Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-26 01:08:22 -05:00
Code Issues Projects Releases Wiki Activity
630a843f59
fragattacks/src/rsn_supp/wpa_i.h
Jouni Malinen c0a6190815 Fix SHA-256-based KDF when using CCMP as the pairwise cipher 
IEEE 802.11r KDF uses key length in the derivation and as such, the PTK
length must be specified correctly. The previous version was deriving
using 512-bit PTK regardless of the negotiated cipher suite; this works
for TKIP, but not for CCMP. Update the code to use proper PTK length
based on the pairwise cipher.

This fixed PTK derivation for both IEEE 802.11r and IEEE 802.11w (when
using AKMP that specifies SHA-256-based key derivation). The fixed
version does not interoperate with the previous versions. [Bug 307]
2009-04-01 12:04:36 +03:00

246 lines
6.9 KiB
C
Raw Blame History

/*
* wpa_supplicant - Internal WPA state machine definitions
* Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#ifndef WPA_I_H
#define WPA_I_H
struct rsn_pmksa_candidate;
struct wpa_peerkey;
struct wpa_eapol_key;
/**
* struct wpa_sm - Internal WPA state machine data
*/
struct wpa_sm {
u8 pmk[PMK_LEN];
size_t pmk_len;
struct wpa_ptk ptk, tptk;
int ptk_set, tptk_set;
u8 snonce[WPA_NONCE_LEN];
u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
int renew_snonce;
u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
int rx_replay_counter_set;
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */
struct rsn_pmksa_candidate *pmksa_candidates;
struct l2_packet_data *l2_preauth;
struct l2_packet_data *l2_preauth_br;
u8 preauth_bssid[ETH_ALEN]; /* current RSN pre-auth peer or
* 00:00:00:00:00:00 if no pre-auth is
* in progress */
struct eapol_sm *preauth_eapol;
struct wpa_sm_ctx *ctx;
void *scard_ctx; /* context for smartcard callbacks */
int fast_reauth; /* whether EAP fast re-authentication is enabled */
void *network_ctx;
int peerkey_enabled;
int allowed_pairwise_cipher; /* bitfield of WPA_CIPHER_* */
int proactive_key_caching;
int eap_workaround;
void *eap_conf_ctx;
u8 ssid[32];
size_t ssid_len;
int wpa_ptk_rekey;
u8 own_addr[ETH_ALEN];
const char *ifname;
const char *bridge_ifname;
u8 bssid[ETH_ALEN];
unsigned int dot11RSNAConfigPMKLifetime;
unsigned int dot11RSNAConfigPMKReauthThreshold;
unsigned int dot11RSNAConfigSATimeout;
unsigned int dot11RSNA4WayHandshakeFailures;
/* Selected configuration (based on Beacon/ProbeResp WPA IE) */
unsigned int proto;
unsigned int pairwise_cipher;
unsigned int group_cipher;
unsigned int key_mgmt;
unsigned int mgmt_group_cipher;
int rsn_enabled; /* Whether RSN is enabled in configuration */
u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */
size_t assoc_wpa_ie_len;
u8 *ap_wpa_ie, *ap_rsn_ie;
size_t ap_wpa_ie_len, ap_rsn_ie_len;
#ifdef CONFIG_PEERKEY
struct wpa_peerkey *peerkey;
#endif /* CONFIG_PEERKEY */
#ifdef CONFIG_IEEE80211R
u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
size_t xxkey_len;
u8 pmk_r0[PMK_LEN];
u8 pmk_r0_name[WPA_PMK_NAME_LEN];
u8 pmk_r1[PMK_LEN];
u8 pmk_r1_name[WPA_PMK_NAME_LEN];
u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
u8 r0kh_id[FT_R0KH_ID_MAX_LEN];
size_t r0kh_id_len;
u8 r1kh_id[FT_R1KH_ID_LEN];
int ft_completed;
int over_the_ds_in_progress;
u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
#endif /* CONFIG_IEEE80211R */
};
static inline void wpa_sm_set_state(struct wpa_sm *sm, wpa_states state)
{
WPA_ASSERT(sm->ctx->set_state);
sm->ctx->set_state(sm->ctx->ctx, state);
}
static inline wpa_states wpa_sm_get_state(struct wpa_sm *sm)
{
WPA_ASSERT(sm->ctx->get_state);
return sm->ctx->get_state(sm->ctx->ctx);
}
static inline void wpa_sm_deauthenticate(struct wpa_sm *sm, int reason_code)
{
WPA_ASSERT(sm->ctx->deauthenticate);
sm->ctx->deauthenticate(sm->ctx->ctx, reason_code);
}
static inline void wpa_sm_disassociate(struct wpa_sm *sm, int reason_code)
{
WPA_ASSERT(sm->ctx->disassociate);
sm->ctx->disassociate(sm->ctx->ctx, reason_code);
}
static inline int wpa_sm_set_key(struct wpa_sm *sm, wpa_alg alg,
const u8 *addr, int key_idx, int set_tx,
const u8 *seq, size_t seq_len,
const u8 *key, size_t key_len)
{
WPA_ASSERT(sm->ctx->set_key);
return sm->ctx->set_key(sm->ctx->ctx, alg, addr, key_idx, set_tx,
seq, seq_len, key, key_len);
}
static inline void * wpa_sm_get_network_ctx(struct wpa_sm *sm)
{
WPA_ASSERT(sm->ctx->get_network_ctx);
return sm->ctx->get_network_ctx(sm->ctx->ctx);
}
static inline int wpa_sm_get_bssid(struct wpa_sm *sm, u8 *bssid)
{
WPA_ASSERT(sm->ctx->get_bssid);
return sm->ctx->get_bssid(sm->ctx->ctx, bssid);
}
static inline int wpa_sm_ether_send(struct wpa_sm *sm, const u8 *dest,
u16 proto, const u8 *buf, size_t len)
{
WPA_ASSERT(sm->ctx->ether_send);
return sm->ctx->ether_send(sm->ctx->ctx, dest, proto, buf, len);
}
static inline int wpa_sm_get_beacon_ie(struct wpa_sm *sm)
{
WPA_ASSERT(sm->ctx->get_beacon_ie);
return sm->ctx->get_beacon_ie(sm->ctx->ctx);
}
static inline void wpa_sm_cancel_auth_timeout(struct wpa_sm *sm)
{
WPA_ASSERT(sm->ctx->cancel_auth_timeout);
sm->ctx->cancel_auth_timeout(sm->ctx->ctx);
}
static inline u8 * wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type,
const void *data, u16 data_len,
size_t *msg_len, void **data_pos)
{
WPA_ASSERT(sm->ctx->alloc_eapol);
return sm->ctx->alloc_eapol(sm->ctx->ctx, type, data, data_len,
msg_len, data_pos);
}
static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, const u8 *bssid,
const u8 *pmkid)
{
WPA_ASSERT(sm->ctx->add_pmkid);
return sm->ctx->add_pmkid(sm->ctx->ctx, bssid, pmkid);
}
static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, const u8 *bssid,
const u8 *pmkid)
{
WPA_ASSERT(sm->ctx->remove_pmkid);
return sm->ctx->remove_pmkid(sm->ctx->ctx, bssid, pmkid);
}
static inline int wpa_sm_mlme_setprotection(struct wpa_sm *sm, const u8 *addr,
int protect_type, int key_type)
{
WPA_ASSERT(sm->ctx->mlme_setprotection);
return sm->ctx->mlme_setprotection(sm->ctx->ctx, addr, protect_type,
key_type);
}
static inline int wpa_sm_update_ft_ies(struct wpa_sm *sm, const u8 *md,
const u8 *ies, size_t ies_len)
{
if (sm->ctx->update_ft_ies)
return sm->ctx->update_ft_ies(sm->ctx->ctx, md, ies, ies_len);
return -1;
}
static inline int wpa_sm_send_ft_action(struct wpa_sm *sm, u8 action,
const u8 *target_ap,
const u8 *ies, size_t ies_len)
{
if (sm->ctx->send_ft_action)
return sm->ctx->send_ft_action(sm->ctx->ctx, action, target_ap,
ies, ies_len);
return -1;
}
void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
int ver, const u8 *dest, u16 proto,
u8 *msg, size_t msg_len, u8 *key_mic);
int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
const struct wpa_eapol_key *key,
int ver, const u8 *nonce,
const u8 *wpa_ie, size_t wpa_ie_len,
struct wpa_ptk *ptk);
int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
const struct wpa_eapol_key *key,
u16 ver, u16 key_info,
const u8 *kde, size_t kde_len,
struct wpa_ptk *ptk);
int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
const struct wpa_eapol_key *key,
struct wpa_ptk *ptk, size_t ptk_len);
#endif /* WPA_I_H */
Reference in New Issue View Git Blame Copy Permalink