
232
233	/** Michael MIC keys */
234	struct {
235	/** MIC key for packets from the AP */
236	u8 rx[WPA_TKIP_MIC_KEY_LEN];
237
238	/** MIC key for packets to the AP */
239	u8 tx[WPA_TKIP_MIC_KEY_LEN];
240	} __attribute__ (( packed )) mic;
241	} __attribute__ (( packed ));
242
243	/** Structure of a generic Temporal Key */
244	union wpa_tk
245	{
246	/** CCMP key */
247	u8 ccmp[WPA_CCMP_KEY_LEN];
248
249	/** TKIP keys */
250	struct tkip_tk tkip;
251	};
252
253	/** Structure of the Pairwise Transient Key */
254	struct wpa_ptk
255	{
256	/** EAPOL-Key Key Confirmation Key (KCK) */
257	u8 kck[WPA_KCK_LEN];
258
259	/** EAPOL-Key Key Encryption Key (KEK) */
260	u8 kek[WPA_KEK_LEN];
261
262	/** Temporal key */
263	union wpa_tk tk;
264	} __attribute__ (( packed ));
265
266	/** Structure of the Group Transient Key */
267	struct wpa_gtk
268	{
269	/** Temporal key */
270	union wpa_tk tk;
271	} __attribute__ (( packed ));
272
273
274	/** Common context for WPA security handshaking
275	*
276	* Any implementor of a particular handshaking type (e.g. PSK or EAP)
277	* must include this structure at the very beginning of their private
278	* data context structure, to allow the EAPOL-Key handling code to
279	* work. When the preliminary authentication is done, it is necessary
280	* to call wpa_start(), passing the PMK (derived from PSK or EAP MSK)
281	* as an argument. The handshaker can use its @a step function to
282	* monitor @a state in this wpa_ctx structure for success or
283	* failure. On success, the keys will be available in @a ptk and @a
284	* gtk according to the state of the @a valid bitmask.
285	*
286	* After an initial success, the parent handshaker does not need to
287	* concern itself with rekeying; the WPA common code takes care of
288	* that.
289	*/
290	struct wpa_common_ctx
291	{
292	/** 802.11 device we are authenticating for */
293	struct net80211_device *dev;
294
295	/** The Pairwise Master Key to use in handshaking
296	*
297	* This is set either by running the PBKDF2 algorithm on a
298	* passphrase with the SSID as salt to generate a pre-shared
299	* key, or by copying the first 32 bytes of the EAP Master
300	* Session Key in 802.1X-served authentication.
301	*/
302	u8 pmk[WPA_PMK_LEN];
303
304	/** Length of the Pairwise Master Key
305	*
306	* This is always 32 except with one EAP method which only
307	* gives 16 bytes.
308	*/
309	int pmk_len;
310
311	/** State of EAPOL-Key handshaking */
312	enum wpa_state state;
313
314	/** Replay counter for this association
315	*
316	* This stores the replay counter value for the most recent
317	* packet we've accepted. It is initially initialised to ~0 to
318	* show we'll accept anything.
319	*/
320	u64 replay;
321
322	/** Mask of valid keys after authentication success
323	*
324	* If the PTK is not valid, the GTK should be used for both
325	* unicast and multicast decryption; if the GTK is not valid,
326	* multicast packets cannot be decrypted.
327	*/
328	enum wpa_keymask valid;
329
330	/** The cipher to use for unicast RX and all TX */
331	enum net80211_crypto_alg crypt;
332
333	/** The cipher to use for broadcast and multicast RX */
334	enum net80211_crypto_alg gcrypt;
335
336	/** The Pairwise Transient Key derived from the handshake */
337	struct wpa_ptk ptk;
338
339	/** The Group Transient Key derived from the handshake */
340	struct wpa_gtk gtk;
341
342	/** Authenticator-provided nonce */
343	u8 Anonce[WPA_NONCE_LEN];
344
345	/** Supplicant-generated nonce (that's us) */
346	u8 Snonce[WPA_NONCE_LEN];
347
348	/** Whether we should refrain from generating another SNonce */
349	int have_Snonce;
350
351	/** Data in WPA or RSN IE from AP's beacon frame */
352	void *ap_rsn_ie;
353
354	/** Length of @a ap_rsn_ie */
355	int ap_rsn_ie_len;
356
357	/** Whether @a ap_rsn_ie is an RSN IE (as opposed to old WPA) */
358	int ap_rsn_is_rsn;
359
360	/** List entry */
361	struct list_head list;
362	};
363
364
365	/** WPA handshake key integrity and encryption handler
366	*
367	* Note that due to the structure of the 4-Way Handshake we never
368	* actually need to encrypt key data, only decrypt it.
369	*/
370	struct wpa_kie {
371	/** Value of version bits in EAPOL-Key info field for which to use
372	*
373	* This should be one of the @c EAPOL_KEY_VERSION_* constants.
374	*/
375	int version;
376
377	/** Calculate MIC over message
378	*
379	* @v kck Key Confirmation Key, 16 bytes
380	* @v msg Message to calculate MIC over
381	* @v len Number of bytes to calculate MIC over
382	* @ret mic Calculated MIC, 16 bytes long
383	*
384	* The @a mic return may point within @a msg, so it must not
385	* be filled until the calculation has been performed.
386	*/
387	void ( * mic ) ( const void kck, const void msg, size_t len,
388	void *mic );
389
390	/** Decrypt key data
391	*
392	* @v kek Key Encryption Key, 16 bytes
393	* @v iv Initialisation vector for encryption, 16 bytes
394	* @v msg Message to decrypt (Key Data field)
395	* @v len Length of message
396	* @ret msg Decrypted message in place of original
397	* @ret len Updated to reflect encrypted length
398	* @ret rc Return status code
399	*
400	* The decrypted message is written over the encrypted one.
401	*/
402	int ( * decrypt ) ( const void kek, const void iv, void *msg,
403	u16 *len );
404	};
405
406	#define WPA_KIES __table ( struct wpa_kie, "wpa_kies" )
407	#define __wpa_kie __table_entry ( WPA_KIES, 01 )
408
409
410
411	/**
412	* @defgroup wpa_kde Key descriptor element types
413	* @{
414	*/
415
416	/** Payload structure of the GTK-encapsulating KDE
417	*
418	* This does not include the IE type, length, or OUI bytes, which are
419	* generic to all KDEs.
420	*/
421	struct wpa_kde_gtk_encap
422	{
423	/** Key ID and TX bit */
424	u8 id;
425
426	/** Reserved byte */
427	u8 _rsvd;
428
429	/** Encapsulated group transient key */
430	struct wpa_gtk gtk;
431	} __attribute__ (( packed ));
432
433	/** Mask for Key ID in wpa_kde_gtk::id field */
434	#define WPA_GTK_KID 0x03
435
436	/** Mask for Tx bit in wpa_kde_gtk::id field */
437	#define WPA_GTK_TXBIT 0x04
438
439
440	/** KDE type for an encapsulated Group Transient Key (requires encryption) */
441	#define WPA_KDE_GTK _MKOUI ( 0x00, 0x0F, 0xAC, 0x01 )
442
443	/** KDE type for a MAC address */
444	#define WPA_KDE_MAC _MKOUI ( 0x00, 0x0F, 0xAC, 0x03 )
445
446	/** KDE type for a PMKID */
447	#define WPA_KDE_PMKID _MKOUI ( 0x00, 0x0F, 0xAC, 0x04 )
448
449	/** KDE type for a nonce */
450	#define WPA_KDE_NONCE _MKOUI ( 0x00, 0x0F, 0xAC, 0x06 )
451
452	/** KDE type for a lifetime value */
453	#define WPA_KDE_LIFETIME _MKOUI ( 0x00, 0x0F, 0xAC, 0x07 )
454
455
456	/** Any key descriptor element type
457	*
458	* KDEs follow the 802.11 information element format of a type byte
459	* (in this case "vendor-specific", with the requisite OUI+subtype
460	* after length) and a length byte whose value does not include the
461	* length of the type and length bytes.
462	*/
463	struct wpa_kde
464	{
465	/** Information element type: always 0xDD (IEEE80211_IE_VENDOR) */
466	u8 ie_type;
467
468	/** Length, not including ie_type and length fields */
469	u8 len;
470
471	/** OUI + type byte */
472	u32 oui_type;
473
474	/** Payload data */
475	union {
476	/** For GTK-type KDEs, encapsulated GTK */
477	struct wpa_kde_gtk_encap gtk_encap;
478
479	/** For MAC-type KDEs, the MAC address */
480	u8 mac[ETH_ALEN];
481
482	/** For PMKID-type KDEs, the PMKID */
483	u8 pmkid[WPA_PMKID_LEN];
484
485	/** For Nonce-type KDEs, the nonce */
486	u8 nonce[WPA_NONCE_LEN];
487
488	/** For Lifetime-type KDEs, the lifetime in seconds
489	*
490	* This is in network byte order!
491	*/
492	u32 lifetime;
493	};
494	} __attribute__ (( packed ));
495
496	/** @} */
497
498	int wpa_make_rsn_ie ( struct net80211_device dev, union ieee80211_ie *ie );
499	int wpa_start ( struct net80211_device dev, struct wpa_common_ctx ctx,
500	const void *pmk, size_t pmk_len );
501	void wpa_stop ( struct net80211_device *dev );
502
503	#endif /* _GPXE_WPA_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: