]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: Group management frame cipher suites
[thirdparty/hostap.git] / src / ap / wpa_auth.c
CommitLineData
6fc6879b 1/*
00338a4f 2 * IEEE 802.11 RSN / WPA Authenticator
94ddef3e 3 * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
6fc6879b 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
6fc6879b
JM		 7 */
8
6226e38d 9#include "utils/includes.h"
6fc6879b 10
6226e38d
JM		 11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/state_machine.h"
25ef8529 14#include "utils/bitfield.h"
81f4f619 15#include "common/ieee802_11_defs.h"
03da66bd
JM		 16#include "crypto/aes_wrap.h"
17#include "crypto/crypto.h"
18#include "crypto/sha1.h"
19#include "crypto/sha256.h"
3642c431 20#include "crypto/random.h"
281c950b 21#include "eapol_auth/eapol_auth_sm.h"
6226e38d 22#include "ap_config.h"
6fc6879b 23#include "ieee802_11.h"
6226e38d
JM		 24#include "wpa_auth.h"
25#include "pmksa_cache_auth.h"
6fc6879b
JM		 26#include "wpa_auth_i.h"
27#include "wpa_auth_ie.h"
28
29#define STATE_MACHINE_DATA struct wpa_state_machine
30#define STATE_MACHINE_DEBUG_PREFIX "WPA"
31#define STATE_MACHINE_ADDR sm->addr
32
33
34static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
e4a6ea1d 35static int wpa_sm_step(struct wpa_state_machine *sm);
929a2ea5
JM		 36static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
37 size_t data_len);
6fc6879b
JM		 38static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
39static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
40 struct wpa_group *group);
581a8cde 41static void wpa_request_new_ptk(struct wpa_state_machine *sm);
e6965d4e
JM		 42static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
43 struct wpa_group *group);
1bdb7ab3
JM		 44static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
45 struct wpa_group *group);
f23c5b17
JM		 46static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
47 const u8 *pmk, struct wpa_ptk *ptk);
6fc6879b 48
bae61562
JM		 49static const u32 dot11RSNAConfigGroupUpdateCount = 4;
50static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
51static const u32 eapol_key_timeout_first = 100; /* ms */
52static const u32 eapol_key_timeout_subseq = 1000; /* ms */
00338a4f 53static const u32 eapol_key_timeout_first_group = 500; /* ms */
6fc6879b
JM		 54
55/* TODO: make these configurable */
56static const int dot11RSNAConfigPMKLifetime = 43200;
57static const int dot11RSNAConfigPMKReauthThreshold = 70;
58static const int dot11RSNAConfigSATimeout = 60;
59
60
c772d054 61static inline int wpa_auth_mic_failure_report(
6fc6879b
JM		 62 struct wpa_authenticator *wpa_auth, const u8 *addr)
63{
64 if (wpa_auth->cb.mic_failure_report)
c772d054
JM		 65 return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
66 return 0;
6fc6879b
JM		 67}
68
69
70static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
71 const u8 *addr, wpa_eapol_variable var,
72 int value)
73{
74 if (wpa_auth->cb.set_eapol)
75 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
76}
77
78
79static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
80 const u8 *addr, wpa_eapol_variable var)
81{
82 if (wpa_auth->cb.get_eapol == NULL)
83 return -1;
84 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
85}
86
87
88static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
759fd76b
JM		 89 const u8 *addr,
90 const u8 *p2p_dev_addr,
91 const u8 *prev_psk)
6fc6879b
JM		 92{
93 if (wpa_auth->cb.get_psk == NULL)
94 return NULL;
759fd76b
JM		 95 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr,
96 prev_psk);
6fc6879b
JM		 97}
98
99
100static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
101 const u8 *addr, u8 *msk, size_t *len)
102{
103 if (wpa_auth->cb.get_msk == NULL)
104 return -1;
105 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
106}
107
108
109static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
110 int vlan_id,
71934751 111 enum wpa_alg alg, const u8 *addr, int idx,
6fc6879b
JM		 112 u8 *key, size_t key_len)
113{
114 if (wpa_auth->cb.set_key == NULL)
115 return -1;
116 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
117 key, key_len);
118}
119
120
121static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
122 const u8 *addr, int idx, u8 *seq)
123{
124 if (wpa_auth->cb.get_seqnum == NULL)
125 return -1;
126 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
127}
128
129
6fc6879b
JM		 130static inline int
131wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
132 const u8 *data, size_t data_len, int encrypt)
133{
134 if (wpa_auth->cb.send_eapol == NULL)
135 return -1;
136 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
137 encrypt);
138}
139
140
c50d94f1
BC		 141#ifdef CONFIG_MESH
142static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
143 const u8 *addr)
144{
145 if (wpa_auth->cb.start_ampe == NULL)
146 return -1;
147 return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr);
148}
149#endif /* CONFIG_MESH */
150
151
6fc6879b
JM		 152int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
153 int (*cb)(struct wpa_state_machine *sm, void *ctx),
154 void *cb_ctx)
155{
156 if (wpa_auth->cb.for_each_sta == NULL)
157 return 0;
158 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
159}
160
161
bf98f7f3
JM		 162int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
163 int (*cb)(struct wpa_authenticator *a, void *ctx),
164 void *cb_ctx)
165{
166 if (wpa_auth->cb.for_each_auth == NULL)
167 return 0;
168 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
169}
170
171
6fc6879b
JM		 172void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
173 logger_level level, const char *txt)
174{
175 if (wpa_auth->cb.logger == NULL)
176 return;
177 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
178}
179
180
181void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
182 logger_level level, const char *fmt, ...)
183{
184 char *format;
185 int maxlen;
186 va_list ap;
187
188 if (wpa_auth->cb.logger == NULL)
189 return;
190
191 maxlen = os_strlen(fmt) + 100;
192 format = os_malloc(maxlen);
193 if (!format)
194 return;
195
196 va_start(ap, fmt);
197 vsnprintf(format, maxlen, fmt, ap);
198 va_end(ap);
199
200 wpa_auth_logger(wpa_auth, addr, level, format);
201
202 os_free(format);
203}
204
205
206static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
207 const u8 *addr)
208{
209 if (wpa_auth->cb.disconnect == NULL)
210 return;
afcc9ea1 211 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
6fc6879b
JM		 212 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
213 WLAN_REASON_PREV_AUTH_NOT_VALID);
214}
215
216
217static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
218{
56586197 219 int ret = 0;
6fc6879b 220#ifdef CONFIG_IEEE80211R
56586197
JM		 221 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
222 ret = 1;
6fc6879b 223#endif /* CONFIG_IEEE80211R */
56586197
JM		 224#ifdef CONFIG_IEEE80211W
225 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
226 ret = 1;
227#endif /* CONFIG_IEEE80211W */
a14896e8
JM		 228 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN)
229 ret = 1;
56586197 230 return ret;
6fc6879b
JM		 231}
232
233
234static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
235{
236 struct wpa_authenticator *wpa_auth = eloop_ctx;
237
3642c431 238 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
6fc6879b
JM		 239 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
240 "initialization.");
241 } else {
242 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
5cb9d5c3
JM		 243 wpa_hexdump_key(MSG_DEBUG, "GMK",
244 wpa_auth->group->GMK, WPA_GMK_LEN);
6fc6879b
JM		 245 }
246
247 if (wpa_auth->conf.wpa_gmk_rekey) {
248 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
249 wpa_rekey_gmk, wpa_auth, NULL);
250 }
251}
252
253
254static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
255{
256 struct wpa_authenticator *wpa_auth = eloop_ctx;
257 struct wpa_group *group;
258
259 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
260 for (group = wpa_auth->group; group; group = group->next) {
261 group->GTKReKey = TRUE;
262 do {
263 group->changed = FALSE;
264 wpa_group_sm_step(wpa_auth, group);
265 } while (group->changed);
266 }
267
268 if (wpa_auth->conf.wpa_group_rekey) {
269 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
270 0, wpa_rekey_gtk, wpa_auth, NULL);
271 }
272}
273
274
581a8cde
JM		 275static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
276{
277 struct wpa_authenticator *wpa_auth = eloop_ctx;
278 struct wpa_state_machine *sm = timeout_ctx;
279
280 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
281 wpa_request_new_ptk(sm);
282 wpa_sm_step(sm);
283}
284
285
6fc6879b
JM		 286static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
287{
288 if (sm->pmksa == ctx)
289 sm->pmksa = NULL;
290 return 0;
291}
292
293
294static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
295 void *ctx)
296{
297 struct wpa_authenticator *wpa_auth = ctx;
298 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
299}
300
301
1bdb7ab3
JM		 302static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
303 struct wpa_group *group)
304{
559cdabb 305 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
1bdb7ab3 306 u8 rkey[32];
559cdabb 307 unsigned long ptr;
1bdb7ab3 308
3642c431 309 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
1bdb7ab3
JM		 310 return -1;
311 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
312
313 /*
314 * Counter = PRF-256(Random number, "Init Counter",
315 * Local MAC Address || Time)
316 */
317 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
318 wpa_get_ntp_timestamp(buf + ETH_ALEN);
559cdabb
JM		 319 ptr = (unsigned long) group;
320 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
3642c431 321 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
1bdb7ab3
JM		 322 return -1;
323
324 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
325 group->Counter, WPA_NONCE_LEN) < 0)
326 return -1;
327 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
328 group->Counter, WPA_NONCE_LEN);
329
330 return 0;
331}
332
333
e6965d4e 334static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
bdffdc5d 335 int vlan_id, int delay_init)
e6965d4e
JM		 336{
337 struct wpa_group *group;
e6965d4e
JM		 338
339 group = os_zalloc(sizeof(struct wpa_group));
340 if (group == NULL)
341 return NULL;
342
343 group->GTKAuthenticator = TRUE;
344 group->vlan_id = vlan_id;
c3550295 345 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
6fc6879b 346
08704cd8
JM		 347 if (random_pool_ready() != 1) {
348 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
349 "for secure operations - update keys later when "
350 "the first station connects");
351 }
352
1bdb7ab3
JM		 353 /*
354 * Set initial GMK/Counter value here. The actual values that will be
355 * used in negotiations will be set once the first station tries to
356 * connect. This allows more time for collecting additional randomness
357 * on embedded devices.
6fc6879b 358 */
1bdb7ab3 359 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
6fc6879b
JM		 360 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
361 "initialization.");
362 os_free(group);
363 return NULL;
364 }
6fc6879b
JM		 365
366 group->GInit = TRUE;
bdffdc5d
JM		 367 if (delay_init) {
368 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
369 "until Beacon frames have been configured");
370 /* Initialization is completed in wpa_init_keys(). */
371 } else {
372 wpa_group_sm_step(wpa_auth, group);
373 group->GInit = FALSE;
374 wpa_group_sm_step(wpa_auth, group);
375 }
6fc6879b
JM		 376
377 return group;
378}
379
380
381/**
382 * wpa_init - Initialize WPA authenticator
383 * @addr: Authenticator address
384 * @conf: Configuration for WPA authenticator
a17df5fb 385 * @cb: Callback functions for WPA authenticator
6fc6879b
JM		 386 * Returns: Pointer to WPA authenticator data or %NULL on failure
387 */
388struct wpa_authenticator * wpa_init(const u8 *addr,
389 struct wpa_auth_config *conf,
390 struct wpa_auth_callbacks *cb)
391{
392 struct wpa_authenticator *wpa_auth;
393
394 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
395 if (wpa_auth == NULL)
396 return NULL;
397 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
398 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
399 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
400
401 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
402 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
403 os_free(wpa_auth);
404 return NULL;
405 }
406
bdffdc5d 407 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
6fc6879b
JM		 408 if (wpa_auth->group == NULL) {
409 os_free(wpa_auth->wpa_ie);
410 os_free(wpa_auth);
411 return NULL;
412 }
413
4bb081f1
JM		 414 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
415 wpa_auth);
6fc6879b
JM		 416 if (wpa_auth->pmksa == NULL) {
417 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
27d9701d 418 os_free(wpa_auth->group);
6fc6879b
JM		 419 os_free(wpa_auth->wpa_ie);
420 os_free(wpa_auth);
421 return NULL;
422 }
423
424#ifdef CONFIG_IEEE80211R
425 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
426 if (wpa_auth->ft_pmk_cache == NULL) {
427 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
27d9701d 428 os_free(wpa_auth->group);
6fc6879b 429 os_free(wpa_auth->wpa_ie);
4bb081f1 430 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 431 os_free(wpa_auth);
432 return NULL;
433 }
434#endif /* CONFIG_IEEE80211R */
435
436 if (wpa_auth->conf.wpa_gmk_rekey) {
437 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
438 wpa_rekey_gmk, wpa_auth, NULL);
439 }
440
441 if (wpa_auth->conf.wpa_group_rekey) {
442 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
443 wpa_rekey_gtk, wpa_auth, NULL);
444 }
445
25ef8529
JM		 446#ifdef CONFIG_P2P
447 if (WPA_GET_BE32(conf->ip_addr_start)) {
448 int count = WPA_GET_BE32(conf->ip_addr_end) -
449 WPA_GET_BE32(conf->ip_addr_start) + 1;
450 if (count > 1000)
451 count = 1000;
452 if (count > 0)
453 wpa_auth->ip_pool = bitfield_alloc(count);
454 }
455#endif /* CONFIG_P2P */
456
6fc6879b
JM		 457 return wpa_auth;
458}
459
460
bdffdc5d
JM		 461int wpa_init_keys(struct wpa_authenticator *wpa_auth)
462{
463 struct wpa_group *group = wpa_auth->group;
464
465 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
466 "keys");
467 wpa_group_sm_step(wpa_auth, group);
468 group->GInit = FALSE;
469 wpa_group_sm_step(wpa_auth, group);
7d7f7be2
JM		 470 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
471 return -1;
bdffdc5d
JM		 472 return 0;
473}
474
475
6fc6879b
JM		 476/**
477 * wpa_deinit - Deinitialize WPA authenticator
478 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
479 */
480void wpa_deinit(struct wpa_authenticator *wpa_auth)
481{
482 struct wpa_group *group, *prev;
483
484 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
485 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
486
487#ifdef CONFIG_PEERKEY
488 while (wpa_auth->stsl_negotiations)
489 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
490#endif /* CONFIG_PEERKEY */
491
4bb081f1 492 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 493
494#ifdef CONFIG_IEEE80211R
495 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
496 wpa_auth->ft_pmk_cache = NULL;
497#endif /* CONFIG_IEEE80211R */
498
25ef8529
JM		 499#ifdef CONFIG_P2P
500 bitfield_free(wpa_auth->ip_pool);
501#endif /* CONFIG_P2P */
502
503
6fc6879b
JM		 504 os_free(wpa_auth->wpa_ie);
505
506 group = wpa_auth->group;
507 while (group) {
508 prev = group;
509 group = group->next;
510 os_free(prev);
511 }
512
513 os_free(wpa_auth);
514}
515
516
517/**
518 * wpa_reconfig - Update WPA authenticator configuration
519 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
520 * @conf: Configuration for WPA authenticator
521 */
522int wpa_reconfig(struct wpa_authenticator *wpa_auth,
523 struct wpa_auth_config *conf)
524{
e6965d4e 525 struct wpa_group *group;
6fc6879b
JM		 526 if (wpa_auth == NULL)
527 return 0;
528
529 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
ad08c363
JM		 530 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
531 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
532 return -1;
533 }
534
e6965d4e
JM		 535 /*
536 * Reinitialize GTK to make sure it is suitable for the new
537 * configuration.
538 */
539 group = wpa_auth->group;
c3550295 540 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
e6965d4e
JM		 541 group->GInit = TRUE;
542 wpa_group_sm_step(wpa_auth, group);
543 group->GInit = FALSE;
544 wpa_group_sm_step(wpa_auth, group);
545
6fc6879b
JM		 546 return 0;
547}
548
549
550struct wpa_state_machine *
94ddef3e
JM		 551wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
552 const u8 *p2p_dev_addr)
6fc6879b
JM		 553{
554 struct wpa_state_machine *sm;
555
7d7f7be2
JM		 556 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
557 return NULL;
558
6fc6879b
JM		 559 sm = os_zalloc(sizeof(struct wpa_state_machine));
560 if (sm == NULL)
561 return NULL;
562 os_memcpy(sm->addr, addr, ETH_ALEN);
94ddef3e
JM		 563 if (p2p_dev_addr)
564 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
6fc6879b
JM		 565
566 sm->wpa_auth = wpa_auth;
567 sm->group = wpa_auth->group;
568
569 return sm;
570}
571
572
6f9b5d16
JM		 573int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
574 struct wpa_state_machine *sm)
6fc6879b
JM		 575{
576 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
6f9b5d16 577 return -1;
6fc6879b
JM		 578
579#ifdef CONFIG_IEEE80211R
580 if (sm->ft_completed) {
581 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
582 "FT authentication already completed - do not "
583 "start 4-way handshake");
3d4d2348
JM		 584 /* Go to PTKINITDONE state to allow GTK rekeying */
585 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
6f9b5d16 586 return 0;
6fc6879b
JM		 587 }
588#endif /* CONFIG_IEEE80211R */
589
590 if (sm->started) {
22a299ee 591 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
6fc6879b 592 sm->ReAuthenticationRequest = TRUE;
6f9b5d16 593 return wpa_sm_step(sm);
6fc6879b
JM		 594 }
595
596 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
597 "start authentication");
598 sm->started = 1;
599
600 sm->Init = TRUE;
e4a6ea1d 601 if (wpa_sm_step(sm) == 1)
6f9b5d16 602 return 1; /* should not really happen */
6fc6879b
JM		 603 sm->Init = FALSE;
604 sm->AuthenticationRequest = TRUE;
6f9b5d16 605 return wpa_sm_step(sm);
6fc6879b
JM		 606}
607
608
a8d05fca
JM		 609void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
610{
611 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
612 * reassociates back to the same AP while the previous entry for the
613 * STA has not yet been removed. */
614 if (sm == NULL)
615 return;
616
617 sm->wpa_key_mgmt = 0;
618}
619
620
6fc6879b
JM		 621static void wpa_free_sta_sm(struct wpa_state_machine *sm)
622{
25ef8529
JM		 623#ifdef CONFIG_P2P
624 if (WPA_GET_BE32(sm->ip_addr)) {
625 u32 start;
626 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
627 "address %u.%u.%u.%u from " MACSTR,
628 sm->ip_addr[0], sm->ip_addr[1],
629 sm->ip_addr[2], sm->ip_addr[3],
630 MAC2STR(sm->addr));
631 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
632 bitfield_clear(sm->wpa_auth->ip_pool,
633 WPA_GET_BE32(sm->ip_addr) - start);
634 }
635#endif /* CONFIG_P2P */
2ade8ef2
JM		 636 if (sm->GUpdateStationKeys) {
637 sm->group->GKeyDoneStations--;
638 sm->GUpdateStationKeys = FALSE;
639 }
0f857f43
JM		 640#ifdef CONFIG_IEEE80211R
641 os_free(sm->assoc_resp_ftie);
692ec305 642 wpabuf_free(sm->ft_pending_req_ies);
0f857f43 643#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 644 os_free(sm->last_rx_eapol_key);
645 os_free(sm->wpa_ie);
646 os_free(sm);
647}
648
649
650void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
651{
652 if (sm == NULL)
653 return;
654
655 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
656 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
657 "strict rekeying - force GTK rekey since STA "
658 "is leaving");
659 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
660 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
661 NULL);
662 }
663
664 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
e4bf4db9 665 sm->pending_1_of_4_timeout = 0;
6fc6879b 666 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
581a8cde 667 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 668 if (sm->in_step_loop) {
669 /* Must not free state machine while wpa_sm_step() is running.
670 * Freeing will be completed in the end of wpa_sm_step(). */
671 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
672 "machine deinit for " MACSTR, MAC2STR(sm->addr));
673 sm->pending_deinit = 1;
674 } else
675 wpa_free_sta_sm(sm);
676}
677
678
679static void wpa_request_new_ptk(struct wpa_state_machine *sm)
680{
681 if (sm == NULL)
682 return;
683
684 sm->PTKRequest = TRUE;
685 sm->PTK_valid = 0;
686}
687
688
68921e24 689static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
22a299ee
JM		 690 const u8 *replay_counter)
691{
692 int i;
693 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
68921e24 694 if (!ctr[i].valid)
22a299ee 695 break;
68921e24 696 if (os_memcmp(replay_counter, ctr[i].counter,
22a299ee
JM		 697 WPA_REPLAY_COUNTER_LEN) == 0)
698 return 1;
699 }
700 return 0;
701}
702
703
68921e24
JM		 704static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
705 const u8 *replay_counter)
706{
707 int i;
708 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
709 if (ctr[i].valid &&
710 (replay_counter == NULL ||
711 os_memcmp(replay_counter, ctr[i].counter,
712 WPA_REPLAY_COUNTER_LEN) == 0))
713 ctr[i].valid = FALSE;
714 }
715}
716
717
0f857f43
JM		 718#ifdef CONFIG_IEEE80211R
719static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
720 struct wpa_state_machine *sm,
721 struct wpa_eapol_ie_parse *kde)
722{
723 struct wpa_ie_data ie;
724 struct rsn_mdie *mdie;
725
726 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
727 ie.num_pmkid != 1 || ie.pmkid == NULL) {
728 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
729 "FT 4-way handshake message 2/4");
730 return -1;
731 }
732
733 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
734 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
735 sm->sup_pmk_r1_name, PMKID_LEN);
736
737 if (!kde->mdie || !kde->ftie) {
738 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
739 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
740 return -1;
741 }
742
743 mdie = (struct rsn_mdie *) (kde->mdie + 2);
744 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
745 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
746 MOBILITY_DOMAIN_ID_LEN) != 0) {
747 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
748 return -1;
749 }
750
751 if (sm->assoc_resp_ftie &&
752 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
753 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
754 2 + sm->assoc_resp_ftie[1]) != 0)) {
755 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
756 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
757 kde->ftie, kde->ftie_len);
758 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
759 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
760 return -1;
761 }
762
763 return 0;
764}
765#endif /* CONFIG_IEEE80211R */
766
767
c772d054
JM		 768static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
769 struct wpa_state_machine *sm, int group)
ec027805
JM		 770{
771 /* Supplicant reported a Michael MIC error */
772 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
773 "received EAPOL-Key Error Request "
774 "(STA detected Michael MIC failure (group=%d))",
775 group);
fbc72d32
JM		 776
777 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
778 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
779 "ignore Michael MIC failure report since "
780 "group cipher is not TKIP");
781 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
782 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
783 "ignore Michael MIC failure report since "
784 "pairwise cipher is not TKIP");
785 } else {
c772d054
JM		 786 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
787 return 1; /* STA entry was removed */
fbc72d32
JM		 788 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
789 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
790 }
ec027805
JM		 791
792 /*
793 * Error report is not a request for a new key handshake, but since
794 * Authenticator may do it, let's change the keys now anyway.
795 */
796 wpa_request_new_ptk(sm);
c772d054 797 return 0;
ec027805
JM		 798}
799
800
f23c5b17
JM		 801static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
802 size_t data_len)
803{
804 struct wpa_ptk PTK;
805 int ok = 0;
806 const u8 *pmk = NULL;
807
808 for (;;) {
809 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
810 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
811 sm->p2p_dev_addr, pmk);
812 if (pmk == NULL)
813 break;
814 } else
815 pmk = sm->PMK;
816
817 wpa_derive_ptk(sm, sm->alt_SNonce, pmk, &PTK);
818
819 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len)
820 == 0) {
821 ok = 1;
822 break;
823 }
824
825 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
826 break;
827 }
828
829 if (!ok) {
830 wpa_printf(MSG_DEBUG,
831 "WPA: Earlier SNonce did not result in matching MIC");
832 return -1;
833 }
834
835 wpa_printf(MSG_DEBUG,
836 "WPA: Earlier SNonce resulted in matching MIC");
837 sm->alt_snonce_valid = 0;
838 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
839 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
840 sm->PTK_valid = TRUE;
841
842 return 0;
843}
844
845
6fc6879b
JM		 846void wpa_receive(struct wpa_authenticator *wpa_auth,
847 struct wpa_state_machine *sm,
848 u8 *data, size_t data_len)
849{
850 struct ieee802_1x_hdr *hdr;
851 struct wpa_eapol_key *key;
852 u16 key_info, key_data_length;
853 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
854 SMK_M1, SMK_M3, SMK_ERROR } msg;
855 char *msgtxt;
856 struct wpa_eapol_ie_parse kde;
26e23750 857 int ft;
1566ec46
JM		 858 const u8 *eapol_key_ie;
859 size_t eapol_key_ie_len;
6fc6879b
JM		 860
861 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
862 return;
863
864 if (data_len < sizeof(*hdr) + sizeof(*key))
865 return;
866
867 hdr = (struct ieee802_1x_hdr *) data;
868 key = (struct wpa_eapol_key *) (hdr + 1);
869 key_info = WPA_GET_BE16(key->key_info);
870 key_data_length = WPA_GET_BE16(key->key_data_length);
0d442aff
JM		 871 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
872 " key_info=0x%x type=%u key_data_length=%u",
873 MAC2STR(sm->addr), key_info, key->type, key_data_length);
6fc6879b
JM		 874 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
875 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
876 "key_data overflow (%d > %lu)",
877 key_data_length,
878 (unsigned long) (data_len - sizeof(*hdr) -
879 sizeof(*key)));
880 return;
881 }
882
f8e96eb6 883 if (sm->wpa == WPA_VERSION_WPA2) {
74590e71
JM		 884 if (key->type == EAPOL_KEY_TYPE_WPA) {
885 /*
886 * Some deployed station implementations seem to send
887 * msg 4/4 with incorrect type value in WPA2 mode.
888 */
889 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
890 "with unexpected WPA type in RSN mode");
891 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
f8e96eb6
JM		 892 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
893 "unexpected type %d in RSN mode",
894 key->type);
895 return;
896 }
897 } else {
898 if (key->type != EAPOL_KEY_TYPE_WPA) {
899 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
900 "unexpected type %d in WPA mode",
901 key->type);
902 return;
903 }
904 }
905
bc8318ac
JM		 906 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
907 WPA_NONCE_LEN);
908 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
909 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
910
6fc6879b
JM		 911 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
912 * are set */
913
914 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
915 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
916 if (key_info & WPA_KEY_INFO_ERROR) {
917 msg = SMK_ERROR;
918 msgtxt = "SMK Error";
919 } else {
920 msg = SMK_M1;
921 msgtxt = "SMK M1";
922 }
923 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
924 msg = SMK_M3;
925 msgtxt = "SMK M3";
926 } else if (key_info & WPA_KEY_INFO_REQUEST) {
927 msg = REQUEST;
928 msgtxt = "Request";
929 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
930 msg = GROUP_2;
931 msgtxt = "2/2 Group";
932 } else if (key_data_length == 0) {
933 msg = PAIRWISE_4;
934 msgtxt = "4/4 Pairwise";
935 } else {
936 msg = PAIRWISE_2;
937 msgtxt = "2/4 Pairwise";
938 }
939
940 /* TODO: key_info type validation for PeerKey */
941 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
942 msg == GROUP_2) {
943 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
eb7719ff
JM		 944 if (sm->pairwise == WPA_CIPHER_CCMP ||
945 sm->pairwise == WPA_CIPHER_GCMP) {
6fc6879b 946 if (wpa_use_aes_cmac(sm) &&
a14896e8 947 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
929a2ea5 948 !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
6fc6879b
JM		 949 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
950 wpa_auth_logger(wpa_auth, sm->addr,
951 LOGGER_WARNING,
952 "advertised support for "
953 "AES-128-CMAC, but did not "
954 "use it");
955 return;
956 }
957
958 if (!wpa_use_aes_cmac(sm) &&
959 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
960 wpa_auth_logger(wpa_auth, sm->addr,
961 LOGGER_WARNING,
962 "did not use HMAC-SHA1-AES "
eb7719ff 963 "with CCMP/GCMP");
6fc6879b
JM		 964 return;
965 }
966 }
929a2ea5
JM		 967
968 if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
969 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
970 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
971 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
972 return;
973 }
6fc6879b
JM		 974 }
975
976 if (key_info & WPA_KEY_INFO_REQUEST) {
977 if (sm->req_replay_counter_used &&
978 os_memcmp(key->replay_counter, sm->req_replay_counter,
979 WPA_REPLAY_COUNTER_LEN) <= 0) {
980 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
981 "received EAPOL-Key request with "
982 "replayed counter");
983 return;
984 }
985 }
986
987 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
68921e24 988 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
22a299ee 989 int i;
68921e24
JM		 990
991 if (msg == PAIRWISE_2 &&
992 wpa_replay_counter_valid(sm->prev_key_replay,
993 key->replay_counter) &&
994 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
995 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
996 {
997 /*
998 * Some supplicant implementations (e.g., Windows XP
999 * WZC) update SNonce for each EAPOL-Key 2/4. This
1000 * breaks the workaround on accepting any of the
1001 * pending requests, so allow the SNonce to be updated
1002 * even if we have already sent out EAPOL-Key 3/4.
1003 */
1004 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1005 "Process SNonce update from STA "
1006 "based on retransmitted EAPOL-Key "
1007 "1/4");
1008 sm->update_snonce = 1;
f23c5b17
JM		 1009 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1010 sm->alt_snonce_valid = TRUE;
1011 os_memcpy(sm->alt_replay_counter,
1012 sm->key_replay[0].counter,
1013 WPA_REPLAY_COUNTER_LEN);
1014 goto continue_processing;
1015 }
1016
1017 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1018 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1019 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1020 WPA_REPLAY_COUNTER_LEN) == 0) {
1021 /*
1022 * Supplicant may still be using the old SNonce since
1023 * there was two EAPOL-Key 2/4 messages and they had
1024 * different SNonce values.
1025 */
1026 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1027 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
68921e24
JM		 1028 goto continue_processing;
1029 }
1030
1031 if (msg == PAIRWISE_2 &&
1032 wpa_replay_counter_valid(sm->prev_key_replay,
1033 key->replay_counter) &&
1034 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1035 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1036 "ignore retransmitted EAPOL-Key %s - "
1037 "SNonce did not change", msgtxt);
1038 } else {
1039 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1040 "received EAPOL-Key %s with "
1041 "unexpected replay counter", msgtxt);
1042 }
22a299ee
JM		 1043 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
1044 if (!sm->key_replay[i].valid)
1045 break;
1046 wpa_hexdump(MSG_DEBUG, "pending replay counter",
1047 sm->key_replay[i].counter,
1048 WPA_REPLAY_COUNTER_LEN);
1049 }
6fc6879b
JM		 1050 wpa_hexdump(MSG_DEBUG, "received replay counter",
1051 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1052 return;
1053 }
1054
68921e24 1055continue_processing:
6fc6879b
JM		 1056 switch (msg) {
1057 case PAIRWISE_2:
1058 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
68921e24
JM		 1059 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1060 (!sm->update_snonce ||
1061 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
6fc6879b
JM		 1062 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1063 "received EAPOL-Key msg 2/4 in "
1064 "invalid state (%d) - dropped",
1065 sm->wpa_ptk_state);
1066 return;
1067 }
bbb921da 1068 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
08704cd8
JM		 1069 if (sm->group->reject_4way_hs_for_entropy) {
1070 /*
1071 * The system did not have enough entropy to generate
1072 * strong random numbers. Reject the first 4-way
1073 * handshake(s) and collect some entropy based on the
1074 * information from it. Once enough entropy is
1075 * available, the next atempt will trigger GMK/Key
1076 * Counter update and the station will be allowed to
1077 * continue.
1078 */
1079 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
1080 "collect more entropy for random number "
1081 "generation");
08704cd8 1082 random_mark_pool_ready();
08704cd8
JM		 1083 wpa_sta_disconnect(wpa_auth, sm->addr);
1084 return;
1085 }
1566ec46
JM		 1086 if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
1087 &kde) < 0) {
1088 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1089 "received EAPOL-Key msg 2/4 with "
1090 "invalid Key Data contents");
1091 return;
1092 }
1093 if (kde.rsn_ie) {
1094 eapol_key_ie = kde.rsn_ie;
1095 eapol_key_ie_len = kde.rsn_ie_len;
a14896e8
JM		 1096 } else if (kde.osen) {
1097 eapol_key_ie = kde.osen;
1098 eapol_key_ie_len = kde.osen_len;
1566ec46
JM		 1099 } else {
1100 eapol_key_ie = kde.wpa_ie;
1101 eapol_key_ie_len = kde.wpa_ie_len;
1102 }
26e23750
JM		 1103 ft = sm->wpa == WPA_VERSION_WPA2 &&
1104 wpa_key_mgmt_ft(sm->wpa_key_mgmt);
6fc6879b 1105 if (sm->wpa_ie == NULL ||
26e23750
JM		 1106 wpa_compare_rsn_ie(ft,
1107 sm->wpa_ie, sm->wpa_ie_len,
1566ec46 1108 eapol_key_ie, eapol_key_ie_len)) {
6fc6879b
JM		 1109 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1110 "WPA IE from (Re)AssocReq did not "
1111 "match with msg 2/4");
1112 if (sm->wpa_ie) {
1113 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
1114 sm->wpa_ie, sm->wpa_ie_len);
1115 }
1116 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
1566ec46 1117 eapol_key_ie, eapol_key_ie_len);
6fc6879b
JM		 1118 /* MLME-DEAUTHENTICATE.request */
1119 wpa_sta_disconnect(wpa_auth, sm->addr);
1120 return;
1121 }
26e23750 1122#ifdef CONFIG_IEEE80211R
0f857f43
JM		 1123 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
1124 wpa_sta_disconnect(wpa_auth, sm->addr);
1125 return;
26e23750
JM		 1126 }
1127#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 1128#ifdef CONFIG_P2P
1129 if (kde.ip_addr_req && kde.ip_addr_req[0] &&
1130 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
1131 int idx;
1132 wpa_printf(MSG_DEBUG, "P2P: IP address requested in "
1133 "EAPOL-Key exchange");
1134 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
1135 if (idx >= 0) {
1136 u32 start = WPA_GET_BE32(wpa_auth->conf.
1137 ip_addr_start);
1138 bitfield_set(wpa_auth->ip_pool, idx);
1139 WPA_PUT_BE32(sm->ip_addr, start + idx);
1140 wpa_printf(MSG_DEBUG, "P2P: Assigned IP "
1141 "address %u.%u.%u.%u to " MACSTR,
1142 sm->ip_addr[0], sm->ip_addr[1],
1143 sm->ip_addr[2], sm->ip_addr[3],
1144 MAC2STR(sm->addr));
1145 }
1146 }
1147#endif /* CONFIG_P2P */
6fc6879b
JM		 1148 break;
1149 case PAIRWISE_4:
1150 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1151 !sm->PTK_valid) {
1152 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1153 "received EAPOL-Key msg 4/4 in "
1154 "invalid state (%d) - dropped",
1155 sm->wpa_ptk_state);
1156 return;
1157 }
1158 break;
1159 case GROUP_2:
1160 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1161 || !sm->PTK_valid) {
1162 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1163 "received EAPOL-Key msg 2/2 in "
1164 "invalid state (%d) - dropped",
1165 sm->wpa_ptk_group_state);
1166 return;
1167 }
1168 break;
1169#ifdef CONFIG_PEERKEY
1170 case SMK_M1:
1171 case SMK_M3:
1172 case SMK_ERROR:
1173 if (!wpa_auth->conf.peerkey) {
1174 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
1175 "PeerKey use disabled - ignoring message");
1176 return;
1177 }
1178 if (!sm->PTK_valid) {
1179 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1180 "received EAPOL-Key msg SMK in "
1181 "invalid state - dropped");
1182 return;
1183 }
1184 break;
1185#else /* CONFIG_PEERKEY */
1186 case SMK_M1:
1187 case SMK_M3:
1188 case SMK_ERROR:
1189 return; /* STSL disabled - ignore SMK messages */
1190#endif /* CONFIG_PEERKEY */
1191 case REQUEST:
1192 break;
1193 }
1194
1195 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1196 "received EAPOL-Key frame (%s)", msgtxt);
1197
1198 if (key_info & WPA_KEY_INFO_ACK) {
1199 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1200 "received invalid EAPOL-Key: Key Ack set");
1201 return;
1202 }
1203
1204 if (!(key_info & WPA_KEY_INFO_MIC)) {
1205 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1206 "received invalid EAPOL-Key: Key MIC not set");
1207 return;
1208 }
1209
1210 sm->MICVerified = FALSE;
68921e24 1211 if (sm->PTK_valid && !sm->update_snonce) {
929a2ea5 1212 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,
f23c5b17
JM		 1213 data_len) &&
1214 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1215 wpa_try_alt_snonce(sm, data, data_len))) {
6fc6879b
JM		 1216 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1217 "received EAPOL-Key with invalid MIC");
1218 return;
1219 }
1220 sm->MICVerified = TRUE;
1221 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
e4bf4db9 1222 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1223 }
1224
1225 if (key_info & WPA_KEY_INFO_REQUEST) {
1226 if (sm->MICVerified) {
1227 sm->req_replay_counter_used = 1;
1228 os_memcpy(sm->req_replay_counter, key->replay_counter,
1229 WPA_REPLAY_COUNTER_LEN);
1230 } else {
1231 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1232 "received EAPOL-Key request with "
1233 "invalid MIC");
1234 return;
1235 }
1236
1237 /*
1238 * TODO: should decrypt key data field if encryption was used;
1239 * even though MAC address KDE is not normally encrypted,
1240 * supplicant is allowed to encrypt it.
1241 */
1242 if (msg == SMK_ERROR) {
1243#ifdef CONFIG_PEERKEY
5c6787a6
JM		 1244 wpa_smk_error(wpa_auth, sm, (const u8 *) (key + 1),
1245 key_data_length);
6fc6879b
JM		 1246#endif /* CONFIG_PEERKEY */
1247 return;
1248 } else if (key_info & WPA_KEY_INFO_ERROR) {
c772d054
JM		 1249 if (wpa_receive_error_report(
1250 wpa_auth, sm,
1251 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1252 return; /* STA entry was removed */
6fc6879b
JM		 1253 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1254 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1255 "received EAPOL-Key Request for new "
1256 "4-Way Handshake");
1257 wpa_request_new_ptk(sm);
1258#ifdef CONFIG_PEERKEY
1259 } else if (msg == SMK_M1) {
5c6787a6
JM		 1260 wpa_smk_m1(wpa_auth, sm, key, (const u8 *) (key + 1),
1261 key_data_length);
6fc6879b
JM		 1262#endif /* CONFIG_PEERKEY */
1263 } else if (key_data_length > 0 &&
1264 wpa_parse_kde_ies((const u8 *) (key + 1),
1265 key_data_length, &kde) == 0 &&
1266 kde.mac_addr) {
1267 } else {
1268 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1269 "received EAPOL-Key Request for GTK "
1270 "rekeying");
6fc6879b
JM		 1271 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1272 wpa_rekey_gtk(wpa_auth, NULL);
1273 }
1274 } else {
68921e24
JM		 1275 /* Do not allow the same key replay counter to be reused. */
1276 wpa_replay_counter_mark_invalid(sm->key_replay,
1277 key->replay_counter);
1278
1279 if (msg == PAIRWISE_2) {
1280 /*
1281 * Maintain a copy of the pending EAPOL-Key frames in
1282 * case the EAPOL-Key frame was retransmitted. This is
1283 * needed to allow EAPOL-Key msg 2/4 reply to another
1284 * pending msg 1/4 to update the SNonce to work around
1285 * unexpected supplicant behavior.
1286 */
1287 os_memcpy(sm->prev_key_replay, sm->key_replay,
1288 sizeof(sm->key_replay));
1289 } else {
1290 os_memset(sm->prev_key_replay, 0,
1291 sizeof(sm->prev_key_replay));
1292 }
1293
1294 /*
1295 * Make sure old valid counters are not accepted anymore and
1296 * do not get copied again.
1297 */
1298 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
6fc6879b
JM		 1299 }
1300
1301#ifdef CONFIG_PEERKEY
1302 if (msg == SMK_M3) {
5c6787a6
JM		 1303 wpa_smk_m3(wpa_auth, sm, key, (const u8 *) (key + 1),
1304 key_data_length);
6fc6879b
JM		 1305 return;
1306 }
1307#endif /* CONFIG_PEERKEY */
1308
1309 os_free(sm->last_rx_eapol_key);
1310 sm->last_rx_eapol_key = os_malloc(data_len);
1311 if (sm->last_rx_eapol_key == NULL)
1312 return;
1313 os_memcpy(sm->last_rx_eapol_key, data, data_len);
1314 sm->last_rx_eapol_key_len = data_len;
1315
0d442aff 1316 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
6fc6879b
JM		 1317 sm->EAPOLKeyReceived = TRUE;
1318 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1319 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1320 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1321 wpa_sm_step(sm);
1322}
1323
1324
3c7302c2
JM		 1325static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1326 const u8 *gnonce, u8 *gtk, size_t gtk_len)
6fc6879b 1327{
5cb9d5c3
JM		 1328 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1329 u8 *pos;
3c7302c2 1330 int ret = 0;
6fc6879b 1331
5cb9d5c3
JM		 1332 /* GTK = PRF-X(GMK, "Group key expansion",
1333 * AA || GNonce || Time || random data)
1334 * The example described in the IEEE 802.11 standard uses only AA and
1335 * GNonce as inputs here. Add some more entropy since this derivation
1336 * is done only at the Authenticator and as such, does not need to be
1337 * exactly same.
1338 */
6fc6879b
JM		 1339 os_memcpy(data, addr, ETH_ALEN);
1340 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
5cb9d5c3
JM		 1341 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1342 wpa_get_ntp_timestamp(pos);
1343 pos += 8;
3642c431 1344 if (random_get_bytes(pos, 16) < 0)
3c7302c2 1345 ret = -1;
6fc6879b 1346
56586197 1347#ifdef CONFIG_IEEE80211W
5cb9d5c3 1348 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
56586197 1349#else /* CONFIG_IEEE80211W */
3c7302c2
JM		 1350 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1351 < 0)
1352 ret = -1;
56586197 1353#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 1354
1355 return ret;
6fc6879b
JM		 1356}
1357
1358
1359static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1360{
1361 struct wpa_authenticator *wpa_auth = eloop_ctx;
1362 struct wpa_state_machine *sm = timeout_ctx;
1363
e4bf4db9 1364 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1365 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1366 sm->TimeoutEvt = TRUE;
1367 wpa_sm_step(sm);
1368}
1369
1370
1371void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1372 struct wpa_state_machine *sm, int key_info,
1373 const u8 *key_rsc, const u8 *nonce,
1374 const u8 *kde, size_t kde_len,
1375 int keyidx, int encr, int force_version)
1376{
1377 struct ieee802_1x_hdr *hdr;
1378 struct wpa_eapol_key *key;
1379 size_t len;
1380 int alg;
1381 int key_data_len, pad_len = 0;
1382 u8 *buf, *pos;
1383 int version, pairwise;
22a299ee 1384 int i;
6fc6879b
JM		 1385
1386 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
1387
1388 if (force_version)
1389 version = force_version;
929a2ea5
JM		 1390 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
1391 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt))
a14896e8 1392 version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
6fc6879b
JM		 1393 else if (wpa_use_aes_cmac(sm))
1394 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
eb7719ff 1395 else if (sm->pairwise != WPA_CIPHER_TKIP)
6fc6879b
JM		 1396 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1397 else
1398 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1399
8543ed8a 1400 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
6fc6879b
JM		 1401
1402 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1403 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1404 "encr=%d)",
1405 version,
1406 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1407 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1408 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1409 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1410 pairwise, (unsigned long) kde_len, keyidx, encr);
1411
1412 key_data_len = kde_len;
1413
1414 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
a14896e8 1415 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
929a2ea5 1416 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
6fc6879b
JM		 1417 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1418 pad_len = key_data_len % 8;
1419 if (pad_len)
1420 pad_len = 8 - pad_len;
1421 key_data_len += pad_len + 8;
1422 }
1423
1424 len += key_data_len;
1425
1426 hdr = os_zalloc(len);
1427 if (hdr == NULL)
1428 return;
1429 hdr->version = wpa_auth->conf.eapol_version;
1430 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1431 hdr->length = host_to_be16(len - sizeof(*hdr));
1432 key = (struct wpa_eapol_key *) (hdr + 1);
1433
1434 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1435 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1436 key_info |= version;
1437 if (encr && sm->wpa == WPA_VERSION_WPA2)
1438 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1439 if (sm->wpa != WPA_VERSION_WPA2)
1440 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1441 WPA_PUT_BE16(key->key_info, key_info);
1442
1443 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
c3550295 1444 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
6fc6879b
JM		 1445 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1446 WPA_PUT_BE16(key->key_length, 0);
1447
1448 /* FIX: STSL: what to use as key_replay_counter? */
22a299ee
JM		 1449 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1450 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1451 os_memcpy(sm->key_replay[i].counter,
1452 sm->key_replay[i - 1].counter,
1453 WPA_REPLAY_COUNTER_LEN);
1454 }
1455 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1456 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
6fc6879b 1457 WPA_REPLAY_COUNTER_LEN);
db099951
JM		 1458 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
1459 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
22a299ee 1460 sm->key_replay[0].valid = TRUE;
6fc6879b
JM		 1461
1462 if (nonce)
1463 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1464
1465 if (key_rsc)
1466 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1467
1468 if (kde && !encr) {
1469 os_memcpy(key + 1, kde, kde_len);
1470 WPA_PUT_BE16(key->key_data_length, kde_len);
1471 } else if (encr && kde) {
1472 buf = os_zalloc(key_data_len);
1473 if (buf == NULL) {
1474 os_free(hdr);
1475 return;
1476 }
1477 pos = buf;
1478 os_memcpy(pos, kde, kde_len);
1479 pos += kde_len;
1480
1481 if (pad_len)
1482 *pos++ = 0xdd;
1483
1484 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1485 buf, key_data_len);
1486 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
a14896e8 1487 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
929a2ea5 1488 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
6fc6879b 1489 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
eefec1e4
JM		 1490 if (aes_wrap(sm->PTK.kek, 16,
1491 (key_data_len - 8) / 8, buf,
6fc6879b
JM		 1492 (u8 *) (key + 1))) {
1493 os_free(hdr);
1494 os_free(buf);
1495 return;
1496 }
1497 WPA_PUT_BE16(key->key_data_length, key_data_len);
1498 } else {
1499 u8 ek[32];
1500 os_memcpy(key->key_iv,
1501 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1502 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1503 os_memcpy(ek, key->key_iv, 16);
1504 os_memcpy(ek + 16, sm->PTK.kek, 16);
1505 os_memcpy(key + 1, buf, key_data_len);
1506 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1507 WPA_PUT_BE16(key->key_data_length, key_data_len);
1508 }
1509 os_free(buf);
1510 }
1511
1512 if (key_info & WPA_KEY_INFO_MIC) {
1513 if (!sm->PTK_valid) {
1514 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1515 "PTK not valid when sending EAPOL-Key "
1516 "frame");
1517 os_free(hdr);
1518 return;
1519 }
929a2ea5
JM		 1520 wpa_eapol_key_mic(sm->PTK.kck, sm->wpa_key_mgmt, version,
1521 (u8 *) hdr, len, key->key_mic);
7af092a0
JB		 1522#ifdef CONFIG_TESTING_OPTIONS
1523 if (!pairwise &&
06df2aa6 1524 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
7af092a0
JB		 1525 drand48() <
1526 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1527 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1528 "Corrupting group EAPOL-Key Key MIC");
1529 key->key_mic[0]++;
1530 }
1531#endif /* CONFIG_TESTING_OPTIONS */
6fc6879b
JM		 1532 }
1533
1534 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1535 1);
1536 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1537 sm->pairwise_set);
1538 os_free(hdr);
1539}
1540
1541
1542static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1543 struct wpa_state_machine *sm, int key_info,
1544 const u8 *key_rsc, const u8 *nonce,
1545 const u8 *kde, size_t kde_len,
1546 int keyidx, int encr)
1547{
1548 int timeout_ms;
1549 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
bae61562 1550 int ctr;
6fc6879b
JM		 1551
1552 if (sm == NULL)
1553 return;
1554
1555 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1556 keyidx, encr, 0);
1557
bae61562 1558 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
e4bf4db9 1559 if (ctr == 1 && wpa_auth->conf.tx_status)
00338a4f
JM		 1560 timeout_ms = pairwise ? eapol_key_timeout_first :
1561 eapol_key_timeout_first_group;
bae61562
JM		 1562 else
1563 timeout_ms = eapol_key_timeout_subseq;
e4bf4db9
JM		 1564 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1565 sm->pending_1_of_4_timeout = 1;
1566 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1567 "counter %d)", timeout_ms, ctr);
6fc6879b
JM		 1568 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1569 wpa_send_eapol_timeout, wpa_auth, sm);
1570}
1571
1572
929a2ea5
JM		 1573static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
1574 size_t data_len)
6fc6879b
JM		 1575{
1576 struct ieee802_1x_hdr *hdr;
1577 struct wpa_eapol_key *key;
1578 u16 key_info;
1579 int ret = 0;
1580 u8 mic[16];
1581
1582 if (data_len < sizeof(*hdr) + sizeof(*key))
1583 return -1;
1584
1585 hdr = (struct ieee802_1x_hdr *) data;
1586 key = (struct wpa_eapol_key *) (hdr + 1);
1587 key_info = WPA_GET_BE16(key->key_info);
1588 os_memcpy(mic, key->key_mic, 16);
1589 os_memset(key->key_mic, 0, 16);
929a2ea5 1590 if (wpa_eapol_key_mic(PTK->kck, akmp, key_info & WPA_KEY_INFO_TYPE_MASK,
6fc6879b 1591 data, data_len, key->key_mic) ||
870834a1 1592 os_memcmp_const(mic, key->key_mic, 16) != 0)
6fc6879b
JM		 1593 ret = -1;
1594 os_memcpy(key->key_mic, mic, 16);
1595 return ret;
1596}
1597
1598
1599void wpa_remove_ptk(struct wpa_state_machine *sm)
1600{
1601 sm->PTK_valid = FALSE;
1602 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
26083221 1603 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
6fc6879b 1604 sm->pairwise_set = FALSE;
581a8cde 1605 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 1606}
1607
1608
6f9b5d16 1609int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
6fc6879b 1610{
5d22a1d5
JM		 1611 int remove_ptk = 1;
1612
6fc6879b 1613 if (sm == NULL)
6f9b5d16 1614 return -1;
6fc6879b
JM		 1615
1616 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1617 "event %d notification", event);
1618
1619 switch (event) {
1620 case WPA_AUTH:
c50d94f1
BC		 1621#ifdef CONFIG_MESH
1622 /* PTKs are derived through AMPE */
1623 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1624 /* not mesh */
1625 break;
1626 }
1627 return 0;
1628#endif /* CONFIG_MESH */
6fc6879b
JM		 1629 case WPA_ASSOC:
1630 break;
1631 case WPA_DEAUTH:
1632 case WPA_DISASSOC:
1633 sm->DeauthenticationRequest = TRUE;
1634 break;
1635 case WPA_REAUTH:
1636 case WPA_REAUTH_EAPOL:
3ab72b62
JM		 1637 if (!sm->started) {
1638 /*
1639 * When using WPS, we may end up here if the STA
1640 * manages to re-associate without the previous STA
1641 * entry getting removed. Consequently, we need to make
1642 * sure that the WPA state machines gets initialized
1643 * properly at this point.
1644 */
1645 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1646 "started - initialize now");
1647 sm->started = 1;
1648 sm->Init = TRUE;
1649 if (wpa_sm_step(sm) == 1)
1650 return 1; /* should not really happen */
1651 sm->Init = FALSE;
1652 sm->AuthenticationRequest = TRUE;
1653 break;
1654 }
9663596f
JM		 1655 if (sm->GUpdateStationKeys) {
1656 /*
1657 * Reauthentication cancels the pending group key
1658 * update for this STA.
1659 */
1660 sm->group->GKeyDoneStations--;
1661 sm->GUpdateStationKeys = FALSE;
1662 sm->PtkGroupInit = TRUE;
1663 }
6fc6879b
JM		 1664 sm->ReAuthenticationRequest = TRUE;
1665 break;
1666 case WPA_ASSOC_FT:
1667#ifdef CONFIG_IEEE80211R
81a658d7
JM		 1668 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1669 "after association");
1670 wpa_ft_install_ptk(sm);
1671
6fc6879b
JM		 1672 /* Using FT protocol, not WPA auth state machine */
1673 sm->ft_completed = 1;
6f9b5d16 1674 return 0;
6fc6879b
JM		 1675#else /* CONFIG_IEEE80211R */
1676 break;
1677#endif /* CONFIG_IEEE80211R */
1678 }
1679
1680#ifdef CONFIG_IEEE80211R
1681 sm->ft_completed = 0;
1682#endif /* CONFIG_IEEE80211R */
1683
5d22a1d5
JM		 1684#ifdef CONFIG_IEEE80211W
1685 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1686 remove_ptk = 0;
1687#endif /* CONFIG_IEEE80211W */
6fc6879b 1688
5d22a1d5
JM		 1689 if (remove_ptk) {
1690 sm->PTK_valid = FALSE;
1691 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1692
1693 if (event != WPA_REAUTH_EAPOL)
1694 wpa_remove_ptk(sm);
1695 }
6fc6879b 1696
6f9b5d16 1697 return wpa_sm_step(sm);
6fc6879b
JM		 1698}
1699
1700
6fc6879b
JM		 1701SM_STATE(WPA_PTK, INITIALIZE)
1702{
1703 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1704 if (sm->Init) {
1705 /* Init flag is not cleared here, so avoid busy
1706 * loop by claiming nothing changed. */
1707 sm->changed = FALSE;
1708 }
1709
1710 sm->keycount = 0;
1711 if (sm->GUpdateStationKeys)
1712 sm->group->GKeyDoneStations--;
1713 sm->GUpdateStationKeys = FALSE;
1714 if (sm->wpa == WPA_VERSION_WPA)
1715 sm->PInitAKeys = FALSE;
1716 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1717 * Local AA > Remote AA)) */) {
1718 sm->Pair = TRUE;
1719 }
1720 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1721 wpa_remove_ptk(sm);
1722 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1723 sm->TimeoutCtr = 0;
56586197 1724 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1725 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1726 WPA_EAPOL_authorized, 0);
1727 }
1728}
1729
1730
1731SM_STATE(WPA_PTK, DISCONNECT)
1732{
1733 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1734 sm->Disconnect = FALSE;
1735 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1736}
1737
1738
1739SM_STATE(WPA_PTK, DISCONNECTED)
1740{
1741 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1742 sm->DeauthenticationRequest = FALSE;
1743}
1744
1745
1746SM_STATE(WPA_PTK, AUTHENTICATION)
1747{
1748 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1749 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1750 sm->PTK_valid = FALSE;
1751 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1752 1);
1753 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1754 sm->AuthenticationRequest = FALSE;
1755}
1756
1757
40d00d2b
NC		 1758static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1759 struct wpa_group *group)
1bdb7ab3 1760{
40d00d2b
NC		 1761 if (group->first_sta_seen)
1762 return;
1bdb7ab3
JM		 1763 /*
1764 * System has run bit further than at the time hostapd was started
1765 * potentially very early during boot up. This provides better chances
1766 * of collecting more randomness on embedded systems. Re-initialize the
1767 * GMK and Counter here to improve their strength if there was not
1768 * enough entropy available immediately after system startup.
1769 */
1770 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1771 "station");
08704cd8
JM		 1772 if (random_pool_ready() != 1) {
1773 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1774 "to proceed - reject first 4-way handshake");
1775 group->reject_4way_hs_for_entropy = TRUE;
40d00d2b
NC		 1776 } else {
1777 group->first_sta_seen = TRUE;
1778 group->reject_4way_hs_for_entropy = FALSE;
08704cd8 1779 }
40d00d2b 1780
1bdb7ab3
JM		 1781 wpa_group_init_gmk_and_counter(wpa_auth, group);
1782 wpa_gtk_update(wpa_auth, group);
1783 wpa_group_config_group_keys(wpa_auth, group);
1784}
1785
1786
6fc6879b
JM		 1787SM_STATE(WPA_PTK, AUTHENTICATION2)
1788{
1789 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1bdb7ab3 1790
40d00d2b 1791 wpa_group_ensure_init(sm->wpa_auth, sm->group);
65a32cdb 1792 sm->ReAuthenticationRequest = FALSE;
1bdb7ab3 1793
3825a19b
JM		 1794 /*
1795 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
1796 * ambiguous. The Authenticator state machine uses a counter that is
1797 * incremented by one for each 4-way handshake. However, the security
1798 * analysis of 4-way handshake points out that unpredictable nonces
1799 * help in preventing precomputation attacks. Instead of the state
1800 * machine definition, use an unpredictable nonce value here to provide
1801 * stronger protection against potential precomputation attacks.
1802 */
1803 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1804 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
1805 "ANonce.");
65a32cdb 1806 sm->Disconnect = TRUE;
3825a19b
JM		 1807 return;
1808 }
bc8318ac
JM		 1809 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1810 WPA_NONCE_LEN);
6fc6879b
JM		 1811 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1812 * logical place than INITIALIZE since AUTHENTICATION2 can be
1813 * re-entered on ReAuthenticationRequest without going through
1814 * INITIALIZE. */
1815 sm->TimeoutCtr = 0;
1816}
1817
1818
1819SM_STATE(WPA_PTK, INITPMK)
1820{
1821 u8 msk[2 * PMK_LEN];
1822 size_t len = 2 * PMK_LEN;
1823
1824 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1825#ifdef CONFIG_IEEE80211R
1826 sm->xxkey_len = 0;
1827#endif /* CONFIG_IEEE80211R */
1828 if (sm->pmksa) {
1829 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1830 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1831 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1832 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1833 "(len=%lu)", (unsigned long) len);
1834 os_memcpy(sm->PMK, msk, PMK_LEN);
1835#ifdef CONFIG_IEEE80211R
1836 if (len >= 2 * PMK_LEN) {
1837 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1838 sm->xxkey_len = PMK_LEN;
1839 }
1840#endif /* CONFIG_IEEE80211R */
1841 } else {
400de9b1
BG		 1842 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
1843 sm->wpa_auth->cb.get_msk);
6fc6879b
JM		 1844 }
1845
1846 sm->req_replay_counter_used = 0;
1847 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1848 * will break reauthentication since EAPOL state machines may not be
1849 * get into AUTHENTICATING state that clears keyRun before WPA state
1850 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1851 * state and takes PMK from the previously used AAA Key. This will
1852 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1853 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1854 * be good workaround for this issue. */
1855 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1856}
1857
1858
1859SM_STATE(WPA_PTK, INITPSK)
1860{
1861 const u8 *psk;
1862 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
759fd76b 1863 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL);
6fc6879b
JM		 1864 if (psk) {
1865 os_memcpy(sm->PMK, psk, PMK_LEN);
1866#ifdef CONFIG_IEEE80211R
1867 os_memcpy(sm->xxkey, psk, PMK_LEN);
1868 sm->xxkey_len = PMK_LEN;
1869#endif /* CONFIG_IEEE80211R */
1870 }
1871 sm->req_replay_counter_used = 0;
1872}
1873
1874
1875SM_STATE(WPA_PTK, PTKSTART)
1876{
1877 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1878 size_t pmkid_len = 0;
1879
1880 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1881 sm->PTKRequest = FALSE;
1882 sm->TimeoutEvt = FALSE;
f23c5b17 1883 sm->alt_snonce_valid = FALSE;
bae61562
JM		 1884
1885 sm->TimeoutCtr++;
1886 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1887 /* No point in sending the EAPOL-Key - we will disconnect
1888 * immediately following this. */
1889 return;
1890 }
1891
6fc6879b
JM		 1892 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1893 "sending 1/4 msg of 4-Way Handshake");
1894 /*
1895 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1896 * one possible PSK for this STA.
1897 */
1898 if (sm->wpa == WPA_VERSION_WPA2 &&
a14896e8
JM		 1899 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1900 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
6fc6879b
JM		 1901 pmkid = buf;
1902 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1903 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1904 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1905 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
929a2ea5 1906 if (sm->pmksa) {
6fc6879b
JM		 1907 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1908 sm->pmksa->pmkid, PMKID_LEN);
929a2ea5
JM		 1909 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
1910 /* No KCK available to derive PMKID */
1911 pmkid = NULL;
1912 } else {
6fc6879b
JM		 1913 /*
1914 * Calculate PMKID since no PMKSA cache entry was
1915 * available with pre-calculated PMKID.
1916 */
1917 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
56586197
JM		 1918 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1919 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1920 }
1921 }
1922 wpa_send_eapol(sm->wpa_auth, sm,
1923 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1924 sm->ANonce, pmkid, pmkid_len, 0, 0);
6fc6879b
JM		 1925}
1926
1927
f23c5b17
JM		 1928static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
1929 const u8 *pmk, struct wpa_ptk *ptk)
6fc6879b 1930{
3b9c5176 1931 size_t ptk_len = wpa_cipher_key_len(sm->pairwise) + 32;
6fc6879b 1932#ifdef CONFIG_IEEE80211R
56586197 1933 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
c0a61908 1934 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
6fc6879b
JM		 1935#endif /* CONFIG_IEEE80211R */
1936
1937 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
f23c5b17 1938 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
c0a61908 1939 (u8 *) ptk, ptk_len,
56586197 1940 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1941
1942 return 0;
1943}
1944
1945
1946SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1947{
1948 struct wpa_ptk PTK;
1949 int ok = 0;
1950 const u8 *pmk = NULL;
1951
1952 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1953 sm->EAPOLKeyReceived = FALSE;
68921e24 1954 sm->update_snonce = FALSE;
6fc6879b
JM		 1955
1956 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1957 * WPA-PSK: iterate through possible PSKs and select the one matching
1958 * the packet */
1959 for (;;) {
56586197 1960 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
759fd76b
JM		 1961 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
1962 sm->p2p_dev_addr, pmk);
6fc6879b
JM		 1963 if (pmk == NULL)
1964 break;
1965 } else
1966 pmk = sm->PMK;
1967
f23c5b17 1968 wpa_derive_ptk(sm, sm->SNonce, pmk, &PTK);
6fc6879b 1969
929a2ea5
JM		 1970 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
1971 sm->last_rx_eapol_key,
6fc6879b
JM		 1972 sm->last_rx_eapol_key_len) == 0) {
1973 ok = 1;
1974 break;
1975 }
1976
56586197 1977 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
6fc6879b
JM		 1978 break;
1979 }
1980
1981 if (!ok) {
1982 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1983 "invalid MIC in msg 2/4 of 4-Way Handshake");
1984 return;
1985 }
1986
26e23750
JM		 1987#ifdef CONFIG_IEEE80211R
1988 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1989 /*
1990 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
1991 * with the value we derived.
1992 */
870834a1
JM		 1993 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
1994 WPA_PMK_NAME_LEN) != 0) {
26e23750
JM		 1995 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1996 "PMKR1Name mismatch in FT 4-way "
1997 "handshake");
1998 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
1999 "Supplicant",
2000 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
2001 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
2002 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2003 return;
2004 }
2005 }
2006#endif /* CONFIG_IEEE80211R */
2007
e4bf4db9 2008 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 2009 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2010
56586197 2011 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2012 /* PSK may have changed from the previous choice, so update
2013 * state machine data based on whatever PSK was selected here.
2014 */
2015 os_memcpy(sm->PMK, pmk, PMK_LEN);
2016 }
2017
2018 sm->MICVerified = TRUE;
2019
2020 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
2021 sm->PTK_valid = TRUE;
2022}
2023
2024
2025SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2026{
2027 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2028 sm->TimeoutCtr = 0;
2029}
2030
2031
2032#ifdef CONFIG_IEEE80211W
2033
2034static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2035{
2036 if (sm->mgmt_frame_prot) {
8dd9f9cd
JM		 2037 size_t len;
2038 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2039 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
6fc6879b
JM		 2040 }
2041
2042 return 0;
2043}
2044
2045
2046static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2047{
2048 struct wpa_igtk_kde igtk;
2049 struct wpa_group *gsm = sm->group;
03610ad2 2050 u8 rsc[WPA_KEY_RSC_LEN];
8dd9f9cd 2051 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
6fc6879b
JM		 2052
2053 if (!sm->mgmt_frame_prot)
2054 return pos;
2055
2056 igtk.keyid[0] = gsm->GN_igtk;
2057 igtk.keyid[1] = 0;
7b1080da 2058 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
03610ad2 2059 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
6fc6879b 2060 os_memset(igtk.pn, 0, sizeof(igtk.pn));
03610ad2
JM		 2061 else
2062 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
8dd9f9cd 2063 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
83421850
JM		 2064 if (sm->wpa_auth->conf.disable_gtk) {
2065 /*
2066 * Provide unique random IGTK to each STA to prevent use of
2067 * IGTK in the BSS.
2068 */
8dd9f9cd 2069 if (random_get_bytes(igtk.igtk, len) < 0)
83421850
JM		 2070 return pos;
2071 }
6fc6879b 2072 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
8dd9f9cd
JM		 2073 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
2074 NULL, 0);
6fc6879b
JM		 2075
2076 return pos;
2077}
2078
2079#else /* CONFIG_IEEE80211W */
2080
2081static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2082{
2083 return 0;
2084}
2085
2086
2087static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2088{
2089 return pos;
2090}
2091
2092#endif /* CONFIG_IEEE80211W */
2093
2094
2095SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
2096{
83421850 2097 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
6fc6879b
JM		 2098 size_t gtk_len, kde_len;
2099 struct wpa_group *gsm = sm->group;
2100 u8 *wpa_ie;
2101 int wpa_ie_len, secure, keyidx, encr = 0;
2102
2103 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
2104 sm->TimeoutEvt = FALSE;
bae61562
JM		 2105
2106 sm->TimeoutCtr++;
2107 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
2108 /* No point in sending the EAPOL-Key - we will disconnect
2109 * immediately following this. */
2110 return;
2111 }
2112
86dfabb8
JM		 2113 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
2114 GTK[GN], IGTK, [FTIE], [TIE * 2])
6fc6879b
JM		 2115 */
2116 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2117 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
86dfabb8 2118 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6fc6879b
JM		 2119 wpa_ie = sm->wpa_auth->wpa_ie;
2120 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
2121 if (sm->wpa == WPA_VERSION_WPA &&
2122 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
2123 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
774d4145 2124 /* WPA-only STA, remove RSN IE and possible MDIE */
6fc6879b 2125 wpa_ie = wpa_ie + wpa_ie[1] + 2;
774d4145
JM		 2126 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
2127 wpa_ie = wpa_ie + wpa_ie[1] + 2;
6fc6879b
JM		 2128 wpa_ie_len = wpa_ie[1] + 2;
2129 }
2130 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2131 "sending 3/4 msg of 4-Way Handshake");
2132 if (sm->wpa == WPA_VERSION_WPA2) {
2133 /* WPA2 send GTK in the 4-way handshake */
2134 secure = 1;
2135 gtk = gsm->GTK[gsm->GN - 1];
2136 gtk_len = gsm->GTK_len;
83421850
JM		 2137 if (sm->wpa_auth->conf.disable_gtk) {
2138 /*
2139 * Provide unique random GTK to each STA to prevent use
2140 * of GTK in the BSS.
2141 */
2142 if (random_get_bytes(dummy_gtk, gtk_len) < 0)
2143 return;
2144 gtk = dummy_gtk;
2145 }
6fc6879b
JM		 2146 keyidx = gsm->GN;
2147 _rsc = rsc;
2148 encr = 1;
2149 } else {
2150 /* WPA does not include GTK in msg 3/4 */
2151 secure = 0;
2152 gtk = NULL;
2153 gtk_len = 0;
2154 keyidx = 0;
2155 _rsc = NULL;
0d442aff
JM		 2156 if (sm->rx_eapol_key_secure) {
2157 /*
2158 * It looks like Windows 7 supplicant tries to use
2159 * Secure bit in msg 2/4 after having reported Michael
2160 * MIC failure and it then rejects the 4-way handshake
2161 * if msg 3/4 does not set Secure bit. Work around this
2162 * by setting the Secure bit here even in the case of
2163 * WPA if the supplicant used it first.
2164 */
2165 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4740d5b9
JM		 2166 "STA used Secure bit in WPA msg 2/4 - "
2167 "set Secure for 3/4 as workaround");
0d442aff
JM		 2168 secure = 1;
2169 }
6fc6879b
JM		 2170 }
2171
2172 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
2173 if (gtk)
2174 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
26e23750 2175#ifdef CONFIG_IEEE80211R
86dfabb8
JM		 2176 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2177 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
2178 kde_len += 300; /* FTIE + 2 * TIE */
2179 }
26e23750 2180#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 2181#ifdef CONFIG_P2P
2182 if (WPA_GET_BE32(sm->ip_addr) > 0)
2183 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
2184#endif /* CONFIG_P2P */
6fc6879b
JM		 2185 kde = os_malloc(kde_len);
2186 if (kde == NULL)
2187 return;
2188
2189 pos = kde;
2190 os_memcpy(pos, wpa_ie, wpa_ie_len);
2191 pos += wpa_ie_len;
26e23750
JM		 2192#ifdef CONFIG_IEEE80211R
2193 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2194 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
2195 if (res < 0) {
2196 wpa_printf(MSG_ERROR, "FT: Failed to insert "
2197 "PMKR1Name into RSN IE in EAPOL-Key data");
2198 os_free(kde);
2199 return;
2200 }
2201 pos += res;
2202 }
2203#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 2204 if (gtk) {
2205 u8 hdr[2];
2206 hdr[0] = keyidx & 0x03;
2207 hdr[1] = 0;
2208 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2209 gtk, gtk_len);
2210 }
2211 pos = ieee80211w_kde_add(sm, pos);
2212
86dfabb8
JM		 2213#ifdef CONFIG_IEEE80211R
2214 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2215 int res;
2216 struct wpa_auth_config *conf;
2217
2218 conf = &sm->wpa_auth->conf;
2219 res = wpa_write_ftie(conf, conf->r0_key_holder,
2220 conf->r0_key_holder_len,
2221 NULL, NULL, pos, kde + kde_len - pos,
2222 NULL, 0);
2223 if (res < 0) {
2224 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
2225 "into EAPOL-Key Key Data");
2226 os_free(kde);
2227 return;
2228 }
2229 pos += res;
2230
2231 /* TIE[ReassociationDeadline] (TU) */
2232 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2233 *pos++ = 5;
2234 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
2235 WPA_PUT_LE32(pos, conf->reassociation_deadline);
2236 pos += 4;
2237
2238 /* TIE[KeyLifetime] (seconds) */
2239 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2240 *pos++ = 5;
2241 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
2242 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
2243 pos += 4;
2244 }
2245#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 2246#ifdef CONFIG_P2P
2247 if (WPA_GET_BE32(sm->ip_addr) > 0) {
2248 u8 addr[3 * 4];
2249 os_memcpy(addr, sm->ip_addr, 4);
2250 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
2251 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
2252 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
2253 addr, sizeof(addr), NULL, 0);
2254 }
2255#endif /* CONFIG_P2P */
86dfabb8 2256
6fc6879b
JM		 2257 wpa_send_eapol(sm->wpa_auth, sm,
2258 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
2259 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
2260 WPA_KEY_INFO_KEY_TYPE,
2261 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
2262 os_free(kde);
6fc6879b
JM		 2263}
2264
2265
2266SM_STATE(WPA_PTK, PTKINITDONE)
2267{
2268 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
2269 sm->EAPOLKeyReceived = FALSE;
2270 if (sm->Pair) {
c3550295
JM		 2271 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
2272 int klen = wpa_cipher_key_len(sm->pairwise);
6fc6879b
JM		 2273 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2274 sm->PTK.tk1, klen)) {
2275 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2276 return;
2277 }
2278 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2279 sm->pairwise_set = TRUE;
2280
581a8cde
JM		 2281 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
2282 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2283 eloop_register_timeout(sm->wpa_auth->conf.
2284 wpa_ptk_rekey, 0, wpa_rekey_ptk,
2285 sm->wpa_auth, sm);
2286 }
2287
56586197 2288 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2289 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2290 WPA_EAPOL_authorized, 1);
2291 }
2292 }
2293
2294 if (0 /* IBSS == TRUE */) {
2295 sm->keycount++;
2296 if (sm->keycount == 2) {
2297 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2298 WPA_EAPOL_portValid, 1);
2299 }
2300 } else {
2301 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
2302 1);
2303 }
2304 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
2305 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
2306 if (sm->wpa == WPA_VERSION_WPA)
2307 sm->PInitAKeys = TRUE;
2308 else
2309 sm->has_GTK = TRUE;
2310 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2311 "pairwise key handshake completed (%s)",
2312 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2313
2314#ifdef CONFIG_IEEE80211R
2315 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
2316#endif /* CONFIG_IEEE80211R */
2317}
2318
2319
2320SM_STEP(WPA_PTK)
2321{
2322 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2323
2324 if (sm->Init)
2325 SM_ENTER(WPA_PTK, INITIALIZE);
2326 else if (sm->Disconnect
1aae01fc
BG		 2327 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
2328 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2329 "WPA_PTK: sm->Disconnect");
6fc6879b 2330 SM_ENTER(WPA_PTK, DISCONNECT);
1aae01fc 2331 }
6fc6879b
JM		 2332 else if (sm->DeauthenticationRequest)
2333 SM_ENTER(WPA_PTK, DISCONNECTED);
2334 else if (sm->AuthenticationRequest)
2335 SM_ENTER(WPA_PTK, AUTHENTICATION);
2336 else if (sm->ReAuthenticationRequest)
2337 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2338 else if (sm->PTKRequest)
2339 SM_ENTER(WPA_PTK, PTKSTART);
2340 else switch (sm->wpa_ptk_state) {
2341 case WPA_PTK_INITIALIZE:
2342 break;
2343 case WPA_PTK_DISCONNECT:
2344 SM_ENTER(WPA_PTK, DISCONNECTED);
2345 break;
2346 case WPA_PTK_DISCONNECTED:
2347 SM_ENTER(WPA_PTK, INITIALIZE);
2348 break;
2349 case WPA_PTK_AUTHENTICATION:
2350 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2351 break;
2352 case WPA_PTK_AUTHENTICATION2:
56586197 2353 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6fc6879b
JM		 2354 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2355 WPA_EAPOL_keyRun) > 0)
2356 SM_ENTER(WPA_PTK, INITPMK);
56586197 2357 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
6fc6879b
JM		 2358 /* FIX: && 802.1X::keyRun */)
2359 SM_ENTER(WPA_PTK, INITPSK);
2360 break;
2361 case WPA_PTK_INITPMK:
2362 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2363 WPA_EAPOL_keyAvailable) > 0)
2364 SM_ENTER(WPA_PTK, PTKSTART);
2365 else {
2366 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2367 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2368 "INITPMK - keyAvailable = false");
6fc6879b
JM		 2369 SM_ENTER(WPA_PTK, DISCONNECT);
2370 }
2371 break;
2372 case WPA_PTK_INITPSK:
759fd76b
JM		 2373 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
2374 NULL))
6fc6879b
JM		 2375 SM_ENTER(WPA_PTK, PTKSTART);
2376 else {
2377 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2378 "no PSK configured for the STA");
2379 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2380 SM_ENTER(WPA_PTK, DISCONNECT);
2381 }
2382 break;
2383 case WPA_PTK_PTKSTART:
2384 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2385 sm->EAPOLKeyPairwise)
2386 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2387 else if (sm->TimeoutCtr >
2388 (int) dot11RSNAConfigPairwiseUpdateCount) {
2389 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2390 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2391 "PTKSTART: Retry limit %d reached",
2392 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2393 SM_ENTER(WPA_PTK, DISCONNECT);
2394 } else if (sm->TimeoutEvt)
2395 SM_ENTER(WPA_PTK, PTKSTART);
2396 break;
2397 case WPA_PTK_PTKCALCNEGOTIATING:
2398 if (sm->MICVerified)
2399 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2400 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2401 sm->EAPOLKeyPairwise)
2402 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2403 else if (sm->TimeoutEvt)
2404 SM_ENTER(WPA_PTK, PTKSTART);
2405 break;
2406 case WPA_PTK_PTKCALCNEGOTIATING2:
2407 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2408 break;
2409 case WPA_PTK_PTKINITNEGOTIATING:
68921e24
JM		 2410 if (sm->update_snonce)
2411 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2412 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2413 sm->EAPOLKeyPairwise && sm->MICVerified)
6fc6879b
JM		 2414 SM_ENTER(WPA_PTK, PTKINITDONE);
2415 else if (sm->TimeoutCtr >
2416 (int) dot11RSNAConfigPairwiseUpdateCount) {
2417 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2418 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2419 "PTKINITNEGOTIATING: Retry limit %d "
2420 "reached",
2421 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2422 SM_ENTER(WPA_PTK, DISCONNECT);
2423 } else if (sm->TimeoutEvt)
2424 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2425 break;
2426 case WPA_PTK_PTKINITDONE:
2427 break;
2428 }
2429}
2430
2431
2432SM_STATE(WPA_PTK_GROUP, IDLE)
2433{
2434 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2435 if (sm->Init) {
2436 /* Init flag is not cleared here, so avoid busy
2437 * loop by claiming nothing changed. */
2438 sm->changed = FALSE;
2439 }
2440 sm->GTimeoutCtr = 0;
2441}
2442
2443
2444SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2445{
2446 u8 rsc[WPA_KEY_RSC_LEN];
2447 struct wpa_group *gsm = sm->group;
e41e4f9e
JM		 2448 const u8 *kde;
2449 u8 *kde_buf = NULL, *pos, hdr[2];
6fc6879b 2450 size_t kde_len;
83421850 2451 u8 *gtk, dummy_gtk[32];
6fc6879b
JM		 2452
2453 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
bae61562
JM		 2454
2455 sm->GTimeoutCtr++;
2456 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2457 /* No point in sending the EAPOL-Key - we will disconnect
2458 * immediately following this. */
2459 return;
2460 }
2461
6fc6879b
JM		 2462 if (sm->wpa == WPA_VERSION_WPA)
2463 sm->PInitAKeys = FALSE;
2464 sm->TimeoutEvt = FALSE;
2465 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2466 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2467 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2468 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2469 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2470 "sending 1/2 msg of Group Key Handshake");
2471
83421850
JM		 2472 gtk = gsm->GTK[gsm->GN - 1];
2473 if (sm->wpa_auth->conf.disable_gtk) {
2474 /*
2475 * Provide unique random GTK to each STA to prevent use
2476 * of GTK in the BSS.
2477 */
2478 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
2479 return;
2480 gtk = dummy_gtk;
2481 }
6fc6879b
JM		 2482 if (sm->wpa == WPA_VERSION_WPA2) {
2483 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2484 ieee80211w_kde_len(sm);
e41e4f9e
JM		 2485 kde_buf = os_malloc(kde_len);
2486 if (kde_buf == NULL)
6fc6879b
JM		 2487 return;
2488
e41e4f9e 2489 kde = pos = kde_buf;
6fc6879b
JM		 2490 hdr[0] = gsm->GN & 0x03;
2491 hdr[1] = 0;
2492 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
83421850 2493 gtk, gsm->GTK_len);
6fc6879b 2494 pos = ieee80211w_kde_add(sm, pos);
e41e4f9e 2495 kde_len = pos - kde;
6fc6879b 2496 } else {
83421850 2497 kde = gtk;
e41e4f9e 2498 kde_len = gsm->GTK_len;
6fc6879b
JM		 2499 }
2500
2501 wpa_send_eapol(sm->wpa_auth, sm,
2502 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
2503 WPA_KEY_INFO_ACK |
2504 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
e41e4f9e
JM		 2505 rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1);
2506
2507 os_free(kde_buf);
6fc6879b
JM		 2508}
2509
2510
2511SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2512{
2513 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2514 sm->EAPOLKeyReceived = FALSE;
2515 if (sm->GUpdateStationKeys)
2516 sm->group->GKeyDoneStations--;
2517 sm->GUpdateStationKeys = FALSE;
2518 sm->GTimeoutCtr = 0;
2519 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2520 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2521 "group key handshake completed (%s)",
2522 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2523 sm->has_GTK = TRUE;
2524}
2525
2526
2527SM_STATE(WPA_PTK_GROUP, KEYERROR)
2528{
2529 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2530 if (sm->GUpdateStationKeys)
2531 sm->group->GKeyDoneStations--;
2532 sm->GUpdateStationKeys = FALSE;
2533 sm->Disconnect = TRUE;
2534}
2535
2536
2537SM_STEP(WPA_PTK_GROUP)
2538{
9663596f 2539 if (sm->Init || sm->PtkGroupInit) {
6fc6879b 2540 SM_ENTER(WPA_PTK_GROUP, IDLE);
9663596f
JM		 2541 sm->PtkGroupInit = FALSE;
2542 } else switch (sm->wpa_ptk_group_state) {
6fc6879b
JM		 2543 case WPA_PTK_GROUP_IDLE:
2544 if (sm->GUpdateStationKeys ||
2545 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2546 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2547 break;
2548 case WPA_PTK_GROUP_REKEYNEGOTIATING:
2549 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2550 !sm->EAPOLKeyPairwise && sm->MICVerified)
2551 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2552 else if (sm->GTimeoutCtr >
2553 (int) dot11RSNAConfigGroupUpdateCount)
2554 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2555 else if (sm->TimeoutEvt)
2556 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2557 break;
2558 case WPA_PTK_GROUP_KEYERROR:
2559 SM_ENTER(WPA_PTK_GROUP, IDLE);
2560 break;
2561 case WPA_PTK_GROUP_REKEYESTABLISHED:
2562 SM_ENTER(WPA_PTK_GROUP, IDLE);
2563 break;
2564 }
2565}
2566
2567
2568static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2569 struct wpa_group *group)
2570{
2571 int ret = 0;
2572
6fc6879b
JM		 2573 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2574 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2575 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2576 wpa_auth->addr, group->GNonce,
2577 group->GTK[group->GN - 1], group->GTK_len) < 0)
2578 ret = -1;
5cb9d5c3
JM		 2579 wpa_hexdump_key(MSG_DEBUG, "GTK",
2580 group->GTK[group->GN - 1], group->GTK_len);
6fc6879b
JM		 2581
2582#ifdef CONFIG_IEEE80211W
70f8cc8e 2583 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
8dd9f9cd
JM		 2584 size_t len;
2585 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
5cb9d5c3
JM		 2586 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2587 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2588 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2589 wpa_auth->addr, group->GNonce,
8dd9f9cd 2590 group->IGTK[group->GN_igtk - 4], len) < 0)
3c7302c2 2591 ret = -1;
6fc6879b 2592 wpa_hexdump_key(MSG_DEBUG, "IGTK",
8dd9f9cd 2593 group->IGTK[group->GN_igtk - 4], len);
6fc6879b
JM		 2594 }
2595#endif /* CONFIG_IEEE80211W */
2596
2597 return ret;
2598}
2599
2600
2601static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2602 struct wpa_group *group)
2603{
2604 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2605 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2606 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2607 group->wpa_group_state = WPA_GROUP_GTK_INIT;
2608
2609 /* GTK[0..N] = 0 */
2610 os_memset(group->GTK, 0, sizeof(group->GTK));
2611 group->GN = 1;
2612 group->GM = 2;
2613#ifdef CONFIG_IEEE80211W
2614 group->GN_igtk = 4;
2615 group->GM_igtk = 5;
2616#endif /* CONFIG_IEEE80211W */
2617 /* GTK[GN] = CalcGTK() */
2618 wpa_gtk_update(wpa_auth, group);
2619}
2620
2621
2622static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2623{
473b6f22
MB		 2624 if (ctx != NULL && ctx != sm->group)
2625 return 0;
2626
6fc6879b
JM		 2627 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2628 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2629 "Not in PTKINITDONE; skip Group Key update");
3c183894 2630 sm->GUpdateStationKeys = FALSE;
6fc6879b
JM		 2631 return 0;
2632 }
9663596f
JM		 2633 if (sm->GUpdateStationKeys) {
2634 /*
3c183894
JM		 2635 * This should not really happen, so add a debug log entry.
2636 * Since we clear the GKeyDoneStations before the loop, the
2637 * station needs to be counted here anyway.
9663596f
JM		 2638 */
2639 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3c183894
JM		 2640 "GUpdateStationKeys was already set when "
2641 "marking station for GTK rekeying");
9663596f 2642 }
3c183894 2643
ad3872a3 2644 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
d32d94db
XC		 2645 if (sm->is_wnmsleep)
2646 return 0;
d32d94db 2647
3c183894
JM		 2648 sm->group->GKeyDoneStations++;
2649 sm->GUpdateStationKeys = TRUE;
2650
6fc6879b
JM		 2651 wpa_sm_step(sm);
2652 return 0;
2653}
2654
2655
ad3872a3
JM		 2656#ifdef CONFIG_WNM
2657/* update GTK when exiting WNM-Sleep Mode */
d32d94db
XC		 2658void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
2659{
629edfef 2660 if (sm == NULL || sm->is_wnmsleep)
d32d94db
XC		 2661 return;
2662
2663 wpa_group_update_sta(sm, NULL);
2664}
2665
2666
2667void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
2668{
629edfef
JM		 2669 if (sm)
2670 sm->is_wnmsleep = !!flag;
d32d94db
XC		 2671}
2672
2673
2674int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2675{
d32d94db 2676 struct wpa_group *gsm = sm->group;
835822d4 2677 u8 *start = pos;
d32d94db
XC		 2678
2679 /*
835822d4 2680 * GTK subelement:
d32d94db 2681 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
835822d4 2682 * Key[5..32]
d32d94db 2683 */
835822d4
JM		 2684 *pos++ = WNM_SLEEP_SUBELEM_GTK;
2685 *pos++ = 11 + gsm->GTK_len;
d32d94db 2686 /* Key ID in B0-B1 of Key Info */
835822d4
JM		 2687 WPA_PUT_LE16(pos, gsm->GN & 0x03);
2688 pos += 2;
2689 *pos++ = gsm->GTK_len;
2690 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
d32d94db 2691 return 0;
835822d4
JM		 2692 pos += 8;
2693 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2694 pos += gsm->GTK_len;
d32d94db 2695
835822d4
JM		 2696 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
2697 gsm->GN);
2698 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
d32d94db 2699 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
d32d94db 2700
835822d4 2701 return pos - start;
d32d94db
XC		 2702}
2703
2704
2705#ifdef CONFIG_IEEE80211W
2706int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2707{
d32d94db 2708 struct wpa_group *gsm = sm->group;
835822d4 2709 u8 *start = pos;
8dd9f9cd 2710 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
d32d94db 2711
835822d4
JM		 2712 /*
2713 * IGTK subelement:
2714 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
2715 */
2716 *pos++ = WNM_SLEEP_SUBELEM_IGTK;
8dd9f9cd 2717 *pos++ = 2 + 6 + len;
835822d4
JM		 2718 WPA_PUT_LE16(pos, gsm->GN_igtk);
2719 pos += 2;
2720 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
d32d94db 2721 return 0;
835822d4 2722 pos += 6;
d32d94db 2723
8dd9f9cd
JM		 2724 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
2725 pos += len;
d32d94db 2726
835822d4
JM		 2727 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
2728 gsm->GN_igtk);
2729 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
8dd9f9cd 2730 gsm->IGTK[gsm->GN_igtk - 4], len);
d32d94db 2731
835822d4 2732 return pos - start;
d32d94db
XC		 2733}
2734#endif /* CONFIG_IEEE80211W */
ad3872a3 2735#endif /* CONFIG_WNM */
d32d94db
XC		 2736
2737
6fc6879b
JM		 2738static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2739 struct wpa_group *group)
2740{
2741 int tmp;
2742
2743 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2744 "SETKEYS (VLAN-ID %d)", group->vlan_id);
2745 group->changed = TRUE;
2746 group->wpa_group_state = WPA_GROUP_SETKEYS;
2747 group->GTKReKey = FALSE;
2748 tmp = group->GM;
2749 group->GM = group->GN;
2750 group->GN = tmp;
2751#ifdef CONFIG_IEEE80211W
2752 tmp = group->GM_igtk;
2753 group->GM_igtk = group->GN_igtk;
2754 group->GN_igtk = tmp;
2755#endif /* CONFIG_IEEE80211W */
2756 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2757 * counting the STAs that are marked with GUpdateStationKeys instead of
2758 * including all STAs that could be in not-yet-completed state. */
2759 wpa_gtk_update(wpa_auth, group);
2760
3c183894
JM		 2761 if (group->GKeyDoneStations) {
2762 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
2763 "GKeyDoneStations=%d when starting new GTK rekey",
2764 group->GKeyDoneStations);
2765 group->GKeyDoneStations = 0;
2766 }
473b6f22 2767 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
6fc6879b
JM		 2768 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2769 group->GKeyDoneStations);
2770}
2771
2772
1bdb7ab3
JM		 2773static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
2774 struct wpa_group *group)
6fc6879b 2775{
3c7302c2
JM		 2776 int ret = 0;
2777
3c7302c2 2778 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
c3550295 2779 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
0382097e
JM		 2780 broadcast_ether_addr, group->GN,
2781 group->GTK[group->GN - 1], group->GTK_len) < 0)
3c7302c2 2782 ret = -1;
6fc6879b
JM		 2783
2784#ifdef CONFIG_IEEE80211W
8dd9f9cd
JM		 2785 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2786 enum wpa_alg alg;
2787 size_t len;
2788
2789 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
2790 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2791
2792 if (ret == 0 &&
2793 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
2794 broadcast_ether_addr, group->GN_igtk,
2795 group->IGTK[group->GN_igtk - 4], len) < 0)
2796 ret = -1;
2797 }
6fc6879b 2798#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 2799
2800 return ret;
6fc6879b
JM		 2801}
2802
2803
7d7f7be2
JM		 2804static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
2805{
2806 if (sm->group == ctx) {
2807 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
2808 " for discconnection due to fatal failure",
2809 MAC2STR(sm->addr));
2810 sm->Disconnect = TRUE;
2811 }
2812
2813 return 0;
2814}
2815
2816
2817static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
2818 struct wpa_group *group)
2819{
2820 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
2821 group->changed = TRUE;
2822 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
2823 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
2824}
2825
2826
1bdb7ab3
JM		 2827static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2828 struct wpa_group *group)
2829{
2830 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2831 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2832 group->changed = TRUE;
2833 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2834
7d7f7be2
JM		 2835 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
2836 wpa_group_fatal_failure(wpa_auth, group);
1bdb7ab3 2837 return -1;
7d7f7be2 2838 }
1bdb7ab3
JM		 2839
2840 return 0;
2841}
2842
2843
6fc6879b
JM		 2844static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2845 struct wpa_group *group)
2846{
2847 if (group->GInit) {
2848 wpa_group_gtk_init(wpa_auth, group);
7d7f7be2
JM		 2849 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
2850 /* Do not allow group operations */
6fc6879b
JM		 2851 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2852 group->GTKAuthenticator) {
2853 wpa_group_setkeysdone(wpa_auth, group);
2854 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2855 group->GTKReKey) {
2856 wpa_group_setkeys(wpa_auth, group);
2857 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2858 if (group->GKeyDoneStations == 0)
2859 wpa_group_setkeysdone(wpa_auth, group);
2860 else if (group->GTKReKey)
2861 wpa_group_setkeys(wpa_auth, group);
2862 }
2863}
2864
2865
e4a6ea1d 2866static int wpa_sm_step(struct wpa_state_machine *sm)
6fc6879b
JM		 2867{
2868 if (sm == NULL)
e4a6ea1d 2869 return 0;
6fc6879b
JM		 2870
2871 if (sm->in_step_loop) {
2872 /* This should not happen, but if it does, make sure we do not
2873 * end up freeing the state machine too early by exiting the
2874 * recursive call. */
2875 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
e4a6ea1d 2876 return 0;
6fc6879b
JM		 2877 }
2878
2879 sm->in_step_loop = 1;
2880 do {
2881 if (sm->pending_deinit)
2882 break;
2883
2884 sm->changed = FALSE;
2885 sm->wpa_auth->group->changed = FALSE;
2886
2887 SM_STEP_RUN(WPA_PTK);
2888 if (sm->pending_deinit)
2889 break;
2890 SM_STEP_RUN(WPA_PTK_GROUP);
2891 if (sm->pending_deinit)
2892 break;
2893 wpa_group_sm_step(sm->wpa_auth, sm->group);
2894 } while (sm->changed || sm->wpa_auth->group->changed);
2895 sm->in_step_loop = 0;
2896
2897 if (sm->pending_deinit) {
2898 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2899 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2900 wpa_free_sta_sm(sm);
e4a6ea1d 2901 return 1;
6fc6879b 2902 }
e4a6ea1d 2903 return 0;
6fc6879b
JM		 2904}
2905
2906
2907static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2908{
2909 struct wpa_state_machine *sm = eloop_ctx;
2910 wpa_sm_step(sm);
2911}
2912
2913
2914void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2915{
2916 if (sm == NULL)
2917 return;
2918 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2919}
2920
2921
2922void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2923{
2924 int tmp, i;
2925 struct wpa_group *group;
2926
2927 if (wpa_auth == NULL)
2928 return;
2929
2930 group = wpa_auth->group;
2931
2932 for (i = 0; i < 2; i++) {
2933 tmp = group->GM;
2934 group->GM = group->GN;
2935 group->GN = tmp;
2936#ifdef CONFIG_IEEE80211W
2937 tmp = group->GM_igtk;
2938 group->GM_igtk = group->GN_igtk;
2939 group->GN_igtk = tmp;
2940#endif /* CONFIG_IEEE80211W */
2941 wpa_gtk_update(wpa_auth, group);
9354e594 2942 wpa_group_config_group_keys(wpa_auth, group);
6fc6879b
JM		 2943 }
2944}
2945
2946
2947static const char * wpa_bool_txt(int bool)
2948{
2949 return bool ? "TRUE" : "FALSE";
2950}
2951
2952
6fc6879b
JM		 2953#define RSN_SUITE "%02x-%02x-%02x-%d"
2954#define RSN_SUITE_ARG(s) \
2955((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2956
2957int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2958{
2959 int len = 0, ret;
2960 char pmkid_txt[PMKID_LEN * 2 + 1];
8ce58ceb
IH		 2961#ifdef CONFIG_RSN_PREAUTH
2962 const int preauth = 1;
2963#else /* CONFIG_RSN_PREAUTH */
2964 const int preauth = 0;
2965#endif /* CONFIG_RSN_PREAUTH */
6fc6879b
JM		 2966
2967 if (wpa_auth == NULL)
2968 return len;
2969
2970 ret = os_snprintf(buf + len, buflen - len,
2971 "dot11RSNAOptionImplemented=TRUE\n"
8ce58ceb 2972 "dot11RSNAPreauthenticationImplemented=%s\n"
6fc6879b
JM		 2973 "dot11RSNAEnabled=%s\n"
2974 "dot11RSNAPreauthenticationEnabled=%s\n",
8ce58ceb 2975 wpa_bool_txt(preauth),
6fc6879b
JM		 2976 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2977 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
d85e1fc8 2978 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 2979 return len;
2980 len += ret;
2981
2982 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2983 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2984
2985 ret = os_snprintf(
2986 buf + len, buflen - len,
2987 "dot11RSNAConfigVersion=%u\n"
2988 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2989 /* FIX: dot11RSNAConfigGroupCipher */
2990 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2991 /* FIX: dot11RSNAConfigGroupRekeyTime */
2992 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2993 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2994 "dot11RSNAConfigGroupUpdateCount=%u\n"
2995 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2996 "dot11RSNAConfigGroupCipherSize=%u\n"
2997 "dot11RSNAConfigPMKLifetime=%u\n"
2998 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2999 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
3000 "dot11RSNAConfigSATimeout=%u\n"
3001 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3002 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3003 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3004 "dot11RSNAPMKIDUsed=%s\n"
3005 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3006 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3007 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3008 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
3009 "dot11RSNA4WayHandshakeFailures=%u\n"
3010 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
3011 RSN_VERSION,
3012 !!wpa_auth->conf.wpa_strict_rekey,
3013 dot11RSNAConfigGroupUpdateCount,
3014 dot11RSNAConfigPairwiseUpdateCount,
c3550295 3015 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
6fc6879b
JM		 3016 dot11RSNAConfigPMKLifetime,
3017 dot11RSNAConfigPMKReauthThreshold,
3018 dot11RSNAConfigSATimeout,
3019 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
3020 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
3021 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
3022 pmkid_txt,
3023 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
3024 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
3025 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
3026 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
3027 wpa_auth->dot11RSNA4WayHandshakeFailures);
d85e1fc8 3028 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3029 return len;
3030 len += ret;
3031
3032 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
3033 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
3034
3035 /* Private MIB */
3036 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
3037 wpa_auth->group->wpa_group_state);
d85e1fc8 3038 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3039 return len;
3040 len += ret;
3041
3042 return len;
3043}
3044
3045
3046int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
3047{
3048 int len = 0, ret;
3049 u32 pairwise = 0;
3050
3051 if (sm == NULL)
3052 return 0;
3053
3054 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
3055
3056 /* dot11RSNAStatsEntry */
3057
c3550295
JM		 3058 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
3059 WPA_PROTO_RSN : WPA_PROTO_WPA,
3060 sm->pairwise);
3061 if (pairwise == 0)
6fc6879b
JM		 3062 return 0;
3063
3064 ret = os_snprintf(
3065 buf + len, buflen - len,
3066 /* TODO: dot11RSNAStatsIndex */
3067 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
3068 "dot11RSNAStatsVersion=1\n"
3069 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
3070 /* TODO: dot11RSNAStatsTKIPICVErrors */
3071 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
d9040cdb 3072 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
6fc6879b
JM		 3073 /* TODO: dot11RSNAStatsCCMPReplays */
3074 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
3075 /* TODO: dot11RSNAStatsTKIPReplays */,
3076 MAC2STR(sm->addr),
3077 RSN_SUITE_ARG(pairwise),
3078 sm->dot11RSNAStatsTKIPLocalMICFailures,
3079 sm->dot11RSNAStatsTKIPRemoteMICFailures);
d85e1fc8 3080 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3081 return len;
3082 len += ret;
3083
3084 /* Private MIB */
3085 ret = os_snprintf(buf + len, buflen - len,
3086 "hostapdWPAPTKState=%d\n"
3087 "hostapdWPAPTKGroupState=%d\n",
3088 sm->wpa_ptk_state,
3089 sm->wpa_ptk_group_state);
d85e1fc8 3090 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3091 return len;
3092 len += ret;
3093
3094 return len;
3095}
3096
3097
3098void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
3099{
3100 if (wpa_auth)
3101 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
3102}
3103
3104
3105int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
3106{
3107 return sm && sm->pairwise_set;
3108}
3109
3110
ff36ff00
JM		 3111int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
3112{
3113 return sm->pairwise;
3114}
3115
3116
6fc6879b
JM		 3117int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
3118{
3119 if (sm == NULL)
3120 return -1;
3121 return sm->wpa_key_mgmt;
3122}
3123
3124
3125int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3126{
3127 if (sm == NULL)
3128 return 0;
3129 return sm->wpa;
3130}
3131
3132
3133int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3134 struct rsn_pmksa_cache_entry *entry)
3135{
3136 if (sm == NULL || sm->pmksa != entry)
3137 return -1;
3138 sm->pmksa = NULL;
3139 return 0;
3140}
3141
3142
3143struct rsn_pmksa_cache_entry *
3144wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3145{
3146 return sm ? sm->pmksa : NULL;
3147}
3148
3149
3150void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
3151{
3152 if (sm)
3153 sm->dot11RSNAStatsTKIPLocalMICFailures++;
3154}
3155
3156
3157const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
3158{
3159 if (wpa_auth == NULL)
3160 return NULL;
3161 *len = wpa_auth->wpa_ie_len;
3162 return wpa_auth->wpa_ie;
3163}
3164
3165
3166int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
3167 int session_timeout, struct eapol_state_machine *eapol)
3168{
cb465555
JM		 3169 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
3170 sm->wpa_auth->conf.disable_pmksa_caching)
6fc6879b
JM		 3171 return -1;
3172
4bb081f1 3173 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
087a1f4e 3174 sm->PTK.kck, sizeof(sm->PTK.kck),
4bb081f1
JM		 3175 sm->wpa_auth->addr, sm->addr, session_timeout,
3176 eapol, sm->wpa_key_mgmt))
6fc6879b
JM		 3177 return 0;
3178
3179 return -1;
3180}
3181
3182
3183int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
3184 const u8 *pmk, size_t len, const u8 *sta_addr,
3185 int session_timeout,
3186 struct eapol_state_machine *eapol)
3187{
3188 if (wpa_auth == NULL)
3189 return -1;
3190
087a1f4e
JM		 3191 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len,
3192 NULL, 0,
3193 wpa_auth->addr,
4bb081f1
JM		 3194 sta_addr, session_timeout, eapol,
3195 WPA_KEY_MGMT_IEEE8021X))
6fc6879b
JM		 3196 return 0;
3197
3198 return -1;
3199}
3200
3201
f2991170
JM		 3202int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
3203 const u8 *pmk)
3204{
3205 if (wpa_auth->conf.disable_pmksa_caching)
3206 return -1;
3207
3208 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN,
087a1f4e 3209 NULL, 0,
f2991170
JM		 3210 wpa_auth->addr, addr, 0, NULL,
3211 WPA_KEY_MGMT_SAE))
3212 return 0;
3213
3214 return -1;
3215}
3216
3217
901d1fe1
JM		 3218void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
3219 const u8 *sta_addr)
3220{
3221 struct rsn_pmksa_cache_entry *pmksa;
3222
3223 if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
3224 return;
3225 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3226 if (pmksa) {
3227 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
3228 MACSTR " based on request", MAC2STR(sta_addr));
3229 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
3230 }
3231}
3232
3233
6fc6879b
JM		 3234static struct wpa_group *
3235wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3236{
3237 struct wpa_group *group;
3238
3239 if (wpa_auth == NULL || wpa_auth->group == NULL)
3240 return NULL;
3241
3242 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
3243 vlan_id);
bdffdc5d 3244 group = wpa_group_init(wpa_auth, vlan_id, 0);
6fc6879b
JM		 3245 if (group == NULL)
3246 return NULL;
3247
3248 group->next = wpa_auth->group->next;
3249 wpa_auth->group->next = group;
3250
3251 return group;
3252}
3253
3254
3255int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
3256{
3257 struct wpa_group *group;
3258
3259 if (sm == NULL || sm->wpa_auth == NULL)
3260 return 0;
3261
3262 group = sm->wpa_auth->group;
3263 while (group) {
3264 if (group->vlan_id == vlan_id)
3265 break;
3266 group = group->next;
3267 }
3268
3269 if (group == NULL) {
3270 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
3271 if (group == NULL)
3272 return -1;
3273 }
3274
3275 if (sm->group == group)
3276 return 0;
3277
7d7f7be2
JM		 3278 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3279 return -1;
3280
6fc6879b
JM		 3281 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
3282 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
3283
3284 sm->group = group;
3285 return 0;
3286}
e4bf4db9
JM		 3287
3288
3289void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
3290 struct wpa_state_machine *sm, int ack)
3291{
3292 if (wpa_auth == NULL || sm == NULL)
3293 return;
3294 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
3295 " ack=%d", MAC2STR(sm->addr), ack);
3296 if (sm->pending_1_of_4_timeout && ack) {
3297 /*
3298 * Some deployed supplicant implementations update their SNonce
3299 * for each EAPOL-Key 2/4 message even within the same 4-way
3300 * handshake and then fail to use the first SNonce when
3301 * deriving the PTK. This results in unsuccessful 4-way
3302 * handshake whenever the relatively short initial timeout is
3303 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
3304 * around this by increasing the timeout now that we know that
3305 * the station has received the frame.
3306 */
3307 int timeout_ms = eapol_key_timeout_subseq;
3308 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
3309 "timeout by %u ms because of acknowledged frame",
3310 timeout_ms);
3311 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
3312 eloop_register_timeout(timeout_ms / 1000,
3313 (timeout_ms % 1000) * 1000,
3314 wpa_send_eapol_timeout, wpa_auth, sm);
3315 }
3316}
c10347f2
JM		 3317
3318
3319int wpa_auth_uses_sae(struct wpa_state_machine *sm)
3320{
3321 if (sm == NULL)
3322 return 0;
3323 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
3324}
aa189ac9
JM		 3325
3326
3327int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
3328{
3329 if (sm == NULL)
3330 return 0;
3331 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
3332}
25ef8529
JM		 3333
3334
3335#ifdef CONFIG_P2P
3336int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
3337{
3338 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
3339 return -1;
3340 os_memcpy(addr, sm->ip_addr, 4);
3341 return 0;
3342}
3343#endif /* CONFIG_P2P */
cbc210de
JM		 3344
3345
3346int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
3347 struct radius_das_attrs *attr)
3348{
3349 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
3350}
Unnamed repository; edit this file 'description' to name the repository.