1189251Ssam/* 2189251Ssam * WPA Supplicant / Network configuration structures 3189251Ssam * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> 4189251Ssam * 5189251Ssam * This program is free software; you can redistribute it and/or modify 6189251Ssam * it under the terms of the GNU General Public License version 2 as 7189251Ssam * published by the Free Software Foundation. 8189251Ssam * 9189251Ssam * Alternatively, this software may be distributed under the terms of BSD 10189251Ssam * license. 11189251Ssam * 12189251Ssam * See README and COPYING for more details. 13189251Ssam */ 14189251Ssam 15189251Ssam#ifndef CONFIG_SSID_H 16189251Ssam#define CONFIG_SSID_H 17189251Ssam 18214734Srpaulo#include "common/defs.h" 19189251Ssam#include "eap_peer/eap_config.h" 20189251Ssam 21189251Ssam#define MAX_SSID_LEN 32 22189251Ssam 23189251Ssam 24189251Ssam#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1) 25189251Ssam#define DEFAULT_EAPOL_FLAGS (EAPOL_FLAG_REQUIRE_KEY_UNICAST | \ 26189251Ssam EAPOL_FLAG_REQUIRE_KEY_BROADCAST) 27189251Ssam#define DEFAULT_PROTO (WPA_PROTO_WPA | WPA_PROTO_RSN) 28189251Ssam#define DEFAULT_KEY_MGMT (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X) 29189251Ssam#define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP) 30189251Ssam#define DEFAULT_GROUP (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP | \ 31189251Ssam WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40) 32189251Ssam#define DEFAULT_FRAGMENT_SIZE 1398 33189251Ssam 34189251Ssam/** 35189251Ssam * struct wpa_ssid - Network configuration data 36189251Ssam * 37189251Ssam * This structure includes all the configuration variables for a network. This 38189251Ssam * data is included in the per-interface configuration data as an element of 39189251Ssam * the network list, struct wpa_config::ssid. Each network block in the 40189251Ssam * configuration is mapped to a struct wpa_ssid instance. 41189251Ssam */ 42189251Ssamstruct wpa_ssid { 43189251Ssam /** 44189251Ssam * next - Next network in global list 45189251Ssam * 46189251Ssam * This pointer can be used to iterate over all networks. The head of 47189251Ssam * this list is stored in the ssid field of struct wpa_config. 48189251Ssam */ 49189251Ssam struct wpa_ssid *next; 50189251Ssam 51189251Ssam /** 52189251Ssam * pnext - Next network in per-priority list 53189251Ssam * 54189251Ssam * This pointer can be used to iterate over all networks in the same 55189251Ssam * priority class. The heads of these list are stored in the pssid 56189251Ssam * fields of struct wpa_config. 57189251Ssam */ 58189251Ssam struct wpa_ssid *pnext; 59189251Ssam 60189251Ssam /** 61189251Ssam * id - Unique id for the network 62189251Ssam * 63189251Ssam * This identifier is used as a unique identifier for each network 64189251Ssam * block when using the control interface. Each network is allocated an 65189251Ssam * id when it is being created, either when reading the configuration 66189251Ssam * file or when a new network is added through the control interface. 67189251Ssam */ 68189251Ssam int id; 69189251Ssam 70189251Ssam /** 71189251Ssam * priority - Priority group 72189251Ssam * 73189251Ssam * By default, all networks will get same priority group (0). If some 74189251Ssam * of the networks are more desirable, this field can be used to change 75189251Ssam * the order in which wpa_supplicant goes through the networks when 76189251Ssam * selecting a BSS. The priority groups will be iterated in decreasing 77189251Ssam * priority (i.e., the larger the priority value, the sooner the 78189251Ssam * network is matched against the scan results). Within each priority 79189251Ssam * group, networks will be selected based on security policy, signal 80189251Ssam * strength, etc. 81189251Ssam * 82189251Ssam * Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are 83189251Ssam * not using this priority to select the order for scanning. Instead, 84189251Ssam * they try the networks in the order that used in the configuration 85189251Ssam * file. 86189251Ssam */ 87189251Ssam int priority; 88189251Ssam 89189251Ssam /** 90189251Ssam * ssid - Service set identifier (network name) 91189251Ssam * 92189251Ssam * This is the SSID for the network. For wireless interfaces, this is 93189251Ssam * used to select which network will be used. If set to %NULL (or 94189251Ssam * ssid_len=0), any SSID can be used. For wired interfaces, this must 95189251Ssam * be set to %NULL. Note: SSID may contain any characters, even nul 96189251Ssam * (ASCII 0) and as such, this should not be assumed to be a nul 97189251Ssam * terminated string. ssid_len defines how many characters are valid 98189251Ssam * and the ssid field is not guaranteed to be nul terminated. 99189251Ssam */ 100189251Ssam u8 *ssid; 101189251Ssam 102189251Ssam /** 103189251Ssam * ssid_len - Length of the SSID 104189251Ssam */ 105189251Ssam size_t ssid_len; 106189251Ssam 107189251Ssam /** 108189251Ssam * bssid - BSSID 109189251Ssam * 110189251Ssam * If set, this network block is used only when associating with the AP 111189251Ssam * using the configured BSSID 112189251Ssam */ 113189251Ssam u8 bssid[ETH_ALEN]; 114189251Ssam 115189251Ssam /** 116189251Ssam * bssid_set - Whether BSSID is configured for this network 117189251Ssam */ 118189251Ssam int bssid_set; 119189251Ssam 120189251Ssam /** 121189251Ssam * psk - WPA pre-shared key (256 bits) 122189251Ssam */ 123189251Ssam u8 psk[32]; 124189251Ssam 125189251Ssam /** 126189251Ssam * psk_set - Whether PSK field is configured 127189251Ssam */ 128189251Ssam int psk_set; 129189251Ssam 130189251Ssam /** 131189251Ssam * passphrase - WPA ASCII passphrase 132189251Ssam * 133189251Ssam * If this is set, psk will be generated using the SSID and passphrase 134189251Ssam * configured for the network. ASCII passphrase must be between 8 and 135189251Ssam * 63 characters (inclusive). 136189251Ssam */ 137189251Ssam char *passphrase; 138189251Ssam 139189251Ssam /** 140189251Ssam * pairwise_cipher - Bitfield of allowed pairwise ciphers, WPA_CIPHER_* 141189251Ssam */ 142189251Ssam int pairwise_cipher; 143189251Ssam 144189251Ssam /** 145189251Ssam * group_cipher - Bitfield of allowed group ciphers, WPA_CIPHER_* 146189251Ssam */ 147189251Ssam int group_cipher; 148189251Ssam 149189251Ssam /** 150189251Ssam * key_mgmt - Bitfield of allowed key management protocols 151189251Ssam * 152189251Ssam * WPA_KEY_MGMT_* 153189251Ssam */ 154189251Ssam int key_mgmt; 155189251Ssam 156189251Ssam /** 157189251Ssam * proto - Bitfield of allowed protocols, WPA_PROTO_* 158189251Ssam */ 159189251Ssam int proto; 160189251Ssam 161189251Ssam /** 162189251Ssam * auth_alg - Bitfield of allowed authentication algorithms 163189251Ssam * 164189251Ssam * WPA_AUTH_ALG_* 165189251Ssam */ 166189251Ssam int auth_alg; 167189251Ssam 168189251Ssam /** 169189251Ssam * scan_ssid - Scan this SSID with Probe Requests 170189251Ssam * 171189251Ssam * scan_ssid can be used to scan for APs using hidden SSIDs. 172189251Ssam * Note: Many drivers do not support this. ap_mode=2 can be used with 173189251Ssam * such drivers to use hidden SSIDs. 174189251Ssam */ 175189251Ssam int scan_ssid; 176189251Ssam 177189251Ssam#ifdef IEEE8021X_EAPOL 178189251Ssam#define EAPOL_FLAG_REQUIRE_KEY_UNICAST BIT(0) 179189251Ssam#define EAPOL_FLAG_REQUIRE_KEY_BROADCAST BIT(1) 180189251Ssam /** 181189251Ssam * eapol_flags - Bit field of IEEE 802.1X/EAPOL options (EAPOL_FLAG_*) 182189251Ssam */ 183189251Ssam int eapol_flags; 184189251Ssam 185189251Ssam /** 186189251Ssam * eap - EAP peer configuration for this network 187189251Ssam */ 188189251Ssam struct eap_peer_config eap; 189189251Ssam#endif /* IEEE8021X_EAPOL */ 190189251Ssam 191189251Ssam#define NUM_WEP_KEYS 4 192189251Ssam#define MAX_WEP_KEY_LEN 16 193189251Ssam /** 194189251Ssam * wep_key - WEP keys 195189251Ssam */ 196189251Ssam u8 wep_key[NUM_WEP_KEYS][MAX_WEP_KEY_LEN]; 197189251Ssam 198189251Ssam /** 199189251Ssam * wep_key_len - WEP key lengths 200189251Ssam */ 201189251Ssam size_t wep_key_len[NUM_WEP_KEYS]; 202189251Ssam 203189251Ssam /** 204189251Ssam * wep_tx_keyidx - Default key index for TX frames using WEP 205189251Ssam */ 206189251Ssam int wep_tx_keyidx; 207189251Ssam 208189251Ssam /** 209189251Ssam * proactive_key_caching - Enable proactive key caching 210189251Ssam * 211189251Ssam * This field can be used to enable proactive key caching which is also 212189251Ssam * known as opportunistic PMKSA caching for WPA2. This is disabled (0) 213189251Ssam * by default. Enable by setting this to 1. 214189251Ssam * 215189251Ssam * Proactive key caching is used to make supplicant assume that the APs 216189251Ssam * are using the same PMK and generate PMKSA cache entries without 217189251Ssam * doing RSN pre-authentication. This requires support from the AP side 218189251Ssam * and is normally used with wireless switches that co-locate the 219189251Ssam * authenticator. 220189251Ssam */ 221189251Ssam int proactive_key_caching; 222189251Ssam 223189251Ssam /** 224189251Ssam * mixed_cell - Whether mixed cells are allowed 225189251Ssam * 226189251Ssam * This option can be used to configure whether so called mixed cells, 227189251Ssam * i.e., networks that use both plaintext and encryption in the same 228189251Ssam * SSID, are allowed. This is disabled (0) by default. Enable by 229189251Ssam * setting this to 1. 230189251Ssam */ 231189251Ssam int mixed_cell; 232189251Ssam 233189251Ssam#ifdef IEEE8021X_EAPOL 234189251Ssam 235189251Ssam /** 236189251Ssam * leap - Number of EAP methods using LEAP 237189251Ssam * 238189251Ssam * This field should be set to 1 if LEAP is enabled. This is used to 239189251Ssam * select IEEE 802.11 authentication algorithm. 240189251Ssam */ 241189251Ssam int leap; 242189251Ssam 243189251Ssam /** 244189251Ssam * non_leap - Number of EAP methods not using LEAP 245189251Ssam * 246189251Ssam * This field should be set to >0 if any EAP method other than LEAP is 247189251Ssam * enabled. This is used to select IEEE 802.11 authentication 248189251Ssam * algorithm. 249189251Ssam */ 250189251Ssam int non_leap; 251189251Ssam 252189251Ssam /** 253189251Ssam * eap_workaround - EAP workarounds enabled 254189251Ssam * 255189251Ssam * wpa_supplicant supports number of "EAP workarounds" to work around 256189251Ssam * interoperability issues with incorrectly behaving authentication 257189251Ssam * servers. This is recommended to be enabled by default because some 258189251Ssam * of the issues are present in large number of authentication servers. 259189251Ssam * 260189251Ssam * Strict EAP conformance mode can be configured by disabling 261189251Ssam * workarounds with eap_workaround = 0. 262189251Ssam */ 263189251Ssam unsigned int eap_workaround; 264189251Ssam 265189251Ssam#endif /* IEEE8021X_EAPOL */ 266189251Ssam 267189251Ssam /** 268189251Ssam * mode - IEEE 802.11 operation mode (Infrastucture/IBSS) 269189251Ssam * 270189251Ssam * 0 = infrastructure (Managed) mode, i.e., associate with an AP. 271189251Ssam * 272189251Ssam * 1 = IBSS (ad-hoc, peer-to-peer) 273189251Ssam * 274214734Srpaulo * 2 = AP (access point) 275214734Srpaulo * 276189251Ssam * Note: IBSS can only be used with key_mgmt NONE (plaintext and 277189251Ssam * static WEP) and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In 278189251Ssam * addition, ap_scan has to be set to 2 for IBSS. WPA-None requires 279189251Ssam * following network block options: proto=WPA, key_mgmt=WPA-NONE, 280189251Ssam * pairwise=NONE, group=TKIP (or CCMP, but not both), and psk must also 281189251Ssam * be set (either directly or using ASCII passphrase). 282189251Ssam */ 283214734Srpaulo enum wpas_mode { 284214734Srpaulo WPAS_MODE_INFRA = 0, 285214734Srpaulo WPAS_MODE_IBSS = 1, 286214734Srpaulo WPAS_MODE_AP = 2, 287214734Srpaulo } mode; 288189251Ssam 289189251Ssam /** 290189251Ssam * disabled - Whether this network is currently disabled 291189251Ssam * 292189251Ssam * 0 = this network can be used (default). 293189251Ssam * 1 = this network block is disabled (can be enabled through 294189251Ssam * ctrl_iface, e.g., with wpa_cli or wpa_gui). 295189251Ssam */ 296189251Ssam int disabled; 297189251Ssam 298189251Ssam /** 299189251Ssam * peerkey - Whether PeerKey handshake for direct links is allowed 300189251Ssam * 301189251Ssam * This is only used when both RSN/WPA2 and IEEE 802.11e (QoS) are 302189251Ssam * enabled. 303189251Ssam * 304189251Ssam * 0 = disabled (default) 305189251Ssam * 1 = enabled 306189251Ssam */ 307189251Ssam int peerkey; 308189251Ssam 309189251Ssam /** 310189251Ssam * id_str - Network identifier string for external scripts 311189251Ssam * 312189251Ssam * This value is passed to external ctrl_iface monitors in 313189251Ssam * WPA_EVENT_CONNECTED event and wpa_cli sets this as WPA_ID_STR 314189251Ssam * environment variable for action scripts. 315189251Ssam */ 316189251Ssam char *id_str; 317189251Ssam 318189251Ssam#ifdef CONFIG_IEEE80211W 319189251Ssam /** 320189251Ssam * ieee80211w - Whether management frame protection is enabled 321189251Ssam * 322189251Ssam * This value is used to configure policy for management frame 323189251Ssam * protection (IEEE 802.11w). 0 = disabled, 1 = optional, 2 = required. 324189251Ssam */ 325214734Srpaulo enum mfp_options ieee80211w; 326189251Ssam#endif /* CONFIG_IEEE80211W */ 327189251Ssam 328189251Ssam /** 329189251Ssam * frequency - Channel frequency in megahertz (MHz) for IBSS 330189251Ssam * 331189251Ssam * This value is used to configure the initial channel for IBSS (adhoc) 332189251Ssam * networks, e.g., 2412 = IEEE 802.11b/g channel 1. It is ignored in 333189251Ssam * the infrastructure mode. In addition, this value is only used by the 334189251Ssam * station that creates the IBSS. If an IBSS network with the 335189251Ssam * configured SSID is already present, the frequency of the network 336189251Ssam * will be used instead of this configured value. 337189251Ssam */ 338189251Ssam int frequency; 339189251Ssam 340189251Ssam /** 341189251Ssam * wpa_ptk_rekey - Maximum lifetime for PTK in seconds 342189251Ssam * 343189251Ssam * This value can be used to enforce rekeying of PTK to mitigate some 344189251Ssam * attacks against TKIP deficiencies. 345189251Ssam */ 346189251Ssam int wpa_ptk_rekey; 347214734Srpaulo 348214734Srpaulo /** 349214734Srpaulo * scan_freq - Array of frequencies to scan or %NULL for all 350214734Srpaulo * 351214734Srpaulo * This is an optional zero-terminated array of frequencies in 352214734Srpaulo * megahertz (MHz) to include in scan requests when searching for this 353214734Srpaulo * network. This can be used to speed up scanning when the network is 354214734Srpaulo * known to not use all possible channels. 355214734Srpaulo */ 356214734Srpaulo int *scan_freq; 357214734Srpaulo 358214734Srpaulo /** 359214734Srpaulo * bgscan - Background scan and roaming parameters or %NULL if none 360214734Srpaulo * 361214734Srpaulo * This is an optional set of parameters for background scanning and 362214734Srpaulo * roaming within a network (ESS) in following format: 363214734Srpaulo * <bgscan module name>:<module parameters> 364214734Srpaulo */ 365214734Srpaulo char *bgscan; 366214734Srpaulo 367214734Srpaulo /** 368214734Srpaulo * freq_list - Array of allowed frequencies or %NULL for all 369214734Srpaulo * 370214734Srpaulo * This is an optional zero-terminated array of frequencies in 371214734Srpaulo * megahertz (MHz) to allow for selecting the BSS. If set, scan results 372214734Srpaulo * that do not match any of the specified frequencies are not 373214734Srpaulo * considered when selecting a BSS. 374214734Srpaulo */ 375214734Srpaulo int *freq_list; 376189251Ssam}; 377189251Ssam 378189251Ssam#endif /* CONFIG_SSID_H */ 379