]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
wlantest: Update STA State based on broadcast Deauth/Disassoc
[thirdparty/hostap.git] / src / ap / wpa_auth.c
CommitLineData
6fc6879b
JM		 1/*
2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
e6965d4e 3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
6fc6879b
JM		 4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
6226e38d 15#include "utils/includes.h"
6fc6879b 16
6226e38d
JM		 17#include "utils/common.h"
18#include "utils/eloop.h"
19#include "utils/state_machine.h"
81f4f619 20#include "common/ieee802_11_defs.h"
03da66bd
JM		 21#include "crypto/aes_wrap.h"
22#include "crypto/crypto.h"
23#include "crypto/sha1.h"
24#include "crypto/sha256.h"
281c950b 25#include "eapol_auth/eapol_auth_sm.h"
6226e38d 26#include "ap_config.h"
6fc6879b 27#include "ieee802_11.h"
6226e38d
JM		 28#include "wpa_auth.h"
29#include "pmksa_cache_auth.h"
6fc6879b
JM		 30#include "wpa_auth_i.h"
31#include "wpa_auth_ie.h"
32
33#define STATE_MACHINE_DATA struct wpa_state_machine
34#define STATE_MACHINE_DEBUG_PREFIX "WPA"
35#define STATE_MACHINE_ADDR sm->addr
36
37
38static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
e4a6ea1d 39static int wpa_sm_step(struct wpa_state_machine *sm);
6fc6879b
JM		 40static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
41static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
42static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
43 struct wpa_group *group);
581a8cde 44static void wpa_request_new_ptk(struct wpa_state_machine *sm);
e6965d4e
JM		 45static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
46 struct wpa_group *group);
6fc6879b 47
bae61562
JM		 48static const u32 dot11RSNAConfigGroupUpdateCount = 4;
49static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
50static const u32 eapol_key_timeout_first = 100; /* ms */
51static const u32 eapol_key_timeout_subseq = 1000; /* ms */
6fc6879b
JM		 52
53/* TODO: make these configurable */
54static const int dot11RSNAConfigPMKLifetime = 43200;
55static const int dot11RSNAConfigPMKReauthThreshold = 70;
56static const int dot11RSNAConfigSATimeout = 60;
57
58
59static inline void wpa_auth_mic_failure_report(
60 struct wpa_authenticator *wpa_auth, const u8 *addr)
61{
62 if (wpa_auth->cb.mic_failure_report)
63 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
64}
65
66
67static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
68 const u8 *addr, wpa_eapol_variable var,
69 int value)
70{
71 if (wpa_auth->cb.set_eapol)
72 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
73}
74
75
76static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
77 const u8 *addr, wpa_eapol_variable var)
78{
79 if (wpa_auth->cb.get_eapol == NULL)
80 return -1;
81 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
82}
83
84
85static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
86 const u8 *addr, const u8 *prev_psk)
87{
88 if (wpa_auth->cb.get_psk == NULL)
89 return NULL;
90 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
91}
92
93
94static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
95 const u8 *addr, u8 *msk, size_t *len)
96{
97 if (wpa_auth->cb.get_msk == NULL)
98 return -1;
99 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
100}
101
102
103static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
104 int vlan_id,
71934751 105 enum wpa_alg alg, const u8 *addr, int idx,
6fc6879b
JM		 106 u8 *key, size_t key_len)
107{
108 if (wpa_auth->cb.set_key == NULL)
109 return -1;
110 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
111 key, key_len);
112}
113
114
115static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
116 const u8 *addr, int idx, u8 *seq)
117{
118 if (wpa_auth->cb.get_seqnum == NULL)
119 return -1;
120 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
121}
122
123
6fc6879b
JM		 124static inline int
125wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
126 const u8 *data, size_t data_len, int encrypt)
127{
128 if (wpa_auth->cb.send_eapol == NULL)
129 return -1;
130 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
131 encrypt);
132}
133
134
135int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
136 int (*cb)(struct wpa_state_machine *sm, void *ctx),
137 void *cb_ctx)
138{
139 if (wpa_auth->cb.for_each_sta == NULL)
140 return 0;
141 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
142}
143
144
bf98f7f3
JM		 145int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
146 int (*cb)(struct wpa_authenticator *a, void *ctx),
147 void *cb_ctx)
148{
149 if (wpa_auth->cb.for_each_auth == NULL)
150 return 0;
151 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
152}
153
154
6fc6879b
JM		 155void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
156 logger_level level, const char *txt)
157{
158 if (wpa_auth->cb.logger == NULL)
159 return;
160 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
161}
162
163
164void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
165 logger_level level, const char *fmt, ...)
166{
167 char *format;
168 int maxlen;
169 va_list ap;
170
171 if (wpa_auth->cb.logger == NULL)
172 return;
173
174 maxlen = os_strlen(fmt) + 100;
175 format = os_malloc(maxlen);
176 if (!format)
177 return;
178
179 va_start(ap, fmt);
180 vsnprintf(format, maxlen, fmt, ap);
181 va_end(ap);
182
183 wpa_auth_logger(wpa_auth, addr, level, format);
184
185 os_free(format);
186}
187
188
189static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
190 const u8 *addr)
191{
192 if (wpa_auth->cb.disconnect == NULL)
193 return;
194 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
195 WLAN_REASON_PREV_AUTH_NOT_VALID);
196}
197
198
199static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
200{
56586197 201 int ret = 0;
6fc6879b 202#ifdef CONFIG_IEEE80211R
56586197
JM		 203 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
204 ret = 1;
6fc6879b 205#endif /* CONFIG_IEEE80211R */
56586197
JM		 206#ifdef CONFIG_IEEE80211W
207 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
208 ret = 1;
209#endif /* CONFIG_IEEE80211W */
210 return ret;
6fc6879b
JM		 211}
212
213
214static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
215{
216 struct wpa_authenticator *wpa_auth = eloop_ctx;
217
218 if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) {
219 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
220 "initialization.");
221 } else {
222 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
5cb9d5c3
JM		 223 wpa_hexdump_key(MSG_DEBUG, "GMK",
224 wpa_auth->group->GMK, WPA_GMK_LEN);
6fc6879b
JM		 225 }
226
227 if (wpa_auth->conf.wpa_gmk_rekey) {
228 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
229 wpa_rekey_gmk, wpa_auth, NULL);
230 }
231}
232
233
234static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
235{
236 struct wpa_authenticator *wpa_auth = eloop_ctx;
237 struct wpa_group *group;
238
239 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
240 for (group = wpa_auth->group; group; group = group->next) {
241 group->GTKReKey = TRUE;
242 do {
243 group->changed = FALSE;
244 wpa_group_sm_step(wpa_auth, group);
245 } while (group->changed);
246 }
247
248 if (wpa_auth->conf.wpa_group_rekey) {
249 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
250 0, wpa_rekey_gtk, wpa_auth, NULL);
251 }
252}
253
254
581a8cde
JM		 255static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
256{
257 struct wpa_authenticator *wpa_auth = eloop_ctx;
258 struct wpa_state_machine *sm = timeout_ctx;
259
260 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
261 wpa_request_new_ptk(sm);
262 wpa_sm_step(sm);
263}
264
265
6fc6879b
JM		 266static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
267{
268 if (sm->pmksa == ctx)
269 sm->pmksa = NULL;
270 return 0;
271}
272
273
274static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
275 void *ctx)
276{
277 struct wpa_authenticator *wpa_auth = ctx;
278 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
279}
280
281
e6965d4e 282static void wpa_group_set_key_len(struct wpa_group *group, int cipher)
6fc6879b 283{
e6965d4e 284 switch (cipher) {
6fc6879b
JM		 285 case WPA_CIPHER_CCMP:
286 group->GTK_len = 16;
287 break;
288 case WPA_CIPHER_TKIP:
289 group->GTK_len = 32;
290 break;
291 case WPA_CIPHER_WEP104:
292 group->GTK_len = 13;
293 break;
294 case WPA_CIPHER_WEP40:
295 group->GTK_len = 5;
296 break;
297 }
e6965d4e
JM		 298}
299
300
301static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
302 int vlan_id)
303{
304 struct wpa_group *group;
305 u8 buf[ETH_ALEN + 8 + sizeof(group)];
306 u8 rkey[32];
307
308 group = os_zalloc(sizeof(struct wpa_group));
309 if (group == NULL)
310 return NULL;
311
312 group->GTKAuthenticator = TRUE;
313 group->vlan_id = vlan_id;
314
315 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
6fc6879b
JM		 316
317 /* Counter = PRF-256(Random number, "Init Counter",
318 * Local MAC Address || Time)
319 */
320 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
321 wpa_get_ntp_timestamp(buf + ETH_ALEN);
322 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
323 if (os_get_random(rkey, sizeof(rkey)) ||
324 os_get_random(group->GMK, WPA_GMK_LEN)) {
325 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
326 "initialization.");
327 os_free(group);
328 return NULL;
329 }
5cb9d5c3 330 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
6fc6879b
JM		 331
332 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
333 group->Counter, WPA_NONCE_LEN);
5cb9d5c3
JM		 334 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
335 group->Counter, WPA_NONCE_LEN);
6fc6879b
JM		 336
337 group->GInit = TRUE;
338 wpa_group_sm_step(wpa_auth, group);
339 group->GInit = FALSE;
340 wpa_group_sm_step(wpa_auth, group);
341
342 return group;
343}
344
345
346/**
347 * wpa_init - Initialize WPA authenticator
348 * @addr: Authenticator address
349 * @conf: Configuration for WPA authenticator
a17df5fb 350 * @cb: Callback functions for WPA authenticator
6fc6879b
JM		 351 * Returns: Pointer to WPA authenticator data or %NULL on failure
352 */
353struct wpa_authenticator * wpa_init(const u8 *addr,
354 struct wpa_auth_config *conf,
355 struct wpa_auth_callbacks *cb)
356{
357 struct wpa_authenticator *wpa_auth;
358
359 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
360 if (wpa_auth == NULL)
361 return NULL;
362 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
363 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
364 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
365
366 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
367 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
368 os_free(wpa_auth);
369 return NULL;
370 }
371
372 wpa_auth->group = wpa_group_init(wpa_auth, 0);
373 if (wpa_auth->group == NULL) {
374 os_free(wpa_auth->wpa_ie);
375 os_free(wpa_auth);
376 return NULL;
377 }
378
4bb081f1
JM		 379 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
380 wpa_auth);
6fc6879b
JM		 381 if (wpa_auth->pmksa == NULL) {
382 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
383 os_free(wpa_auth->wpa_ie);
384 os_free(wpa_auth);
385 return NULL;
386 }
387
388#ifdef CONFIG_IEEE80211R
389 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
390 if (wpa_auth->ft_pmk_cache == NULL) {
391 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
392 os_free(wpa_auth->wpa_ie);
4bb081f1 393 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 394 os_free(wpa_auth);
395 return NULL;
396 }
397#endif /* CONFIG_IEEE80211R */
398
399 if (wpa_auth->conf.wpa_gmk_rekey) {
400 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
401 wpa_rekey_gmk, wpa_auth, NULL);
402 }
403
404 if (wpa_auth->conf.wpa_group_rekey) {
405 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
406 wpa_rekey_gtk, wpa_auth, NULL);
407 }
408
409 return wpa_auth;
410}
411
412
413/**
414 * wpa_deinit - Deinitialize WPA authenticator
415 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
416 */
417void wpa_deinit(struct wpa_authenticator *wpa_auth)
418{
419 struct wpa_group *group, *prev;
420
421 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
422 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
423
424#ifdef CONFIG_PEERKEY
425 while (wpa_auth->stsl_negotiations)
426 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
427#endif /* CONFIG_PEERKEY */
428
4bb081f1 429 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 430
431#ifdef CONFIG_IEEE80211R
432 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
433 wpa_auth->ft_pmk_cache = NULL;
434#endif /* CONFIG_IEEE80211R */
435
436 os_free(wpa_auth->wpa_ie);
437
438 group = wpa_auth->group;
439 while (group) {
440 prev = group;
441 group = group->next;
442 os_free(prev);
443 }
444
445 os_free(wpa_auth);
446}
447
448
449/**
450 * wpa_reconfig - Update WPA authenticator configuration
451 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
452 * @conf: Configuration for WPA authenticator
453 */
454int wpa_reconfig(struct wpa_authenticator *wpa_auth,
455 struct wpa_auth_config *conf)
456{
e6965d4e 457 struct wpa_group *group;
6fc6879b
JM		 458 if (wpa_auth == NULL)
459 return 0;
460
461 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
ad08c363
JM		 462 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
463 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
464 return -1;
465 }
466
e6965d4e
JM		 467 /*
468 * Reinitialize GTK to make sure it is suitable for the new
469 * configuration.
470 */
471 group = wpa_auth->group;
472 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
473 group->GInit = TRUE;
474 wpa_group_sm_step(wpa_auth, group);
475 group->GInit = FALSE;
476 wpa_group_sm_step(wpa_auth, group);
477
6fc6879b
JM		 478 return 0;
479}
480
481
482struct wpa_state_machine *
483wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
484{
485 struct wpa_state_machine *sm;
486
487 sm = os_zalloc(sizeof(struct wpa_state_machine));
488 if (sm == NULL)
489 return NULL;
490 os_memcpy(sm->addr, addr, ETH_ALEN);
491
492 sm->wpa_auth = wpa_auth;
493 sm->group = wpa_auth->group;
494
495 return sm;
496}
497
498
6f9b5d16
JM		 499int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
500 struct wpa_state_machine *sm)
6fc6879b
JM		 501{
502 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
6f9b5d16 503 return -1;
6fc6879b
JM		 504
505#ifdef CONFIG_IEEE80211R
506 if (sm->ft_completed) {
507 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
508 "FT authentication already completed - do not "
509 "start 4-way handshake");
6f9b5d16 510 return 0;
6fc6879b
JM		 511 }
512#endif /* CONFIG_IEEE80211R */
513
514 if (sm->started) {
22a299ee 515 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
6fc6879b 516 sm->ReAuthenticationRequest = TRUE;
6f9b5d16 517 return wpa_sm_step(sm);
6fc6879b
JM		 518 }
519
520 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
521 "start authentication");
522 sm->started = 1;
523
524 sm->Init = TRUE;
e4a6ea1d 525 if (wpa_sm_step(sm) == 1)
6f9b5d16 526 return 1; /* should not really happen */
6fc6879b
JM		 527 sm->Init = FALSE;
528 sm->AuthenticationRequest = TRUE;
6f9b5d16 529 return wpa_sm_step(sm);
6fc6879b
JM		 530}
531
532
a8d05fca
JM		 533void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
534{
535 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
536 * reassociates back to the same AP while the previous entry for the
537 * STA has not yet been removed. */
538 if (sm == NULL)
539 return;
540
541 sm->wpa_key_mgmt = 0;
542}
543
544
6fc6879b
JM		 545static void wpa_free_sta_sm(struct wpa_state_machine *sm)
546{
0f857f43
JM		 547#ifdef CONFIG_IEEE80211R
548 os_free(sm->assoc_resp_ftie);
549#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 550 os_free(sm->last_rx_eapol_key);
551 os_free(sm->wpa_ie);
552 os_free(sm);
553}
554
555
556void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
557{
558 if (sm == NULL)
559 return;
560
561 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
562 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
563 "strict rekeying - force GTK rekey since STA "
564 "is leaving");
565 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
566 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
567 NULL);
568 }
569
570 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
571 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
581a8cde 572 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 573 if (sm->in_step_loop) {
574 /* Must not free state machine while wpa_sm_step() is running.
575 * Freeing will be completed in the end of wpa_sm_step(). */
576 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
577 "machine deinit for " MACSTR, MAC2STR(sm->addr));
578 sm->pending_deinit = 1;
579 } else
580 wpa_free_sta_sm(sm);
581}
582
583
584static void wpa_request_new_ptk(struct wpa_state_machine *sm)
585{
586 if (sm == NULL)
587 return;
588
589 sm->PTKRequest = TRUE;
590 sm->PTK_valid = 0;
591}
592
593
22a299ee
JM		 594static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
595 const u8 *replay_counter)
596{
597 int i;
598 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
599 if (!sm->key_replay[i].valid)
600 break;
601 if (os_memcmp(replay_counter, sm->key_replay[i].counter,
602 WPA_REPLAY_COUNTER_LEN) == 0)
603 return 1;
604 }
605 return 0;
606}
607
608
0f857f43
JM		 609#ifdef CONFIG_IEEE80211R
610static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
611 struct wpa_state_machine *sm,
612 struct wpa_eapol_ie_parse *kde)
613{
614 struct wpa_ie_data ie;
615 struct rsn_mdie *mdie;
616
617 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
618 ie.num_pmkid != 1 || ie.pmkid == NULL) {
619 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
620 "FT 4-way handshake message 2/4");
621 return -1;
622 }
623
624 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
625 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
626 sm->sup_pmk_r1_name, PMKID_LEN);
627
628 if (!kde->mdie || !kde->ftie) {
629 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
630 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
631 return -1;
632 }
633
634 mdie = (struct rsn_mdie *) (kde->mdie + 2);
635 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
636 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
637 MOBILITY_DOMAIN_ID_LEN) != 0) {
638 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
639 return -1;
640 }
641
642 if (sm->assoc_resp_ftie &&
643 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
644 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
645 2 + sm->assoc_resp_ftie[1]) != 0)) {
646 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
647 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
648 kde->ftie, kde->ftie_len);
649 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
650 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
651 return -1;
652 }
653
654 return 0;
655}
656#endif /* CONFIG_IEEE80211R */
657
658
6fc6879b
JM		 659void wpa_receive(struct wpa_authenticator *wpa_auth,
660 struct wpa_state_machine *sm,
661 u8 *data, size_t data_len)
662{
663 struct ieee802_1x_hdr *hdr;
664 struct wpa_eapol_key *key;
665 u16 key_info, key_data_length;
666 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
667 SMK_M1, SMK_M3, SMK_ERROR } msg;
668 char *msgtxt;
669 struct wpa_eapol_ie_parse kde;
26e23750 670 int ft;
1566ec46
JM		 671 const u8 *eapol_key_ie;
672 size_t eapol_key_ie_len;
6fc6879b
JM		 673
674 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
675 return;
676
677 if (data_len < sizeof(*hdr) + sizeof(*key))
678 return;
679
680 hdr = (struct ieee802_1x_hdr *) data;
681 key = (struct wpa_eapol_key *) (hdr + 1);
682 key_info = WPA_GET_BE16(key->key_info);
683 key_data_length = WPA_GET_BE16(key->key_data_length);
684 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
685 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
686 "key_data overflow (%d > %lu)",
687 key_data_length,
688 (unsigned long) (data_len - sizeof(*hdr) -
689 sizeof(*key)));
690 return;
691 }
692
f8e96eb6
JM		 693 if (sm->wpa == WPA_VERSION_WPA2) {
694 if (key->type != EAPOL_KEY_TYPE_RSN) {
695 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
696 "unexpected type %d in RSN mode",
697 key->type);
698 return;
699 }
700 } else {
701 if (key->type != EAPOL_KEY_TYPE_WPA) {
702 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
703 "unexpected type %d in WPA mode",
704 key->type);
705 return;
706 }
707 }
708
6fc6879b
JM		 709 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
710 * are set */
711
712 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
713 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
714 if (key_info & WPA_KEY_INFO_ERROR) {
715 msg = SMK_ERROR;
716 msgtxt = "SMK Error";
717 } else {
718 msg = SMK_M1;
719 msgtxt = "SMK M1";
720 }
721 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
722 msg = SMK_M3;
723 msgtxt = "SMK M3";
724 } else if (key_info & WPA_KEY_INFO_REQUEST) {
725 msg = REQUEST;
726 msgtxt = "Request";
727 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
728 msg = GROUP_2;
729 msgtxt = "2/2 Group";
730 } else if (key_data_length == 0) {
731 msg = PAIRWISE_4;
732 msgtxt = "4/4 Pairwise";
733 } else {
734 msg = PAIRWISE_2;
735 msgtxt = "2/4 Pairwise";
736 }
737
738 /* TODO: key_info type validation for PeerKey */
739 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
740 msg == GROUP_2) {
741 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
742 if (sm->pairwise == WPA_CIPHER_CCMP) {
743 if (wpa_use_aes_cmac(sm) &&
744 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
745 wpa_auth_logger(wpa_auth, sm->addr,
746 LOGGER_WARNING,
747 "advertised support for "
748 "AES-128-CMAC, but did not "
749 "use it");
750 return;
751 }
752
753 if (!wpa_use_aes_cmac(sm) &&
754 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
755 wpa_auth_logger(wpa_auth, sm->addr,
756 LOGGER_WARNING,
757 "did not use HMAC-SHA1-AES "
758 "with CCMP");
759 return;
760 }
761 }
762 }
763
764 if (key_info & WPA_KEY_INFO_REQUEST) {
765 if (sm->req_replay_counter_used &&
766 os_memcmp(key->replay_counter, sm->req_replay_counter,
767 WPA_REPLAY_COUNTER_LEN) <= 0) {
768 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
769 "received EAPOL-Key request with "
770 "replayed counter");
771 return;
772 }
773 }
774
775 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
22a299ee
JM		 776 !wpa_replay_counter_valid(sm, key->replay_counter)) {
777 int i;
6fc6879b
JM		 778 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
779 "received EAPOL-Key %s with unexpected "
780 "replay counter", msgtxt);
22a299ee
JM		 781 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
782 if (!sm->key_replay[i].valid)
783 break;
784 wpa_hexdump(MSG_DEBUG, "pending replay counter",
785 sm->key_replay[i].counter,
786 WPA_REPLAY_COUNTER_LEN);
787 }
6fc6879b
JM		 788 wpa_hexdump(MSG_DEBUG, "received replay counter",
789 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
790 return;
791 }
792
793 switch (msg) {
794 case PAIRWISE_2:
795 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
796 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
797 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
798 "received EAPOL-Key msg 2/4 in "
799 "invalid state (%d) - dropped",
800 sm->wpa_ptk_state);
801 return;
802 }
1566ec46
JM		 803 if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
804 &kde) < 0) {
805 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
806 "received EAPOL-Key msg 2/4 with "
807 "invalid Key Data contents");
808 return;
809 }
810 if (kde.rsn_ie) {
811 eapol_key_ie = kde.rsn_ie;
812 eapol_key_ie_len = kde.rsn_ie_len;
813 } else {
814 eapol_key_ie = kde.wpa_ie;
815 eapol_key_ie_len = kde.wpa_ie_len;
816 }
26e23750
JM		 817 ft = sm->wpa == WPA_VERSION_WPA2 &&
818 wpa_key_mgmt_ft(sm->wpa_key_mgmt);
6fc6879b 819 if (sm->wpa_ie == NULL ||
26e23750
JM		 820 wpa_compare_rsn_ie(ft,
821 sm->wpa_ie, sm->wpa_ie_len,
1566ec46 822 eapol_key_ie, eapol_key_ie_len)) {
6fc6879b
JM		 823 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
824 "WPA IE from (Re)AssocReq did not "
825 "match with msg 2/4");
826 if (sm->wpa_ie) {
827 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
828 sm->wpa_ie, sm->wpa_ie_len);
829 }
830 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
1566ec46 831 eapol_key_ie, eapol_key_ie_len);
6fc6879b
JM		 832 /* MLME-DEAUTHENTICATE.request */
833 wpa_sta_disconnect(wpa_auth, sm->addr);
834 return;
835 }
26e23750 836#ifdef CONFIG_IEEE80211R
0f857f43
JM		 837 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
838 wpa_sta_disconnect(wpa_auth, sm->addr);
839 return;
26e23750
JM		 840 }
841#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 842 break;
843 case PAIRWISE_4:
844 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
845 !sm->PTK_valid) {
846 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
847 "received EAPOL-Key msg 4/4 in "
848 "invalid state (%d) - dropped",
849 sm->wpa_ptk_state);
850 return;
851 }
852 break;
853 case GROUP_2:
854 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
855 || !sm->PTK_valid) {
856 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
857 "received EAPOL-Key msg 2/2 in "
858 "invalid state (%d) - dropped",
859 sm->wpa_ptk_group_state);
860 return;
861 }
862 break;
863#ifdef CONFIG_PEERKEY
864 case SMK_M1:
865 case SMK_M3:
866 case SMK_ERROR:
867 if (!wpa_auth->conf.peerkey) {
868 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
869 "PeerKey use disabled - ignoring message");
870 return;
871 }
872 if (!sm->PTK_valid) {
873 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
874 "received EAPOL-Key msg SMK in "
875 "invalid state - dropped");
876 return;
877 }
878 break;
879#else /* CONFIG_PEERKEY */
880 case SMK_M1:
881 case SMK_M3:
882 case SMK_ERROR:
883 return; /* STSL disabled - ignore SMK messages */
884#endif /* CONFIG_PEERKEY */
885 case REQUEST:
886 break;
887 }
888
889 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
890 "received EAPOL-Key frame (%s)", msgtxt);
891
892 if (key_info & WPA_KEY_INFO_ACK) {
893 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
894 "received invalid EAPOL-Key: Key Ack set");
895 return;
896 }
897
898 if (!(key_info & WPA_KEY_INFO_MIC)) {
899 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
900 "received invalid EAPOL-Key: Key MIC not set");
901 return;
902 }
903
904 sm->MICVerified = FALSE;
905 if (sm->PTK_valid) {
906 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
907 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
908 "received EAPOL-Key with invalid MIC");
909 return;
910 }
911 sm->MICVerified = TRUE;
912 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
913 }
914
915 if (key_info & WPA_KEY_INFO_REQUEST) {
916 if (sm->MICVerified) {
917 sm->req_replay_counter_used = 1;
918 os_memcpy(sm->req_replay_counter, key->replay_counter,
919 WPA_REPLAY_COUNTER_LEN);
920 } else {
921 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
922 "received EAPOL-Key request with "
923 "invalid MIC");
924 return;
925 }
926
927 /*
928 * TODO: should decrypt key data field if encryption was used;
929 * even though MAC address KDE is not normally encrypted,
930 * supplicant is allowed to encrypt it.
931 */
932 if (msg == SMK_ERROR) {
933#ifdef CONFIG_PEERKEY
934 wpa_smk_error(wpa_auth, sm, key);
935#endif /* CONFIG_PEERKEY */
936 return;
937 } else if (key_info & WPA_KEY_INFO_ERROR) {
938 /* Supplicant reported a Michael MIC error */
939 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
940 "received EAPOL-Key Error Request "
941 "(STA detected Michael MIC failure)");
942 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
943 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
944 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
945 /* Error report is not a request for a new key
946 * handshake, but since Authenticator may do it, let's
947 * change the keys now anyway. */
948 wpa_request_new_ptk(sm);
949 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
950 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
951 "received EAPOL-Key Request for new "
952 "4-Way Handshake");
953 wpa_request_new_ptk(sm);
954#ifdef CONFIG_PEERKEY
955 } else if (msg == SMK_M1) {
956 wpa_smk_m1(wpa_auth, sm, key);
957#endif /* CONFIG_PEERKEY */
958 } else if (key_data_length > 0 &&
959 wpa_parse_kde_ies((const u8 *) (key + 1),
960 key_data_length, &kde) == 0 &&
961 kde.mac_addr) {
962 } else {
963 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
964 "received EAPOL-Key Request for GTK "
965 "rekeying");
966 /* FIX: why was this triggering PTK rekeying for the
967 * STA that requested Group Key rekeying?? */
968 /* wpa_request_new_ptk(sta->wpa_sm); */
969 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
970 wpa_rekey_gtk(wpa_auth, NULL);
971 }
972 } else {
22a299ee
JM		 973 /* Do not allow the same key replay counter to be reused. This
974 * does also invalidate all other pending replay counters if
975 * retransmissions were used, i.e., we will only process one of
976 * the pending replies and ignore rest if more than one is
977 * received. */
978 sm->key_replay[0].valid = FALSE;
6fc6879b
JM		 979 }
980
981#ifdef CONFIG_PEERKEY
982 if (msg == SMK_M3) {
983 wpa_smk_m3(wpa_auth, sm, key);
984 return;
985 }
986#endif /* CONFIG_PEERKEY */
987
988 os_free(sm->last_rx_eapol_key);
989 sm->last_rx_eapol_key = os_malloc(data_len);
990 if (sm->last_rx_eapol_key == NULL)
991 return;
992 os_memcpy(sm->last_rx_eapol_key, data, data_len);
993 sm->last_rx_eapol_key_len = data_len;
994
995 sm->EAPOLKeyReceived = TRUE;
996 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
997 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
998 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
999 wpa_sm_step(sm);
1000}
1001
1002
3c7302c2
JM		 1003static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1004 const u8 *gnonce, u8 *gtk, size_t gtk_len)
6fc6879b 1005{
5cb9d5c3
JM		 1006 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1007 u8 *pos;
3c7302c2 1008 int ret = 0;
6fc6879b 1009
5cb9d5c3
JM		 1010 /* GTK = PRF-X(GMK, "Group key expansion",
1011 * AA || GNonce || Time || random data)
1012 * The example described in the IEEE 802.11 standard uses only AA and
1013 * GNonce as inputs here. Add some more entropy since this derivation
1014 * is done only at the Authenticator and as such, does not need to be
1015 * exactly same.
1016 */
6fc6879b
JM		 1017 os_memcpy(data, addr, ETH_ALEN);
1018 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
5cb9d5c3
JM		 1019 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1020 wpa_get_ntp_timestamp(pos);
1021 pos += 8;
3c7302c2
JM		 1022 if (os_get_random(pos, 16) < 0)
1023 ret = -1;
6fc6879b 1024
56586197 1025#ifdef CONFIG_IEEE80211W
5cb9d5c3 1026 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
56586197 1027#else /* CONFIG_IEEE80211W */
3c7302c2
JM		 1028 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1029 < 0)
1030 ret = -1;
56586197 1031#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 1032
1033 return ret;
6fc6879b
JM		 1034}
1035
1036
1037static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1038{
1039 struct wpa_authenticator *wpa_auth = eloop_ctx;
1040 struct wpa_state_machine *sm = timeout_ctx;
1041
1042 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1043 sm->TimeoutEvt = TRUE;
1044 wpa_sm_step(sm);
1045}
1046
1047
1048void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1049 struct wpa_state_machine *sm, int key_info,
1050 const u8 *key_rsc, const u8 *nonce,
1051 const u8 *kde, size_t kde_len,
1052 int keyidx, int encr, int force_version)
1053{
1054 struct ieee802_1x_hdr *hdr;
1055 struct wpa_eapol_key *key;
1056 size_t len;
1057 int alg;
1058 int key_data_len, pad_len = 0;
1059 u8 *buf, *pos;
1060 int version, pairwise;
22a299ee 1061 int i;
6fc6879b
JM		 1062
1063 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
1064
1065 if (force_version)
1066 version = force_version;
1067 else if (wpa_use_aes_cmac(sm))
1068 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
1069 else if (sm->pairwise == WPA_CIPHER_CCMP)
1070 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1071 else
1072 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1073
1074 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1075
1076 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1077 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1078 "encr=%d)",
1079 version,
1080 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1081 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1082 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1083 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1084 pairwise, (unsigned long) kde_len, keyidx, encr);
1085
1086 key_data_len = kde_len;
1087
1088 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1089 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1090 pad_len = key_data_len % 8;
1091 if (pad_len)
1092 pad_len = 8 - pad_len;
1093 key_data_len += pad_len + 8;
1094 }
1095
1096 len += key_data_len;
1097
1098 hdr = os_zalloc(len);
1099 if (hdr == NULL)
1100 return;
1101 hdr->version = wpa_auth->conf.eapol_version;
1102 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1103 hdr->length = host_to_be16(len - sizeof(*hdr));
1104 key = (struct wpa_eapol_key *) (hdr + 1);
1105
1106 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1107 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1108 key_info |= version;
1109 if (encr && sm->wpa == WPA_VERSION_WPA2)
1110 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1111 if (sm->wpa != WPA_VERSION_WPA2)
1112 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1113 WPA_PUT_BE16(key->key_info, key_info);
1114
1115 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1116 switch (alg) {
1117 case WPA_CIPHER_CCMP:
1118 WPA_PUT_BE16(key->key_length, 16);
1119 break;
1120 case WPA_CIPHER_TKIP:
1121 WPA_PUT_BE16(key->key_length, 32);
1122 break;
1123 case WPA_CIPHER_WEP40:
1124 WPA_PUT_BE16(key->key_length, 5);
1125 break;
1126 case WPA_CIPHER_WEP104:
1127 WPA_PUT_BE16(key->key_length, 13);
1128 break;
1129 }
1130 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1131 WPA_PUT_BE16(key->key_length, 0);
1132
1133 /* FIX: STSL: what to use as key_replay_counter? */
22a299ee
JM		 1134 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1135 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1136 os_memcpy(sm->key_replay[i].counter,
1137 sm->key_replay[i - 1].counter,
1138 WPA_REPLAY_COUNTER_LEN);
1139 }
1140 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1141 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
6fc6879b 1142 WPA_REPLAY_COUNTER_LEN);
22a299ee 1143 sm->key_replay[0].valid = TRUE;
6fc6879b
JM		 1144
1145 if (nonce)
1146 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1147
1148 if (key_rsc)
1149 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1150
1151 if (kde && !encr) {
1152 os_memcpy(key + 1, kde, kde_len);
1153 WPA_PUT_BE16(key->key_data_length, kde_len);
1154 } else if (encr && kde) {
1155 buf = os_zalloc(key_data_len);
1156 if (buf == NULL) {
1157 os_free(hdr);
1158 return;
1159 }
1160 pos = buf;
1161 os_memcpy(pos, kde, kde_len);
1162 pos += kde_len;
1163
1164 if (pad_len)
1165 *pos++ = 0xdd;
1166
1167 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1168 buf, key_data_len);
1169 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1170 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1171 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
1172 (u8 *) (key + 1))) {
1173 os_free(hdr);
1174 os_free(buf);
1175 return;
1176 }
1177 WPA_PUT_BE16(key->key_data_length, key_data_len);
1178 } else {
1179 u8 ek[32];
1180 os_memcpy(key->key_iv,
1181 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1182 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1183 os_memcpy(ek, key->key_iv, 16);
1184 os_memcpy(ek + 16, sm->PTK.kek, 16);
1185 os_memcpy(key + 1, buf, key_data_len);
1186 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1187 WPA_PUT_BE16(key->key_data_length, key_data_len);
1188 }
1189 os_free(buf);
1190 }
1191
1192 if (key_info & WPA_KEY_INFO_MIC) {
1193 if (!sm->PTK_valid) {
1194 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1195 "PTK not valid when sending EAPOL-Key "
1196 "frame");
1197 os_free(hdr);
1198 return;
1199 }
1200 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1201 key->key_mic);
1202 }
1203
1204 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1205 1);
1206 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1207 sm->pairwise_set);
1208 os_free(hdr);
1209}
1210
1211
1212static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1213 struct wpa_state_machine *sm, int key_info,
1214 const u8 *key_rsc, const u8 *nonce,
1215 const u8 *kde, size_t kde_len,
1216 int keyidx, int encr)
1217{
1218 int timeout_ms;
1219 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
bae61562 1220 int ctr;
6fc6879b
JM		 1221
1222 if (sm == NULL)
1223 return;
1224
1225 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1226 keyidx, encr, 0);
1227
bae61562
JM		 1228 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1229 if (ctr == 1)
1230 timeout_ms = eapol_key_timeout_first;
1231 else
1232 timeout_ms = eapol_key_timeout_subseq;
6fc6879b
JM		 1233 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1234 wpa_send_eapol_timeout, wpa_auth, sm);
1235}
1236
1237
1238static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1239{
1240 struct ieee802_1x_hdr *hdr;
1241 struct wpa_eapol_key *key;
1242 u16 key_info;
1243 int ret = 0;
1244 u8 mic[16];
1245
1246 if (data_len < sizeof(*hdr) + sizeof(*key))
1247 return -1;
1248
1249 hdr = (struct ieee802_1x_hdr *) data;
1250 key = (struct wpa_eapol_key *) (hdr + 1);
1251 key_info = WPA_GET_BE16(key->key_info);
1252 os_memcpy(mic, key->key_mic, 16);
1253 os_memset(key->key_mic, 0, 16);
1254 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1255 data, data_len, key->key_mic) ||
1256 os_memcmp(mic, key->key_mic, 16) != 0)
1257 ret = -1;
1258 os_memcpy(key->key_mic, mic, 16);
1259 return ret;
1260}
1261
1262
1263void wpa_remove_ptk(struct wpa_state_machine *sm)
1264{
1265 sm->PTK_valid = FALSE;
1266 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
89d39d9d
JM		 1267 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, (u8 *) "",
1268 0);
6fc6879b 1269 sm->pairwise_set = FALSE;
581a8cde 1270 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 1271}
1272
1273
6f9b5d16 1274int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
6fc6879b 1275{
5d22a1d5
JM		 1276 int remove_ptk = 1;
1277
6fc6879b 1278 if (sm == NULL)
6f9b5d16 1279 return -1;
6fc6879b
JM		 1280
1281 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1282 "event %d notification", event);
1283
1284 switch (event) {
1285 case WPA_AUTH:
1286 case WPA_ASSOC:
1287 break;
1288 case WPA_DEAUTH:
1289 case WPA_DISASSOC:
1290 sm->DeauthenticationRequest = TRUE;
1291 break;
1292 case WPA_REAUTH:
1293 case WPA_REAUTH_EAPOL:
3ab72b62
JM		 1294 if (!sm->started) {
1295 /*
1296 * When using WPS, we may end up here if the STA
1297 * manages to re-associate without the previous STA
1298 * entry getting removed. Consequently, we need to make
1299 * sure that the WPA state machines gets initialized
1300 * properly at this point.
1301 */
1302 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1303 "started - initialize now");
1304 sm->started = 1;
1305 sm->Init = TRUE;
1306 if (wpa_sm_step(sm) == 1)
1307 return 1; /* should not really happen */
1308 sm->Init = FALSE;
1309 sm->AuthenticationRequest = TRUE;
1310 break;
1311 }
9663596f
JM		 1312 if (sm->GUpdateStationKeys) {
1313 /*
1314 * Reauthentication cancels the pending group key
1315 * update for this STA.
1316 */
1317 sm->group->GKeyDoneStations--;
1318 sm->GUpdateStationKeys = FALSE;
1319 sm->PtkGroupInit = TRUE;
1320 }
6fc6879b
JM		 1321 sm->ReAuthenticationRequest = TRUE;
1322 break;
1323 case WPA_ASSOC_FT:
1324#ifdef CONFIG_IEEE80211R
81a658d7
JM		 1325 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1326 "after association");
1327 wpa_ft_install_ptk(sm);
1328
6fc6879b
JM		 1329 /* Using FT protocol, not WPA auth state machine */
1330 sm->ft_completed = 1;
6f9b5d16 1331 return 0;
6fc6879b
JM		 1332#else /* CONFIG_IEEE80211R */
1333 break;
1334#endif /* CONFIG_IEEE80211R */
1335 }
1336
1337#ifdef CONFIG_IEEE80211R
1338 sm->ft_completed = 0;
1339#endif /* CONFIG_IEEE80211R */
1340
5d22a1d5
JM		 1341#ifdef CONFIG_IEEE80211W
1342 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1343 remove_ptk = 0;
1344#endif /* CONFIG_IEEE80211W */
6fc6879b 1345
5d22a1d5
JM		 1346 if (remove_ptk) {
1347 sm->PTK_valid = FALSE;
1348 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1349
1350 if (event != WPA_REAUTH_EAPOL)
1351 wpa_remove_ptk(sm);
1352 }
6fc6879b 1353
6f9b5d16 1354 return wpa_sm_step(sm);
6fc6879b
JM		 1355}
1356
1357
71934751 1358static enum wpa_alg wpa_alg_enum(int alg)
6fc6879b
JM		 1359{
1360 switch (alg) {
1361 case WPA_CIPHER_CCMP:
89d39d9d 1362 return WPA_ALG_CCMP;
6fc6879b 1363 case WPA_CIPHER_TKIP:
89d39d9d 1364 return WPA_ALG_TKIP;
6fc6879b
JM		 1365 case WPA_CIPHER_WEP104:
1366 case WPA_CIPHER_WEP40:
89d39d9d 1367 return WPA_ALG_WEP;
6fc6879b 1368 default:
89d39d9d 1369 return WPA_ALG_NONE;
6fc6879b
JM		 1370 }
1371}
1372
1373
1374SM_STATE(WPA_PTK, INITIALIZE)
1375{
1376 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1377 if (sm->Init) {
1378 /* Init flag is not cleared here, so avoid busy
1379 * loop by claiming nothing changed. */
1380 sm->changed = FALSE;
1381 }
1382
1383 sm->keycount = 0;
1384 if (sm->GUpdateStationKeys)
1385 sm->group->GKeyDoneStations--;
1386 sm->GUpdateStationKeys = FALSE;
1387 if (sm->wpa == WPA_VERSION_WPA)
1388 sm->PInitAKeys = FALSE;
1389 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1390 * Local AA > Remote AA)) */) {
1391 sm->Pair = TRUE;
1392 }
1393 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1394 wpa_remove_ptk(sm);
1395 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1396 sm->TimeoutCtr = 0;
56586197 1397 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1398 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1399 WPA_EAPOL_authorized, 0);
1400 }
1401}
1402
1403
1404SM_STATE(WPA_PTK, DISCONNECT)
1405{
1406 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1407 sm->Disconnect = FALSE;
1408 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1409}
1410
1411
1412SM_STATE(WPA_PTK, DISCONNECTED)
1413{
1414 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1415 sm->DeauthenticationRequest = FALSE;
1416}
1417
1418
1419SM_STATE(WPA_PTK, AUTHENTICATION)
1420{
1421 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1422 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1423 sm->PTK_valid = FALSE;
1424 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1425 1);
1426 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1427 sm->AuthenticationRequest = FALSE;
1428}
1429
1430
1431SM_STATE(WPA_PTK, AUTHENTICATION2)
1432{
1433 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1434 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
1435 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1436 sm->ReAuthenticationRequest = FALSE;
1437 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1438 * logical place than INITIALIZE since AUTHENTICATION2 can be
1439 * re-entered on ReAuthenticationRequest without going through
1440 * INITIALIZE. */
1441 sm->TimeoutCtr = 0;
1442}
1443
1444
1445SM_STATE(WPA_PTK, INITPMK)
1446{
1447 u8 msk[2 * PMK_LEN];
1448 size_t len = 2 * PMK_LEN;
1449
1450 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1451#ifdef CONFIG_IEEE80211R
1452 sm->xxkey_len = 0;
1453#endif /* CONFIG_IEEE80211R */
1454 if (sm->pmksa) {
1455 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1456 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1457 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1458 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1459 "(len=%lu)", (unsigned long) len);
1460 os_memcpy(sm->PMK, msk, PMK_LEN);
1461#ifdef CONFIG_IEEE80211R
1462 if (len >= 2 * PMK_LEN) {
1463 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1464 sm->xxkey_len = PMK_LEN;
1465 }
1466#endif /* CONFIG_IEEE80211R */
1467 } else {
1468 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1469 }
1470
1471 sm->req_replay_counter_used = 0;
1472 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1473 * will break reauthentication since EAPOL state machines may not be
1474 * get into AUTHENTICATING state that clears keyRun before WPA state
1475 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1476 * state and takes PMK from the previously used AAA Key. This will
1477 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1478 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1479 * be good workaround for this issue. */
1480 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1481}
1482
1483
1484SM_STATE(WPA_PTK, INITPSK)
1485{
1486 const u8 *psk;
1487 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1488 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
1489 if (psk) {
1490 os_memcpy(sm->PMK, psk, PMK_LEN);
1491#ifdef CONFIG_IEEE80211R
1492 os_memcpy(sm->xxkey, psk, PMK_LEN);
1493 sm->xxkey_len = PMK_LEN;
1494#endif /* CONFIG_IEEE80211R */
1495 }
1496 sm->req_replay_counter_used = 0;
1497}
1498
1499
1500SM_STATE(WPA_PTK, PTKSTART)
1501{
1502 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1503 size_t pmkid_len = 0;
1504
1505 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1506 sm->PTKRequest = FALSE;
1507 sm->TimeoutEvt = FALSE;
bae61562
JM		 1508
1509 sm->TimeoutCtr++;
1510 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1511 /* No point in sending the EAPOL-Key - we will disconnect
1512 * immediately following this. */
1513 return;
1514 }
1515
6fc6879b
JM		 1516 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1517 "sending 1/4 msg of 4-Way Handshake");
1518 /*
1519 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1520 * one possible PSK for this STA.
1521 */
1522 if (sm->wpa == WPA_VERSION_WPA2 &&
56586197 1523 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1524 pmkid = buf;
1525 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1526 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1527 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1528 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1529 if (sm->pmksa)
1530 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1531 sm->pmksa->pmkid, PMKID_LEN);
1532 else {
1533 /*
1534 * Calculate PMKID since no PMKSA cache entry was
1535 * available with pre-calculated PMKID.
1536 */
1537 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
56586197
JM		 1538 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1539 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1540 }
1541 }
1542 wpa_send_eapol(sm->wpa_auth, sm,
1543 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1544 sm->ANonce, pmkid, pmkid_len, 0, 0);
6fc6879b
JM		 1545}
1546
1547
1548static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1549 struct wpa_ptk *ptk)
1550{
c0a61908 1551 size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64;
6fc6879b 1552#ifdef CONFIG_IEEE80211R
56586197 1553 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
c0a61908 1554 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
6fc6879b
JM		 1555#endif /* CONFIG_IEEE80211R */
1556
1557 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1558 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
c0a61908 1559 (u8 *) ptk, ptk_len,
56586197 1560 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1561
1562 return 0;
1563}
1564
1565
1566SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1567{
1568 struct wpa_ptk PTK;
1569 int ok = 0;
1570 const u8 *pmk = NULL;
1571
1572 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1573 sm->EAPOLKeyReceived = FALSE;
1574
1575 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1576 * WPA-PSK: iterate through possible PSKs and select the one matching
1577 * the packet */
1578 for (;;) {
56586197 1579 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1580 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
1581 if (pmk == NULL)
1582 break;
1583 } else
1584 pmk = sm->PMK;
1585
1586 wpa_derive_ptk(sm, pmk, &PTK);
1587
1588 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1589 sm->last_rx_eapol_key_len) == 0) {
1590 ok = 1;
1591 break;
1592 }
1593
56586197 1594 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
6fc6879b
JM		 1595 break;
1596 }
1597
1598 if (!ok) {
1599 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1600 "invalid MIC in msg 2/4 of 4-Way Handshake");
1601 return;
1602 }
1603
26e23750
JM		 1604#ifdef CONFIG_IEEE80211R
1605 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1606 /*
1607 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
1608 * with the value we derived.
1609 */
1610 if (os_memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name,
1611 WPA_PMK_NAME_LEN) != 0) {
1612 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1613 "PMKR1Name mismatch in FT 4-way "
1614 "handshake");
1615 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
1616 "Supplicant",
1617 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
1618 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
1619 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1620 return;
1621 }
1622 }
1623#endif /* CONFIG_IEEE80211R */
1624
6fc6879b
JM		 1625 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1626
56586197 1627 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1628 /* PSK may have changed from the previous choice, so update
1629 * state machine data based on whatever PSK was selected here.
1630 */
1631 os_memcpy(sm->PMK, pmk, PMK_LEN);
1632 }
1633
1634 sm->MICVerified = TRUE;
1635
1636 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1637 sm->PTK_valid = TRUE;
1638}
1639
1640
1641SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1642{
1643 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1644 sm->TimeoutCtr = 0;
1645}
1646
1647
1648#ifdef CONFIG_IEEE80211W
1649
1650static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1651{
1652 if (sm->mgmt_frame_prot) {
1653 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
1654 }
1655
1656 return 0;
1657}
1658
1659
1660static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1661{
1662 struct wpa_igtk_kde igtk;
1663 struct wpa_group *gsm = sm->group;
1664
1665 if (!sm->mgmt_frame_prot)
1666 return pos;
1667
1668 igtk.keyid[0] = gsm->GN_igtk;
1669 igtk.keyid[1] = 0;
7b1080da
JM		 1670 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
1671 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
6fc6879b
JM		 1672 os_memset(igtk.pn, 0, sizeof(igtk.pn));
1673 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
1674 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1675 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
1676
1677 return pos;
1678}
1679
1680#else /* CONFIG_IEEE80211W */
1681
1682static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1683{
1684 return 0;
1685}
1686
1687
1688static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1689{
1690 return pos;
1691}
1692
1693#endif /* CONFIG_IEEE80211W */
1694
1695
1696SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1697{
1698 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
1699 size_t gtk_len, kde_len;
1700 struct wpa_group *gsm = sm->group;
1701 u8 *wpa_ie;
1702 int wpa_ie_len, secure, keyidx, encr = 0;
1703
1704 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1705 sm->TimeoutEvt = FALSE;
bae61562
JM		 1706
1707 sm->TimeoutCtr++;
1708 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1709 /* No point in sending the EAPOL-Key - we will disconnect
1710 * immediately following this. */
1711 return;
1712 }
1713
86dfabb8
JM		 1714 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
1715 GTK[GN], IGTK, [FTIE], [TIE * 2])
6fc6879b
JM		 1716 */
1717 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1718 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
86dfabb8 1719 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6fc6879b
JM		 1720 wpa_ie = sm->wpa_auth->wpa_ie;
1721 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
1722 if (sm->wpa == WPA_VERSION_WPA &&
1723 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
1724 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
1725 /* WPA-only STA, remove RSN IE */
1726 wpa_ie = wpa_ie + wpa_ie[1] + 2;
1727 wpa_ie_len = wpa_ie[1] + 2;
1728 }
1729 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1730 "sending 3/4 msg of 4-Way Handshake");
1731 if (sm->wpa == WPA_VERSION_WPA2) {
1732 /* WPA2 send GTK in the 4-way handshake */
1733 secure = 1;
1734 gtk = gsm->GTK[gsm->GN - 1];
1735 gtk_len = gsm->GTK_len;
1736 keyidx = gsm->GN;
1737 _rsc = rsc;
1738 encr = 1;
1739 } else {
1740 /* WPA does not include GTK in msg 3/4 */
1741 secure = 0;
1742 gtk = NULL;
1743 gtk_len = 0;
1744 keyidx = 0;
1745 _rsc = NULL;
1746 }
1747
1748 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
1749 if (gtk)
1750 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
26e23750 1751#ifdef CONFIG_IEEE80211R
86dfabb8
JM		 1752 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1753 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
1754 kde_len += 300; /* FTIE + 2 * TIE */
1755 }
26e23750 1756#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 1757 kde = os_malloc(kde_len);
1758 if (kde == NULL)
1759 return;
1760
1761 pos = kde;
1762 os_memcpy(pos, wpa_ie, wpa_ie_len);
1763 pos += wpa_ie_len;
26e23750
JM		 1764#ifdef CONFIG_IEEE80211R
1765 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1766 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
1767 if (res < 0) {
1768 wpa_printf(MSG_ERROR, "FT: Failed to insert "
1769 "PMKR1Name into RSN IE in EAPOL-Key data");
1770 os_free(kde);
1771 return;
1772 }
1773 pos += res;
1774 }
1775#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 1776 if (gtk) {
1777 u8 hdr[2];
1778 hdr[0] = keyidx & 0x03;
1779 hdr[1] = 0;
1780 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1781 gtk, gtk_len);
1782 }
1783 pos = ieee80211w_kde_add(sm, pos);
1784
86dfabb8
JM		 1785#ifdef CONFIG_IEEE80211R
1786 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1787 int res;
1788 struct wpa_auth_config *conf;
1789
1790 conf = &sm->wpa_auth->conf;
1791 res = wpa_write_ftie(conf, conf->r0_key_holder,
1792 conf->r0_key_holder_len,
1793 NULL, NULL, pos, kde + kde_len - pos,
1794 NULL, 0);
1795 if (res < 0) {
1796 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
1797 "into EAPOL-Key Key Data");
1798 os_free(kde);
1799 return;
1800 }
1801 pos += res;
1802
1803 /* TIE[ReassociationDeadline] (TU) */
1804 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
1805 *pos++ = 5;
1806 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
1807 WPA_PUT_LE32(pos, conf->reassociation_deadline);
1808 pos += 4;
1809
1810 /* TIE[KeyLifetime] (seconds) */
1811 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
1812 *pos++ = 5;
1813 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
1814 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
1815 pos += 4;
1816 }
1817#endif /* CONFIG_IEEE80211R */
1818
6fc6879b
JM		 1819 wpa_send_eapol(sm->wpa_auth, sm,
1820 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
1821 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
1822 WPA_KEY_INFO_KEY_TYPE,
1823 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
1824 os_free(kde);
6fc6879b
JM		 1825}
1826
1827
1828SM_STATE(WPA_PTK, PTKINITDONE)
1829{
1830 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
1831 sm->EAPOLKeyReceived = FALSE;
1832 if (sm->Pair) {
71934751 1833 enum wpa_alg alg;
6fc6879b
JM		 1834 int klen;
1835 if (sm->pairwise == WPA_CIPHER_TKIP) {
89d39d9d 1836 alg = WPA_ALG_TKIP;
6fc6879b
JM		 1837 klen = 32;
1838 } else {
89d39d9d 1839 alg = WPA_ALG_CCMP;
6fc6879b
JM		 1840 klen = 16;
1841 }
1842 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
1843 sm->PTK.tk1, klen)) {
1844 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1845 return;
1846 }
1847 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1848 sm->pairwise_set = TRUE;
1849
581a8cde
JM		 1850 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
1851 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1852 eloop_register_timeout(sm->wpa_auth->conf.
1853 wpa_ptk_rekey, 0, wpa_rekey_ptk,
1854 sm->wpa_auth, sm);
1855 }
1856
56586197 1857 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1858 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1859 WPA_EAPOL_authorized, 1);
1860 }
1861 }
1862
1863 if (0 /* IBSS == TRUE */) {
1864 sm->keycount++;
1865 if (sm->keycount == 2) {
1866 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1867 WPA_EAPOL_portValid, 1);
1868 }
1869 } else {
1870 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
1871 1);
1872 }
1873 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
1874 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
1875 if (sm->wpa == WPA_VERSION_WPA)
1876 sm->PInitAKeys = TRUE;
1877 else
1878 sm->has_GTK = TRUE;
1879 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1880 "pairwise key handshake completed (%s)",
1881 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1882
1883#ifdef CONFIG_IEEE80211R
1884 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
1885#endif /* CONFIG_IEEE80211R */
1886}
1887
1888
1889SM_STEP(WPA_PTK)
1890{
1891 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
1892
1893 if (sm->Init)
1894 SM_ENTER(WPA_PTK, INITIALIZE);
1895 else if (sm->Disconnect
1896 /* || FIX: dot11RSNAConfigSALifetime timeout */)
1897 SM_ENTER(WPA_PTK, DISCONNECT);
1898 else if (sm->DeauthenticationRequest)
1899 SM_ENTER(WPA_PTK, DISCONNECTED);
1900 else if (sm->AuthenticationRequest)
1901 SM_ENTER(WPA_PTK, AUTHENTICATION);
1902 else if (sm->ReAuthenticationRequest)
1903 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1904 else if (sm->PTKRequest)
1905 SM_ENTER(WPA_PTK, PTKSTART);
1906 else switch (sm->wpa_ptk_state) {
1907 case WPA_PTK_INITIALIZE:
1908 break;
1909 case WPA_PTK_DISCONNECT:
1910 SM_ENTER(WPA_PTK, DISCONNECTED);
1911 break;
1912 case WPA_PTK_DISCONNECTED:
1913 SM_ENTER(WPA_PTK, INITIALIZE);
1914 break;
1915 case WPA_PTK_AUTHENTICATION:
1916 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1917 break;
1918 case WPA_PTK_AUTHENTICATION2:
56586197 1919 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6fc6879b
JM		 1920 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1921 WPA_EAPOL_keyRun) > 0)
1922 SM_ENTER(WPA_PTK, INITPMK);
56586197 1923 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
6fc6879b
JM		 1924 /* FIX: && 802.1X::keyRun */)
1925 SM_ENTER(WPA_PTK, INITPSK);
1926 break;
1927 case WPA_PTK_INITPMK:
1928 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1929 WPA_EAPOL_keyAvailable) > 0)
1930 SM_ENTER(WPA_PTK, PTKSTART);
1931 else {
1932 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1933 SM_ENTER(WPA_PTK, DISCONNECT);
1934 }
1935 break;
1936 case WPA_PTK_INITPSK:
1937 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
1938 SM_ENTER(WPA_PTK, PTKSTART);
1939 else {
1940 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1941 "no PSK configured for the STA");
1942 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1943 SM_ENTER(WPA_PTK, DISCONNECT);
1944 }
1945 break;
1946 case WPA_PTK_PTKSTART:
1947 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1948 sm->EAPOLKeyPairwise)
1949 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1950 else if (sm->TimeoutCtr >
1951 (int) dot11RSNAConfigPairwiseUpdateCount) {
1952 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1953 SM_ENTER(WPA_PTK, DISCONNECT);
1954 } else if (sm->TimeoutEvt)
1955 SM_ENTER(WPA_PTK, PTKSTART);
1956 break;
1957 case WPA_PTK_PTKCALCNEGOTIATING:
1958 if (sm->MICVerified)
1959 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
1960 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1961 sm->EAPOLKeyPairwise)
1962 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1963 else if (sm->TimeoutEvt)
1964 SM_ENTER(WPA_PTK, PTKSTART);
1965 break;
1966 case WPA_PTK_PTKCALCNEGOTIATING2:
1967 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1968 break;
1969 case WPA_PTK_PTKINITNEGOTIATING:
1970 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1971 sm->EAPOLKeyPairwise && sm->MICVerified)
1972 SM_ENTER(WPA_PTK, PTKINITDONE);
1973 else if (sm->TimeoutCtr >
1974 (int) dot11RSNAConfigPairwiseUpdateCount) {
1975 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1976 SM_ENTER(WPA_PTK, DISCONNECT);
1977 } else if (sm->TimeoutEvt)
1978 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1979 break;
1980 case WPA_PTK_PTKINITDONE:
1981 break;
1982 }
1983}
1984
1985
1986SM_STATE(WPA_PTK_GROUP, IDLE)
1987{
1988 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
1989 if (sm->Init) {
1990 /* Init flag is not cleared here, so avoid busy
1991 * loop by claiming nothing changed. */
1992 sm->changed = FALSE;
1993 }
1994 sm->GTimeoutCtr = 0;
1995}
1996
1997
1998SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
1999{
2000 u8 rsc[WPA_KEY_RSC_LEN];
2001 struct wpa_group *gsm = sm->group;
2002 u8 *kde, *pos, hdr[2];
2003 size_t kde_len;
2004
2005 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
bae61562
JM		 2006
2007 sm->GTimeoutCtr++;
2008 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2009 /* No point in sending the EAPOL-Key - we will disconnect
2010 * immediately following this. */
2011 return;
2012 }
2013
6fc6879b
JM		 2014 if (sm->wpa == WPA_VERSION_WPA)
2015 sm->PInitAKeys = FALSE;
2016 sm->TimeoutEvt = FALSE;
2017 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2018 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2019 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2020 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2021 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2022 "sending 1/2 msg of Group Key Handshake");
2023
2024 if (sm->wpa == WPA_VERSION_WPA2) {
2025 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2026 ieee80211w_kde_len(sm);
2027 kde = os_malloc(kde_len);
2028 if (kde == NULL)
2029 return;
2030
2031 pos = kde;
2032 hdr[0] = gsm->GN & 0x03;
2033 hdr[1] = 0;
2034 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2035 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2036 pos = ieee80211w_kde_add(sm, pos);
2037 } else {
2038 kde = gsm->GTK[gsm->GN - 1];
2039 pos = kde + gsm->GTK_len;
2040 }
2041
2042 wpa_send_eapol(sm->wpa_auth, sm,
2043 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
2044 WPA_KEY_INFO_ACK |
2045 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
2046 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
2047 if (sm->wpa == WPA_VERSION_WPA2)
2048 os_free(kde);
6fc6879b
JM		 2049}
2050
2051
2052SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2053{
2054 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2055 sm->EAPOLKeyReceived = FALSE;
2056 if (sm->GUpdateStationKeys)
2057 sm->group->GKeyDoneStations--;
2058 sm->GUpdateStationKeys = FALSE;
2059 sm->GTimeoutCtr = 0;
2060 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2061 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2062 "group key handshake completed (%s)",
2063 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2064 sm->has_GTK = TRUE;
2065}
2066
2067
2068SM_STATE(WPA_PTK_GROUP, KEYERROR)
2069{
2070 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2071 if (sm->GUpdateStationKeys)
2072 sm->group->GKeyDoneStations--;
2073 sm->GUpdateStationKeys = FALSE;
2074 sm->Disconnect = TRUE;
2075}
2076
2077
2078SM_STEP(WPA_PTK_GROUP)
2079{
9663596f 2080 if (sm->Init || sm->PtkGroupInit) {
6fc6879b 2081 SM_ENTER(WPA_PTK_GROUP, IDLE);
9663596f
JM		 2082 sm->PtkGroupInit = FALSE;
2083 } else switch (sm->wpa_ptk_group_state) {
6fc6879b
JM		 2084 case WPA_PTK_GROUP_IDLE:
2085 if (sm->GUpdateStationKeys ||
2086 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2087 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2088 break;
2089 case WPA_PTK_GROUP_REKEYNEGOTIATING:
2090 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2091 !sm->EAPOLKeyPairwise && sm->MICVerified)
2092 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2093 else if (sm->GTimeoutCtr >
2094 (int) dot11RSNAConfigGroupUpdateCount)
2095 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2096 else if (sm->TimeoutEvt)
2097 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2098 break;
2099 case WPA_PTK_GROUP_KEYERROR:
2100 SM_ENTER(WPA_PTK_GROUP, IDLE);
2101 break;
2102 case WPA_PTK_GROUP_REKEYESTABLISHED:
2103 SM_ENTER(WPA_PTK_GROUP, IDLE);
2104 break;
2105 }
2106}
2107
2108
2109static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2110 struct wpa_group *group)
2111{
2112 int ret = 0;
2113
6fc6879b
JM		 2114 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2115 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2116 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2117 wpa_auth->addr, group->GNonce,
2118 group->GTK[group->GN - 1], group->GTK_len) < 0)
2119 ret = -1;
5cb9d5c3
JM		 2120 wpa_hexdump_key(MSG_DEBUG, "GTK",
2121 group->GTK[group->GN - 1], group->GTK_len);
6fc6879b
JM		 2122
2123#ifdef CONFIG_IEEE80211W
70f8cc8e 2124 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
5cb9d5c3
JM		 2125 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2126 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2127 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2128 wpa_auth->addr, group->GNonce,
2129 group->IGTK[group->GN_igtk - 4],
2130 WPA_IGTK_LEN) < 0)
2131 ret = -1;
6fc6879b
JM		 2132 wpa_hexdump_key(MSG_DEBUG, "IGTK",
2133 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
2134 }
2135#endif /* CONFIG_IEEE80211W */
2136
2137 return ret;
2138}
2139
2140
2141static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2142 struct wpa_group *group)
2143{
2144 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2145 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2146 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2147 group->wpa_group_state = WPA_GROUP_GTK_INIT;
2148
2149 /* GTK[0..N] = 0 */
2150 os_memset(group->GTK, 0, sizeof(group->GTK));
2151 group->GN = 1;
2152 group->GM = 2;
2153#ifdef CONFIG_IEEE80211W
2154 group->GN_igtk = 4;
2155 group->GM_igtk = 5;
2156#endif /* CONFIG_IEEE80211W */
2157 /* GTK[GN] = CalcGTK() */
2158 wpa_gtk_update(wpa_auth, group);
2159}
2160
2161
2162static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2163{
2164 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2165 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2166 "Not in PTKINITDONE; skip Group Key update");
2167 return 0;
2168 }
9663596f
JM		 2169 if (sm->GUpdateStationKeys) {
2170 /*
2171 * This should not really happen, but just in case, make sure
2172 * we do not count the same STA twice in GKeyDoneStations.
2173 */
2174 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2175 "GUpdateStationKeys already set - do not "
2176 "increment GKeyDoneStations");
2177 } else {
2178 sm->group->GKeyDoneStations++;
2179 sm->GUpdateStationKeys = TRUE;
2180 }
6fc6879b
JM		 2181 wpa_sm_step(sm);
2182 return 0;
2183}
2184
2185
2186static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2187 struct wpa_group *group)
2188{
2189 int tmp;
2190
2191 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2192 "SETKEYS (VLAN-ID %d)", group->vlan_id);
2193 group->changed = TRUE;
2194 group->wpa_group_state = WPA_GROUP_SETKEYS;
2195 group->GTKReKey = FALSE;
2196 tmp = group->GM;
2197 group->GM = group->GN;
2198 group->GN = tmp;
2199#ifdef CONFIG_IEEE80211W
2200 tmp = group->GM_igtk;
2201 group->GM_igtk = group->GN_igtk;
2202 group->GN_igtk = tmp;
2203#endif /* CONFIG_IEEE80211W */
2204 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2205 * counting the STAs that are marked with GUpdateStationKeys instead of
2206 * including all STAs that could be in not-yet-completed state. */
2207 wpa_gtk_update(wpa_auth, group);
2208
2209 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
2210 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2211 group->GKeyDoneStations);
2212}
2213
2214
3c7302c2
JM		 2215static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2216 struct wpa_group *group)
6fc6879b 2217{
3c7302c2
JM		 2218 int ret = 0;
2219
6fc6879b
JM		 2220 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2221 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2222 group->changed = TRUE;
2223 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
3c7302c2
JM		 2224 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
2225 wpa_alg_enum(wpa_auth->conf.wpa_group),
2226 NULL, group->GN, group->GTK[group->GN - 1],
2227 group->GTK_len) < 0)
2228 ret = -1;
6fc6879b
JM		 2229
2230#ifdef CONFIG_IEEE80211W
3c7302c2
JM		 2231 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION &&
2232 wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
2233 NULL, group->GN_igtk,
2234 group->IGTK[group->GN_igtk - 4],
2235 WPA_IGTK_LEN) < 0)
2236 ret = -1;
6fc6879b 2237#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 2238
2239 return ret;
6fc6879b
JM		 2240}
2241
2242
2243static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2244 struct wpa_group *group)
2245{
2246 if (group->GInit) {
2247 wpa_group_gtk_init(wpa_auth, group);
2248 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2249 group->GTKAuthenticator) {
2250 wpa_group_setkeysdone(wpa_auth, group);
2251 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2252 group->GTKReKey) {
2253 wpa_group_setkeys(wpa_auth, group);
2254 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2255 if (group->GKeyDoneStations == 0)
2256 wpa_group_setkeysdone(wpa_auth, group);
2257 else if (group->GTKReKey)
2258 wpa_group_setkeys(wpa_auth, group);
2259 }
2260}
2261
2262
e4a6ea1d 2263static int wpa_sm_step(struct wpa_state_machine *sm)
6fc6879b
JM		 2264{
2265 if (sm == NULL)
e4a6ea1d 2266 return 0;
6fc6879b
JM		 2267
2268 if (sm->in_step_loop) {
2269 /* This should not happen, but if it does, make sure we do not
2270 * end up freeing the state machine too early by exiting the
2271 * recursive call. */
2272 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
e4a6ea1d 2273 return 0;
6fc6879b
JM		 2274 }
2275
2276 sm->in_step_loop = 1;
2277 do {
2278 if (sm->pending_deinit)
2279 break;
2280
2281 sm->changed = FALSE;
2282 sm->wpa_auth->group->changed = FALSE;
2283
2284 SM_STEP_RUN(WPA_PTK);
2285 if (sm->pending_deinit)
2286 break;
2287 SM_STEP_RUN(WPA_PTK_GROUP);
2288 if (sm->pending_deinit)
2289 break;
2290 wpa_group_sm_step(sm->wpa_auth, sm->group);
2291 } while (sm->changed || sm->wpa_auth->group->changed);
2292 sm->in_step_loop = 0;
2293
2294 if (sm->pending_deinit) {
2295 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2296 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2297 wpa_free_sta_sm(sm);
e4a6ea1d 2298 return 1;
6fc6879b 2299 }
e4a6ea1d 2300 return 0;
6fc6879b
JM		 2301}
2302
2303
2304static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2305{
2306 struct wpa_state_machine *sm = eloop_ctx;
2307 wpa_sm_step(sm);
2308}
2309
2310
2311void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2312{
2313 if (sm == NULL)
2314 return;
2315 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2316}
2317
2318
2319void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2320{
2321 int tmp, i;
2322 struct wpa_group *group;
2323
2324 if (wpa_auth == NULL)
2325 return;
2326
2327 group = wpa_auth->group;
2328
2329 for (i = 0; i < 2; i++) {
2330 tmp = group->GM;
2331 group->GM = group->GN;
2332 group->GN = tmp;
2333#ifdef CONFIG_IEEE80211W
2334 tmp = group->GM_igtk;
2335 group->GM_igtk = group->GN_igtk;
2336 group->GN_igtk = tmp;
2337#endif /* CONFIG_IEEE80211W */
2338 wpa_gtk_update(wpa_auth, group);
2339 }
2340}
2341
2342
2343static const char * wpa_bool_txt(int bool)
2344{
2345 return bool ? "TRUE" : "FALSE";
2346}
2347
2348
2349static int wpa_cipher_bits(int cipher)
2350{
2351 switch (cipher) {
2352 case WPA_CIPHER_CCMP:
2353 return 128;
2354 case WPA_CIPHER_TKIP:
2355 return 256;
2356 case WPA_CIPHER_WEP104:
2357 return 104;
2358 case WPA_CIPHER_WEP40:
2359 return 40;
2360 default:
2361 return 0;
2362 }
2363}
2364
2365
2366#define RSN_SUITE "%02x-%02x-%02x-%d"
2367#define RSN_SUITE_ARG(s) \
2368((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2369
2370int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2371{
2372 int len = 0, ret;
2373 char pmkid_txt[PMKID_LEN * 2 + 1];
2374
2375 if (wpa_auth == NULL)
2376 return len;
2377
2378 ret = os_snprintf(buf + len, buflen - len,
2379 "dot11RSNAOptionImplemented=TRUE\n"
2380#ifdef CONFIG_RSN_PREAUTH
2381 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2382#else /* CONFIG_RSN_PREAUTH */
2383 "dot11RSNAPreauthenticationImplemented=FALSE\n"
2384#endif /* CONFIG_RSN_PREAUTH */
2385 "dot11RSNAEnabled=%s\n"
2386 "dot11RSNAPreauthenticationEnabled=%s\n",
2387 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2388 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2389 if (ret < 0 || (size_t) ret >= buflen - len)
2390 return len;
2391 len += ret;
2392
2393 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2394 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2395
2396 ret = os_snprintf(
2397 buf + len, buflen - len,
2398 "dot11RSNAConfigVersion=%u\n"
2399 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2400 /* FIX: dot11RSNAConfigGroupCipher */
2401 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2402 /* FIX: dot11RSNAConfigGroupRekeyTime */
2403 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2404 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2405 "dot11RSNAConfigGroupUpdateCount=%u\n"
2406 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2407 "dot11RSNAConfigGroupCipherSize=%u\n"
2408 "dot11RSNAConfigPMKLifetime=%u\n"
2409 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2410 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2411 "dot11RSNAConfigSATimeout=%u\n"
2412 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2413 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2414 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2415 "dot11RSNAPMKIDUsed=%s\n"
2416 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2417 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2418 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2419 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2420 "dot11RSNA4WayHandshakeFailures=%u\n"
2421 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2422 RSN_VERSION,
2423 !!wpa_auth->conf.wpa_strict_rekey,
2424 dot11RSNAConfigGroupUpdateCount,
2425 dot11RSNAConfigPairwiseUpdateCount,
2426 wpa_cipher_bits(wpa_auth->conf.wpa_group),
2427 dot11RSNAConfigPMKLifetime,
2428 dot11RSNAConfigPMKReauthThreshold,
2429 dot11RSNAConfigSATimeout,
2430 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2431 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2432 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2433 pmkid_txt,
2434 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2435 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2436 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2437 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2438 wpa_auth->dot11RSNA4WayHandshakeFailures);
2439 if (ret < 0 || (size_t) ret >= buflen - len)
2440 return len;
2441 len += ret;
2442
2443 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2444 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2445
2446 /* Private MIB */
2447 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2448 wpa_auth->group->wpa_group_state);
2449 if (ret < 0 || (size_t) ret >= buflen - len)
2450 return len;
2451 len += ret;
2452
2453 return len;
2454}
2455
2456
2457int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2458{
2459 int len = 0, ret;
2460 u32 pairwise = 0;
2461
2462 if (sm == NULL)
2463 return 0;
2464
2465 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2466
2467 /* dot11RSNAStatsEntry */
2468
2469 if (sm->wpa == WPA_VERSION_WPA) {
2470 if (sm->pairwise == WPA_CIPHER_CCMP)
2471 pairwise = WPA_CIPHER_SUITE_CCMP;
2472 else if (sm->pairwise == WPA_CIPHER_TKIP)
2473 pairwise = WPA_CIPHER_SUITE_TKIP;
2474 else if (sm->pairwise == WPA_CIPHER_WEP104)
2475 pairwise = WPA_CIPHER_SUITE_WEP104;
2476 else if (sm->pairwise == WPA_CIPHER_WEP40)
2477 pairwise = WPA_CIPHER_SUITE_WEP40;
2478 else if (sm->pairwise == WPA_CIPHER_NONE)
2479 pairwise = WPA_CIPHER_SUITE_NONE;
2480 } else if (sm->wpa == WPA_VERSION_WPA2) {
2481 if (sm->pairwise == WPA_CIPHER_CCMP)
2482 pairwise = RSN_CIPHER_SUITE_CCMP;
2483 else if (sm->pairwise == WPA_CIPHER_TKIP)
2484 pairwise = RSN_CIPHER_SUITE_TKIP;
2485 else if (sm->pairwise == WPA_CIPHER_WEP104)
2486 pairwise = RSN_CIPHER_SUITE_WEP104;
2487 else if (sm->pairwise == WPA_CIPHER_WEP40)
2488 pairwise = RSN_CIPHER_SUITE_WEP40;
2489 else if (sm->pairwise == WPA_CIPHER_NONE)
2490 pairwise = RSN_CIPHER_SUITE_NONE;
2491 } else
2492 return 0;
2493
2494 ret = os_snprintf(
2495 buf + len, buflen - len,
2496 /* TODO: dot11RSNAStatsIndex */
2497 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2498 "dot11RSNAStatsVersion=1\n"
2499 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2500 /* TODO: dot11RSNAStatsTKIPICVErrors */
2501 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2502 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
2503 /* TODO: dot11RSNAStatsCCMPReplays */
2504 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2505 /* TODO: dot11RSNAStatsTKIPReplays */,
2506 MAC2STR(sm->addr),
2507 RSN_SUITE_ARG(pairwise),
2508 sm->dot11RSNAStatsTKIPLocalMICFailures,
2509 sm->dot11RSNAStatsTKIPRemoteMICFailures);
2510 if (ret < 0 || (size_t) ret >= buflen - len)
2511 return len;
2512 len += ret;
2513
2514 /* Private MIB */
2515 ret = os_snprintf(buf + len, buflen - len,
2516 "hostapdWPAPTKState=%d\n"
2517 "hostapdWPAPTKGroupState=%d\n",
2518 sm->wpa_ptk_state,
2519 sm->wpa_ptk_group_state);
2520 if (ret < 0 || (size_t) ret >= buflen - len)
2521 return len;
2522 len += ret;
2523
2524 return len;
2525}
2526
2527
2528void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2529{
2530 if (wpa_auth)
2531 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2532}
2533
2534
2535int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2536{
2537 return sm && sm->pairwise_set;
2538}
2539
2540
ff36ff00
JM		 2541int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
2542{
2543 return sm->pairwise;
2544}
2545
2546
6fc6879b
JM		 2547int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2548{
2549 if (sm == NULL)
2550 return -1;
2551 return sm->wpa_key_mgmt;
2552}
2553
2554
2555int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
2556{
2557 if (sm == NULL)
2558 return 0;
2559 return sm->wpa;
2560}
2561
2562
2563int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
2564 struct rsn_pmksa_cache_entry *entry)
2565{
2566 if (sm == NULL || sm->pmksa != entry)
2567 return -1;
2568 sm->pmksa = NULL;
2569 return 0;
2570}
2571
2572
2573struct rsn_pmksa_cache_entry *
2574wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
2575{
2576 return sm ? sm->pmksa : NULL;
2577}
2578
2579
2580void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
2581{
2582 if (sm)
2583 sm->dot11RSNAStatsTKIPLocalMICFailures++;
2584}
2585
2586
2587const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
2588{
2589 if (wpa_auth == NULL)
2590 return NULL;
2591 *len = wpa_auth->wpa_ie_len;
2592 return wpa_auth->wpa_ie;
2593}
2594
2595
2596int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
2597 int session_timeout, struct eapol_state_machine *eapol)
2598{
2599 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
2600 return -1;
2601
4bb081f1
JM		 2602 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
2603 sm->wpa_auth->addr, sm->addr, session_timeout,
2604 eapol, sm->wpa_key_mgmt))
6fc6879b
JM		 2605 return 0;
2606
2607 return -1;
2608}
2609
2610
2611int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
2612 const u8 *pmk, size_t len, const u8 *sta_addr,
2613 int session_timeout,
2614 struct eapol_state_machine *eapol)
2615{
2616 if (wpa_auth == NULL)
2617 return -1;
2618
4bb081f1
JM		 2619 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
2620 sta_addr, session_timeout, eapol,
2621 WPA_KEY_MGMT_IEEE8021X))
6fc6879b
JM		 2622 return 0;
2623
2624 return -1;
2625}
2626
2627
2628static struct wpa_group *
2629wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
2630{
2631 struct wpa_group *group;
2632
2633 if (wpa_auth == NULL || wpa_auth->group == NULL)
2634 return NULL;
2635
2636 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
2637 vlan_id);
2638 group = wpa_group_init(wpa_auth, vlan_id);
2639 if (group == NULL)
2640 return NULL;
2641
2642 group->next = wpa_auth->group->next;
2643 wpa_auth->group->next = group;
2644
2645 return group;
2646}
2647
2648
2649int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
2650{
2651 struct wpa_group *group;
2652
2653 if (sm == NULL || sm->wpa_auth == NULL)
2654 return 0;
2655
2656 group = sm->wpa_auth->group;
2657 while (group) {
2658 if (group->vlan_id == vlan_id)
2659 break;
2660 group = group->next;
2661 }
2662
2663 if (group == NULL) {
2664 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
2665 if (group == NULL)
2666 return -1;
2667 }
2668
2669 if (sm->group == group)
2670 return 0;
2671
2672 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
2673 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
2674
2675 sm->group = group;
2676 return 0;
2677}
Unnamed repository; edit this file 'description' to name the repository.