]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Allow SNonce update after sending EAPOL-Key 3/4 if 1/4 was retransmitted
[thirdparty/hostap.git] / src / ap / wpa_auth.c
1 /*
2 * IEEE 802.11 RSN / WPA Authenticator
3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "utils/includes.h"
16
17 #include "utils/common.h"
18 #include "utils/eloop.h"
19 #include "utils/state_machine.h"
20 #include "common/ieee802_11_defs.h"
21 #include "crypto/aes_wrap.h"
22 #include "crypto/crypto.h"
23 #include "crypto/sha1.h"
24 #include "crypto/sha256.h"
25 #include "crypto/random.h"
26 #include "eapol_auth/eapol_auth_sm.h"
27 #include "ap_config.h"
28 #include "ieee802_11.h"
29 #include "wpa_auth.h"
30 #include "pmksa_cache_auth.h"
31 #include "wpa_auth_i.h"
32 #include "wpa_auth_ie.h"
33
34 #define STATE_MACHINE_DATA struct wpa_state_machine
35 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
36 #define STATE_MACHINE_ADDR sm->addr
37
38
39 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
40 static int wpa_sm_step(struct wpa_state_machine *sm);
41 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
42 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
43 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
44 struct wpa_group *group);
45 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
46 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
47 struct wpa_group *group);
48 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
49 struct wpa_group *group);
50
51 static const u32 dot11RSNAConfigGroupUpdateCount = 4;
52 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
53 static const u32 eapol_key_timeout_first = 100; /* ms */
54 static const u32 eapol_key_timeout_subseq = 1000; /* ms */
55 static const u32 eapol_key_timeout_first_group = 500; /* ms */
56
57 /* TODO: make these configurable */
58 static const int dot11RSNAConfigPMKLifetime = 43200;
59 static const int dot11RSNAConfigPMKReauthThreshold = 70;
60 static const int dot11RSNAConfigSATimeout = 60;
61
62
63 static inline void wpa_auth_mic_failure_report(
64 struct wpa_authenticator *wpa_auth, const u8 *addr)
65 {
66 if (wpa_auth->cb.mic_failure_report)
67 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
68 }
69
70
71 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
72 const u8 *addr, wpa_eapol_variable var,
73 int value)
74 {
75 if (wpa_auth->cb.set_eapol)
76 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
77 }
78
79
80 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
81 const u8 *addr, wpa_eapol_variable var)
82 {
83 if (wpa_auth->cb.get_eapol == NULL)
84 return -1;
85 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
86 }
87
88
89 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
90 const u8 *addr, const u8 *prev_psk)
91 {
92 if (wpa_auth->cb.get_psk == NULL)
93 return NULL;
94 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
95 }
96
97
98 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
99 const u8 *addr, u8 *msk, size_t *len)
100 {
101 if (wpa_auth->cb.get_msk == NULL)
102 return -1;
103 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
104 }
105
106
107 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
108 int vlan_id,
109 enum wpa_alg alg, const u8 *addr, int idx,
110 u8 *key, size_t key_len)
111 {
112 if (wpa_auth->cb.set_key == NULL)
113 return -1;
114 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
115 key, key_len);
116 }
117
118
119 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
120 const u8 *addr, int idx, u8 *seq)
121 {
122 if (wpa_auth->cb.get_seqnum == NULL)
123 return -1;
124 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
125 }
126
127
128 static inline int
129 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
130 const u8 *data, size_t data_len, int encrypt)
131 {
132 if (wpa_auth->cb.send_eapol == NULL)
133 return -1;
134 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
135 encrypt);
136 }
137
138
139 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
140 int (*cb)(struct wpa_state_machine *sm, void *ctx),
141 void *cb_ctx)
142 {
143 if (wpa_auth->cb.for_each_sta == NULL)
144 return 0;
145 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
146 }
147
148
149 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
150 int (*cb)(struct wpa_authenticator *a, void *ctx),
151 void *cb_ctx)
152 {
153 if (wpa_auth->cb.for_each_auth == NULL)
154 return 0;
155 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
156 }
157
158
159 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
160 logger_level level, const char *txt)
161 {
162 if (wpa_auth->cb.logger == NULL)
163 return;
164 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
165 }
166
167
168 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
169 logger_level level, const char *fmt, ...)
170 {
171 char *format;
172 int maxlen;
173 va_list ap;
174
175 if (wpa_auth->cb.logger == NULL)
176 return;
177
178 maxlen = os_strlen(fmt) + 100;
179 format = os_malloc(maxlen);
180 if (!format)
181 return;
182
183 va_start(ap, fmt);
184 vsnprintf(format, maxlen, fmt, ap);
185 va_end(ap);
186
187 wpa_auth_logger(wpa_auth, addr, level, format);
188
189 os_free(format);
190 }
191
192
193 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
194 const u8 *addr)
195 {
196 if (wpa_auth->cb.disconnect == NULL)
197 return;
198 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
199 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
200 WLAN_REASON_PREV_AUTH_NOT_VALID);
201 }
202
203
204 static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
205 {
206 int ret = 0;
207 #ifdef CONFIG_IEEE80211R
208 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
209 ret = 1;
210 #endif /* CONFIG_IEEE80211R */
211 #ifdef CONFIG_IEEE80211W
212 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
213 ret = 1;
214 #endif /* CONFIG_IEEE80211W */
215 return ret;
216 }
217
218
219 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
220 {
221 struct wpa_authenticator *wpa_auth = eloop_ctx;
222
223 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
224 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
225 "initialization.");
226 } else {
227 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
228 wpa_hexdump_key(MSG_DEBUG, "GMK",
229 wpa_auth->group->GMK, WPA_GMK_LEN);
230 }
231
232 if (wpa_auth->conf.wpa_gmk_rekey) {
233 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
234 wpa_rekey_gmk, wpa_auth, NULL);
235 }
236 }
237
238
239 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
240 {
241 struct wpa_authenticator *wpa_auth = eloop_ctx;
242 struct wpa_group *group;
243
244 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
245 for (group = wpa_auth->group; group; group = group->next) {
246 group->GTKReKey = TRUE;
247 do {
248 group->changed = FALSE;
249 wpa_group_sm_step(wpa_auth, group);
250 } while (group->changed);
251 }
252
253 if (wpa_auth->conf.wpa_group_rekey) {
254 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
255 0, wpa_rekey_gtk, wpa_auth, NULL);
256 }
257 }
258
259
260 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
261 {
262 struct wpa_authenticator *wpa_auth = eloop_ctx;
263 struct wpa_state_machine *sm = timeout_ctx;
264
265 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
266 wpa_request_new_ptk(sm);
267 wpa_sm_step(sm);
268 }
269
270
271 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
272 {
273 if (sm->pmksa == ctx)
274 sm->pmksa = NULL;
275 return 0;
276 }
277
278
279 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
280 void *ctx)
281 {
282 struct wpa_authenticator *wpa_auth = ctx;
283 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
284 }
285
286
287 static void wpa_group_set_key_len(struct wpa_group *group, int cipher)
288 {
289 switch (cipher) {
290 case WPA_CIPHER_CCMP:
291 group->GTK_len = 16;
292 break;
293 case WPA_CIPHER_TKIP:
294 group->GTK_len = 32;
295 break;
296 case WPA_CIPHER_WEP104:
297 group->GTK_len = 13;
298 break;
299 case WPA_CIPHER_WEP40:
300 group->GTK_len = 5;
301 break;
302 }
303 }
304
305
306 static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
307 struct wpa_group *group)
308 {
309 u8 buf[ETH_ALEN + 8 + sizeof(group)];
310 u8 rkey[32];
311
312 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
313 return -1;
314 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
315
316 /*
317 * Counter = PRF-256(Random number, "Init Counter",
318 * Local MAC Address || Time)
319 */
320 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
321 wpa_get_ntp_timestamp(buf + ETH_ALEN);
322 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
323 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
324 return -1;
325
326 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
327 group->Counter, WPA_NONCE_LEN) < 0)
328 return -1;
329 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
330 group->Counter, WPA_NONCE_LEN);
331
332 return 0;
333 }
334
335
336 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
337 int vlan_id, int delay_init)
338 {
339 struct wpa_group *group;
340
341 group = os_zalloc(sizeof(struct wpa_group));
342 if (group == NULL)
343 return NULL;
344
345 group->GTKAuthenticator = TRUE;
346 group->vlan_id = vlan_id;
347
348 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
349
350 if (random_pool_ready() != 1) {
351 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
352 "for secure operations - update keys later when "
353 "the first station connects");
354 }
355
356 /*
357 * Set initial GMK/Counter value here. The actual values that will be
358 * used in negotiations will be set once the first station tries to
359 * connect. This allows more time for collecting additional randomness
360 * on embedded devices.
361 */
362 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
363 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
364 "initialization.");
365 os_free(group);
366 return NULL;
367 }
368
369 group->GInit = TRUE;
370 if (delay_init) {
371 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
372 "until Beacon frames have been configured");
373 /* Initialization is completed in wpa_init_keys(). */
374 } else {
375 wpa_group_sm_step(wpa_auth, group);
376 group->GInit = FALSE;
377 wpa_group_sm_step(wpa_auth, group);
378 }
379
380 return group;
381 }
382
383
384 /**
385 * wpa_init - Initialize WPA authenticator
386 * @addr: Authenticator address
387 * @conf: Configuration for WPA authenticator
388 * @cb: Callback functions for WPA authenticator
389 * Returns: Pointer to WPA authenticator data or %NULL on failure
390 */
391 struct wpa_authenticator * wpa_init(const u8 *addr,
392 struct wpa_auth_config *conf,
393 struct wpa_auth_callbacks *cb)
394 {
395 struct wpa_authenticator *wpa_auth;
396
397 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
398 if (wpa_auth == NULL)
399 return NULL;
400 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
401 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
402 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
403
404 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
405 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
406 os_free(wpa_auth);
407 return NULL;
408 }
409
410 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
411 if (wpa_auth->group == NULL) {
412 os_free(wpa_auth->wpa_ie);
413 os_free(wpa_auth);
414 return NULL;
415 }
416
417 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
418 wpa_auth);
419 if (wpa_auth->pmksa == NULL) {
420 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
421 os_free(wpa_auth->wpa_ie);
422 os_free(wpa_auth);
423 return NULL;
424 }
425
426 #ifdef CONFIG_IEEE80211R
427 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
428 if (wpa_auth->ft_pmk_cache == NULL) {
429 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
430 os_free(wpa_auth->wpa_ie);
431 pmksa_cache_auth_deinit(wpa_auth->pmksa);
432 os_free(wpa_auth);
433 return NULL;
434 }
435 #endif /* CONFIG_IEEE80211R */
436
437 if (wpa_auth->conf.wpa_gmk_rekey) {
438 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
439 wpa_rekey_gmk, wpa_auth, NULL);
440 }
441
442 if (wpa_auth->conf.wpa_group_rekey) {
443 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
444 wpa_rekey_gtk, wpa_auth, NULL);
445 }
446
447 return wpa_auth;
448 }
449
450
451 int wpa_init_keys(struct wpa_authenticator *wpa_auth)
452 {
453 struct wpa_group *group = wpa_auth->group;
454
455 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
456 "keys");
457 wpa_group_sm_step(wpa_auth, group);
458 group->GInit = FALSE;
459 wpa_group_sm_step(wpa_auth, group);
460 return 0;
461 }
462
463
464 /**
465 * wpa_deinit - Deinitialize WPA authenticator
466 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
467 */
468 void wpa_deinit(struct wpa_authenticator *wpa_auth)
469 {
470 struct wpa_group *group, *prev;
471
472 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
473 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
474
475 #ifdef CONFIG_PEERKEY
476 while (wpa_auth->stsl_negotiations)
477 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
478 #endif /* CONFIG_PEERKEY */
479
480 pmksa_cache_auth_deinit(wpa_auth->pmksa);
481
482 #ifdef CONFIG_IEEE80211R
483 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
484 wpa_auth->ft_pmk_cache = NULL;
485 #endif /* CONFIG_IEEE80211R */
486
487 os_free(wpa_auth->wpa_ie);
488
489 group = wpa_auth->group;
490 while (group) {
491 prev = group;
492 group = group->next;
493 os_free(prev);
494 }
495
496 os_free(wpa_auth);
497 }
498
499
500 /**
501 * wpa_reconfig - Update WPA authenticator configuration
502 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
503 * @conf: Configuration for WPA authenticator
504 */
505 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
506 struct wpa_auth_config *conf)
507 {
508 struct wpa_group *group;
509 if (wpa_auth == NULL)
510 return 0;
511
512 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
513 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
514 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
515 return -1;
516 }
517
518 /*
519 * Reinitialize GTK to make sure it is suitable for the new
520 * configuration.
521 */
522 group = wpa_auth->group;
523 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
524 group->GInit = TRUE;
525 wpa_group_sm_step(wpa_auth, group);
526 group->GInit = FALSE;
527 wpa_group_sm_step(wpa_auth, group);
528
529 return 0;
530 }
531
532
533 struct wpa_state_machine *
534 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
535 {
536 struct wpa_state_machine *sm;
537
538 sm = os_zalloc(sizeof(struct wpa_state_machine));
539 if (sm == NULL)
540 return NULL;
541 os_memcpy(sm->addr, addr, ETH_ALEN);
542
543 sm->wpa_auth = wpa_auth;
544 sm->group = wpa_auth->group;
545
546 return sm;
547 }
548
549
550 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
551 struct wpa_state_machine *sm)
552 {
553 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
554 return -1;
555
556 #ifdef CONFIG_IEEE80211R
557 if (sm->ft_completed) {
558 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
559 "FT authentication already completed - do not "
560 "start 4-way handshake");
561 return 0;
562 }
563 #endif /* CONFIG_IEEE80211R */
564
565 if (sm->started) {
566 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
567 sm->ReAuthenticationRequest = TRUE;
568 return wpa_sm_step(sm);
569 }
570
571 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
572 "start authentication");
573 sm->started = 1;
574
575 sm->Init = TRUE;
576 if (wpa_sm_step(sm) == 1)
577 return 1; /* should not really happen */
578 sm->Init = FALSE;
579 sm->AuthenticationRequest = TRUE;
580 return wpa_sm_step(sm);
581 }
582
583
584 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
585 {
586 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
587 * reassociates back to the same AP while the previous entry for the
588 * STA has not yet been removed. */
589 if (sm == NULL)
590 return;
591
592 sm->wpa_key_mgmt = 0;
593 }
594
595
596 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
597 {
598 if (sm->GUpdateStationKeys) {
599 sm->group->GKeyDoneStations--;
600 sm->GUpdateStationKeys = FALSE;
601 }
602 #ifdef CONFIG_IEEE80211R
603 os_free(sm->assoc_resp_ftie);
604 #endif /* CONFIG_IEEE80211R */
605 os_free(sm->last_rx_eapol_key);
606 os_free(sm->wpa_ie);
607 os_free(sm);
608 }
609
610
611 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
612 {
613 if (sm == NULL)
614 return;
615
616 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
617 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
618 "strict rekeying - force GTK rekey since STA "
619 "is leaving");
620 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
621 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
622 NULL);
623 }
624
625 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
626 sm->pending_1_of_4_timeout = 0;
627 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
628 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
629 if (sm->in_step_loop) {
630 /* Must not free state machine while wpa_sm_step() is running.
631 * Freeing will be completed in the end of wpa_sm_step(). */
632 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
633 "machine deinit for " MACSTR, MAC2STR(sm->addr));
634 sm->pending_deinit = 1;
635 } else
636 wpa_free_sta_sm(sm);
637 }
638
639
640 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
641 {
642 if (sm == NULL)
643 return;
644
645 sm->PTKRequest = TRUE;
646 sm->PTK_valid = 0;
647 }
648
649
650 static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
651 const u8 *replay_counter)
652 {
653 int i;
654 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
655 if (!ctr[i].valid)
656 break;
657 if (os_memcmp(replay_counter, ctr[i].counter,
658 WPA_REPLAY_COUNTER_LEN) == 0)
659 return 1;
660 }
661 return 0;
662 }
663
664
665 static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
666 const u8 *replay_counter)
667 {
668 int i;
669 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
670 if (ctr[i].valid &&
671 (replay_counter == NULL ||
672 os_memcmp(replay_counter, ctr[i].counter,
673 WPA_REPLAY_COUNTER_LEN) == 0))
674 ctr[i].valid = FALSE;
675 }
676 }
677
678
679 #ifdef CONFIG_IEEE80211R
680 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
681 struct wpa_state_machine *sm,
682 struct wpa_eapol_ie_parse *kde)
683 {
684 struct wpa_ie_data ie;
685 struct rsn_mdie *mdie;
686
687 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
688 ie.num_pmkid != 1 || ie.pmkid == NULL) {
689 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
690 "FT 4-way handshake message 2/4");
691 return -1;
692 }
693
694 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
695 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
696 sm->sup_pmk_r1_name, PMKID_LEN);
697
698 if (!kde->mdie || !kde->ftie) {
699 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
700 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
701 return -1;
702 }
703
704 mdie = (struct rsn_mdie *) (kde->mdie + 2);
705 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
706 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
707 MOBILITY_DOMAIN_ID_LEN) != 0) {
708 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
709 return -1;
710 }
711
712 if (sm->assoc_resp_ftie &&
713 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
714 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
715 2 + sm->assoc_resp_ftie[1]) != 0)) {
716 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
717 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
718 kde->ftie, kde->ftie_len);
719 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
720 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
721 return -1;
722 }
723
724 return 0;
725 }
726 #endif /* CONFIG_IEEE80211R */
727
728
729 static void wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
730 struct wpa_state_machine *sm, int group)
731 {
732 /* Supplicant reported a Michael MIC error */
733 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
734 "received EAPOL-Key Error Request "
735 "(STA detected Michael MIC failure (group=%d))",
736 group);
737
738 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
739 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
740 "ignore Michael MIC failure report since "
741 "group cipher is not TKIP");
742 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
743 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
744 "ignore Michael MIC failure report since "
745 "pairwise cipher is not TKIP");
746 } else {
747 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
748 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
749 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
750 }
751
752 /*
753 * Error report is not a request for a new key handshake, but since
754 * Authenticator may do it, let's change the keys now anyway.
755 */
756 wpa_request_new_ptk(sm);
757 }
758
759
760 void wpa_receive(struct wpa_authenticator *wpa_auth,
761 struct wpa_state_machine *sm,
762 u8 *data, size_t data_len)
763 {
764 struct ieee802_1x_hdr *hdr;
765 struct wpa_eapol_key *key;
766 u16 key_info, key_data_length;
767 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
768 SMK_M1, SMK_M3, SMK_ERROR } msg;
769 char *msgtxt;
770 struct wpa_eapol_ie_parse kde;
771 int ft;
772 const u8 *eapol_key_ie;
773 size_t eapol_key_ie_len;
774
775 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
776 return;
777
778 if (data_len < sizeof(*hdr) + sizeof(*key))
779 return;
780
781 hdr = (struct ieee802_1x_hdr *) data;
782 key = (struct wpa_eapol_key *) (hdr + 1);
783 key_info = WPA_GET_BE16(key->key_info);
784 key_data_length = WPA_GET_BE16(key->key_data_length);
785 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
786 " key_info=0x%x type=%u key_data_length=%u",
787 MAC2STR(sm->addr), key_info, key->type, key_data_length);
788 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
789 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
790 "key_data overflow (%d > %lu)",
791 key_data_length,
792 (unsigned long) (data_len - sizeof(*hdr) -
793 sizeof(*key)));
794 return;
795 }
796
797 if (sm->wpa == WPA_VERSION_WPA2) {
798 if (key->type != EAPOL_KEY_TYPE_RSN) {
799 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
800 "unexpected type %d in RSN mode",
801 key->type);
802 return;
803 }
804 } else {
805 if (key->type != EAPOL_KEY_TYPE_WPA) {
806 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
807 "unexpected type %d in WPA mode",
808 key->type);
809 return;
810 }
811 }
812
813 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
814 WPA_NONCE_LEN);
815 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
816 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
817
818 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
819 * are set */
820
821 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
822 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
823 if (key_info & WPA_KEY_INFO_ERROR) {
824 msg = SMK_ERROR;
825 msgtxt = "SMK Error";
826 } else {
827 msg = SMK_M1;
828 msgtxt = "SMK M1";
829 }
830 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
831 msg = SMK_M3;
832 msgtxt = "SMK M3";
833 } else if (key_info & WPA_KEY_INFO_REQUEST) {
834 msg = REQUEST;
835 msgtxt = "Request";
836 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
837 msg = GROUP_2;
838 msgtxt = "2/2 Group";
839 } else if (key_data_length == 0) {
840 msg = PAIRWISE_4;
841 msgtxt = "4/4 Pairwise";
842 } else {
843 msg = PAIRWISE_2;
844 msgtxt = "2/4 Pairwise";
845 }
846
847 /* TODO: key_info type validation for PeerKey */
848 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
849 msg == GROUP_2) {
850 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
851 if (sm->pairwise == WPA_CIPHER_CCMP) {
852 if (wpa_use_aes_cmac(sm) &&
853 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
854 wpa_auth_logger(wpa_auth, sm->addr,
855 LOGGER_WARNING,
856 "advertised support for "
857 "AES-128-CMAC, but did not "
858 "use it");
859 return;
860 }
861
862 if (!wpa_use_aes_cmac(sm) &&
863 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
864 wpa_auth_logger(wpa_auth, sm->addr,
865 LOGGER_WARNING,
866 "did not use HMAC-SHA1-AES "
867 "with CCMP");
868 return;
869 }
870 }
871 }
872
873 if (key_info & WPA_KEY_INFO_REQUEST) {
874 if (sm->req_replay_counter_used &&
875 os_memcmp(key->replay_counter, sm->req_replay_counter,
876 WPA_REPLAY_COUNTER_LEN) <= 0) {
877 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
878 "received EAPOL-Key request with "
879 "replayed counter");
880 return;
881 }
882 }
883
884 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
885 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
886 int i;
887
888 if (msg == PAIRWISE_2 &&
889 wpa_replay_counter_valid(sm->prev_key_replay,
890 key->replay_counter) &&
891 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
892 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
893 {
894 /*
895 * Some supplicant implementations (e.g., Windows XP
896 * WZC) update SNonce for each EAPOL-Key 2/4. This
897 * breaks the workaround on accepting any of the
898 * pending requests, so allow the SNonce to be updated
899 * even if we have already sent out EAPOL-Key 3/4.
900 */
901 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
902 "Process SNonce update from STA "
903 "based on retransmitted EAPOL-Key "
904 "1/4");
905 sm->update_snonce = 1;
906 wpa_replay_counter_mark_invalid(sm->prev_key_replay,
907 key->replay_counter);
908 goto continue_processing;
909 }
910
911 if (msg == PAIRWISE_2 &&
912 wpa_replay_counter_valid(sm->prev_key_replay,
913 key->replay_counter) &&
914 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
915 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
916 "ignore retransmitted EAPOL-Key %s - "
917 "SNonce did not change", msgtxt);
918 } else {
919 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
920 "received EAPOL-Key %s with "
921 "unexpected replay counter", msgtxt);
922 }
923 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
924 if (!sm->key_replay[i].valid)
925 break;
926 wpa_hexdump(MSG_DEBUG, "pending replay counter",
927 sm->key_replay[i].counter,
928 WPA_REPLAY_COUNTER_LEN);
929 }
930 wpa_hexdump(MSG_DEBUG, "received replay counter",
931 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
932 return;
933 }
934
935 continue_processing:
936 switch (msg) {
937 case PAIRWISE_2:
938 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
939 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
940 (!sm->update_snonce ||
941 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
942 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
943 "received EAPOL-Key msg 2/4 in "
944 "invalid state (%d) - dropped",
945 sm->wpa_ptk_state);
946 return;
947 }
948 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
949 if (sm->group->reject_4way_hs_for_entropy) {
950 /*
951 * The system did not have enough entropy to generate
952 * strong random numbers. Reject the first 4-way
953 * handshake(s) and collect some entropy based on the
954 * information from it. Once enough entropy is
955 * available, the next atempt will trigger GMK/Key
956 * Counter update and the station will be allowed to
957 * continue.
958 */
959 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
960 "collect more entropy for random number "
961 "generation");
962 sm->group->reject_4way_hs_for_entropy = FALSE;
963 random_mark_pool_ready();
964 sm->group->first_sta_seen = FALSE;
965 wpa_sta_disconnect(wpa_auth, sm->addr);
966 return;
967 }
968 if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
969 &kde) < 0) {
970 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
971 "received EAPOL-Key msg 2/4 with "
972 "invalid Key Data contents");
973 return;
974 }
975 if (kde.rsn_ie) {
976 eapol_key_ie = kde.rsn_ie;
977 eapol_key_ie_len = kde.rsn_ie_len;
978 } else {
979 eapol_key_ie = kde.wpa_ie;
980 eapol_key_ie_len = kde.wpa_ie_len;
981 }
982 ft = sm->wpa == WPA_VERSION_WPA2 &&
983 wpa_key_mgmt_ft(sm->wpa_key_mgmt);
984 if (sm->wpa_ie == NULL ||
985 wpa_compare_rsn_ie(ft,
986 sm->wpa_ie, sm->wpa_ie_len,
987 eapol_key_ie, eapol_key_ie_len)) {
988 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
989 "WPA IE from (Re)AssocReq did not "
990 "match with msg 2/4");
991 if (sm->wpa_ie) {
992 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
993 sm->wpa_ie, sm->wpa_ie_len);
994 }
995 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
996 eapol_key_ie, eapol_key_ie_len);
997 /* MLME-DEAUTHENTICATE.request */
998 wpa_sta_disconnect(wpa_auth, sm->addr);
999 return;
1000 }
1001 #ifdef CONFIG_IEEE80211R
1002 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
1003 wpa_sta_disconnect(wpa_auth, sm->addr);
1004 return;
1005 }
1006 #endif /* CONFIG_IEEE80211R */
1007 break;
1008 case PAIRWISE_4:
1009 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1010 !sm->PTK_valid) {
1011 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1012 "received EAPOL-Key msg 4/4 in "
1013 "invalid state (%d) - dropped",
1014 sm->wpa_ptk_state);
1015 return;
1016 }
1017 break;
1018 case GROUP_2:
1019 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1020 || !sm->PTK_valid) {
1021 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1022 "received EAPOL-Key msg 2/2 in "
1023 "invalid state (%d) - dropped",
1024 sm->wpa_ptk_group_state);
1025 return;
1026 }
1027 break;
1028 #ifdef CONFIG_PEERKEY
1029 case SMK_M1:
1030 case SMK_M3:
1031 case SMK_ERROR:
1032 if (!wpa_auth->conf.peerkey) {
1033 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
1034 "PeerKey use disabled - ignoring message");
1035 return;
1036 }
1037 if (!sm->PTK_valid) {
1038 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1039 "received EAPOL-Key msg SMK in "
1040 "invalid state - dropped");
1041 return;
1042 }
1043 break;
1044 #else /* CONFIG_PEERKEY */
1045 case SMK_M1:
1046 case SMK_M3:
1047 case SMK_ERROR:
1048 return; /* STSL disabled - ignore SMK messages */
1049 #endif /* CONFIG_PEERKEY */
1050 case REQUEST:
1051 break;
1052 }
1053
1054 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1055 "received EAPOL-Key frame (%s)", msgtxt);
1056
1057 if (key_info & WPA_KEY_INFO_ACK) {
1058 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1059 "received invalid EAPOL-Key: Key Ack set");
1060 return;
1061 }
1062
1063 if (!(key_info & WPA_KEY_INFO_MIC)) {
1064 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1065 "received invalid EAPOL-Key: Key MIC not set");
1066 return;
1067 }
1068
1069 sm->MICVerified = FALSE;
1070 if (sm->PTK_valid && !sm->update_snonce) {
1071 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
1072 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1073 "received EAPOL-Key with invalid MIC");
1074 return;
1075 }
1076 sm->MICVerified = TRUE;
1077 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
1078 sm->pending_1_of_4_timeout = 0;
1079 }
1080
1081 if (key_info & WPA_KEY_INFO_REQUEST) {
1082 if (sm->MICVerified) {
1083 sm->req_replay_counter_used = 1;
1084 os_memcpy(sm->req_replay_counter, key->replay_counter,
1085 WPA_REPLAY_COUNTER_LEN);
1086 } else {
1087 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1088 "received EAPOL-Key request with "
1089 "invalid MIC");
1090 return;
1091 }
1092
1093 /*
1094 * TODO: should decrypt key data field if encryption was used;
1095 * even though MAC address KDE is not normally encrypted,
1096 * supplicant is allowed to encrypt it.
1097 */
1098 if (msg == SMK_ERROR) {
1099 #ifdef CONFIG_PEERKEY
1100 wpa_smk_error(wpa_auth, sm, key);
1101 #endif /* CONFIG_PEERKEY */
1102 return;
1103 } else if (key_info & WPA_KEY_INFO_ERROR) {
1104 wpa_receive_error_report(
1105 wpa_auth, sm,
1106 !(key_info & WPA_KEY_INFO_KEY_TYPE));
1107 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1108 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1109 "received EAPOL-Key Request for new "
1110 "4-Way Handshake");
1111 wpa_request_new_ptk(sm);
1112 #ifdef CONFIG_PEERKEY
1113 } else if (msg == SMK_M1) {
1114 wpa_smk_m1(wpa_auth, sm, key);
1115 #endif /* CONFIG_PEERKEY */
1116 } else if (key_data_length > 0 &&
1117 wpa_parse_kde_ies((const u8 *) (key + 1),
1118 key_data_length, &kde) == 0 &&
1119 kde.mac_addr) {
1120 } else {
1121 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1122 "received EAPOL-Key Request for GTK "
1123 "rekeying");
1124 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1125 wpa_rekey_gtk(wpa_auth, NULL);
1126 }
1127 } else {
1128 /* Do not allow the same key replay counter to be reused. */
1129 wpa_replay_counter_mark_invalid(sm->key_replay,
1130 key->replay_counter);
1131
1132 if (msg == PAIRWISE_2) {
1133 /*
1134 * Maintain a copy of the pending EAPOL-Key frames in
1135 * case the EAPOL-Key frame was retransmitted. This is
1136 * needed to allow EAPOL-Key msg 2/4 reply to another
1137 * pending msg 1/4 to update the SNonce to work around
1138 * unexpected supplicant behavior.
1139 */
1140 os_memcpy(sm->prev_key_replay, sm->key_replay,
1141 sizeof(sm->key_replay));
1142 } else {
1143 os_memset(sm->prev_key_replay, 0,
1144 sizeof(sm->prev_key_replay));
1145 }
1146
1147 /*
1148 * Make sure old valid counters are not accepted anymore and
1149 * do not get copied again.
1150 */
1151 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
1152 }
1153
1154 #ifdef CONFIG_PEERKEY
1155 if (msg == SMK_M3) {
1156 wpa_smk_m3(wpa_auth, sm, key);
1157 return;
1158 }
1159 #endif /* CONFIG_PEERKEY */
1160
1161 os_free(sm->last_rx_eapol_key);
1162 sm->last_rx_eapol_key = os_malloc(data_len);
1163 if (sm->last_rx_eapol_key == NULL)
1164 return;
1165 os_memcpy(sm->last_rx_eapol_key, data, data_len);
1166 sm->last_rx_eapol_key_len = data_len;
1167
1168 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
1169 sm->EAPOLKeyReceived = TRUE;
1170 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1171 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1172 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1173 wpa_sm_step(sm);
1174 }
1175
1176
1177 static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1178 const u8 *gnonce, u8 *gtk, size_t gtk_len)
1179 {
1180 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1181 u8 *pos;
1182 int ret = 0;
1183
1184 /* GTK = PRF-X(GMK, "Group key expansion",
1185 * AA || GNonce || Time || random data)
1186 * The example described in the IEEE 802.11 standard uses only AA and
1187 * GNonce as inputs here. Add some more entropy since this derivation
1188 * is done only at the Authenticator and as such, does not need to be
1189 * exactly same.
1190 */
1191 os_memcpy(data, addr, ETH_ALEN);
1192 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
1193 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1194 wpa_get_ntp_timestamp(pos);
1195 pos += 8;
1196 if (random_get_bytes(pos, 16) < 0)
1197 ret = -1;
1198
1199 #ifdef CONFIG_IEEE80211W
1200 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
1201 #else /* CONFIG_IEEE80211W */
1202 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1203 < 0)
1204 ret = -1;
1205 #endif /* CONFIG_IEEE80211W */
1206
1207 return ret;
1208 }
1209
1210
1211 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1212 {
1213 struct wpa_authenticator *wpa_auth = eloop_ctx;
1214 struct wpa_state_machine *sm = timeout_ctx;
1215
1216 sm->pending_1_of_4_timeout = 0;
1217 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1218 sm->TimeoutEvt = TRUE;
1219 wpa_sm_step(sm);
1220 }
1221
1222
1223 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1224 struct wpa_state_machine *sm, int key_info,
1225 const u8 *key_rsc, const u8 *nonce,
1226 const u8 *kde, size_t kde_len,
1227 int keyidx, int encr, int force_version)
1228 {
1229 struct ieee802_1x_hdr *hdr;
1230 struct wpa_eapol_key *key;
1231 size_t len;
1232 int alg;
1233 int key_data_len, pad_len = 0;
1234 u8 *buf, *pos;
1235 int version, pairwise;
1236 int i;
1237
1238 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
1239
1240 if (force_version)
1241 version = force_version;
1242 else if (wpa_use_aes_cmac(sm))
1243 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
1244 else if (sm->pairwise == WPA_CIPHER_CCMP)
1245 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1246 else
1247 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1248
1249 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1250
1251 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1252 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1253 "encr=%d)",
1254 version,
1255 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1256 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1257 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1258 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1259 pairwise, (unsigned long) kde_len, keyidx, encr);
1260
1261 key_data_len = kde_len;
1262
1263 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1264 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1265 pad_len = key_data_len % 8;
1266 if (pad_len)
1267 pad_len = 8 - pad_len;
1268 key_data_len += pad_len + 8;
1269 }
1270
1271 len += key_data_len;
1272
1273 hdr = os_zalloc(len);
1274 if (hdr == NULL)
1275 return;
1276 hdr->version = wpa_auth->conf.eapol_version;
1277 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1278 hdr->length = host_to_be16(len - sizeof(*hdr));
1279 key = (struct wpa_eapol_key *) (hdr + 1);
1280
1281 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1282 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1283 key_info |= version;
1284 if (encr && sm->wpa == WPA_VERSION_WPA2)
1285 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1286 if (sm->wpa != WPA_VERSION_WPA2)
1287 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1288 WPA_PUT_BE16(key->key_info, key_info);
1289
1290 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1291 switch (alg) {
1292 case WPA_CIPHER_CCMP:
1293 WPA_PUT_BE16(key->key_length, 16);
1294 break;
1295 case WPA_CIPHER_TKIP:
1296 WPA_PUT_BE16(key->key_length, 32);
1297 break;
1298 case WPA_CIPHER_WEP40:
1299 WPA_PUT_BE16(key->key_length, 5);
1300 break;
1301 case WPA_CIPHER_WEP104:
1302 WPA_PUT_BE16(key->key_length, 13);
1303 break;
1304 }
1305 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1306 WPA_PUT_BE16(key->key_length, 0);
1307
1308 /* FIX: STSL: what to use as key_replay_counter? */
1309 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1310 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1311 os_memcpy(sm->key_replay[i].counter,
1312 sm->key_replay[i - 1].counter,
1313 WPA_REPLAY_COUNTER_LEN);
1314 }
1315 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1316 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
1317 WPA_REPLAY_COUNTER_LEN);
1318 sm->key_replay[0].valid = TRUE;
1319
1320 if (nonce)
1321 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1322
1323 if (key_rsc)
1324 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1325
1326 if (kde && !encr) {
1327 os_memcpy(key + 1, kde, kde_len);
1328 WPA_PUT_BE16(key->key_data_length, kde_len);
1329 } else if (encr && kde) {
1330 buf = os_zalloc(key_data_len);
1331 if (buf == NULL) {
1332 os_free(hdr);
1333 return;
1334 }
1335 pos = buf;
1336 os_memcpy(pos, kde, kde_len);
1337 pos += kde_len;
1338
1339 if (pad_len)
1340 *pos++ = 0xdd;
1341
1342 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1343 buf, key_data_len);
1344 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1345 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1346 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
1347 (u8 *) (key + 1))) {
1348 os_free(hdr);
1349 os_free(buf);
1350 return;
1351 }
1352 WPA_PUT_BE16(key->key_data_length, key_data_len);
1353 } else {
1354 u8 ek[32];
1355 os_memcpy(key->key_iv,
1356 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1357 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1358 os_memcpy(ek, key->key_iv, 16);
1359 os_memcpy(ek + 16, sm->PTK.kek, 16);
1360 os_memcpy(key + 1, buf, key_data_len);
1361 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1362 WPA_PUT_BE16(key->key_data_length, key_data_len);
1363 }
1364 os_free(buf);
1365 }
1366
1367 if (key_info & WPA_KEY_INFO_MIC) {
1368 if (!sm->PTK_valid) {
1369 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1370 "PTK not valid when sending EAPOL-Key "
1371 "frame");
1372 os_free(hdr);
1373 return;
1374 }
1375 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1376 key->key_mic);
1377 }
1378
1379 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1380 1);
1381 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1382 sm->pairwise_set);
1383 os_free(hdr);
1384 }
1385
1386
1387 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1388 struct wpa_state_machine *sm, int key_info,
1389 const u8 *key_rsc, const u8 *nonce,
1390 const u8 *kde, size_t kde_len,
1391 int keyidx, int encr)
1392 {
1393 int timeout_ms;
1394 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1395 int ctr;
1396
1397 if (sm == NULL)
1398 return;
1399
1400 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1401 keyidx, encr, 0);
1402
1403 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1404 if (ctr == 1 && wpa_auth->conf.tx_status)
1405 timeout_ms = pairwise ? eapol_key_timeout_first :
1406 eapol_key_timeout_first_group;
1407 else
1408 timeout_ms = eapol_key_timeout_subseq;
1409 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1410 sm->pending_1_of_4_timeout = 1;
1411 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1412 "counter %d)", timeout_ms, ctr);
1413 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1414 wpa_send_eapol_timeout, wpa_auth, sm);
1415 }
1416
1417
1418 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1419 {
1420 struct ieee802_1x_hdr *hdr;
1421 struct wpa_eapol_key *key;
1422 u16 key_info;
1423 int ret = 0;
1424 u8 mic[16];
1425
1426 if (data_len < sizeof(*hdr) + sizeof(*key))
1427 return -1;
1428
1429 hdr = (struct ieee802_1x_hdr *) data;
1430 key = (struct wpa_eapol_key *) (hdr + 1);
1431 key_info = WPA_GET_BE16(key->key_info);
1432 os_memcpy(mic, key->key_mic, 16);
1433 os_memset(key->key_mic, 0, 16);
1434 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1435 data, data_len, key->key_mic) ||
1436 os_memcmp(mic, key->key_mic, 16) != 0)
1437 ret = -1;
1438 os_memcpy(key->key_mic, mic, 16);
1439 return ret;
1440 }
1441
1442
1443 void wpa_remove_ptk(struct wpa_state_machine *sm)
1444 {
1445 sm->PTK_valid = FALSE;
1446 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1447 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
1448 sm->pairwise_set = FALSE;
1449 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1450 }
1451
1452
1453 int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
1454 {
1455 int remove_ptk = 1;
1456
1457 if (sm == NULL)
1458 return -1;
1459
1460 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1461 "event %d notification", event);
1462
1463 switch (event) {
1464 case WPA_AUTH:
1465 case WPA_ASSOC:
1466 break;
1467 case WPA_DEAUTH:
1468 case WPA_DISASSOC:
1469 sm->DeauthenticationRequest = TRUE;
1470 break;
1471 case WPA_REAUTH:
1472 case WPA_REAUTH_EAPOL:
1473 if (!sm->started) {
1474 /*
1475 * When using WPS, we may end up here if the STA
1476 * manages to re-associate without the previous STA
1477 * entry getting removed. Consequently, we need to make
1478 * sure that the WPA state machines gets initialized
1479 * properly at this point.
1480 */
1481 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1482 "started - initialize now");
1483 sm->started = 1;
1484 sm->Init = TRUE;
1485 if (wpa_sm_step(sm) == 1)
1486 return 1; /* should not really happen */
1487 sm->Init = FALSE;
1488 sm->AuthenticationRequest = TRUE;
1489 break;
1490 }
1491 if (sm->GUpdateStationKeys) {
1492 /*
1493 * Reauthentication cancels the pending group key
1494 * update for this STA.
1495 */
1496 sm->group->GKeyDoneStations--;
1497 sm->GUpdateStationKeys = FALSE;
1498 sm->PtkGroupInit = TRUE;
1499 }
1500 sm->ReAuthenticationRequest = TRUE;
1501 break;
1502 case WPA_ASSOC_FT:
1503 #ifdef CONFIG_IEEE80211R
1504 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1505 "after association");
1506 wpa_ft_install_ptk(sm);
1507
1508 /* Using FT protocol, not WPA auth state machine */
1509 sm->ft_completed = 1;
1510 return 0;
1511 #else /* CONFIG_IEEE80211R */
1512 break;
1513 #endif /* CONFIG_IEEE80211R */
1514 }
1515
1516 #ifdef CONFIG_IEEE80211R
1517 sm->ft_completed = 0;
1518 #endif /* CONFIG_IEEE80211R */
1519
1520 #ifdef CONFIG_IEEE80211W
1521 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1522 remove_ptk = 0;
1523 #endif /* CONFIG_IEEE80211W */
1524
1525 if (remove_ptk) {
1526 sm->PTK_valid = FALSE;
1527 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1528
1529 if (event != WPA_REAUTH_EAPOL)
1530 wpa_remove_ptk(sm);
1531 }
1532
1533 return wpa_sm_step(sm);
1534 }
1535
1536
1537 static enum wpa_alg wpa_alg_enum(int alg)
1538 {
1539 switch (alg) {
1540 case WPA_CIPHER_CCMP:
1541 return WPA_ALG_CCMP;
1542 case WPA_CIPHER_TKIP:
1543 return WPA_ALG_TKIP;
1544 case WPA_CIPHER_WEP104:
1545 case WPA_CIPHER_WEP40:
1546 return WPA_ALG_WEP;
1547 default:
1548 return WPA_ALG_NONE;
1549 }
1550 }
1551
1552
1553 SM_STATE(WPA_PTK, INITIALIZE)
1554 {
1555 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1556 if (sm->Init) {
1557 /* Init flag is not cleared here, so avoid busy
1558 * loop by claiming nothing changed. */
1559 sm->changed = FALSE;
1560 }
1561
1562 sm->keycount = 0;
1563 if (sm->GUpdateStationKeys)
1564 sm->group->GKeyDoneStations--;
1565 sm->GUpdateStationKeys = FALSE;
1566 if (sm->wpa == WPA_VERSION_WPA)
1567 sm->PInitAKeys = FALSE;
1568 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1569 * Local AA > Remote AA)) */) {
1570 sm->Pair = TRUE;
1571 }
1572 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1573 wpa_remove_ptk(sm);
1574 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1575 sm->TimeoutCtr = 0;
1576 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1577 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1578 WPA_EAPOL_authorized, 0);
1579 }
1580 }
1581
1582
1583 SM_STATE(WPA_PTK, DISCONNECT)
1584 {
1585 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1586 sm->Disconnect = FALSE;
1587 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1588 }
1589
1590
1591 SM_STATE(WPA_PTK, DISCONNECTED)
1592 {
1593 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1594 sm->DeauthenticationRequest = FALSE;
1595 }
1596
1597
1598 SM_STATE(WPA_PTK, AUTHENTICATION)
1599 {
1600 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1601 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1602 sm->PTK_valid = FALSE;
1603 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1604 1);
1605 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1606 sm->AuthenticationRequest = FALSE;
1607 }
1608
1609
1610 static void wpa_group_first_station(struct wpa_authenticator *wpa_auth,
1611 struct wpa_group *group)
1612 {
1613 /*
1614 * System has run bit further than at the time hostapd was started
1615 * potentially very early during boot up. This provides better chances
1616 * of collecting more randomness on embedded systems. Re-initialize the
1617 * GMK and Counter here to improve their strength if there was not
1618 * enough entropy available immediately after system startup.
1619 */
1620 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1621 "station");
1622 if (random_pool_ready() != 1) {
1623 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1624 "to proceed - reject first 4-way handshake");
1625 group->reject_4way_hs_for_entropy = TRUE;
1626 }
1627 wpa_group_init_gmk_and_counter(wpa_auth, group);
1628 wpa_gtk_update(wpa_auth, group);
1629 wpa_group_config_group_keys(wpa_auth, group);
1630 }
1631
1632
1633 SM_STATE(WPA_PTK, AUTHENTICATION2)
1634 {
1635 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1636
1637 if (!sm->group->first_sta_seen) {
1638 wpa_group_first_station(sm->wpa_auth, sm->group);
1639 sm->group->first_sta_seen = TRUE;
1640 }
1641
1642 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
1643 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1644 WPA_NONCE_LEN);
1645 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1646 sm->ReAuthenticationRequest = FALSE;
1647 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1648 * logical place than INITIALIZE since AUTHENTICATION2 can be
1649 * re-entered on ReAuthenticationRequest without going through
1650 * INITIALIZE. */
1651 sm->TimeoutCtr = 0;
1652 }
1653
1654
1655 SM_STATE(WPA_PTK, INITPMK)
1656 {
1657 u8 msk[2 * PMK_LEN];
1658 size_t len = 2 * PMK_LEN;
1659
1660 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1661 #ifdef CONFIG_IEEE80211R
1662 sm->xxkey_len = 0;
1663 #endif /* CONFIG_IEEE80211R */
1664 if (sm->pmksa) {
1665 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1666 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1667 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1668 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1669 "(len=%lu)", (unsigned long) len);
1670 os_memcpy(sm->PMK, msk, PMK_LEN);
1671 #ifdef CONFIG_IEEE80211R
1672 if (len >= 2 * PMK_LEN) {
1673 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1674 sm->xxkey_len = PMK_LEN;
1675 }
1676 #endif /* CONFIG_IEEE80211R */
1677 } else {
1678 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1679 }
1680
1681 sm->req_replay_counter_used = 0;
1682 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1683 * will break reauthentication since EAPOL state machines may not be
1684 * get into AUTHENTICATING state that clears keyRun before WPA state
1685 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1686 * state and takes PMK from the previously used AAA Key. This will
1687 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1688 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1689 * be good workaround for this issue. */
1690 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1691 }
1692
1693
1694 SM_STATE(WPA_PTK, INITPSK)
1695 {
1696 const u8 *psk;
1697 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1698 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
1699 if (psk) {
1700 os_memcpy(sm->PMK, psk, PMK_LEN);
1701 #ifdef CONFIG_IEEE80211R
1702 os_memcpy(sm->xxkey, psk, PMK_LEN);
1703 sm->xxkey_len = PMK_LEN;
1704 #endif /* CONFIG_IEEE80211R */
1705 }
1706 sm->req_replay_counter_used = 0;
1707 }
1708
1709
1710 SM_STATE(WPA_PTK, PTKSTART)
1711 {
1712 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1713 size_t pmkid_len = 0;
1714
1715 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1716 sm->PTKRequest = FALSE;
1717 sm->TimeoutEvt = FALSE;
1718
1719 sm->TimeoutCtr++;
1720 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1721 /* No point in sending the EAPOL-Key - we will disconnect
1722 * immediately following this. */
1723 return;
1724 }
1725
1726 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1727 "sending 1/4 msg of 4-Way Handshake");
1728 /*
1729 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1730 * one possible PSK for this STA.
1731 */
1732 if (sm->wpa == WPA_VERSION_WPA2 &&
1733 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
1734 pmkid = buf;
1735 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1736 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1737 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1738 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1739 if (sm->pmksa)
1740 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1741 sm->pmksa->pmkid, PMKID_LEN);
1742 else {
1743 /*
1744 * Calculate PMKID since no PMKSA cache entry was
1745 * available with pre-calculated PMKID.
1746 */
1747 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
1748 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1749 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1750 }
1751 }
1752 wpa_send_eapol(sm->wpa_auth, sm,
1753 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1754 sm->ANonce, pmkid, pmkid_len, 0, 0);
1755 }
1756
1757
1758 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1759 struct wpa_ptk *ptk)
1760 {
1761 size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64;
1762 #ifdef CONFIG_IEEE80211R
1763 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
1764 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
1765 #endif /* CONFIG_IEEE80211R */
1766
1767 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1768 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
1769 (u8 *) ptk, ptk_len,
1770 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1771
1772 return 0;
1773 }
1774
1775
1776 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1777 {
1778 struct wpa_ptk PTK;
1779 int ok = 0;
1780 const u8 *pmk = NULL;
1781
1782 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1783 sm->EAPOLKeyReceived = FALSE;
1784 sm->update_snonce = FALSE;
1785
1786 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1787 * WPA-PSK: iterate through possible PSKs and select the one matching
1788 * the packet */
1789 for (;;) {
1790 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1791 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
1792 if (pmk == NULL)
1793 break;
1794 } else
1795 pmk = sm->PMK;
1796
1797 wpa_derive_ptk(sm, pmk, &PTK);
1798
1799 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1800 sm->last_rx_eapol_key_len) == 0) {
1801 ok = 1;
1802 break;
1803 }
1804
1805 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
1806 break;
1807 }
1808
1809 if (!ok) {
1810 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1811 "invalid MIC in msg 2/4 of 4-Way Handshake");
1812 return;
1813 }
1814
1815 #ifdef CONFIG_IEEE80211R
1816 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1817 /*
1818 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
1819 * with the value we derived.
1820 */
1821 if (os_memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name,
1822 WPA_PMK_NAME_LEN) != 0) {
1823 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1824 "PMKR1Name mismatch in FT 4-way "
1825 "handshake");
1826 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
1827 "Supplicant",
1828 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
1829 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
1830 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1831 return;
1832 }
1833 }
1834 #endif /* CONFIG_IEEE80211R */
1835
1836 sm->pending_1_of_4_timeout = 0;
1837 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1838
1839 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1840 /* PSK may have changed from the previous choice, so update
1841 * state machine data based on whatever PSK was selected here.
1842 */
1843 os_memcpy(sm->PMK, pmk, PMK_LEN);
1844 }
1845
1846 sm->MICVerified = TRUE;
1847
1848 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1849 sm->PTK_valid = TRUE;
1850 }
1851
1852
1853 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1854 {
1855 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1856 sm->TimeoutCtr = 0;
1857 }
1858
1859
1860 #ifdef CONFIG_IEEE80211W
1861
1862 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1863 {
1864 if (sm->mgmt_frame_prot) {
1865 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
1866 }
1867
1868 return 0;
1869 }
1870
1871
1872 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1873 {
1874 struct wpa_igtk_kde igtk;
1875 struct wpa_group *gsm = sm->group;
1876
1877 if (!sm->mgmt_frame_prot)
1878 return pos;
1879
1880 igtk.keyid[0] = gsm->GN_igtk;
1881 igtk.keyid[1] = 0;
1882 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
1883 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
1884 os_memset(igtk.pn, 0, sizeof(igtk.pn));
1885 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
1886 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1887 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
1888
1889 return pos;
1890 }
1891
1892 #else /* CONFIG_IEEE80211W */
1893
1894 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1895 {
1896 return 0;
1897 }
1898
1899
1900 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1901 {
1902 return pos;
1903 }
1904
1905 #endif /* CONFIG_IEEE80211W */
1906
1907
1908 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1909 {
1910 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
1911 size_t gtk_len, kde_len;
1912 struct wpa_group *gsm = sm->group;
1913 u8 *wpa_ie;
1914 int wpa_ie_len, secure, keyidx, encr = 0;
1915
1916 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1917 sm->TimeoutEvt = FALSE;
1918
1919 sm->TimeoutCtr++;
1920 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1921 /* No point in sending the EAPOL-Key - we will disconnect
1922 * immediately following this. */
1923 return;
1924 }
1925
1926 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
1927 GTK[GN], IGTK, [FTIE], [TIE * 2])
1928 */
1929 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1930 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1931 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
1932 wpa_ie = sm->wpa_auth->wpa_ie;
1933 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
1934 if (sm->wpa == WPA_VERSION_WPA &&
1935 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
1936 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
1937 /* WPA-only STA, remove RSN IE */
1938 wpa_ie = wpa_ie + wpa_ie[1] + 2;
1939 wpa_ie_len = wpa_ie[1] + 2;
1940 }
1941 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1942 "sending 3/4 msg of 4-Way Handshake");
1943 if (sm->wpa == WPA_VERSION_WPA2) {
1944 /* WPA2 send GTK in the 4-way handshake */
1945 secure = 1;
1946 gtk = gsm->GTK[gsm->GN - 1];
1947 gtk_len = gsm->GTK_len;
1948 keyidx = gsm->GN;
1949 _rsc = rsc;
1950 encr = 1;
1951 } else {
1952 /* WPA does not include GTK in msg 3/4 */
1953 secure = 0;
1954 gtk = NULL;
1955 gtk_len = 0;
1956 keyidx = 0;
1957 _rsc = NULL;
1958 if (sm->rx_eapol_key_secure) {
1959 /*
1960 * It looks like Windows 7 supplicant tries to use
1961 * Secure bit in msg 2/4 after having reported Michael
1962 * MIC failure and it then rejects the 4-way handshake
1963 * if msg 3/4 does not set Secure bit. Work around this
1964 * by setting the Secure bit here even in the case of
1965 * WPA if the supplicant used it first.
1966 */
1967 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1968 "STA used Secure bit in WPA msg 2/4 - "
1969 "set Secure for 3/4 as workaround");
1970 secure = 1;
1971 }
1972 }
1973
1974 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
1975 if (gtk)
1976 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
1977 #ifdef CONFIG_IEEE80211R
1978 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1979 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
1980 kde_len += 300; /* FTIE + 2 * TIE */
1981 }
1982 #endif /* CONFIG_IEEE80211R */
1983 kde = os_malloc(kde_len);
1984 if (kde == NULL)
1985 return;
1986
1987 pos = kde;
1988 os_memcpy(pos, wpa_ie, wpa_ie_len);
1989 pos += wpa_ie_len;
1990 #ifdef CONFIG_IEEE80211R
1991 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1992 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
1993 if (res < 0) {
1994 wpa_printf(MSG_ERROR, "FT: Failed to insert "
1995 "PMKR1Name into RSN IE in EAPOL-Key data");
1996 os_free(kde);
1997 return;
1998 }
1999 pos += res;
2000 }
2001 #endif /* CONFIG_IEEE80211R */
2002 if (gtk) {
2003 u8 hdr[2];
2004 hdr[0] = keyidx & 0x03;
2005 hdr[1] = 0;
2006 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2007 gtk, gtk_len);
2008 }
2009 pos = ieee80211w_kde_add(sm, pos);
2010
2011 #ifdef CONFIG_IEEE80211R
2012 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2013 int res;
2014 struct wpa_auth_config *conf;
2015
2016 conf = &sm->wpa_auth->conf;
2017 res = wpa_write_ftie(conf, conf->r0_key_holder,
2018 conf->r0_key_holder_len,
2019 NULL, NULL, pos, kde + kde_len - pos,
2020 NULL, 0);
2021 if (res < 0) {
2022 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
2023 "into EAPOL-Key Key Data");
2024 os_free(kde);
2025 return;
2026 }
2027 pos += res;
2028
2029 /* TIE[ReassociationDeadline] (TU) */
2030 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2031 *pos++ = 5;
2032 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
2033 WPA_PUT_LE32(pos, conf->reassociation_deadline);
2034 pos += 4;
2035
2036 /* TIE[KeyLifetime] (seconds) */
2037 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2038 *pos++ = 5;
2039 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
2040 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
2041 pos += 4;
2042 }
2043 #endif /* CONFIG_IEEE80211R */
2044
2045 wpa_send_eapol(sm->wpa_auth, sm,
2046 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
2047 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
2048 WPA_KEY_INFO_KEY_TYPE,
2049 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
2050 os_free(kde);
2051 }
2052
2053
2054 SM_STATE(WPA_PTK, PTKINITDONE)
2055 {
2056 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
2057 sm->EAPOLKeyReceived = FALSE;
2058 if (sm->Pair) {
2059 enum wpa_alg alg;
2060 int klen;
2061 if (sm->pairwise == WPA_CIPHER_TKIP) {
2062 alg = WPA_ALG_TKIP;
2063 klen = 32;
2064 } else {
2065 alg = WPA_ALG_CCMP;
2066 klen = 16;
2067 }
2068 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2069 sm->PTK.tk1, klen)) {
2070 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2071 return;
2072 }
2073 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2074 sm->pairwise_set = TRUE;
2075
2076 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
2077 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2078 eloop_register_timeout(sm->wpa_auth->conf.
2079 wpa_ptk_rekey, 0, wpa_rekey_ptk,
2080 sm->wpa_auth, sm);
2081 }
2082
2083 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
2084 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2085 WPA_EAPOL_authorized, 1);
2086 }
2087 }
2088
2089 if (0 /* IBSS == TRUE */) {
2090 sm->keycount++;
2091 if (sm->keycount == 2) {
2092 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2093 WPA_EAPOL_portValid, 1);
2094 }
2095 } else {
2096 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
2097 1);
2098 }
2099 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
2100 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
2101 if (sm->wpa == WPA_VERSION_WPA)
2102 sm->PInitAKeys = TRUE;
2103 else
2104 sm->has_GTK = TRUE;
2105 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2106 "pairwise key handshake completed (%s)",
2107 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2108
2109 #ifdef CONFIG_IEEE80211R
2110 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
2111 #endif /* CONFIG_IEEE80211R */
2112 }
2113
2114
2115 SM_STEP(WPA_PTK)
2116 {
2117 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2118
2119 if (sm->Init)
2120 SM_ENTER(WPA_PTK, INITIALIZE);
2121 else if (sm->Disconnect
2122 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
2123 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2124 "WPA_PTK: sm->Disconnect");
2125 SM_ENTER(WPA_PTK, DISCONNECT);
2126 }
2127 else if (sm->DeauthenticationRequest)
2128 SM_ENTER(WPA_PTK, DISCONNECTED);
2129 else if (sm->AuthenticationRequest)
2130 SM_ENTER(WPA_PTK, AUTHENTICATION);
2131 else if (sm->ReAuthenticationRequest)
2132 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2133 else if (sm->PTKRequest)
2134 SM_ENTER(WPA_PTK, PTKSTART);
2135 else switch (sm->wpa_ptk_state) {
2136 case WPA_PTK_INITIALIZE:
2137 break;
2138 case WPA_PTK_DISCONNECT:
2139 SM_ENTER(WPA_PTK, DISCONNECTED);
2140 break;
2141 case WPA_PTK_DISCONNECTED:
2142 SM_ENTER(WPA_PTK, INITIALIZE);
2143 break;
2144 case WPA_PTK_AUTHENTICATION:
2145 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2146 break;
2147 case WPA_PTK_AUTHENTICATION2:
2148 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
2149 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2150 WPA_EAPOL_keyRun) > 0)
2151 SM_ENTER(WPA_PTK, INITPMK);
2152 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
2153 /* FIX: && 802.1X::keyRun */)
2154 SM_ENTER(WPA_PTK, INITPSK);
2155 break;
2156 case WPA_PTK_INITPMK:
2157 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2158 WPA_EAPOL_keyAvailable) > 0)
2159 SM_ENTER(WPA_PTK, PTKSTART);
2160 else {
2161 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2162 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2163 "INITPMK - keyAvailable = false");
2164 SM_ENTER(WPA_PTK, DISCONNECT);
2165 }
2166 break;
2167 case WPA_PTK_INITPSK:
2168 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
2169 SM_ENTER(WPA_PTK, PTKSTART);
2170 else {
2171 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2172 "no PSK configured for the STA");
2173 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2174 SM_ENTER(WPA_PTK, DISCONNECT);
2175 }
2176 break;
2177 case WPA_PTK_PTKSTART:
2178 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2179 sm->EAPOLKeyPairwise)
2180 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2181 else if (sm->TimeoutCtr >
2182 (int) dot11RSNAConfigPairwiseUpdateCount) {
2183 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2184 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2185 "PTKSTART: Retry limit %d reached",
2186 dot11RSNAConfigPairwiseUpdateCount);
2187 SM_ENTER(WPA_PTK, DISCONNECT);
2188 } else if (sm->TimeoutEvt)
2189 SM_ENTER(WPA_PTK, PTKSTART);
2190 break;
2191 case WPA_PTK_PTKCALCNEGOTIATING:
2192 if (sm->MICVerified)
2193 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2194 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2195 sm->EAPOLKeyPairwise)
2196 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2197 else if (sm->TimeoutEvt)
2198 SM_ENTER(WPA_PTK, PTKSTART);
2199 break;
2200 case WPA_PTK_PTKCALCNEGOTIATING2:
2201 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2202 break;
2203 case WPA_PTK_PTKINITNEGOTIATING:
2204 if (sm->update_snonce)
2205 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2206 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2207 sm->EAPOLKeyPairwise && sm->MICVerified)
2208 SM_ENTER(WPA_PTK, PTKINITDONE);
2209 else if (sm->TimeoutCtr >
2210 (int) dot11RSNAConfigPairwiseUpdateCount) {
2211 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2212 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2213 "PTKINITNEGOTIATING: Retry limit %d "
2214 "reached",
2215 dot11RSNAConfigPairwiseUpdateCount);
2216 SM_ENTER(WPA_PTK, DISCONNECT);
2217 } else if (sm->TimeoutEvt)
2218 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2219 break;
2220 case WPA_PTK_PTKINITDONE:
2221 break;
2222 }
2223 }
2224
2225
2226 SM_STATE(WPA_PTK_GROUP, IDLE)
2227 {
2228 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2229 if (sm->Init) {
2230 /* Init flag is not cleared here, so avoid busy
2231 * loop by claiming nothing changed. */
2232 sm->changed = FALSE;
2233 }
2234 sm->GTimeoutCtr = 0;
2235 }
2236
2237
2238 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2239 {
2240 u8 rsc[WPA_KEY_RSC_LEN];
2241 struct wpa_group *gsm = sm->group;
2242 u8 *kde, *pos, hdr[2];
2243 size_t kde_len;
2244
2245 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
2246
2247 sm->GTimeoutCtr++;
2248 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2249 /* No point in sending the EAPOL-Key - we will disconnect
2250 * immediately following this. */
2251 return;
2252 }
2253
2254 if (sm->wpa == WPA_VERSION_WPA)
2255 sm->PInitAKeys = FALSE;
2256 sm->TimeoutEvt = FALSE;
2257 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2258 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2259 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2260 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2261 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2262 "sending 1/2 msg of Group Key Handshake");
2263
2264 if (sm->wpa == WPA_VERSION_WPA2) {
2265 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2266 ieee80211w_kde_len(sm);
2267 kde = os_malloc(kde_len);
2268 if (kde == NULL)
2269 return;
2270
2271 pos = kde;
2272 hdr[0] = gsm->GN & 0x03;
2273 hdr[1] = 0;
2274 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2275 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2276 pos = ieee80211w_kde_add(sm, pos);
2277 } else {
2278 kde = gsm->GTK[gsm->GN - 1];
2279 pos = kde + gsm->GTK_len;
2280 }
2281
2282 wpa_send_eapol(sm->wpa_auth, sm,
2283 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
2284 WPA_KEY_INFO_ACK |
2285 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
2286 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
2287 if (sm->wpa == WPA_VERSION_WPA2)
2288 os_free(kde);
2289 }
2290
2291
2292 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2293 {
2294 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2295 sm->EAPOLKeyReceived = FALSE;
2296 if (sm->GUpdateStationKeys)
2297 sm->group->GKeyDoneStations--;
2298 sm->GUpdateStationKeys = FALSE;
2299 sm->GTimeoutCtr = 0;
2300 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2301 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2302 "group key handshake completed (%s)",
2303 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2304 sm->has_GTK = TRUE;
2305 }
2306
2307
2308 SM_STATE(WPA_PTK_GROUP, KEYERROR)
2309 {
2310 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2311 if (sm->GUpdateStationKeys)
2312 sm->group->GKeyDoneStations--;
2313 sm->GUpdateStationKeys = FALSE;
2314 sm->Disconnect = TRUE;
2315 }
2316
2317
2318 SM_STEP(WPA_PTK_GROUP)
2319 {
2320 if (sm->Init || sm->PtkGroupInit) {
2321 SM_ENTER(WPA_PTK_GROUP, IDLE);
2322 sm->PtkGroupInit = FALSE;
2323 } else switch (sm->wpa_ptk_group_state) {
2324 case WPA_PTK_GROUP_IDLE:
2325 if (sm->GUpdateStationKeys ||
2326 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2327 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2328 break;
2329 case WPA_PTK_GROUP_REKEYNEGOTIATING:
2330 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2331 !sm->EAPOLKeyPairwise && sm->MICVerified)
2332 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2333 else if (sm->GTimeoutCtr >
2334 (int) dot11RSNAConfigGroupUpdateCount)
2335 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2336 else if (sm->TimeoutEvt)
2337 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2338 break;
2339 case WPA_PTK_GROUP_KEYERROR:
2340 SM_ENTER(WPA_PTK_GROUP, IDLE);
2341 break;
2342 case WPA_PTK_GROUP_REKEYESTABLISHED:
2343 SM_ENTER(WPA_PTK_GROUP, IDLE);
2344 break;
2345 }
2346 }
2347
2348
2349 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2350 struct wpa_group *group)
2351 {
2352 int ret = 0;
2353
2354 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2355 inc_byte_array(group->Counter, WPA_NONCE_LEN);
2356 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2357 wpa_auth->addr, group->GNonce,
2358 group->GTK[group->GN - 1], group->GTK_len) < 0)
2359 ret = -1;
2360 wpa_hexdump_key(MSG_DEBUG, "GTK",
2361 group->GTK[group->GN - 1], group->GTK_len);
2362
2363 #ifdef CONFIG_IEEE80211W
2364 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2365 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2366 inc_byte_array(group->Counter, WPA_NONCE_LEN);
2367 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2368 wpa_auth->addr, group->GNonce,
2369 group->IGTK[group->GN_igtk - 4],
2370 WPA_IGTK_LEN) < 0)
2371 ret = -1;
2372 wpa_hexdump_key(MSG_DEBUG, "IGTK",
2373 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
2374 }
2375 #endif /* CONFIG_IEEE80211W */
2376
2377 return ret;
2378 }
2379
2380
2381 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2382 struct wpa_group *group)
2383 {
2384 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2385 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2386 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2387 group->wpa_group_state = WPA_GROUP_GTK_INIT;
2388
2389 /* GTK[0..N] = 0 */
2390 os_memset(group->GTK, 0, sizeof(group->GTK));
2391 group->GN = 1;
2392 group->GM = 2;
2393 #ifdef CONFIG_IEEE80211W
2394 group->GN_igtk = 4;
2395 group->GM_igtk = 5;
2396 #endif /* CONFIG_IEEE80211W */
2397 /* GTK[GN] = CalcGTK() */
2398 wpa_gtk_update(wpa_auth, group);
2399 }
2400
2401
2402 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2403 {
2404 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2405 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2406 "Not in PTKINITDONE; skip Group Key update");
2407 sm->GUpdateStationKeys = FALSE;
2408 return 0;
2409 }
2410 if (sm->GUpdateStationKeys) {
2411 /*
2412 * This should not really happen, so add a debug log entry.
2413 * Since we clear the GKeyDoneStations before the loop, the
2414 * station needs to be counted here anyway.
2415 */
2416 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2417 "GUpdateStationKeys was already set when "
2418 "marking station for GTK rekeying");
2419 }
2420
2421 sm->group->GKeyDoneStations++;
2422 sm->GUpdateStationKeys = TRUE;
2423
2424 wpa_sm_step(sm);
2425 return 0;
2426 }
2427
2428
2429 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2430 struct wpa_group *group)
2431 {
2432 int tmp;
2433
2434 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2435 "SETKEYS (VLAN-ID %d)", group->vlan_id);
2436 group->changed = TRUE;
2437 group->wpa_group_state = WPA_GROUP_SETKEYS;
2438 group->GTKReKey = FALSE;
2439 tmp = group->GM;
2440 group->GM = group->GN;
2441 group->GN = tmp;
2442 #ifdef CONFIG_IEEE80211W
2443 tmp = group->GM_igtk;
2444 group->GM_igtk = group->GN_igtk;
2445 group->GN_igtk = tmp;
2446 #endif /* CONFIG_IEEE80211W */
2447 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2448 * counting the STAs that are marked with GUpdateStationKeys instead of
2449 * including all STAs that could be in not-yet-completed state. */
2450 wpa_gtk_update(wpa_auth, group);
2451
2452 if (group->GKeyDoneStations) {
2453 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
2454 "GKeyDoneStations=%d when starting new GTK rekey",
2455 group->GKeyDoneStations);
2456 group->GKeyDoneStations = 0;
2457 }
2458 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
2459 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2460 group->GKeyDoneStations);
2461 }
2462
2463
2464 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
2465 struct wpa_group *group)
2466 {
2467 int ret = 0;
2468
2469 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
2470 wpa_alg_enum(wpa_auth->conf.wpa_group),
2471 broadcast_ether_addr, group->GN,
2472 group->GTK[group->GN - 1], group->GTK_len) < 0)
2473 ret = -1;
2474
2475 #ifdef CONFIG_IEEE80211W
2476 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION &&
2477 wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
2478 broadcast_ether_addr, group->GN_igtk,
2479 group->IGTK[group->GN_igtk - 4],
2480 WPA_IGTK_LEN) < 0)
2481 ret = -1;
2482 #endif /* CONFIG_IEEE80211W */
2483
2484 return ret;
2485 }
2486
2487
2488 static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2489 struct wpa_group *group)
2490 {
2491 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2492 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2493 group->changed = TRUE;
2494 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2495
2496 if (wpa_group_config_group_keys(wpa_auth, group) < 0)
2497 return -1;
2498
2499 return 0;
2500 }
2501
2502
2503 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2504 struct wpa_group *group)
2505 {
2506 if (group->GInit) {
2507 wpa_group_gtk_init(wpa_auth, group);
2508 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2509 group->GTKAuthenticator) {
2510 wpa_group_setkeysdone(wpa_auth, group);
2511 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2512 group->GTKReKey) {
2513 wpa_group_setkeys(wpa_auth, group);
2514 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2515 if (group->GKeyDoneStations == 0)
2516 wpa_group_setkeysdone(wpa_auth, group);
2517 else if (group->GTKReKey)
2518 wpa_group_setkeys(wpa_auth, group);
2519 }
2520 }
2521
2522
2523 static int wpa_sm_step(struct wpa_state_machine *sm)
2524 {
2525 if (sm == NULL)
2526 return 0;
2527
2528 if (sm->in_step_loop) {
2529 /* This should not happen, but if it does, make sure we do not
2530 * end up freeing the state machine too early by exiting the
2531 * recursive call. */
2532 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
2533 return 0;
2534 }
2535
2536 sm->in_step_loop = 1;
2537 do {
2538 if (sm->pending_deinit)
2539 break;
2540
2541 sm->changed = FALSE;
2542 sm->wpa_auth->group->changed = FALSE;
2543
2544 SM_STEP_RUN(WPA_PTK);
2545 if (sm->pending_deinit)
2546 break;
2547 SM_STEP_RUN(WPA_PTK_GROUP);
2548 if (sm->pending_deinit)
2549 break;
2550 wpa_group_sm_step(sm->wpa_auth, sm->group);
2551 } while (sm->changed || sm->wpa_auth->group->changed);
2552 sm->in_step_loop = 0;
2553
2554 if (sm->pending_deinit) {
2555 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2556 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2557 wpa_free_sta_sm(sm);
2558 return 1;
2559 }
2560 return 0;
2561 }
2562
2563
2564 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2565 {
2566 struct wpa_state_machine *sm = eloop_ctx;
2567 wpa_sm_step(sm);
2568 }
2569
2570
2571 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2572 {
2573 if (sm == NULL)
2574 return;
2575 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2576 }
2577
2578
2579 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2580 {
2581 int tmp, i;
2582 struct wpa_group *group;
2583
2584 if (wpa_auth == NULL)
2585 return;
2586
2587 group = wpa_auth->group;
2588
2589 for (i = 0; i < 2; i++) {
2590 tmp = group->GM;
2591 group->GM = group->GN;
2592 group->GN = tmp;
2593 #ifdef CONFIG_IEEE80211W
2594 tmp = group->GM_igtk;
2595 group->GM_igtk = group->GN_igtk;
2596 group->GN_igtk = tmp;
2597 #endif /* CONFIG_IEEE80211W */
2598 wpa_gtk_update(wpa_auth, group);
2599 wpa_group_config_group_keys(wpa_auth, group);
2600 }
2601 }
2602
2603
2604 static const char * wpa_bool_txt(int bool)
2605 {
2606 return bool ? "TRUE" : "FALSE";
2607 }
2608
2609
2610 static int wpa_cipher_bits(int cipher)
2611 {
2612 switch (cipher) {
2613 case WPA_CIPHER_CCMP:
2614 return 128;
2615 case WPA_CIPHER_TKIP:
2616 return 256;
2617 case WPA_CIPHER_WEP104:
2618 return 104;
2619 case WPA_CIPHER_WEP40:
2620 return 40;
2621 default:
2622 return 0;
2623 }
2624 }
2625
2626
2627 #define RSN_SUITE "%02x-%02x-%02x-%d"
2628 #define RSN_SUITE_ARG(s) \
2629 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2630
2631 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2632 {
2633 int len = 0, ret;
2634 char pmkid_txt[PMKID_LEN * 2 + 1];
2635 #ifdef CONFIG_RSN_PREAUTH
2636 const int preauth = 1;
2637 #else /* CONFIG_RSN_PREAUTH */
2638 const int preauth = 0;
2639 #endif /* CONFIG_RSN_PREAUTH */
2640
2641 if (wpa_auth == NULL)
2642 return len;
2643
2644 ret = os_snprintf(buf + len, buflen - len,
2645 "dot11RSNAOptionImplemented=TRUE\n"
2646 "dot11RSNAPreauthenticationImplemented=%s\n"
2647 "dot11RSNAEnabled=%s\n"
2648 "dot11RSNAPreauthenticationEnabled=%s\n",
2649 wpa_bool_txt(preauth),
2650 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2651 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2652 if (ret < 0 || (size_t) ret >= buflen - len)
2653 return len;
2654 len += ret;
2655
2656 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2657 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2658
2659 ret = os_snprintf(
2660 buf + len, buflen - len,
2661 "dot11RSNAConfigVersion=%u\n"
2662 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2663 /* FIX: dot11RSNAConfigGroupCipher */
2664 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2665 /* FIX: dot11RSNAConfigGroupRekeyTime */
2666 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2667 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2668 "dot11RSNAConfigGroupUpdateCount=%u\n"
2669 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2670 "dot11RSNAConfigGroupCipherSize=%u\n"
2671 "dot11RSNAConfigPMKLifetime=%u\n"
2672 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2673 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2674 "dot11RSNAConfigSATimeout=%u\n"
2675 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2676 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2677 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2678 "dot11RSNAPMKIDUsed=%s\n"
2679 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2680 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2681 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2682 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2683 "dot11RSNA4WayHandshakeFailures=%u\n"
2684 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2685 RSN_VERSION,
2686 !!wpa_auth->conf.wpa_strict_rekey,
2687 dot11RSNAConfigGroupUpdateCount,
2688 dot11RSNAConfigPairwiseUpdateCount,
2689 wpa_cipher_bits(wpa_auth->conf.wpa_group),
2690 dot11RSNAConfigPMKLifetime,
2691 dot11RSNAConfigPMKReauthThreshold,
2692 dot11RSNAConfigSATimeout,
2693 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2694 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2695 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2696 pmkid_txt,
2697 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2698 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2699 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2700 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2701 wpa_auth->dot11RSNA4WayHandshakeFailures);
2702 if (ret < 0 || (size_t) ret >= buflen - len)
2703 return len;
2704 len += ret;
2705
2706 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2707 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2708
2709 /* Private MIB */
2710 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2711 wpa_auth->group->wpa_group_state);
2712 if (ret < 0 || (size_t) ret >= buflen - len)
2713 return len;
2714 len += ret;
2715
2716 return len;
2717 }
2718
2719
2720 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2721 {
2722 int len = 0, ret;
2723 u32 pairwise = 0;
2724
2725 if (sm == NULL)
2726 return 0;
2727
2728 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2729
2730 /* dot11RSNAStatsEntry */
2731
2732 if (sm->wpa == WPA_VERSION_WPA) {
2733 if (sm->pairwise == WPA_CIPHER_CCMP)
2734 pairwise = WPA_CIPHER_SUITE_CCMP;
2735 else if (sm->pairwise == WPA_CIPHER_TKIP)
2736 pairwise = WPA_CIPHER_SUITE_TKIP;
2737 else if (sm->pairwise == WPA_CIPHER_WEP104)
2738 pairwise = WPA_CIPHER_SUITE_WEP104;
2739 else if (sm->pairwise == WPA_CIPHER_WEP40)
2740 pairwise = WPA_CIPHER_SUITE_WEP40;
2741 else if (sm->pairwise == WPA_CIPHER_NONE)
2742 pairwise = WPA_CIPHER_SUITE_NONE;
2743 } else if (sm->wpa == WPA_VERSION_WPA2) {
2744 if (sm->pairwise == WPA_CIPHER_CCMP)
2745 pairwise = RSN_CIPHER_SUITE_CCMP;
2746 else if (sm->pairwise == WPA_CIPHER_TKIP)
2747 pairwise = RSN_CIPHER_SUITE_TKIP;
2748 else if (sm->pairwise == WPA_CIPHER_WEP104)
2749 pairwise = RSN_CIPHER_SUITE_WEP104;
2750 else if (sm->pairwise == WPA_CIPHER_WEP40)
2751 pairwise = RSN_CIPHER_SUITE_WEP40;
2752 else if (sm->pairwise == WPA_CIPHER_NONE)
2753 pairwise = RSN_CIPHER_SUITE_NONE;
2754 } else
2755 return 0;
2756
2757 ret = os_snprintf(
2758 buf + len, buflen - len,
2759 /* TODO: dot11RSNAStatsIndex */
2760 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2761 "dot11RSNAStatsVersion=1\n"
2762 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2763 /* TODO: dot11RSNAStatsTKIPICVErrors */
2764 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2765 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
2766 /* TODO: dot11RSNAStatsCCMPReplays */
2767 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2768 /* TODO: dot11RSNAStatsTKIPReplays */,
2769 MAC2STR(sm->addr),
2770 RSN_SUITE_ARG(pairwise),
2771 sm->dot11RSNAStatsTKIPLocalMICFailures,
2772 sm->dot11RSNAStatsTKIPRemoteMICFailures);
2773 if (ret < 0 || (size_t) ret >= buflen - len)
2774 return len;
2775 len += ret;
2776
2777 /* Private MIB */
2778 ret = os_snprintf(buf + len, buflen - len,
2779 "hostapdWPAPTKState=%d\n"
2780 "hostapdWPAPTKGroupState=%d\n",
2781 sm->wpa_ptk_state,
2782 sm->wpa_ptk_group_state);
2783 if (ret < 0 || (size_t) ret >= buflen - len)
2784 return len;
2785 len += ret;
2786
2787 return len;
2788 }
2789
2790
2791 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2792 {
2793 if (wpa_auth)
2794 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2795 }
2796
2797
2798 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2799 {
2800 return sm && sm->pairwise_set;
2801 }
2802
2803
2804 int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
2805 {
2806 return sm->pairwise;
2807 }
2808
2809
2810 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2811 {
2812 if (sm == NULL)
2813 return -1;
2814 return sm->wpa_key_mgmt;
2815 }
2816
2817
2818 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
2819 {
2820 if (sm == NULL)
2821 return 0;
2822 return sm->wpa;
2823 }
2824
2825
2826 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
2827 struct rsn_pmksa_cache_entry *entry)
2828 {
2829 if (sm == NULL || sm->pmksa != entry)
2830 return -1;
2831 sm->pmksa = NULL;
2832 return 0;
2833 }
2834
2835
2836 struct rsn_pmksa_cache_entry *
2837 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
2838 {
2839 return sm ? sm->pmksa : NULL;
2840 }
2841
2842
2843 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
2844 {
2845 if (sm)
2846 sm->dot11RSNAStatsTKIPLocalMICFailures++;
2847 }
2848
2849
2850 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
2851 {
2852 if (wpa_auth == NULL)
2853 return NULL;
2854 *len = wpa_auth->wpa_ie_len;
2855 return wpa_auth->wpa_ie;
2856 }
2857
2858
2859 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
2860 int session_timeout, struct eapol_state_machine *eapol)
2861 {
2862 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
2863 sm->wpa_auth->conf.disable_pmksa_caching)
2864 return -1;
2865
2866 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
2867 sm->wpa_auth->addr, sm->addr, session_timeout,
2868 eapol, sm->wpa_key_mgmt))
2869 return 0;
2870
2871 return -1;
2872 }
2873
2874
2875 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
2876 const u8 *pmk, size_t len, const u8 *sta_addr,
2877 int session_timeout,
2878 struct eapol_state_machine *eapol)
2879 {
2880 if (wpa_auth == NULL)
2881 return -1;
2882
2883 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
2884 sta_addr, session_timeout, eapol,
2885 WPA_KEY_MGMT_IEEE8021X))
2886 return 0;
2887
2888 return -1;
2889 }
2890
2891
2892 static struct wpa_group *
2893 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
2894 {
2895 struct wpa_group *group;
2896
2897 if (wpa_auth == NULL || wpa_auth->group == NULL)
2898 return NULL;
2899
2900 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
2901 vlan_id);
2902 group = wpa_group_init(wpa_auth, vlan_id, 0);
2903 if (group == NULL)
2904 return NULL;
2905
2906 group->next = wpa_auth->group->next;
2907 wpa_auth->group->next = group;
2908
2909 return group;
2910 }
2911
2912
2913 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
2914 {
2915 struct wpa_group *group;
2916
2917 if (sm == NULL || sm->wpa_auth == NULL)
2918 return 0;
2919
2920 group = sm->wpa_auth->group;
2921 while (group) {
2922 if (group->vlan_id == vlan_id)
2923 break;
2924 group = group->next;
2925 }
2926
2927 if (group == NULL) {
2928 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
2929 if (group == NULL)
2930 return -1;
2931 }
2932
2933 if (sm->group == group)
2934 return 0;
2935
2936 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
2937 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
2938
2939 sm->group = group;
2940 return 0;
2941 }
2942
2943
2944 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
2945 struct wpa_state_machine *sm, int ack)
2946 {
2947 if (wpa_auth == NULL || sm == NULL)
2948 return;
2949 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
2950 " ack=%d", MAC2STR(sm->addr), ack);
2951 if (sm->pending_1_of_4_timeout && ack) {
2952 /*
2953 * Some deployed supplicant implementations update their SNonce
2954 * for each EAPOL-Key 2/4 message even within the same 4-way
2955 * handshake and then fail to use the first SNonce when
2956 * deriving the PTK. This results in unsuccessful 4-way
2957 * handshake whenever the relatively short initial timeout is
2958 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
2959 * around this by increasing the timeout now that we know that
2960 * the station has received the frame.
2961 */
2962 int timeout_ms = eapol_key_timeout_subseq;
2963 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
2964 "timeout by %u ms because of acknowledged frame",
2965 timeout_ms);
2966 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
2967 eloop_register_timeout(timeout_ms / 1000,
2968 (timeout_ms % 1000) * 1000,
2969 wpa_send_eapol_timeout, wpa_auth, sm);
2970 }
2971 }
Unnamed repository; edit this file 'description' to name the repository.