iPXE
|
Common definitions for all types of WPA-protected networks. More...
Go to the source code of this file.
Data Structures | |
struct | eapol_key_pkt |
An EAPOL-Key packet. More... | |
struct | tkip_tk |
Structure of the Temporal Key for TKIP encryption. More... | |
union | wpa_tk |
Structure of a generic Temporal Key. More... | |
struct | wpa_ptk |
Structure of the Pairwise Transient Key. More... | |
struct | wpa_gtk |
Structure of the Group Transient Key. More... | |
struct | wpa_common_ctx |
Common context for WPA security handshaking. More... | |
struct | wpa_kie |
WPA handshake key integrity and encryption handler. More... | |
struct | wpa_kde_gtk_encap |
Payload structure of the GTK-encapsulating KDE. More... | |
struct | wpa_kde |
Any key descriptor element type. More... | |
Macros | |
#define | EAPOL_KEY_TYPE_RSN 2 |
EAPOL-Key type field for modern 802.11i/RSN WPA packets. More... | |
#define | EAPOL_KEY_TYPE_WPA 254 |
Old EAPOL-Key type field used by WPA1 hardware before 802.11i ratified. More... | |
#define | EAPOL_KEY_INFO_VERSION 0x0007 |
Key descriptor version, indicating WPA or WPA2. More... | |
#define | EAPOL_KEY_INFO_TYPE 0x0008 |
Key type bit, indicating pairwise or group. More... | |
#define | EAPOL_KEY_INFO_INSTALL 0x0040 |
Key install bit; set on message 3 except when legacy hacks are used. More... | |
#define | EAPOL_KEY_INFO_KEY_ACK 0x0080 |
Key ACK bit; set when a response is required, on all messages except #4. More... | |
#define | EAPOL_KEY_INFO_KEY_MIC 0x0100 |
Key MIC bit; set when the MIC field is valid, on messages 3 and 4. More... | |
#define | EAPOL_KEY_INFO_SECURE 0x0200 |
Secure bit; set when both sides have both keys, on messages 3 and 4. More... | |
#define | EAPOL_KEY_INFO_ERROR 0x0400 |
Error bit; set on a MIC failure for TKIP. More... | |
#define | EAPOL_KEY_INFO_REQUEST 0x0800 |
Request bit; set when authentication is initiated by the Peer (unusual) More... | |
#define | EAPOL_KEY_INFO_KEY_ENC 0x1000 |
Key Encrypted bit; set when the Key Data field is encrypted. More... | |
#define | EAPOL_KEY_INFO_SMC_MESS 0x2000 |
SMC Message bit; set when this frame is part of an IBSS SMK handshake. More... | |
#define | EAPOL_KEY_VERSION_WPA 1 |
Key descriptor version field value for WPA (TKIP) More... | |
#define | EAPOL_KEY_VERSION_WPA2 2 |
Key descriptor version field value for WPA2 (CCMP) More... | |
#define | EAPOL_KEY_TYPE_PTK 0x0008 |
Key type field value for a PTK (pairwise) key handshake. More... | |
#define | EAPOL_KEY_TYPE_GTK 0x0000 |
Key type field value for a GTK (group) key handshake. More... | |
#define | WPA_NONCE_LEN 32 |
Length of a nonce. More... | |
#define | WPA_TKIP_KEY_LEN 16 |
Length of a TKIP main key. More... | |
#define | WPA_TKIP_MIC_KEY_LEN 8 |
Length of a TKIP MIC key. More... | |
#define | WPA_CCMP_KEY_LEN 16 |
Length of a CCMP key. More... | |
#define | WPA_KCK_LEN 16 |
Length of an EAPOL Key Confirmation Key. More... | |
#define | WPA_KEK_LEN 16 |
Length of an EAPOL Key Encryption Key. More... | |
#define | WPA_PMK_LEN 32 |
Usual length of a Pairwise Master Key. More... | |
#define | WPA_PMKID_LEN 16 |
Length of a PMKID. More... | |
#define | WPA_KIES __table ( struct wpa_kie, "wpa_kies" ) |
#define | __wpa_kie __table_entry ( WPA_KIES, 01 ) |
#define | WPA_GTK_KID 0x03 |
Mask for Key ID in wpa_kde_gtk::id field. More... | |
#define | WPA_GTK_TXBIT 0x04 |
Mask for Tx bit in wpa_kde_gtk::id field. More... | |
#define | WPA_KDE_GTK _MKOUI ( 0x00, 0x0F, 0xAC, 0x01 ) |
KDE type for an encapsulated Group Transient Key (requires encryption) More... | |
#define | WPA_KDE_MAC _MKOUI ( 0x00, 0x0F, 0xAC, 0x03 ) |
KDE type for a MAC address. More... | |
#define | WPA_KDE_PMKID _MKOUI ( 0x00, 0x0F, 0xAC, 0x04 ) |
KDE type for a PMKID. More... | |
#define | WPA_KDE_NONCE _MKOUI ( 0x00, 0x0F, 0xAC, 0x06 ) |
KDE type for a nonce. More... | |
#define | WPA_KDE_LIFETIME _MKOUI ( 0x00, 0x0F, 0xAC, 0x07 ) |
KDE type for a lifetime value. More... | |
Enumerations | |
enum | wpa_state { WPA_WAITING = 0, WPA_READY, WPA_WORKING, WPA_SUCCESS, WPA_FAILURE } |
WPA handshaking state. More... | |
enum | wpa_keymask { WPA_PTK = 1, WPA_GTK = 2 } |
Bitfield indicating a selection of WPA transient keys. More... | |
Functions | |
FILE_LICENCE (GPL2_OR_LATER) | |
struct eapol_key_pkt | __attribute__ ((packed)) mic |
Michael MIC keys. More... | |
int | wpa_make_rsn_ie (struct net80211_device *dev, union ieee80211_ie **ie) |
Construct RSN or WPA information element. More... | |
int | wpa_start (struct net80211_device *dev, struct wpa_common_ctx *ctx, const void *pmk, size_t pmk_len) |
Set up generic WPA support to handle 4-Way Handshake. More... | |
void | wpa_stop (struct net80211_device *dev) |
Disable handling of received WPA handshake frames. More... | |
Variables | |
u8 | type |
One of the EAPOL_KEY_TYPE_* defines. More... | |
u16 | info |
Bitfield of key characteristics, network byte order. More... | |
u16 | keysize |
Length of encryption key to be used, network byte order. More... | |
u64 | replay |
Monotonically increasing value for EAPOL-Key conversations. More... | |
u8 | nonce [32] |
Nonce value. More... | |
u8 | iv [16] |
Initialization vector. More... | |
u8 | rsc [8] |
Receive sequence counter for GTK. More... | |
u8 | _reserved [8] |
Reserved bytes. More... | |
u8 | mic [16] |
Message integrity code over the entire EAPOL frame. More... | |
u16 | datalen |
Length of the data field in bytes, network byte order. More... | |
u8 | data [0] |
Key data. More... | |
enum wpa_state | __attribute__ |
u8 | rx [WPA_TKIP_MIC_KEY_LEN] |
MIC key for packets from the AP. More... | |
u8 | tx [WPA_TKIP_MIC_KEY_LEN] |
MIC key for packets to the AP. More... | |
u8 | key [WPA_TKIP_KEY_LEN] |
Main key: input to TKIP Phase 1 and Phase 2 key mixing functions. More... | |
u8 | kck [WPA_KCK_LEN] |
EAPOL-Key Key Confirmation Key (KCK) More... | |
u8 | kek [WPA_KEK_LEN] |
EAPOL-Key Key Encryption Key (KEK) More... | |
union wpa_tk | tk |
Temporal key. More... | |
u8 | id |
Key ID and TX bit. More... | |
u8 | _rsvd |
Reserved byte. More... | |
struct wpa_gtk | gtk |
Encapsulated group transient key. More... | |
u8 | ie_type |
Information element type: always 0xDD (IEEE80211_IE_VENDOR) More... | |
u8 | len |
Length, not including ie_type and length fields. More... | |
u32 | oui_type |
OUI + type byte. More... | |
union { | |
struct wpa_kde_gtk_encap gtk_encap | |
For GTK-type KDEs, encapsulated GTK. More... | |
u8 mac [ETH_ALEN] | |
For MAC-type KDEs, the MAC address. More... | |
u8 pmkid [WPA_PMKID_LEN] | |
For PMKID-type KDEs, the PMKID. More... | |
u8 nonce [WPA_NONCE_LEN] | |
For Nonce-type KDEs, the nonce. More... | |
u32 lifetime | |
For Lifetime-type KDEs, the lifetime in seconds. More... | |
}; | |
Payload data. More... | |
Common definitions for all types of WPA-protected networks.
Definition in file wpa.h.
#define EAPOL_KEY_TYPE_RSN 2 |
#define EAPOL_KEY_TYPE_WPA 254 |
#define WPA_KCK_LEN 16 |
#define __wpa_kie __table_entry ( WPA_KIES, 01 ) |
enum wpa_state |
enum wpa_keymask |
FILE_LICENCE | ( | GPL2_OR_LATER | ) |
int wpa_make_rsn_ie | ( | struct net80211_device * | dev, |
union ieee80211_ie ** | ie_ret | ||
) |
Construct RSN or WPA information element.
dev | 802.11 device |
ie_ret | RSN or WPA information element |
rc | Return status code |
This function allocates, fills, and returns a RSN or WPA information element suitable for including in an association request frame to the network identified by dev->associating
. If it is impossible to construct an information element consistent with iPXE's capabilities that is compatible with that network, or if none should be sent because that network's beacon included no security information, returns an error indication and leaves ie_ret unchanged.
The returned IE will be of the same type (RSN or WPA) as was included in the beacon for the network it is destined for.
Definition at line 124 of file wpa.c.
References ieee80211_ie_rsn::akm_count, ieee80211_ie_rsn::akm_list, net80211_device::associating, net80211_wlan::beacon, net80211_wlan::crypto, io_buffer::data, DBG, EINVAL, ENOMEM, ENOTSUP, group_cipher, ieee80211_ie_rsn::group_cipher, net80211_wlan::handshaking, hdr, ieee80211_beacon, IEEE80211_IE_RSN, IEEE80211_IE_VENDOR, ieee80211_rsn_size(), IEEE80211_RSN_VERSION, IEEE80211_WPA_OUI_VEN, malloc(), ieee80211_ie_rsn::pairwise_cipher, ieee80211_ie_rsn::pairwise_count, ieee80211_ie_rsn::pmkid_count, ieee80211_ie_rsn::rsn_capab, sec80211_find_rsn(), sec80211_rsn_get_akm_desc(), sec80211_rsn_get_crypto_desc(), sec80211_rsn_get_net80211_crypt(), io_buffer::tail, ieee80211_ie_rsn::version, and wpa_find_cryptosystem().
Referenced by wpa_psk_init().
int wpa_start | ( | struct net80211_device * | dev, |
struct wpa_common_ctx * | ctx, | ||
const void * | pmk, | ||
size_t | pmk_len | ||
) |
Set up generic WPA support to handle 4-Way Handshake.
dev | 802.11 device |
ctx | WPA common context |
pmk | Pairwise Master Key to use for session |
pmk_len | Length of PMK, almost always 32 |
rc | Return status code |
Definition at line 216 of file wpa.c.
References net80211_device::associating, net80211_wlan::beacon, net80211_wlan::crypto, ctx, io_buffer::data, EINVAL, ENOENT, ENOMEM, hdr, ieee80211_beacon, list_add_tail, malloc(), memcpy(), NET80211_CRYPT_UNKNOWN, NULL, net80211_device::rsn_ie, sec80211_find_rsn(), io_buffer::tail, wpa_contexts, and WPA_READY.
Referenced by wpa_psk_start().
void wpa_stop | ( | struct net80211_device * | dev | ) |
Disable handling of received WPA handshake frames.
dev | 802.11 device |
Definition at line 260 of file wpa.c.
References ctx, wpa_common_ctx::dev, free, wpa_common_ctx::list, list_del, list_for_each_entry_safe, NULL, tmp, and wpa_contexts.
Referenced by wpa_psk_stop().
u16 keysize |
u64 replay |
u8 nonce[WPA_NONCE_LEN] |
Nonce value.
For Nonce-type KDEs, the nonce.
This is the authenticator's ANonce in frame 1, the peer's SNonce in frame 2, and 0 in frames 3 and 4.
Definition at line 52 of file wpa.h.
Referenced by ccmp_cbc_mac(), ccmp_ctr_xor(), ccmp_decrypt(), ccmp_encrypt(), get_entropy_input_tmp(), make_next_nonce(), and ntlm_response().
u8 iv[16] |
Initialization vector.
This contains the IV used with the Key Encryption Key, or 0 if the key is unencrypted or encrypted using an algorithm that does not require an IV.
Definition at line 60 of file wpa.h.
Referenced by cbc_setiv(), cipher_cost(), cipher_setiv(), gcm_setiv(), tkip_kie_decrypt(), tls_new_ciphertext(), tls_send_plaintext(), wep_decrypt(), and wep_encrypt().
u8 rsc[8] |
Receive sequence counter for GTK.
This is used to synchronize the client's replay counter for ordinary data packets. The first six bytes contain PN0 through PN5 for CCMP mode, or TSC0 through TSC5 for TKIP mode. The last two bytes are zero.
Definition at line 69 of file wpa.h.
Referenced by ccmp_init(), sec80211_install(), tkip_init(), wpa_install_gtk(), and wpa_maybe_install_gtk().
u8 mic[16] |
Message integrity code over the entire EAPOL frame.
This is calculated using HMAC-MD5 when the key descriptor version field in info is 1, and HMAC-SHA1 ignoring the last 4 bytes of the hash when the version field in info is 2.
Definition at line 81 of file wpa.h.
Referenced by ccmp_cbc_mac(), ccmp_encrypt(), ccmp_kie_mic(), tkip_decrypt(), tkip_encrypt(), tkip_kie_mic(), and tkip_michael().
u16 datalen |
Length of the data field in bytes, network byte order.
Definition at line 84 of file wpa.h.
Referenced by ccmp_cbc_mac(), ccmp_decrypt(), ccmp_encrypt(), tkip_decrypt(), tkip_encrypt(), wep_decrypt(), and wep_encrypt().
u8 data[0] |
struct wpa_common_ctx __attribute__ |
u8 rx |
MIC key for packets from the AP.
Definition at line 234 of file wpa.h.
Referenced by ar9003_hw_set_chain_masks(), ath_hw_cycle_counters_update(), atl_poll_rx(), atl_rx_ring_fill(), exanic_poll_rx(), gve_close(), gve_open(), gve_poll_rx(), gve_refill_rx(), gve_start(), gve_stop(), ice_context_rx(), intel_describe_rx(), intel_poll_rx(), intel_refill_rx(), intelxl_context_rx(), intelxl_refill_rx(), intelxlvf_admin_stats(), ipair_rx(), iscsi_socket_deliver(), myson_poll_rx(), myson_refill_rx(), natsemi_poll_rx(), natsemi_refill_rx(), rdc_poll_rx(), rdc_refill_rx(), realtek_legacy_poll_rx(), realtek_poll_rx(), realtek_refill_rx(), sky2_status_intr(), and smsc95xx_dump_statistics().
u8 tx |
MIC key for packets to the AP.
Definition at line 237 of file wpa.h.
Referenced by ar9003_hw_set_chain_masks(), ath_hw_cycle_counters_update(), atl_poll_tx(), atl_transmit(), bnxt_service_cq(), exanic_open(), exanic_transmit(), gve_close(), gve_open(), gve_poll_tx(), gve_start(), gve_stop(), gve_transmit(), intel_describe_tx(), intel_describe_tx_adv(), intel_poll_tx(), intel_transmit(), intelxl_context_tx(), intelxl_transmit(), intelxlvf_admin_stats(), ipair_expired(), iscsi_tx_step(), myson_poll_tx(), myson_transmit(), natsemi_poll_tx(), natsemi_transmit(), phantom_transmit(), rdc_poll_tx(), rdc_transmit(), realtek_poll_tx(), realtek_transmit(), and smsc95xx_dump_statistics().
u8 key[WPA_TKIP_KEY_LEN] |
u8 kck[WPA_KCK_LEN] |
EAPOL-Key Key Confirmation Key (KCK)
Definition at line 28 of file wpa.h.
Referenced by ccmp_kie_mic(), and tkip_kie_mic().
u8 kek[WPA_KEK_LEN] |
EAPOL-Key Key Encryption Key (KEK)
Definition at line 31 of file wpa.h.
Referenced by aes_unwrap(), aes_wrap(), ccmp_kie_decrypt(), and tkip_kie_decrypt().
union wpa_tk tk |
u8 ie_type |
u32 oui_type |
struct wpa_kde_gtk_encap gtk_encap |
u8 pmkid[WPA_PMKID_LEN] |
u32 lifetime |
For Lifetime-type KDEs, the lifetime in seconds.
This is in network byte order!
Definition at line 54 of file wpa.h.
Referenced by ndp_register_settings(), and tls_new_session_ticket().
union { ... } |
Payload data.