Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity
iwd/src/handshake.h

235 lines
7.9 KiB
C
Raw Normal View History

Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
/*
*
* Wireless daemon for Linux
*
treewide: Move the Intel copyright forward to 2019
2019-10-25 00:43:08 +02:00
* Copyright (C) 2013-2019 Intel Corporation. All rights reserved.
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#include <stdint.h>
#include <stdbool.h>
#include <asm/byteorder.h>
#include <linux/types.h>
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct handshake_state;
handshake: Add handshake_util_build_gtk_kde utility
2018-09-22 18:48:15 +02:00
enum crypto_cipher;
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
eapol: Add eapol_append_key_data utility Add a utility to append a KDE to the key_data field in an EAPoL frame. The KDE types enum is actually added to handshake.h because we've got the utilities for finding those KDEs in a buffer there. The new function is specific to EAPoL-Key frames though and perhaps to simple to be split across handshake.c and eapol.c. Also it didn't seem useful to use the ie_tlv_builder here.
2017-09-22 05:06:40 +02:00
enum handshake_kde {
eapol: IP Allocation KDE support Support IP allocation during the 4-Way Handshake as defined in the P2P spec. This is the supplicant side implementation. The API requires the user to set hs->support_ip_allocation true before eapol_start(). On HANDSHAKE_EVENT_COMPLETE, if this same flag is still set, we've received the IP lease, the netmask and the authenticator's IP from the authenticator and there's no need to start DHCP. If the flag is cleared, the user needs to use DHCP.
2020-09-14 15:51:16 +02:00
/* 802.11-2016 Table 12-6 in section 12.7.2 */
eapol: Add eapol_append_key_data utility Add a utility to append a KDE to the key_data field in an EAPoL frame. The KDE types enum is actually added to handshake.h because we've got the utilities for finding those KDEs in a buffer there. The new function is specific to EAPoL-Key frames though and perhaps to simple to be split across handshake.c and eapol.c. Also it didn't seem useful to use the ie_tlv_builder here.
2017-09-22 05:06:40 +02:00
HANDSHAKE_KDE_GTK = 0x000fac01,
HANDSHAKE_KDE_MAC_ADDRESS = 0x000fac03,
HANDSHAKE_KDE_PMKID = 0x000fac04,
HANDSHAKE_KDE_SMK = 0x000fac05,
HANDSHAKE_KDE_NONCE = 0x000fac06,
HANDSHAKE_KDE_LIFETIME = 0x000fac07,
HANDSHAKE_KDE_ERROR = 0x000fac08,
HANDSHAKE_KDE_IGTK = 0x000fac09,
HANDSHAKE_KDE_KEY_ID = 0x000fac0a,
HANDSHAKE_KDE_MULTIBAND_GTK = 0x000fac0b,
HANDSHAKE_KDE_MULTIBAND_KEY_ID = 0x000fac0c,
eapol: IP Allocation KDE support Support IP allocation during the 4-Way Handshake as defined in the P2P spec. This is the supplicant side implementation. The API requires the user to set hs->support_ip_allocation true before eapol_start(). On HANDSHAKE_EVENT_COMPLETE, if this same flag is still set, we've received the IP lease, the netmask and the authenticator's IP from the authenticator and there's no need to start DHCP. If the flag is cleared, the user needs to use DHCP.
2020-09-14 15:51:16 +02:00
/* Wi-Fi P2P Technical Specification v1.7 4.2.8 */
HANDSHAKE_KDE_IP_ADDRESS_REQ = 0x506f9a04,
HANDSHAKE_KDE_IP_ADDRESS_ALLOC = 0x506f9a05,
eapol: Add eapol_append_key_data utility Add a utility to append a KDE to the key_data field in an EAPoL frame. The KDE types enum is actually added to handshake.h because we've got the utilities for finding those KDEs in a buffer there. The new function is specific to EAPoL-Key frames though and perhaps to simple to be split across handshake.c and eapol.c. Also it didn't seem useful to use the ie_tlv_builder here.
2017-09-22 05:06:40 +02:00
};
handshake: remove handshake related netdev events Handshake related netdev events were removed in favor of handshake events. Now events will be emitted on the handshake object related to the 4-way handshake and key settings. Events are: HANDSHAKE_EVENT_STARTED HANDSHAKE_EVENT_SETTING_KEYS HANDSHAKE_EVENT_COMPLETE HANDSHAKE_EVENT_FAILED Right now, since netdev only operates in station mode, nothing listens for COMPLETE/FAILED, as device/wsc gets notified by the connect_cb when the connection was successful. The COMPLETE/ FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 20:13:27 +02:00
enum handshake_event {
HANDSHAKE_EVENT_STARTED,
HANDSHAKE_EVENT_SETTING_KEYS,
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
HANDSHAKE_EVENT_SETTING_KEYS_FAILED,
handshake: remove handshake related netdev events Handshake related netdev events were removed in favor of handshake events. Now events will be emitted on the handshake object related to the 4-way handshake and key settings. Events are: HANDSHAKE_EVENT_STARTED HANDSHAKE_EVENT_SETTING_KEYS HANDSHAKE_EVENT_COMPLETE HANDSHAKE_EVENT_FAILED Right now, since netdev only operates in station mode, nothing listens for COMPLETE/FAILED, as device/wsc gets notified by the connect_cb when the connection was successful. The COMPLETE/ FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 20:13:27 +02:00
HANDSHAKE_EVENT_COMPLETE,
handshake: add HANDSHAKE_EVENT_REKEY_FAILED This event will be emitted from eapol if the AP is attempting to rekey but the handshake object does not allow it (via no_rekey).
2019-01-25 20:23:10 +01:00
HANDSHAKE_EVENT_FAILED,
HANDSHAKE_EVENT_REKEY_FAILED,
eapol: Move the EAP events to handshake event handler On EAP events, call the handshake_event handler with the new event type HANDSHAKE_EVENT_EAP_NOTIFY isntead of the eapol_event callback. This allows the handler to be set before calling netdev_connect/netdev_connect_wsc. It's also in theory more type-safe because we don't need the cast in netdev_connect_wsc anymore.
2019-10-28 15:05:00 +01:00
HANDSHAKE_EVENT_EAP_NOTIFY,
handshake: remove handshake related netdev events Handshake related netdev events were removed in favor of handshake events. Now events will be emitted on the handshake object related to the 4-way handshake and key settings. Events are: HANDSHAKE_EVENT_STARTED HANDSHAKE_EVENT_SETTING_KEYS HANDSHAKE_EVENT_COMPLETE HANDSHAKE_EVENT_FAILED Right now, since netdev only operates in station mode, nothing listens for COMPLETE/FAILED, as device/wsc gets notified by the connect_cb when the connection was successful. The COMPLETE/ FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 20:13:27 +02:00
};
typedef void (*handshake_event_func_t)(struct handshake_state *hs,
enum handshake_event event,
handshake: Convert handshake event callbacks variadic functions Convert the handshake event callback type to use variable argument list to allow for more flexibility in event-specific arguments passed to the callbacks. Note the uint16_t reason code is promoted to an int when using variable arguments so va_arg(args, int) has to be used.
2019-10-28 15:04:57 +01:00
void *user_data, ...);
handshake: remove handshake related netdev events Handshake related netdev events were removed in favor of handshake events. Now events will be emitted on the handshake object related to the 4-way handshake and key settings. Events are: HANDSHAKE_EVENT_STARTED HANDSHAKE_EVENT_SETTING_KEYS HANDSHAKE_EVENT_COMPLETE HANDSHAKE_EVENT_FAILED Right now, since netdev only operates in station mode, nothing listens for COMPLETE/FAILED, as device/wsc gets notified by the connect_cb when the connection was successful. The COMPLETE/ FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 20:13:27 +02:00
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
typedef bool (*handshake_get_nonce_func_t)(uint8_t nonce[]);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
typedef void (*handshake_install_tk_func_t)(struct handshake_state *hs,
const uint8_t *tk, uint32_t cipher);
typedef void (*handshake_install_gtk_func_t)(struct handshake_state *hs,
handshake: Change signature of (i)gtk setters
2020-04-02 07:41:02 +02:00
uint16_t key_index,
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
const uint8_t *gtk, uint8_t gtk_len,
const uint8_t *rsc, uint8_t rsc_len,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
uint32_t cipher);
typedef void (*handshake_install_igtk_func_t)(struct handshake_state *hs,
handshake: Change signature of (i)gtk setters
2020-04-02 07:41:02 +02:00
uint16_t key_index,
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
const uint8_t *igtk, uint8_t igtk_len,
const uint8_t *ipn, uint8_t ipn_len,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
uint32_t cipher);
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
void __handshake_set_get_nonce_func(handshake_get_nonce_func_t func);
void __handshake_set_install_tk_func(handshake_install_tk_func_t func);
void __handshake_set_install_gtk_func(handshake_install_gtk_func_t func);
void __handshake_set_install_igtk_func(handshake_install_igtk_func_t func);
struct handshake_state {
uint32_t ifindex;
uint8_t spa[6];
uint8_t aa[6];
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
uint8_t *authenticator_ie;
uint8_t *supplicant_ie;
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
uint8_t *mde;
uint8_t *fte;
enum ie_rsn_cipher_suite pairwise_cipher;
enum ie_rsn_cipher_suite group_cipher;
enum ie_rsn_cipher_suite group_management_cipher;
enum ie_rsn_akm_suite akm_suite;
eapol: In FT-EAP use all 64 bytes of the MSK Until now we'd save the second 32 bytes of the MSK as the PMK and use that for the PMK-R0 as well as the PMKID calculation. The PMKID actually uses the first 32 bytes of the PMK while the PMK-R0's XXKey input maps to the second 32 bytes. Add a pmk_len parameter to handshake_state_set_pmk to handle that. Update the eapol_eap_results_cb 802.11 quotes to the 2016 version.
2018-03-15 12:06:53 +01:00
uint8_t pmk[64];
handshake: store PMK length Non-802.11 AKMs can define their own key lengths. Currently only OWE does this, and the MIC/KEK/KCK lengths will be determined by the PMK length so we need to save it.
2019-01-14 21:54:17 +01:00
size_t pmk_len;
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
uint8_t snonce[32];
uint8_t anonce[32];
handshake: update key getters for FILS-FT FILS-FT is a special case with respect to the PTK keys. The KCK getter was updated to handle both FT-FILS AKMs, by returning the offset in the PTK to the special KCK generated during FILS. A getter for the KCK length was added, which handles the SHA384 variant. The PTK size was also updated since FILS-FT can generate an additional 56 bytes of PTK
2019-05-10 22:19:29 +02:00
uint8_t ptk[136];
handshake: update FT derivation functions for FILS-FT FILS-FT could derive a longer PMKR0/R1 key, as well as uses a special xxkey that it derives during FILS.
2019-05-10 22:19:30 +02:00
uint8_t pmk_r0[48];
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
uint8_t pmk_r0_name[16];
handshake: update FT derivation functions for FILS-FT FILS-FT could derive a longer PMKR0/R1 key, as well as uses a special xxkey that it derives during FILS.
2019-05-10 22:19:30 +02:00
uint8_t pmk_r1[48];
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
uint8_t pmk_r1_name[16];
handshake: add setter for PMKID SAE generates the PMKID during the authentication process, rather than generating it on-the-fly using the PMK. For this reason SAE needs to be able to set the PMKID once its generated. A new flag was also added (has_pmkid) which signifies if the PMKID was set or if it should be generated.
2018-08-07 23:29:10 +02:00
uint8_t pmkid[16];
handshake: add key for FILS-FT in handshake_state FILS derives its own FT key, for use as xxkey during fast transition.
2019-05-10 22:19:26 +02:00
uint8_t fils_ft[48];
uint8_t fils_ft_len;
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
struct l_settings *settings_8021x;
bool have_snonce : 1;
bool ptk_complete : 1;
bool wpa_ie : 1;
handshake: handle OSEN AKM when setting IEs
2019-06-11 00:46:56 +02:00
bool osen_ie : 1;
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
bool have_pmk : 1;
bool mfp : 1;
handshake: Add utility to generate a new anonce AP EAPoL state machine will need to generate the anonce, so as with snonce, an API was added to do that.
2018-06-20 20:05:16 +02:00
bool have_anonce : 1;
handshake: add setter for PMKID SAE generates the PMKID during the authentication process, rather than generating it on-the-fly using the PMK. For this reason SAE needs to be able to set the PMKID once its generated. A new flag was also added (has_pmkid) which signifies if the PMKID was set or if it should be generated.
2018-08-07 23:29:10 +02:00
bool have_pmkid : 1;
handshake: introduce authenticator bit Both SAE and adhoc can benefit from knowing whether the handshake state is an authenticator or a supplicant. It will allow both to easily obtain the remote address rather than sorting out if aa/spa match the devices own address.
2018-08-15 19:36:18 +02:00
bool authenticator : 1;
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
bool wait_for_gtk : 1;
handshake: add flag and setter to disallow rekeying
2019-01-25 20:23:09 +01:00
bool no_rekey : 1;
handshake: add flag for FILS support The handshake_state only holds a single AKM value. FILS depends on the AP supporting EAP as well as FILS. The first time IWD connects, it will do a full EAP auth. Subsequent connections (assuming FILS is supported) will use FILS. But if the AP does not support FILS there is no reason to cache the ERP keys. This adds the supp_fils to the handshake_state. Now, station.c can set this flag while building the handshake. This flag can later be checked when caching the ERP keys.
2019-04-10 23:52:30 +02:00
bool support_fils : 1;
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
uint8_t ssid[32];
size_t ssid_len;
network: save passphrase in network SAE needs access to the raw passphrase, not the PSK which network saves. This changes saves the passphrase in network and handshake objects, as well as adds getters to both objects so SAE can retrieve the passphrase.
2018-08-07 23:29:06 +02:00
char *passphrase;
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
uint8_t r0khid[48];
size_t r0khid_len;
uint8_t r1khid[6];
handshake: Add GTK data to handshake_state Add places to store the GTK data, index and RSC in struct handshake_state and add a setter function for these fields. We may want to also convert install_gtk to use these fields similar to install_ptk.
2018-09-22 18:48:14 +02:00
uint8_t gtk[32];
uint8_t gtk_rsc[6];
handshake: Add handshake_state_set_protocol_version
2019-07-16 04:45:12 +02:00
uint8_t proto_version : 2;
handshake: Add GTK data to handshake_state Add places to store the GTK data, index and RSC in struct handshake_state and add a setter function for these fields. We may want to also convert install_gtk to use these fields similar to install_ptk.
2018-09-22 18:48:14 +02:00
unsigned int gtk_index;
handshake: add ERP cache object to handshake Keeping the ERP cache on the handshake object allows station.c to handle all the ERP details and encapsulate them into a handshake. FILS can then use the ERP cache right from the handshake rather than getting it itself.
2019-04-22 19:11:43 +02:00
struct erp_cache_entry *erp_cache;
eapol: IP Allocation KDE support Support IP allocation during the 4-Way Handshake as defined in the P2P spec. This is the supplicant side implementation. The API requires the user to set hs->support_ip_allocation true before eapol_start(). On HANDSHAKE_EVENT_COMPLETE, if this same flag is still set, we've received the IP lease, the netmask and the authenticator's IP from the authenticator and there's no need to start DHCP. If the flag is cleared, the user needs to use DHCP.
2020-09-14 15:51:16 +02:00
bool support_ip_allocation : 1;
uint32_t client_ip_addr;
uint32_t subnet_mask;
uint32_t go_ip_addr;
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
void *user_data;
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
void (*free)(struct handshake_state *s);
handshake: remove handshake related netdev events Handshake related netdev events were removed in favor of handshake events. Now events will be emitted on the handshake object related to the 4-way handshake and key settings. Events are: HANDSHAKE_EVENT_STARTED HANDSHAKE_EVENT_SETTING_KEYS HANDSHAKE_EVENT_COMPLETE HANDSHAKE_EVENT_FAILED Right now, since netdev only operates in station mode, nothing listens for COMPLETE/FAILED, as device/wsc gets notified by the connect_cb when the connection was successful. The COMPLETE/ FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 20:13:27 +02:00
handshake_event_func_t event_func;
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
};
handshake: Convert handshake event callbacks variadic functions Convert the handshake event callback type to use variable argument list to allow for more flexibility in event-specific arguments passed to the callbacks. Note the uint16_t reason code is promoted to an int when using variable arguments so va_arg(args, int) has to be used.
2019-10-28 15:04:57 +01:00
#define handshake_event(hs, event, ...) \
do { \
if (!(hs)->event_func) \
break; \
\
(hs)->event_func((hs), event, (hs)->user_data, ##__VA_ARGS__); \
} while (0)
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
void handshake_state_free(struct handshake_state *s);
void handshake_state_set_supplicant_address(struct handshake_state *s,
const uint8_t *spa);
void handshake_state_set_authenticator_address(struct handshake_state *s,
const uint8_t *aa);
handshake: introduce authenticator bit Both SAE and adhoc can benefit from knowing whether the handshake state is an authenticator or a supplicant. It will allow both to easily obtain the remote address rather than sorting out if aa/spa match the devices own address.
2018-08-15 19:36:18 +02:00
void handshake_state_set_authenticator(struct handshake_state *s, bool auth);
eapol: In FT-EAP use all 64 bytes of the MSK Until now we'd save the second 32 bytes of the MSK as the PMK and use that for the PMK-R0 as well as the PMKID calculation. The PMKID actually uses the first 32 bytes of the PMK while the PMK-R0's XXKey input maps to the second 32 bytes. Add a pmk_len parameter to handshake_state_set_pmk to handle that. Update the eapol_eap_results_cb 802.11 quotes to the 2016 version.
2018-03-15 12:06:53 +01:00
void handshake_state_set_pmk(struct handshake_state *s, const uint8_t *pmk,
size_t pmk_len);
handshake: add setter for PTK With FILS support coming there needs to be a way to set the PTK directly. Other AKMs derive the PTK via the 4-way handshake, but FILS computes the PTK on its own.
2019-04-18 01:46:17 +02:00
void handshake_state_set_ptk(struct handshake_state *s, const uint8_t *ptk,
size_t ptk_len);
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
void handshake_state_set_8021x_config(struct handshake_state *s,
struct l_settings *settings);
handshake: simplify IE setters The handshake object had 4 setters for authenticator/supplicant IE. Since the IE ultimately gets put into the same buffer, there really only needs to be a single setter for authenticator/supplicant. The handshake object can deal with parsing to decide what kind of IE it is (WPA or RSN).
2019-06-07 21:17:00 +02:00
bool handshake_state_set_authenticator_ie(struct handshake_state *s,
const uint8_t *ie);
bool handshake_state_set_supplicant_ie(struct handshake_state *s,
const uint8_t *ie);
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
void handshake_state_set_ssid(struct handshake_state *s,
const uint8_t *ssid, size_t ssid_len);
void handshake_state_set_mde(struct handshake_state *s,
const uint8_t *mde);
void handshake_state_set_fte(struct handshake_state *s, const uint8_t *fte);
void handshake_state_set_kh_ids(struct handshake_state *s,
const uint8_t *r0khid, size_t r0khid_len,
const uint8_t *r1khid);
handshake: remove handshake related netdev events Handshake related netdev events were removed in favor of handshake events. Now events will be emitted on the handshake object related to the 4-way handshake and key settings. Events are: HANDSHAKE_EVENT_STARTED HANDSHAKE_EVENT_SETTING_KEYS HANDSHAKE_EVENT_COMPLETE HANDSHAKE_EVENT_FAILED Right now, since netdev only operates in station mode, nothing listens for COMPLETE/FAILED, as device/wsc gets notified by the connect_cb when the connection was successful. The COMPLETE/ FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 20:13:27 +02:00
void handshake_state_set_event_func(struct handshake_state *s,
handshake_event_func_t func,
void *user_data);
network: save passphrase in network SAE needs access to the raw passphrase, not the PSK which network saves. This changes saves the passphrase in network and handshake objects, as well as adds getters to both objects so SAE can retrieve the passphrase.
2018-08-07 23:29:06 +02:00
void handshake_state_set_passphrase(struct handshake_state *s,
const char *passphrase);
handshake: add flag and setter to disallow rekeying
2019-01-25 20:23:09 +01:00
void handshake_state_set_no_rekey(struct handshake_state *s, bool no_rekey);
handshake: remove handshake related netdev events Handshake related netdev events were removed in favor of handshake events. Now events will be emitted on the handshake object related to the 4-way handshake and key settings. Events are: HANDSHAKE_EVENT_STARTED HANDSHAKE_EVENT_SETTING_KEYS HANDSHAKE_EVENT_COMPLETE HANDSHAKE_EVENT_FAILED Right now, since netdev only operates in station mode, nothing listens for COMPLETE/FAILED, as device/wsc gets notified by the connect_cb when the connection was successful. The COMPLETE/ FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 20:13:27 +02:00
handshake: add key for FILS-FT in handshake_state FILS derives its own FT key, for use as xxkey during fast transition.
2019-05-10 22:19:26 +02:00
void handshake_state_set_fils_ft(struct handshake_state *s,
const uint8_t *fils_ft,
size_t fils_ft_len);
handshake: Add handshake_state_set_protocol_version
2019-07-16 04:45:12 +02:00
void handshake_state_set_protocol_version(struct handshake_state *s,
uint8_t proto_version);
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
void handshake_state_new_snonce(struct handshake_state *s);
handshake: Add utility to generate a new anonce AP EAPoL state machine will need to generate the anonce, so as with snonce, an API was added to do that.
2018-06-20 20:05:16 +02:00
void handshake_state_new_anonce(struct handshake_state *s);
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
void handshake_state_set_anonce(struct handshake_state *s,
const uint8_t *anonce);
handshake: add setter for PMKID SAE generates the PMKID during the authentication process, rather than generating it on-the-fly using the PMK. For this reason SAE needs to be able to set the PMKID once its generated. A new flag was also added (has_pmkid) which signifies if the PMKID was set or if it should be generated.
2018-08-07 23:29:10 +02:00
void handshake_state_set_pmkid(struct handshake_state *s, const uint8_t *pmkid);
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
bool handshake_state_derive_ptk(struct handshake_state *s);
crypto/handshake/eapol: Allow other PTK lengths The crypto_ptk was hard coded for 16 byte KCK/KEK. Depending on the AKM these can be up to 32 bytes. This changes completely removes the crypto_ptk struct and adds getters to the handshake object for the kck and kek. Like before the PTK is derived into a continuous buffer, and the kck/kek getters take care of returning the proper key offset depending on AKM. To allow for larger than 16 byte keys aes_unwrap needed to be modified to take the kek length.
2019-01-17 21:25:30 +01:00
size_t handshake_state_get_ptk_size(struct handshake_state *s);
handshake: update key getters for FILS-FT FILS-FT is a special case with respect to the PTK keys. The KCK getter was updated to handle both FT-FILS AKMs, by returning the offset in the PTK to the special KCK generated during FILS. A getter for the KCK length was added, which handles the SHA384 variant. The PTK size was also updated since FILS-FT can generate an additional 56 bytes of PTK
2019-05-10 22:19:29 +02:00
size_t handshake_state_get_kck_len(struct handshake_state *s);
crypto/handshake/eapol: Allow other PTK lengths The crypto_ptk was hard coded for 16 byte KCK/KEK. Depending on the AKM these can be up to 32 bytes. This changes completely removes the crypto_ptk struct and adds getters to the handshake object for the kck and kek. Like before the PTK is derived into a continuous buffer, and the kck/kek getters take care of returning the proper key offset depending on AKM. To allow for larger than 16 byte keys aes_unwrap needed to be modified to take the kek length.
2019-01-17 21:25:30 +01:00
const uint8_t *handshake_state_get_kck(struct handshake_state *s);
handshake: add handshake_state_get_kek_len
2019-04-18 02:02:06 +02:00
size_t handshake_state_get_kek_len(struct handshake_state *s);
crypto/handshake/eapol: Allow other PTK lengths The crypto_ptk was hard coded for 16 byte KCK/KEK. Depending on the AKM these can be up to 32 bytes. This changes completely removes the crypto_ptk struct and adds getters to the handshake object for the kck and kek. Like before the PTK is derived into a continuous buffer, and the kck/kek getters take care of returning the proper key offset depending on AKM. To allow for larger than 16 byte keys aes_unwrap needed to be modified to take the kek length.
2019-01-17 21:25:30 +01:00
const uint8_t *handshake_state_get_kek(struct handshake_state *s);
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
void handshake_state_install_ptk(struct handshake_state *s);
void handshake_state_install_gtk(struct handshake_state *s,
handshake: Change signature of (i)gtk setters
2020-04-02 07:41:02 +02:00
uint16_t gtk_key_index,
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
const uint8_t *gtk, size_t gtk_len,
const uint8_t *rsc, uint8_t rsc_len);
void handshake_state_install_igtk(struct handshake_state *s,
handshake: Change signature of (i)gtk setters
2020-04-02 07:41:02 +02:00
uint16_t igtk_key_index,
handshake: Split the install_igtk igtk parameter in 2 buffers Split the igtk parameter to handshake_state_install_igtk into one parameter for the actual IGTK buffer and one for the IPN buffer instead of requiring the caller to have them both in one continuous buffer. With FT protocol, one is received encrypted and the other in plain text.
2017-01-31 03:42:51 +01:00
const uint8_t *igtk, size_t igtk_len,
const uint8_t *ipn);
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
void handshake_state_override_pairwise_cipher(struct handshake_state *s,
enum ie_rsn_cipher_suite pairwise);
handshake: Add handshake_state_get_pmkid Returns the PMKID for the current PMK (configured through handshake_state_set_pmk for PSK, created through EAP or from pre-authentication)
2017-04-15 13:58:45 +02:00
bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid);
handshake: Add utility for decoding GTK & IGTK from FTE handshake_decode_fte_key unwraps and validates the padding in the FTE GTK and IGTK subelements.
2017-01-31 03:42:52 +01:00
bool handshake_decode_fte_key(struct handshake_state *s, const uint8_t *wrapped,
size_t key_len, uint8_t *key_out);
handshake: Add GTK data to handshake_state Add places to store the GTK data, index and RSC in struct handshake_state and add a setter function for these fields. We may want to also convert install_gtk to use these fields similar to install_ptk.
2018-09-22 18:48:14 +02:00
void handshake_state_set_gtk(struct handshake_state *s, const uint8_t *key,
unsigned int key_index, const uint8_t *rsc);
Add handshake_state object struct handshake_state is an object that stores all the key data and other authentication state and does the low level operations on the keys. Together with the next patch this mostly just splits eapol.c into two layers so that the key operations can also be used in Fast Transitions which don't use eapol.
2016-11-02 23:46:18 +01:00
bool handshake_util_ap_ie_matches(const uint8_t *msg_ie,
const uint8_t *scan_ie, bool is_wpa);
const uint8_t *handshake_util_find_gtk_kde(const uint8_t *data, size_t data_len,
size_t *out_gtk_len);
const uint8_t *handshake_util_find_igtk_kde(const uint8_t *data,
size_t data_len, size_t *out_igtk_len);
handshake: Add handshake_util_find_pmkid_kde Add a function that finds the PMKID kde in an RSNE's Key Data field similar to handshake_util_find_gtk_kde.
2017-04-15 13:58:46 +02:00
const uint8_t *handshake_util_find_pmkid_kde(const uint8_t *data,
size_t data_len);
handshake: Add handshake_util_build_gtk_kde utility
2018-09-22 18:48:15 +02:00
void handshake_util_build_gtk_kde(enum crypto_cipher cipher, const uint8_t *key,
unsigned int key_index, uint8_t *to);