]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
WPS: Send the credential when learning AP params in registrar role
[thirdparty/hostap.git] / src / ap / wpa_auth.c
CommitLineData
6fc6879b
JM		 1/*
2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
e6965d4e 3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
6fc6879b
JM		 4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
6226e38d 15#include "utils/includes.h"
6fc6879b 16
6226e38d
JM		 17#include "utils/common.h"
18#include "utils/eloop.h"
19#include "utils/state_machine.h"
81f4f619 20#include "common/ieee802_11_defs.h"
03da66bd
JM		 21#include "crypto/aes_wrap.h"
22#include "crypto/crypto.h"
23#include "crypto/sha1.h"
24#include "crypto/sha256.h"
3642c431 25#include "crypto/random.h"
281c950b 26#include "eapol_auth/eapol_auth_sm.h"
6226e38d 27#include "ap_config.h"
6fc6879b 28#include "ieee802_11.h"
6226e38d
JM		 29#include "wpa_auth.h"
30#include "pmksa_cache_auth.h"
6fc6879b
JM		 31#include "wpa_auth_i.h"
32#include "wpa_auth_ie.h"
33
34#define STATE_MACHINE_DATA struct wpa_state_machine
35#define STATE_MACHINE_DEBUG_PREFIX "WPA"
36#define STATE_MACHINE_ADDR sm->addr
37
38
39static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
e4a6ea1d 40static int wpa_sm_step(struct wpa_state_machine *sm);
6fc6879b
JM		 41static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
42static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
43static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
44 struct wpa_group *group);
581a8cde 45static void wpa_request_new_ptk(struct wpa_state_machine *sm);
e6965d4e
JM		 46static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
47 struct wpa_group *group);
1bdb7ab3
JM		 48static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
49 struct wpa_group *group);
6fc6879b 50
bae61562
JM		 51static const u32 dot11RSNAConfigGroupUpdateCount = 4;
52static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
53static const u32 eapol_key_timeout_first = 100; /* ms */
54static const u32 eapol_key_timeout_subseq = 1000; /* ms */
6fc6879b
JM		 55
56/* TODO: make these configurable */
57static const int dot11RSNAConfigPMKLifetime = 43200;
58static const int dot11RSNAConfigPMKReauthThreshold = 70;
59static const int dot11RSNAConfigSATimeout = 60;
60
61
62static inline void wpa_auth_mic_failure_report(
63 struct wpa_authenticator *wpa_auth, const u8 *addr)
64{
65 if (wpa_auth->cb.mic_failure_report)
66 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
67}
68
69
70static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
71 const u8 *addr, wpa_eapol_variable var,
72 int value)
73{
74 if (wpa_auth->cb.set_eapol)
75 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
76}
77
78
79static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
80 const u8 *addr, wpa_eapol_variable var)
81{
82 if (wpa_auth->cb.get_eapol == NULL)
83 return -1;
84 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
85}
86
87
88static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
89 const u8 *addr, const u8 *prev_psk)
90{
91 if (wpa_auth->cb.get_psk == NULL)
92 return NULL;
93 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
94}
95
96
97static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
98 const u8 *addr, u8 *msk, size_t *len)
99{
100 if (wpa_auth->cb.get_msk == NULL)
101 return -1;
102 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
103}
104
105
106static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
107 int vlan_id,
71934751 108 enum wpa_alg alg, const u8 *addr, int idx,
6fc6879b
JM		 109 u8 *key, size_t key_len)
110{
111 if (wpa_auth->cb.set_key == NULL)
112 return -1;
113 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
114 key, key_len);
115}
116
117
118static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
119 const u8 *addr, int idx, u8 *seq)
120{
121 if (wpa_auth->cb.get_seqnum == NULL)
122 return -1;
123 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
124}
125
126
6fc6879b
JM		 127static inline int
128wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
129 const u8 *data, size_t data_len, int encrypt)
130{
131 if (wpa_auth->cb.send_eapol == NULL)
132 return -1;
133 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
134 encrypt);
135}
136
137
138int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
139 int (*cb)(struct wpa_state_machine *sm, void *ctx),
140 void *cb_ctx)
141{
142 if (wpa_auth->cb.for_each_sta == NULL)
143 return 0;
144 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
145}
146
147
bf98f7f3
JM		 148int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
149 int (*cb)(struct wpa_authenticator *a, void *ctx),
150 void *cb_ctx)
151{
152 if (wpa_auth->cb.for_each_auth == NULL)
153 return 0;
154 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
155}
156
157
6fc6879b
JM		 158void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
159 logger_level level, const char *txt)
160{
161 if (wpa_auth->cb.logger == NULL)
162 return;
163 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
164}
165
166
167void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
168 logger_level level, const char *fmt, ...)
169{
170 char *format;
171 int maxlen;
172 va_list ap;
173
174 if (wpa_auth->cb.logger == NULL)
175 return;
176
177 maxlen = os_strlen(fmt) + 100;
178 format = os_malloc(maxlen);
179 if (!format)
180 return;
181
182 va_start(ap, fmt);
183 vsnprintf(format, maxlen, fmt, ap);
184 va_end(ap);
185
186 wpa_auth_logger(wpa_auth, addr, level, format);
187
188 os_free(format);
189}
190
191
192static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
193 const u8 *addr)
194{
195 if (wpa_auth->cb.disconnect == NULL)
196 return;
197 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
198 WLAN_REASON_PREV_AUTH_NOT_VALID);
199}
200
201
202static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
203{
56586197 204 int ret = 0;
6fc6879b 205#ifdef CONFIG_IEEE80211R
56586197
JM		 206 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
207 ret = 1;
6fc6879b 208#endif /* CONFIG_IEEE80211R */
56586197
JM		 209#ifdef CONFIG_IEEE80211W
210 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
211 ret = 1;
212#endif /* CONFIG_IEEE80211W */
213 return ret;
6fc6879b
JM		 214}
215
216
217static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
218{
219 struct wpa_authenticator *wpa_auth = eloop_ctx;
220
3642c431 221 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
6fc6879b
JM		 222 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
223 "initialization.");
224 } else {
225 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
5cb9d5c3
JM		 226 wpa_hexdump_key(MSG_DEBUG, "GMK",
227 wpa_auth->group->GMK, WPA_GMK_LEN);
6fc6879b
JM		 228 }
229
230 if (wpa_auth->conf.wpa_gmk_rekey) {
231 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
232 wpa_rekey_gmk, wpa_auth, NULL);
233 }
234}
235
236
237static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
238{
239 struct wpa_authenticator *wpa_auth = eloop_ctx;
240 struct wpa_group *group;
241
242 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
243 for (group = wpa_auth->group; group; group = group->next) {
244 group->GTKReKey = TRUE;
245 do {
246 group->changed = FALSE;
247 wpa_group_sm_step(wpa_auth, group);
248 } while (group->changed);
249 }
250
251 if (wpa_auth->conf.wpa_group_rekey) {
252 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
253 0, wpa_rekey_gtk, wpa_auth, NULL);
254 }
255}
256
257
581a8cde
JM		 258static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
259{
260 struct wpa_authenticator *wpa_auth = eloop_ctx;
261 struct wpa_state_machine *sm = timeout_ctx;
262
263 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
264 wpa_request_new_ptk(sm);
265 wpa_sm_step(sm);
266}
267
268
6fc6879b
JM		 269static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
270{
271 if (sm->pmksa == ctx)
272 sm->pmksa = NULL;
273 return 0;
274}
275
276
277static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
278 void *ctx)
279{
280 struct wpa_authenticator *wpa_auth = ctx;
281 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
282}
283
284
e6965d4e 285static void wpa_group_set_key_len(struct wpa_group *group, int cipher)
6fc6879b 286{
e6965d4e 287 switch (cipher) {
6fc6879b
JM		 288 case WPA_CIPHER_CCMP:
289 group->GTK_len = 16;
290 break;
291 case WPA_CIPHER_TKIP:
292 group->GTK_len = 32;
293 break;
294 case WPA_CIPHER_WEP104:
295 group->GTK_len = 13;
296 break;
297 case WPA_CIPHER_WEP40:
298 group->GTK_len = 5;
299 break;
300 }
e6965d4e
JM		 301}
302
303
1bdb7ab3
JM		 304static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
305 struct wpa_group *group)
306{
307 u8 buf[ETH_ALEN + 8 + sizeof(group)];
308 u8 rkey[32];
309
3642c431 310 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
1bdb7ab3
JM		 311 return -1;
312 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
313
314 /*
315 * Counter = PRF-256(Random number, "Init Counter",
316 * Local MAC Address || Time)
317 */
318 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
319 wpa_get_ntp_timestamp(buf + ETH_ALEN);
320 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
3642c431 321 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
1bdb7ab3
JM		 322 return -1;
323
324 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
325 group->Counter, WPA_NONCE_LEN) < 0)
326 return -1;
327 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
328 group->Counter, WPA_NONCE_LEN);
329
330 return 0;
331}
332
333
e6965d4e 334static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
bdffdc5d 335 int vlan_id, int delay_init)
e6965d4e
JM		 336{
337 struct wpa_group *group;
e6965d4e
JM		 338
339 group = os_zalloc(sizeof(struct wpa_group));
340 if (group == NULL)
341 return NULL;
342
343 group->GTKAuthenticator = TRUE;
344 group->vlan_id = vlan_id;
345
346 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
6fc6879b 347
08704cd8
JM		 348 if (random_pool_ready() != 1) {
349 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
350 "for secure operations - update keys later when "
351 "the first station connects");
352 }
353
1bdb7ab3
JM		 354 /*
355 * Set initial GMK/Counter value here. The actual values that will be
356 * used in negotiations will be set once the first station tries to
357 * connect. This allows more time for collecting additional randomness
358 * on embedded devices.
6fc6879b 359 */
1bdb7ab3 360 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
6fc6879b
JM		 361 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
362 "initialization.");
363 os_free(group);
364 return NULL;
365 }
6fc6879b
JM		 366
367 group->GInit = TRUE;
bdffdc5d
JM		 368 if (delay_init) {
369 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
370 "until Beacon frames have been configured");
371 /* Initialization is completed in wpa_init_keys(). */
372 } else {
373 wpa_group_sm_step(wpa_auth, group);
374 group->GInit = FALSE;
375 wpa_group_sm_step(wpa_auth, group);
376 }
6fc6879b
JM		 377
378 return group;
379}
380
381
382/**
383 * wpa_init - Initialize WPA authenticator
384 * @addr: Authenticator address
385 * @conf: Configuration for WPA authenticator
a17df5fb 386 * @cb: Callback functions for WPA authenticator
6fc6879b
JM		 387 * Returns: Pointer to WPA authenticator data or %NULL on failure
388 */
389struct wpa_authenticator * wpa_init(const u8 *addr,
390 struct wpa_auth_config *conf,
391 struct wpa_auth_callbacks *cb)
392{
393 struct wpa_authenticator *wpa_auth;
394
395 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
396 if (wpa_auth == NULL)
397 return NULL;
398 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
399 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
400 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
401
402 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
403 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
404 os_free(wpa_auth);
405 return NULL;
406 }
407
bdffdc5d 408 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
6fc6879b
JM		 409 if (wpa_auth->group == NULL) {
410 os_free(wpa_auth->wpa_ie);
411 os_free(wpa_auth);
412 return NULL;
413 }
414
4bb081f1
JM		 415 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
416 wpa_auth);
6fc6879b
JM		 417 if (wpa_auth->pmksa == NULL) {
418 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
419 os_free(wpa_auth->wpa_ie);
420 os_free(wpa_auth);
421 return NULL;
422 }
423
424#ifdef CONFIG_IEEE80211R
425 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
426 if (wpa_auth->ft_pmk_cache == NULL) {
427 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
428 os_free(wpa_auth->wpa_ie);
4bb081f1 429 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 430 os_free(wpa_auth);
431 return NULL;
432 }
433#endif /* CONFIG_IEEE80211R */
434
435 if (wpa_auth->conf.wpa_gmk_rekey) {
436 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
437 wpa_rekey_gmk, wpa_auth, NULL);
438 }
439
440 if (wpa_auth->conf.wpa_group_rekey) {
441 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
442 wpa_rekey_gtk, wpa_auth, NULL);
443 }
444
445 return wpa_auth;
446}
447
448
bdffdc5d
JM		 449int wpa_init_keys(struct wpa_authenticator *wpa_auth)
450{
451 struct wpa_group *group = wpa_auth->group;
452
453 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
454 "keys");
455 wpa_group_sm_step(wpa_auth, group);
456 group->GInit = FALSE;
457 wpa_group_sm_step(wpa_auth, group);
458 return 0;
459}
460
461
6fc6879b
JM		 462/**
463 * wpa_deinit - Deinitialize WPA authenticator
464 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
465 */
466void wpa_deinit(struct wpa_authenticator *wpa_auth)
467{
468 struct wpa_group *group, *prev;
469
470 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
471 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
472
473#ifdef CONFIG_PEERKEY
474 while (wpa_auth->stsl_negotiations)
475 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
476#endif /* CONFIG_PEERKEY */
477
4bb081f1 478 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 479
480#ifdef CONFIG_IEEE80211R
481 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
482 wpa_auth->ft_pmk_cache = NULL;
483#endif /* CONFIG_IEEE80211R */
484
485 os_free(wpa_auth->wpa_ie);
486
487 group = wpa_auth->group;
488 while (group) {
489 prev = group;
490 group = group->next;
491 os_free(prev);
492 }
493
494 os_free(wpa_auth);
495}
496
497
498/**
499 * wpa_reconfig - Update WPA authenticator configuration
500 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
501 * @conf: Configuration for WPA authenticator
502 */
503int wpa_reconfig(struct wpa_authenticator *wpa_auth,
504 struct wpa_auth_config *conf)
505{
e6965d4e 506 struct wpa_group *group;
6fc6879b
JM		 507 if (wpa_auth == NULL)
508 return 0;
509
510 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
ad08c363
JM		 511 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
512 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
513 return -1;
514 }
515
e6965d4e
JM		 516 /*
517 * Reinitialize GTK to make sure it is suitable for the new
518 * configuration.
519 */
520 group = wpa_auth->group;
521 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
522 group->GInit = TRUE;
523 wpa_group_sm_step(wpa_auth, group);
524 group->GInit = FALSE;
525 wpa_group_sm_step(wpa_auth, group);
526
6fc6879b
JM		 527 return 0;
528}
529
530
531struct wpa_state_machine *
532wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
533{
534 struct wpa_state_machine *sm;
535
536 sm = os_zalloc(sizeof(struct wpa_state_machine));
537 if (sm == NULL)
538 return NULL;
539 os_memcpy(sm->addr, addr, ETH_ALEN);
540
541 sm->wpa_auth = wpa_auth;
542 sm->group = wpa_auth->group;
543
544 return sm;
545}
546
547
6f9b5d16
JM		 548int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
549 struct wpa_state_machine *sm)
6fc6879b
JM		 550{
551 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
6f9b5d16 552 return -1;
6fc6879b
JM		 553
554#ifdef CONFIG_IEEE80211R
555 if (sm->ft_completed) {
556 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
557 "FT authentication already completed - do not "
558 "start 4-way handshake");
6f9b5d16 559 return 0;
6fc6879b
JM		 560 }
561#endif /* CONFIG_IEEE80211R */
562
563 if (sm->started) {
22a299ee 564 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
6fc6879b 565 sm->ReAuthenticationRequest = TRUE;
6f9b5d16 566 return wpa_sm_step(sm);
6fc6879b
JM		 567 }
568
569 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
570 "start authentication");
571 sm->started = 1;
572
573 sm->Init = TRUE;
e4a6ea1d 574 if (wpa_sm_step(sm) == 1)
6f9b5d16 575 return 1; /* should not really happen */
6fc6879b
JM		 576 sm->Init = FALSE;
577 sm->AuthenticationRequest = TRUE;
6f9b5d16 578 return wpa_sm_step(sm);
6fc6879b
JM		 579}
580
581
a8d05fca
JM		 582void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
583{
584 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
585 * reassociates back to the same AP while the previous entry for the
586 * STA has not yet been removed. */
587 if (sm == NULL)
588 return;
589
590 sm->wpa_key_mgmt = 0;
591}
592
593
6fc6879b
JM		 594static void wpa_free_sta_sm(struct wpa_state_machine *sm)
595{
2ade8ef2
JM		 596 if (sm->GUpdateStationKeys) {
597 sm->group->GKeyDoneStations--;
598 sm->GUpdateStationKeys = FALSE;
599 }
0f857f43
JM		 600#ifdef CONFIG_IEEE80211R
601 os_free(sm->assoc_resp_ftie);
602#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 603 os_free(sm->last_rx_eapol_key);
604 os_free(sm->wpa_ie);
605 os_free(sm);
606}
607
608
609void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
610{
611 if (sm == NULL)
612 return;
613
614 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
615 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
616 "strict rekeying - force GTK rekey since STA "
617 "is leaving");
618 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
619 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
620 NULL);
621 }
622
623 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
e4bf4db9 624 sm->pending_1_of_4_timeout = 0;
6fc6879b 625 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
581a8cde 626 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 627 if (sm->in_step_loop) {
628 /* Must not free state machine while wpa_sm_step() is running.
629 * Freeing will be completed in the end of wpa_sm_step(). */
630 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
631 "machine deinit for " MACSTR, MAC2STR(sm->addr));
632 sm->pending_deinit = 1;
633 } else
634 wpa_free_sta_sm(sm);
635}
636
637
638static void wpa_request_new_ptk(struct wpa_state_machine *sm)
639{
640 if (sm == NULL)
641 return;
642
643 sm->PTKRequest = TRUE;
644 sm->PTK_valid = 0;
645}
646
647
22a299ee
JM		 648static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
649 const u8 *replay_counter)
650{
651 int i;
652 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
653 if (!sm->key_replay[i].valid)
654 break;
655 if (os_memcmp(replay_counter, sm->key_replay[i].counter,
656 WPA_REPLAY_COUNTER_LEN) == 0)
657 return 1;
658 }
659 return 0;
660}
661
662
0f857f43
JM		 663#ifdef CONFIG_IEEE80211R
664static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
665 struct wpa_state_machine *sm,
666 struct wpa_eapol_ie_parse *kde)
667{
668 struct wpa_ie_data ie;
669 struct rsn_mdie *mdie;
670
671 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
672 ie.num_pmkid != 1 || ie.pmkid == NULL) {
673 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
674 "FT 4-way handshake message 2/4");
675 return -1;
676 }
677
678 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
679 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
680 sm->sup_pmk_r1_name, PMKID_LEN);
681
682 if (!kde->mdie || !kde->ftie) {
683 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
684 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
685 return -1;
686 }
687
688 mdie = (struct rsn_mdie *) (kde->mdie + 2);
689 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
690 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
691 MOBILITY_DOMAIN_ID_LEN) != 0) {
692 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
693 return -1;
694 }
695
696 if (sm->assoc_resp_ftie &&
697 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
698 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
699 2 + sm->assoc_resp_ftie[1]) != 0)) {
700 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
701 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
702 kde->ftie, kde->ftie_len);
703 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
704 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
705 return -1;
706 }
707
708 return 0;
709}
710#endif /* CONFIG_IEEE80211R */
711
712
ec027805
JM		 713static void wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
714 struct wpa_state_machine *sm, int group)
715{
716 /* Supplicant reported a Michael MIC error */
717 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
718 "received EAPOL-Key Error Request "
719 "(STA detected Michael MIC failure (group=%d))",
720 group);
fbc72d32
JM		 721
722 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
723 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
724 "ignore Michael MIC failure report since "
725 "group cipher is not TKIP");
726 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
727 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
728 "ignore Michael MIC failure report since "
729 "pairwise cipher is not TKIP");
730 } else {
731 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
732 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
733 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
734 }
ec027805
JM		 735
736 /*
737 * Error report is not a request for a new key handshake, but since
738 * Authenticator may do it, let's change the keys now anyway.
739 */
740 wpa_request_new_ptk(sm);
741}
742
743
6fc6879b
JM		 744void wpa_receive(struct wpa_authenticator *wpa_auth,
745 struct wpa_state_machine *sm,
746 u8 *data, size_t data_len)
747{
748 struct ieee802_1x_hdr *hdr;
749 struct wpa_eapol_key *key;
750 u16 key_info, key_data_length;
751 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
752 SMK_M1, SMK_M3, SMK_ERROR } msg;
753 char *msgtxt;
754 struct wpa_eapol_ie_parse kde;
26e23750 755 int ft;
1566ec46
JM		 756 const u8 *eapol_key_ie;
757 size_t eapol_key_ie_len;
6fc6879b
JM		 758
759 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
760 return;
761
762 if (data_len < sizeof(*hdr) + sizeof(*key))
763 return;
764
765 hdr = (struct ieee802_1x_hdr *) data;
766 key = (struct wpa_eapol_key *) (hdr + 1);
767 key_info = WPA_GET_BE16(key->key_info);
768 key_data_length = WPA_GET_BE16(key->key_data_length);
769 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
770 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
771 "key_data overflow (%d > %lu)",
772 key_data_length,
773 (unsigned long) (data_len - sizeof(*hdr) -
774 sizeof(*key)));
775 return;
776 }
777
f8e96eb6
JM		 778 if (sm->wpa == WPA_VERSION_WPA2) {
779 if (key->type != EAPOL_KEY_TYPE_RSN) {
780 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
781 "unexpected type %d in RSN mode",
782 key->type);
783 return;
784 }
785 } else {
786 if (key->type != EAPOL_KEY_TYPE_WPA) {
787 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
788 "unexpected type %d in WPA mode",
789 key->type);
790 return;
791 }
792 }
793
bc8318ac
JM		 794 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
795 WPA_NONCE_LEN);
796 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
797 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
798
6fc6879b
JM		 799 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
800 * are set */
801
802 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
803 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
804 if (key_info & WPA_KEY_INFO_ERROR) {
805 msg = SMK_ERROR;
806 msgtxt = "SMK Error";
807 } else {
808 msg = SMK_M1;
809 msgtxt = "SMK M1";
810 }
811 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
812 msg = SMK_M3;
813 msgtxt = "SMK M3";
814 } else if (key_info & WPA_KEY_INFO_REQUEST) {
815 msg = REQUEST;
816 msgtxt = "Request";
817 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
818 msg = GROUP_2;
819 msgtxt = "2/2 Group";
820 } else if (key_data_length == 0) {
821 msg = PAIRWISE_4;
822 msgtxt = "4/4 Pairwise";
823 } else {
824 msg = PAIRWISE_2;
825 msgtxt = "2/4 Pairwise";
826 }
827
828 /* TODO: key_info type validation for PeerKey */
829 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
830 msg == GROUP_2) {
831 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
832 if (sm->pairwise == WPA_CIPHER_CCMP) {
833 if (wpa_use_aes_cmac(sm) &&
834 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
835 wpa_auth_logger(wpa_auth, sm->addr,
836 LOGGER_WARNING,
837 "advertised support for "
838 "AES-128-CMAC, but did not "
839 "use it");
840 return;
841 }
842
843 if (!wpa_use_aes_cmac(sm) &&
844 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
845 wpa_auth_logger(wpa_auth, sm->addr,
846 LOGGER_WARNING,
847 "did not use HMAC-SHA1-AES "
848 "with CCMP");
849 return;
850 }
851 }
852 }
853
854 if (key_info & WPA_KEY_INFO_REQUEST) {
855 if (sm->req_replay_counter_used &&
856 os_memcmp(key->replay_counter, sm->req_replay_counter,
857 WPA_REPLAY_COUNTER_LEN) <= 0) {
858 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
859 "received EAPOL-Key request with "
860 "replayed counter");
861 return;
862 }
863 }
864
865 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
22a299ee
JM		 866 !wpa_replay_counter_valid(sm, key->replay_counter)) {
867 int i;
6fc6879b
JM		 868 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
869 "received EAPOL-Key %s with unexpected "
870 "replay counter", msgtxt);
22a299ee
JM		 871 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
872 if (!sm->key_replay[i].valid)
873 break;
874 wpa_hexdump(MSG_DEBUG, "pending replay counter",
875 sm->key_replay[i].counter,
876 WPA_REPLAY_COUNTER_LEN);
877 }
6fc6879b
JM		 878 wpa_hexdump(MSG_DEBUG, "received replay counter",
879 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
880 return;
881 }
882
883 switch (msg) {
884 case PAIRWISE_2:
885 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
886 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
887 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
888 "received EAPOL-Key msg 2/4 in "
889 "invalid state (%d) - dropped",
890 sm->wpa_ptk_state);
891 return;
892 }
bbb921da 893 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
08704cd8
JM		 894 if (sm->group->reject_4way_hs_for_entropy) {
895 /*
896 * The system did not have enough entropy to generate
897 * strong random numbers. Reject the first 4-way
898 * handshake(s) and collect some entropy based on the
899 * information from it. Once enough entropy is
900 * available, the next atempt will trigger GMK/Key
901 * Counter update and the station will be allowed to
902 * continue.
903 */
904 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
905 "collect more entropy for random number "
906 "generation");
907 sm->group->reject_4way_hs_for_entropy = FALSE;
908 random_mark_pool_ready();
909 sm->group->first_sta_seen = FALSE;
910 wpa_sta_disconnect(wpa_auth, sm->addr);
911 return;
912 }
1566ec46
JM		 913 if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
914 &kde) < 0) {
915 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
916 "received EAPOL-Key msg 2/4 with "
917 "invalid Key Data contents");
918 return;
919 }
920 if (kde.rsn_ie) {
921 eapol_key_ie = kde.rsn_ie;
922 eapol_key_ie_len = kde.rsn_ie_len;
923 } else {
924 eapol_key_ie = kde.wpa_ie;
925 eapol_key_ie_len = kde.wpa_ie_len;
926 }
26e23750
JM		 927 ft = sm->wpa == WPA_VERSION_WPA2 &&
928 wpa_key_mgmt_ft(sm->wpa_key_mgmt);
6fc6879b 929 if (sm->wpa_ie == NULL ||
26e23750
JM		 930 wpa_compare_rsn_ie(ft,
931 sm->wpa_ie, sm->wpa_ie_len,
1566ec46 932 eapol_key_ie, eapol_key_ie_len)) {
6fc6879b
JM		 933 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
934 "WPA IE from (Re)AssocReq did not "
935 "match with msg 2/4");
936 if (sm->wpa_ie) {
937 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
938 sm->wpa_ie, sm->wpa_ie_len);
939 }
940 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
1566ec46 941 eapol_key_ie, eapol_key_ie_len);
6fc6879b
JM		 942 /* MLME-DEAUTHENTICATE.request */
943 wpa_sta_disconnect(wpa_auth, sm->addr);
944 return;
945 }
26e23750 946#ifdef CONFIG_IEEE80211R
0f857f43
JM		 947 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
948 wpa_sta_disconnect(wpa_auth, sm->addr);
949 return;
26e23750
JM		 950 }
951#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 952 break;
953 case PAIRWISE_4:
954 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
955 !sm->PTK_valid) {
956 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
957 "received EAPOL-Key msg 4/4 in "
958 "invalid state (%d) - dropped",
959 sm->wpa_ptk_state);
960 return;
961 }
962 break;
963 case GROUP_2:
964 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
965 || !sm->PTK_valid) {
966 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
967 "received EAPOL-Key msg 2/2 in "
968 "invalid state (%d) - dropped",
969 sm->wpa_ptk_group_state);
970 return;
971 }
972 break;
973#ifdef CONFIG_PEERKEY
974 case SMK_M1:
975 case SMK_M3:
976 case SMK_ERROR:
977 if (!wpa_auth->conf.peerkey) {
978 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
979 "PeerKey use disabled - ignoring message");
980 return;
981 }
982 if (!sm->PTK_valid) {
983 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
984 "received EAPOL-Key msg SMK in "
985 "invalid state - dropped");
986 return;
987 }
988 break;
989#else /* CONFIG_PEERKEY */
990 case SMK_M1:
991 case SMK_M3:
992 case SMK_ERROR:
993 return; /* STSL disabled - ignore SMK messages */
994#endif /* CONFIG_PEERKEY */
995 case REQUEST:
996 break;
997 }
998
999 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1000 "received EAPOL-Key frame (%s)", msgtxt);
1001
1002 if (key_info & WPA_KEY_INFO_ACK) {
1003 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1004 "received invalid EAPOL-Key: Key Ack set");
1005 return;
1006 }
1007
1008 if (!(key_info & WPA_KEY_INFO_MIC)) {
1009 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1010 "received invalid EAPOL-Key: Key MIC not set");
1011 return;
1012 }
1013
1014 sm->MICVerified = FALSE;
1015 if (sm->PTK_valid) {
1016 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
1017 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1018 "received EAPOL-Key with invalid MIC");
1019 return;
1020 }
1021 sm->MICVerified = TRUE;
1022 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
e4bf4db9 1023 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1024 }
1025
1026 if (key_info & WPA_KEY_INFO_REQUEST) {
1027 if (sm->MICVerified) {
1028 sm->req_replay_counter_used = 1;
1029 os_memcpy(sm->req_replay_counter, key->replay_counter,
1030 WPA_REPLAY_COUNTER_LEN);
1031 } else {
1032 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1033 "received EAPOL-Key request with "
1034 "invalid MIC");
1035 return;
1036 }
1037
1038 /*
1039 * TODO: should decrypt key data field if encryption was used;
1040 * even though MAC address KDE is not normally encrypted,
1041 * supplicant is allowed to encrypt it.
1042 */
1043 if (msg == SMK_ERROR) {
1044#ifdef CONFIG_PEERKEY
1045 wpa_smk_error(wpa_auth, sm, key);
1046#endif /* CONFIG_PEERKEY */
1047 return;
1048 } else if (key_info & WPA_KEY_INFO_ERROR) {
ec027805
JM		 1049 wpa_receive_error_report(
1050 wpa_auth, sm,
1051 !(key_info & WPA_KEY_INFO_KEY_TYPE));
6fc6879b
JM		 1052 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1053 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1054 "received EAPOL-Key Request for new "
1055 "4-Way Handshake");
1056 wpa_request_new_ptk(sm);
1057#ifdef CONFIG_PEERKEY
1058 } else if (msg == SMK_M1) {
1059 wpa_smk_m1(wpa_auth, sm, key);
1060#endif /* CONFIG_PEERKEY */
1061 } else if (key_data_length > 0 &&
1062 wpa_parse_kde_ies((const u8 *) (key + 1),
1063 key_data_length, &kde) == 0 &&
1064 kde.mac_addr) {
1065 } else {
1066 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1067 "received EAPOL-Key Request for GTK "
1068 "rekeying");
1069 /* FIX: why was this triggering PTK rekeying for the
1070 * STA that requested Group Key rekeying?? */
1071 /* wpa_request_new_ptk(sta->wpa_sm); */
1072 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1073 wpa_rekey_gtk(wpa_auth, NULL);
1074 }
1075 } else {
22a299ee
JM		 1076 /* Do not allow the same key replay counter to be reused. This
1077 * does also invalidate all other pending replay counters if
1078 * retransmissions were used, i.e., we will only process one of
1079 * the pending replies and ignore rest if more than one is
1080 * received. */
1081 sm->key_replay[0].valid = FALSE;
6fc6879b
JM		 1082 }
1083
1084#ifdef CONFIG_PEERKEY
1085 if (msg == SMK_M3) {
1086 wpa_smk_m3(wpa_auth, sm, key);
1087 return;
1088 }
1089#endif /* CONFIG_PEERKEY */
1090
1091 os_free(sm->last_rx_eapol_key);
1092 sm->last_rx_eapol_key = os_malloc(data_len);
1093 if (sm->last_rx_eapol_key == NULL)
1094 return;
1095 os_memcpy(sm->last_rx_eapol_key, data, data_len);
1096 sm->last_rx_eapol_key_len = data_len;
1097
1098 sm->EAPOLKeyReceived = TRUE;
1099 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1100 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1101 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1102 wpa_sm_step(sm);
1103}
1104
1105
3c7302c2
JM		 1106static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1107 const u8 *gnonce, u8 *gtk, size_t gtk_len)
6fc6879b 1108{
5cb9d5c3
JM		 1109 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1110 u8 *pos;
3c7302c2 1111 int ret = 0;
6fc6879b 1112
5cb9d5c3
JM		 1113 /* GTK = PRF-X(GMK, "Group key expansion",
1114 * AA || GNonce || Time || random data)
1115 * The example described in the IEEE 802.11 standard uses only AA and
1116 * GNonce as inputs here. Add some more entropy since this derivation
1117 * is done only at the Authenticator and as such, does not need to be
1118 * exactly same.
1119 */
6fc6879b
JM		 1120 os_memcpy(data, addr, ETH_ALEN);
1121 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
5cb9d5c3
JM		 1122 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1123 wpa_get_ntp_timestamp(pos);
1124 pos += 8;
3642c431 1125 if (random_get_bytes(pos, 16) < 0)
3c7302c2 1126 ret = -1;
6fc6879b 1127
56586197 1128#ifdef CONFIG_IEEE80211W
5cb9d5c3 1129 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
56586197 1130#else /* CONFIG_IEEE80211W */
3c7302c2
JM		 1131 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1132 < 0)
1133 ret = -1;
56586197 1134#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 1135
1136 return ret;
6fc6879b
JM		 1137}
1138
1139
1140static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1141{
1142 struct wpa_authenticator *wpa_auth = eloop_ctx;
1143 struct wpa_state_machine *sm = timeout_ctx;
1144
e4bf4db9 1145 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1146 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1147 sm->TimeoutEvt = TRUE;
1148 wpa_sm_step(sm);
1149}
1150
1151
1152void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1153 struct wpa_state_machine *sm, int key_info,
1154 const u8 *key_rsc, const u8 *nonce,
1155 const u8 *kde, size_t kde_len,
1156 int keyidx, int encr, int force_version)
1157{
1158 struct ieee802_1x_hdr *hdr;
1159 struct wpa_eapol_key *key;
1160 size_t len;
1161 int alg;
1162 int key_data_len, pad_len = 0;
1163 u8 *buf, *pos;
1164 int version, pairwise;
22a299ee 1165 int i;
6fc6879b
JM		 1166
1167 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
1168
1169 if (force_version)
1170 version = force_version;
1171 else if (wpa_use_aes_cmac(sm))
1172 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
1173 else if (sm->pairwise == WPA_CIPHER_CCMP)
1174 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1175 else
1176 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1177
1178 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1179
1180 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1181 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1182 "encr=%d)",
1183 version,
1184 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1185 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1186 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1187 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1188 pairwise, (unsigned long) kde_len, keyidx, encr);
1189
1190 key_data_len = kde_len;
1191
1192 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1193 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1194 pad_len = key_data_len % 8;
1195 if (pad_len)
1196 pad_len = 8 - pad_len;
1197 key_data_len += pad_len + 8;
1198 }
1199
1200 len += key_data_len;
1201
1202 hdr = os_zalloc(len);
1203 if (hdr == NULL)
1204 return;
1205 hdr->version = wpa_auth->conf.eapol_version;
1206 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1207 hdr->length = host_to_be16(len - sizeof(*hdr));
1208 key = (struct wpa_eapol_key *) (hdr + 1);
1209
1210 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1211 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1212 key_info |= version;
1213 if (encr && sm->wpa == WPA_VERSION_WPA2)
1214 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1215 if (sm->wpa != WPA_VERSION_WPA2)
1216 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1217 WPA_PUT_BE16(key->key_info, key_info);
1218
1219 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1220 switch (alg) {
1221 case WPA_CIPHER_CCMP:
1222 WPA_PUT_BE16(key->key_length, 16);
1223 break;
1224 case WPA_CIPHER_TKIP:
1225 WPA_PUT_BE16(key->key_length, 32);
1226 break;
1227 case WPA_CIPHER_WEP40:
1228 WPA_PUT_BE16(key->key_length, 5);
1229 break;
1230 case WPA_CIPHER_WEP104:
1231 WPA_PUT_BE16(key->key_length, 13);
1232 break;
1233 }
1234 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1235 WPA_PUT_BE16(key->key_length, 0);
1236
1237 /* FIX: STSL: what to use as key_replay_counter? */
22a299ee
JM		 1238 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1239 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1240 os_memcpy(sm->key_replay[i].counter,
1241 sm->key_replay[i - 1].counter,
1242 WPA_REPLAY_COUNTER_LEN);
1243 }
1244 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1245 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
6fc6879b 1246 WPA_REPLAY_COUNTER_LEN);
22a299ee 1247 sm->key_replay[0].valid = TRUE;
6fc6879b
JM		 1248
1249 if (nonce)
1250 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1251
1252 if (key_rsc)
1253 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1254
1255 if (kde && !encr) {
1256 os_memcpy(key + 1, kde, kde_len);
1257 WPA_PUT_BE16(key->key_data_length, kde_len);
1258 } else if (encr && kde) {
1259 buf = os_zalloc(key_data_len);
1260 if (buf == NULL) {
1261 os_free(hdr);
1262 return;
1263 }
1264 pos = buf;
1265 os_memcpy(pos, kde, kde_len);
1266 pos += kde_len;
1267
1268 if (pad_len)
1269 *pos++ = 0xdd;
1270
1271 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1272 buf, key_data_len);
1273 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1274 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1275 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
1276 (u8 *) (key + 1))) {
1277 os_free(hdr);
1278 os_free(buf);
1279 return;
1280 }
1281 WPA_PUT_BE16(key->key_data_length, key_data_len);
1282 } else {
1283 u8 ek[32];
1284 os_memcpy(key->key_iv,
1285 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1286 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1287 os_memcpy(ek, key->key_iv, 16);
1288 os_memcpy(ek + 16, sm->PTK.kek, 16);
1289 os_memcpy(key + 1, buf, key_data_len);
1290 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1291 WPA_PUT_BE16(key->key_data_length, key_data_len);
1292 }
1293 os_free(buf);
1294 }
1295
1296 if (key_info & WPA_KEY_INFO_MIC) {
1297 if (!sm->PTK_valid) {
1298 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1299 "PTK not valid when sending EAPOL-Key "
1300 "frame");
1301 os_free(hdr);
1302 return;
1303 }
1304 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1305 key->key_mic);
1306 }
1307
1308 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1309 1);
1310 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1311 sm->pairwise_set);
1312 os_free(hdr);
1313}
1314
1315
1316static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1317 struct wpa_state_machine *sm, int key_info,
1318 const u8 *key_rsc, const u8 *nonce,
1319 const u8 *kde, size_t kde_len,
1320 int keyidx, int encr)
1321{
1322 int timeout_ms;
1323 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
bae61562 1324 int ctr;
6fc6879b
JM		 1325
1326 if (sm == NULL)
1327 return;
1328
1329 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1330 keyidx, encr, 0);
1331
bae61562 1332 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
e4bf4db9 1333 if (ctr == 1 && wpa_auth->conf.tx_status)
bae61562
JM		 1334 timeout_ms = eapol_key_timeout_first;
1335 else
1336 timeout_ms = eapol_key_timeout_subseq;
e4bf4db9
JM		 1337 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1338 sm->pending_1_of_4_timeout = 1;
1339 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1340 "counter %d)", timeout_ms, ctr);
6fc6879b
JM		 1341 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1342 wpa_send_eapol_timeout, wpa_auth, sm);
1343}
1344
1345
1346static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1347{
1348 struct ieee802_1x_hdr *hdr;
1349 struct wpa_eapol_key *key;
1350 u16 key_info;
1351 int ret = 0;
1352 u8 mic[16];
1353
1354 if (data_len < sizeof(*hdr) + sizeof(*key))
1355 return -1;
1356
1357 hdr = (struct ieee802_1x_hdr *) data;
1358 key = (struct wpa_eapol_key *) (hdr + 1);
1359 key_info = WPA_GET_BE16(key->key_info);
1360 os_memcpy(mic, key->key_mic, 16);
1361 os_memset(key->key_mic, 0, 16);
1362 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1363 data, data_len, key->key_mic) ||
1364 os_memcmp(mic, key->key_mic, 16) != 0)
1365 ret = -1;
1366 os_memcpy(key->key_mic, mic, 16);
1367 return ret;
1368}
1369
1370
1371void wpa_remove_ptk(struct wpa_state_machine *sm)
1372{
1373 sm->PTK_valid = FALSE;
1374 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
26083221 1375 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
6fc6879b 1376 sm->pairwise_set = FALSE;
581a8cde 1377 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 1378}
1379
1380
6f9b5d16 1381int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
6fc6879b 1382{
5d22a1d5
JM		 1383 int remove_ptk = 1;
1384
6fc6879b 1385 if (sm == NULL)
6f9b5d16 1386 return -1;
6fc6879b
JM		 1387
1388 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1389 "event %d notification", event);
1390
1391 switch (event) {
1392 case WPA_AUTH:
1393 case WPA_ASSOC:
1394 break;
1395 case WPA_DEAUTH:
1396 case WPA_DISASSOC:
1397 sm->DeauthenticationRequest = TRUE;
1398 break;
1399 case WPA_REAUTH:
1400 case WPA_REAUTH_EAPOL:
3ab72b62
JM		 1401 if (!sm->started) {
1402 /*
1403 * When using WPS, we may end up here if the STA
1404 * manages to re-associate without the previous STA
1405 * entry getting removed. Consequently, we need to make
1406 * sure that the WPA state machines gets initialized
1407 * properly at this point.
1408 */
1409 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1410 "started - initialize now");
1411 sm->started = 1;
1412 sm->Init = TRUE;
1413 if (wpa_sm_step(sm) == 1)
1414 return 1; /* should not really happen */
1415 sm->Init = FALSE;
1416 sm->AuthenticationRequest = TRUE;
1417 break;
1418 }
9663596f
JM		 1419 if (sm->GUpdateStationKeys) {
1420 /*
1421 * Reauthentication cancels the pending group key
1422 * update for this STA.
1423 */
1424 sm->group->GKeyDoneStations--;
1425 sm->GUpdateStationKeys = FALSE;
1426 sm->PtkGroupInit = TRUE;
1427 }
6fc6879b
JM		 1428 sm->ReAuthenticationRequest = TRUE;
1429 break;
1430 case WPA_ASSOC_FT:
1431#ifdef CONFIG_IEEE80211R
81a658d7
JM		 1432 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1433 "after association");
1434 wpa_ft_install_ptk(sm);
1435
6fc6879b
JM		 1436 /* Using FT protocol, not WPA auth state machine */
1437 sm->ft_completed = 1;
6f9b5d16 1438 return 0;
6fc6879b
JM		 1439#else /* CONFIG_IEEE80211R */
1440 break;
1441#endif /* CONFIG_IEEE80211R */
1442 }
1443
1444#ifdef CONFIG_IEEE80211R
1445 sm->ft_completed = 0;
1446#endif /* CONFIG_IEEE80211R */
1447
5d22a1d5
JM		 1448#ifdef CONFIG_IEEE80211W
1449 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1450 remove_ptk = 0;
1451#endif /* CONFIG_IEEE80211W */
6fc6879b 1452
5d22a1d5
JM		 1453 if (remove_ptk) {
1454 sm->PTK_valid = FALSE;
1455 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1456
1457 if (event != WPA_REAUTH_EAPOL)
1458 wpa_remove_ptk(sm);
1459 }
6fc6879b 1460
6f9b5d16 1461 return wpa_sm_step(sm);
6fc6879b
JM		 1462}
1463
1464
71934751 1465static enum wpa_alg wpa_alg_enum(int alg)
6fc6879b
JM		 1466{
1467 switch (alg) {
1468 case WPA_CIPHER_CCMP:
89d39d9d 1469 return WPA_ALG_CCMP;
6fc6879b 1470 case WPA_CIPHER_TKIP:
89d39d9d 1471 return WPA_ALG_TKIP;
6fc6879b
JM		 1472 case WPA_CIPHER_WEP104:
1473 case WPA_CIPHER_WEP40:
89d39d9d 1474 return WPA_ALG_WEP;
6fc6879b 1475 default:
89d39d9d 1476 return WPA_ALG_NONE;
6fc6879b
JM		 1477 }
1478}
1479
1480
1481SM_STATE(WPA_PTK, INITIALIZE)
1482{
1483 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1484 if (sm->Init) {
1485 /* Init flag is not cleared here, so avoid busy
1486 * loop by claiming nothing changed. */
1487 sm->changed = FALSE;
1488 }
1489
1490 sm->keycount = 0;
1491 if (sm->GUpdateStationKeys)
1492 sm->group->GKeyDoneStations--;
1493 sm->GUpdateStationKeys = FALSE;
1494 if (sm->wpa == WPA_VERSION_WPA)
1495 sm->PInitAKeys = FALSE;
1496 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1497 * Local AA > Remote AA)) */) {
1498 sm->Pair = TRUE;
1499 }
1500 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1501 wpa_remove_ptk(sm);
1502 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1503 sm->TimeoutCtr = 0;
56586197 1504 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1505 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1506 WPA_EAPOL_authorized, 0);
1507 }
1508}
1509
1510
1511SM_STATE(WPA_PTK, DISCONNECT)
1512{
1513 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1514 sm->Disconnect = FALSE;
1515 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1516}
1517
1518
1519SM_STATE(WPA_PTK, DISCONNECTED)
1520{
1521 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1522 sm->DeauthenticationRequest = FALSE;
1523}
1524
1525
1526SM_STATE(WPA_PTK, AUTHENTICATION)
1527{
1528 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1529 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1530 sm->PTK_valid = FALSE;
1531 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1532 1);
1533 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1534 sm->AuthenticationRequest = FALSE;
1535}
1536
1537
1bdb7ab3
JM		 1538static void wpa_group_first_station(struct wpa_authenticator *wpa_auth,
1539 struct wpa_group *group)
1540{
1541 /*
1542 * System has run bit further than at the time hostapd was started
1543 * potentially very early during boot up. This provides better chances
1544 * of collecting more randomness on embedded systems. Re-initialize the
1545 * GMK and Counter here to improve their strength if there was not
1546 * enough entropy available immediately after system startup.
1547 */
1548 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1549 "station");
08704cd8
JM		 1550 if (random_pool_ready() != 1) {
1551 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1552 "to proceed - reject first 4-way handshake");
1553 group->reject_4way_hs_for_entropy = TRUE;
1554 }
1bdb7ab3
JM		 1555 wpa_group_init_gmk_and_counter(wpa_auth, group);
1556 wpa_gtk_update(wpa_auth, group);
1557 wpa_group_config_group_keys(wpa_auth, group);
1558}
1559
1560
6fc6879b
JM		 1561SM_STATE(WPA_PTK, AUTHENTICATION2)
1562{
1563 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1bdb7ab3
JM		 1564
1565 if (!sm->group->first_sta_seen) {
1566 wpa_group_first_station(sm->wpa_auth, sm->group);
1567 sm->group->first_sta_seen = TRUE;
1568 }
1569
6fc6879b 1570 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
bc8318ac
JM		 1571 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1572 WPA_NONCE_LEN);
6fc6879b
JM		 1573 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1574 sm->ReAuthenticationRequest = FALSE;
1575 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1576 * logical place than INITIALIZE since AUTHENTICATION2 can be
1577 * re-entered on ReAuthenticationRequest without going through
1578 * INITIALIZE. */
1579 sm->TimeoutCtr = 0;
1580}
1581
1582
1583SM_STATE(WPA_PTK, INITPMK)
1584{
1585 u8 msk[2 * PMK_LEN];
1586 size_t len = 2 * PMK_LEN;
1587
1588 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1589#ifdef CONFIG_IEEE80211R
1590 sm->xxkey_len = 0;
1591#endif /* CONFIG_IEEE80211R */
1592 if (sm->pmksa) {
1593 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1594 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1595 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1596 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1597 "(len=%lu)", (unsigned long) len);
1598 os_memcpy(sm->PMK, msk, PMK_LEN);
1599#ifdef CONFIG_IEEE80211R
1600 if (len >= 2 * PMK_LEN) {
1601 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1602 sm->xxkey_len = PMK_LEN;
1603 }
1604#endif /* CONFIG_IEEE80211R */
1605 } else {
1606 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1607 }
1608
1609 sm->req_replay_counter_used = 0;
1610 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1611 * will break reauthentication since EAPOL state machines may not be
1612 * get into AUTHENTICATING state that clears keyRun before WPA state
1613 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1614 * state and takes PMK from the previously used AAA Key. This will
1615 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1616 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1617 * be good workaround for this issue. */
1618 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1619}
1620
1621
1622SM_STATE(WPA_PTK, INITPSK)
1623{
1624 const u8 *psk;
1625 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1626 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
1627 if (psk) {
1628 os_memcpy(sm->PMK, psk, PMK_LEN);
1629#ifdef CONFIG_IEEE80211R
1630 os_memcpy(sm->xxkey, psk, PMK_LEN);
1631 sm->xxkey_len = PMK_LEN;
1632#endif /* CONFIG_IEEE80211R */
1633 }
1634 sm->req_replay_counter_used = 0;
1635}
1636
1637
1638SM_STATE(WPA_PTK, PTKSTART)
1639{
1640 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1641 size_t pmkid_len = 0;
1642
1643 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1644 sm->PTKRequest = FALSE;
1645 sm->TimeoutEvt = FALSE;
bae61562
JM		 1646
1647 sm->TimeoutCtr++;
1648 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1649 /* No point in sending the EAPOL-Key - we will disconnect
1650 * immediately following this. */
1651 return;
1652 }
1653
6fc6879b
JM		 1654 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1655 "sending 1/4 msg of 4-Way Handshake");
1656 /*
1657 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1658 * one possible PSK for this STA.
1659 */
1660 if (sm->wpa == WPA_VERSION_WPA2 &&
56586197 1661 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1662 pmkid = buf;
1663 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1664 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1665 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1666 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1667 if (sm->pmksa)
1668 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1669 sm->pmksa->pmkid, PMKID_LEN);
1670 else {
1671 /*
1672 * Calculate PMKID since no PMKSA cache entry was
1673 * available with pre-calculated PMKID.
1674 */
1675 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
56586197
JM		 1676 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1677 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1678 }
1679 }
1680 wpa_send_eapol(sm->wpa_auth, sm,
1681 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1682 sm->ANonce, pmkid, pmkid_len, 0, 0);
6fc6879b
JM		 1683}
1684
1685
1686static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1687 struct wpa_ptk *ptk)
1688{
c0a61908 1689 size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64;
6fc6879b 1690#ifdef CONFIG_IEEE80211R
56586197 1691 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
c0a61908 1692 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
6fc6879b
JM		 1693#endif /* CONFIG_IEEE80211R */
1694
1695 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1696 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
c0a61908 1697 (u8 *) ptk, ptk_len,
56586197 1698 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1699
1700 return 0;
1701}
1702
1703
1704SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1705{
1706 struct wpa_ptk PTK;
1707 int ok = 0;
1708 const u8 *pmk = NULL;
1709
1710 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1711 sm->EAPOLKeyReceived = FALSE;
1712
1713 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1714 * WPA-PSK: iterate through possible PSKs and select the one matching
1715 * the packet */
1716 for (;;) {
56586197 1717 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1718 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
1719 if (pmk == NULL)
1720 break;
1721 } else
1722 pmk = sm->PMK;
1723
1724 wpa_derive_ptk(sm, pmk, &PTK);
1725
1726 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1727 sm->last_rx_eapol_key_len) == 0) {
1728 ok = 1;
1729 break;
1730 }
1731
56586197 1732 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
6fc6879b
JM		 1733 break;
1734 }
1735
1736 if (!ok) {
1737 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1738 "invalid MIC in msg 2/4 of 4-Way Handshake");
1739 return;
1740 }
1741
26e23750
JM		 1742#ifdef CONFIG_IEEE80211R
1743 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1744 /*
1745 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
1746 * with the value we derived.
1747 */
1748 if (os_memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name,
1749 WPA_PMK_NAME_LEN) != 0) {
1750 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1751 "PMKR1Name mismatch in FT 4-way "
1752 "handshake");
1753 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
1754 "Supplicant",
1755 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
1756 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
1757 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1758 return;
1759 }
1760 }
1761#endif /* CONFIG_IEEE80211R */
1762
e4bf4db9 1763 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1764 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1765
56586197 1766 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1767 /* PSK may have changed from the previous choice, so update
1768 * state machine data based on whatever PSK was selected here.
1769 */
1770 os_memcpy(sm->PMK, pmk, PMK_LEN);
1771 }
1772
1773 sm->MICVerified = TRUE;
1774
1775 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1776 sm->PTK_valid = TRUE;
1777}
1778
1779
1780SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1781{
1782 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1783 sm->TimeoutCtr = 0;
1784}
1785
1786
1787#ifdef CONFIG_IEEE80211W
1788
1789static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1790{
1791 if (sm->mgmt_frame_prot) {
1792 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
1793 }
1794
1795 return 0;
1796}
1797
1798
1799static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1800{
1801 struct wpa_igtk_kde igtk;
1802 struct wpa_group *gsm = sm->group;
1803
1804 if (!sm->mgmt_frame_prot)
1805 return pos;
1806
1807 igtk.keyid[0] = gsm->GN_igtk;
1808 igtk.keyid[1] = 0;
7b1080da
JM		 1809 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
1810 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
6fc6879b
JM		 1811 os_memset(igtk.pn, 0, sizeof(igtk.pn));
1812 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
1813 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1814 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
1815
1816 return pos;
1817}
1818
1819#else /* CONFIG_IEEE80211W */
1820
1821static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1822{
1823 return 0;
1824}
1825
1826
1827static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1828{
1829 return pos;
1830}
1831
1832#endif /* CONFIG_IEEE80211W */
1833
1834
1835SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1836{
1837 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
1838 size_t gtk_len, kde_len;
1839 struct wpa_group *gsm = sm->group;
1840 u8 *wpa_ie;
1841 int wpa_ie_len, secure, keyidx, encr = 0;
1842
1843 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1844 sm->TimeoutEvt = FALSE;
bae61562
JM		 1845
1846 sm->TimeoutCtr++;
1847 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1848 /* No point in sending the EAPOL-Key - we will disconnect
1849 * immediately following this. */
1850 return;
1851 }
1852
86dfabb8
JM		 1853 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
1854 GTK[GN], IGTK, [FTIE], [TIE * 2])
6fc6879b
JM		 1855 */
1856 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1857 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
86dfabb8 1858 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6fc6879b
JM		 1859 wpa_ie = sm->wpa_auth->wpa_ie;
1860 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
1861 if (sm->wpa == WPA_VERSION_WPA &&
1862 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
1863 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
1864 /* WPA-only STA, remove RSN IE */
1865 wpa_ie = wpa_ie + wpa_ie[1] + 2;
1866 wpa_ie_len = wpa_ie[1] + 2;
1867 }
1868 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1869 "sending 3/4 msg of 4-Way Handshake");
1870 if (sm->wpa == WPA_VERSION_WPA2) {
1871 /* WPA2 send GTK in the 4-way handshake */
1872 secure = 1;
1873 gtk = gsm->GTK[gsm->GN - 1];
1874 gtk_len = gsm->GTK_len;
1875 keyidx = gsm->GN;
1876 _rsc = rsc;
1877 encr = 1;
1878 } else {
1879 /* WPA does not include GTK in msg 3/4 */
1880 secure = 0;
1881 gtk = NULL;
1882 gtk_len = 0;
1883 keyidx = 0;
1884 _rsc = NULL;
1885 }
1886
1887 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
1888 if (gtk)
1889 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
26e23750 1890#ifdef CONFIG_IEEE80211R
86dfabb8
JM		 1891 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1892 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
1893 kde_len += 300; /* FTIE + 2 * TIE */
1894 }
26e23750 1895#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 1896 kde = os_malloc(kde_len);
1897 if (kde == NULL)
1898 return;
1899
1900 pos = kde;
1901 os_memcpy(pos, wpa_ie, wpa_ie_len);
1902 pos += wpa_ie_len;
26e23750
JM		 1903#ifdef CONFIG_IEEE80211R
1904 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1905 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
1906 if (res < 0) {
1907 wpa_printf(MSG_ERROR, "FT: Failed to insert "
1908 "PMKR1Name into RSN IE in EAPOL-Key data");
1909 os_free(kde);
1910 return;
1911 }
1912 pos += res;
1913 }
1914#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 1915 if (gtk) {
1916 u8 hdr[2];
1917 hdr[0] = keyidx & 0x03;
1918 hdr[1] = 0;
1919 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1920 gtk, gtk_len);
1921 }
1922 pos = ieee80211w_kde_add(sm, pos);
1923
86dfabb8
JM		 1924#ifdef CONFIG_IEEE80211R
1925 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1926 int res;
1927 struct wpa_auth_config *conf;
1928
1929 conf = &sm->wpa_auth->conf;
1930 res = wpa_write_ftie(conf, conf->r0_key_holder,
1931 conf->r0_key_holder_len,
1932 NULL, NULL, pos, kde + kde_len - pos,
1933 NULL, 0);
1934 if (res < 0) {
1935 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
1936 "into EAPOL-Key Key Data");
1937 os_free(kde);
1938 return;
1939 }
1940 pos += res;
1941
1942 /* TIE[ReassociationDeadline] (TU) */
1943 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
1944 *pos++ = 5;
1945 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
1946 WPA_PUT_LE32(pos, conf->reassociation_deadline);
1947 pos += 4;
1948
1949 /* TIE[KeyLifetime] (seconds) */
1950 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
1951 *pos++ = 5;
1952 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
1953 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
1954 pos += 4;
1955 }
1956#endif /* CONFIG_IEEE80211R */
1957
6fc6879b
JM		 1958 wpa_send_eapol(sm->wpa_auth, sm,
1959 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
1960 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
1961 WPA_KEY_INFO_KEY_TYPE,
1962 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
1963 os_free(kde);
6fc6879b
JM		 1964}
1965
1966
1967SM_STATE(WPA_PTK, PTKINITDONE)
1968{
1969 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
1970 sm->EAPOLKeyReceived = FALSE;
1971 if (sm->Pair) {
71934751 1972 enum wpa_alg alg;
6fc6879b
JM		 1973 int klen;
1974 if (sm->pairwise == WPA_CIPHER_TKIP) {
89d39d9d 1975 alg = WPA_ALG_TKIP;
6fc6879b
JM		 1976 klen = 32;
1977 } else {
89d39d9d 1978 alg = WPA_ALG_CCMP;
6fc6879b
JM		 1979 klen = 16;
1980 }
1981 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
1982 sm->PTK.tk1, klen)) {
1983 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1984 return;
1985 }
1986 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1987 sm->pairwise_set = TRUE;
1988
581a8cde
JM		 1989 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
1990 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1991 eloop_register_timeout(sm->wpa_auth->conf.
1992 wpa_ptk_rekey, 0, wpa_rekey_ptk,
1993 sm->wpa_auth, sm);
1994 }
1995
56586197 1996 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1997 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1998 WPA_EAPOL_authorized, 1);
1999 }
2000 }
2001
2002 if (0 /* IBSS == TRUE */) {
2003 sm->keycount++;
2004 if (sm->keycount == 2) {
2005 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2006 WPA_EAPOL_portValid, 1);
2007 }
2008 } else {
2009 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
2010 1);
2011 }
2012 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
2013 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
2014 if (sm->wpa == WPA_VERSION_WPA)
2015 sm->PInitAKeys = TRUE;
2016 else
2017 sm->has_GTK = TRUE;
2018 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2019 "pairwise key handshake completed (%s)",
2020 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2021
2022#ifdef CONFIG_IEEE80211R
2023 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
2024#endif /* CONFIG_IEEE80211R */
2025}
2026
2027
2028SM_STEP(WPA_PTK)
2029{
2030 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2031
2032 if (sm->Init)
2033 SM_ENTER(WPA_PTK, INITIALIZE);
2034 else if (sm->Disconnect
1aae01fc
BG		 2035 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
2036 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2037 "WPA_PTK: sm->Disconnect");
6fc6879b 2038 SM_ENTER(WPA_PTK, DISCONNECT);
1aae01fc 2039 }
6fc6879b
JM		 2040 else if (sm->DeauthenticationRequest)
2041 SM_ENTER(WPA_PTK, DISCONNECTED);
2042 else if (sm->AuthenticationRequest)
2043 SM_ENTER(WPA_PTK, AUTHENTICATION);
2044 else if (sm->ReAuthenticationRequest)
2045 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2046 else if (sm->PTKRequest)
2047 SM_ENTER(WPA_PTK, PTKSTART);
2048 else switch (sm->wpa_ptk_state) {
2049 case WPA_PTK_INITIALIZE:
2050 break;
2051 case WPA_PTK_DISCONNECT:
2052 SM_ENTER(WPA_PTK, DISCONNECTED);
2053 break;
2054 case WPA_PTK_DISCONNECTED:
2055 SM_ENTER(WPA_PTK, INITIALIZE);
2056 break;
2057 case WPA_PTK_AUTHENTICATION:
2058 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2059 break;
2060 case WPA_PTK_AUTHENTICATION2:
56586197 2061 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6fc6879b
JM		 2062 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2063 WPA_EAPOL_keyRun) > 0)
2064 SM_ENTER(WPA_PTK, INITPMK);
56586197 2065 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
6fc6879b
JM		 2066 /* FIX: && 802.1X::keyRun */)
2067 SM_ENTER(WPA_PTK, INITPSK);
2068 break;
2069 case WPA_PTK_INITPMK:
2070 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2071 WPA_EAPOL_keyAvailable) > 0)
2072 SM_ENTER(WPA_PTK, PTKSTART);
2073 else {
2074 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2075 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2076 "INITPMK - keyAvailable = false");
6fc6879b
JM		 2077 SM_ENTER(WPA_PTK, DISCONNECT);
2078 }
2079 break;
2080 case WPA_PTK_INITPSK:
2081 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
2082 SM_ENTER(WPA_PTK, PTKSTART);
2083 else {
2084 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2085 "no PSK configured for the STA");
2086 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2087 SM_ENTER(WPA_PTK, DISCONNECT);
2088 }
2089 break;
2090 case WPA_PTK_PTKSTART:
2091 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2092 sm->EAPOLKeyPairwise)
2093 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2094 else if (sm->TimeoutCtr >
2095 (int) dot11RSNAConfigPairwiseUpdateCount) {
2096 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2097 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2098 "PTKSTART: Retry limit %d reached",
2099 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2100 SM_ENTER(WPA_PTK, DISCONNECT);
2101 } else if (sm->TimeoutEvt)
2102 SM_ENTER(WPA_PTK, PTKSTART);
2103 break;
2104 case WPA_PTK_PTKCALCNEGOTIATING:
2105 if (sm->MICVerified)
2106 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2107 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2108 sm->EAPOLKeyPairwise)
2109 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2110 else if (sm->TimeoutEvt)
2111 SM_ENTER(WPA_PTK, PTKSTART);
2112 break;
2113 case WPA_PTK_PTKCALCNEGOTIATING2:
2114 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2115 break;
2116 case WPA_PTK_PTKINITNEGOTIATING:
2117 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2118 sm->EAPOLKeyPairwise && sm->MICVerified)
2119 SM_ENTER(WPA_PTK, PTKINITDONE);
2120 else if (sm->TimeoutCtr >
2121 (int) dot11RSNAConfigPairwiseUpdateCount) {
2122 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2123 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2124 "PTKINITNEGOTIATING: Retry limit %d "
2125 "reached",
2126 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2127 SM_ENTER(WPA_PTK, DISCONNECT);
2128 } else if (sm->TimeoutEvt)
2129 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2130 break;
2131 case WPA_PTK_PTKINITDONE:
2132 break;
2133 }
2134}
2135
2136
2137SM_STATE(WPA_PTK_GROUP, IDLE)
2138{
2139 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2140 if (sm->Init) {
2141 /* Init flag is not cleared here, so avoid busy
2142 * loop by claiming nothing changed. */
2143 sm->changed = FALSE;
2144 }
2145 sm->GTimeoutCtr = 0;
2146}
2147
2148
2149SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2150{
2151 u8 rsc[WPA_KEY_RSC_LEN];
2152 struct wpa_group *gsm = sm->group;
2153 u8 *kde, *pos, hdr[2];
2154 size_t kde_len;
2155
2156 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
bae61562
JM		 2157
2158 sm->GTimeoutCtr++;
2159 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2160 /* No point in sending the EAPOL-Key - we will disconnect
2161 * immediately following this. */
2162 return;
2163 }
2164
6fc6879b
JM		 2165 if (sm->wpa == WPA_VERSION_WPA)
2166 sm->PInitAKeys = FALSE;
2167 sm->TimeoutEvt = FALSE;
2168 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2169 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2170 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2171 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2172 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2173 "sending 1/2 msg of Group Key Handshake");
2174
2175 if (sm->wpa == WPA_VERSION_WPA2) {
2176 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2177 ieee80211w_kde_len(sm);
2178 kde = os_malloc(kde_len);
2179 if (kde == NULL)
2180 return;
2181
2182 pos = kde;
2183 hdr[0] = gsm->GN & 0x03;
2184 hdr[1] = 0;
2185 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2186 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2187 pos = ieee80211w_kde_add(sm, pos);
2188 } else {
2189 kde = gsm->GTK[gsm->GN - 1];
2190 pos = kde + gsm->GTK_len;
2191 }
2192
2193 wpa_send_eapol(sm->wpa_auth, sm,
2194 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
2195 WPA_KEY_INFO_ACK |
2196 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
2197 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
2198 if (sm->wpa == WPA_VERSION_WPA2)
2199 os_free(kde);
6fc6879b
JM		 2200}
2201
2202
2203SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2204{
2205 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2206 sm->EAPOLKeyReceived = FALSE;
2207 if (sm->GUpdateStationKeys)
2208 sm->group->GKeyDoneStations--;
2209 sm->GUpdateStationKeys = FALSE;
2210 sm->GTimeoutCtr = 0;
2211 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2212 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2213 "group key handshake completed (%s)",
2214 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2215 sm->has_GTK = TRUE;
2216}
2217
2218
2219SM_STATE(WPA_PTK_GROUP, KEYERROR)
2220{
2221 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2222 if (sm->GUpdateStationKeys)
2223 sm->group->GKeyDoneStations--;
2224 sm->GUpdateStationKeys = FALSE;
2225 sm->Disconnect = TRUE;
2226}
2227
2228
2229SM_STEP(WPA_PTK_GROUP)
2230{
9663596f 2231 if (sm->Init || sm->PtkGroupInit) {
6fc6879b 2232 SM_ENTER(WPA_PTK_GROUP, IDLE);
9663596f
JM		 2233 sm->PtkGroupInit = FALSE;
2234 } else switch (sm->wpa_ptk_group_state) {
6fc6879b
JM		 2235 case WPA_PTK_GROUP_IDLE:
2236 if (sm->GUpdateStationKeys ||
2237 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2238 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2239 break;
2240 case WPA_PTK_GROUP_REKEYNEGOTIATING:
2241 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2242 !sm->EAPOLKeyPairwise && sm->MICVerified)
2243 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2244 else if (sm->GTimeoutCtr >
2245 (int) dot11RSNAConfigGroupUpdateCount)
2246 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2247 else if (sm->TimeoutEvt)
2248 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2249 break;
2250 case WPA_PTK_GROUP_KEYERROR:
2251 SM_ENTER(WPA_PTK_GROUP, IDLE);
2252 break;
2253 case WPA_PTK_GROUP_REKEYESTABLISHED:
2254 SM_ENTER(WPA_PTK_GROUP, IDLE);
2255 break;
2256 }
2257}
2258
2259
2260static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2261 struct wpa_group *group)
2262{
2263 int ret = 0;
2264
6fc6879b
JM		 2265 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2266 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2267 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2268 wpa_auth->addr, group->GNonce,
2269 group->GTK[group->GN - 1], group->GTK_len) < 0)
2270 ret = -1;
5cb9d5c3
JM		 2271 wpa_hexdump_key(MSG_DEBUG, "GTK",
2272 group->GTK[group->GN - 1], group->GTK_len);
6fc6879b
JM		 2273
2274#ifdef CONFIG_IEEE80211W
70f8cc8e 2275 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
5cb9d5c3
JM		 2276 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2277 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2278 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2279 wpa_auth->addr, group->GNonce,
2280 group->IGTK[group->GN_igtk - 4],
2281 WPA_IGTK_LEN) < 0)
2282 ret = -1;
6fc6879b
JM		 2283 wpa_hexdump_key(MSG_DEBUG, "IGTK",
2284 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
2285 }
2286#endif /* CONFIG_IEEE80211W */
2287
2288 return ret;
2289}
2290
2291
2292static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2293 struct wpa_group *group)
2294{
2295 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2296 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2297 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2298 group->wpa_group_state = WPA_GROUP_GTK_INIT;
2299
2300 /* GTK[0..N] = 0 */
2301 os_memset(group->GTK, 0, sizeof(group->GTK));
2302 group->GN = 1;
2303 group->GM = 2;
2304#ifdef CONFIG_IEEE80211W
2305 group->GN_igtk = 4;
2306 group->GM_igtk = 5;
2307#endif /* CONFIG_IEEE80211W */
2308 /* GTK[GN] = CalcGTK() */
2309 wpa_gtk_update(wpa_auth, group);
2310}
2311
2312
2313static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2314{
2315 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2316 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2317 "Not in PTKINITDONE; skip Group Key update");
3c183894 2318 sm->GUpdateStationKeys = FALSE;
6fc6879b
JM		 2319 return 0;
2320 }
9663596f
JM		 2321 if (sm->GUpdateStationKeys) {
2322 /*
3c183894
JM		 2323 * This should not really happen, so add a debug log entry.
2324 * Since we clear the GKeyDoneStations before the loop, the
2325 * station needs to be counted here anyway.
9663596f
JM		 2326 */
2327 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3c183894
JM		 2328 "GUpdateStationKeys was already set when "
2329 "marking station for GTK rekeying");
9663596f 2330 }
3c183894
JM		 2331
2332 sm->group->GKeyDoneStations++;
2333 sm->GUpdateStationKeys = TRUE;
2334
6fc6879b
JM		 2335 wpa_sm_step(sm);
2336 return 0;
2337}
2338
2339
2340static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2341 struct wpa_group *group)
2342{
2343 int tmp;
2344
2345 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2346 "SETKEYS (VLAN-ID %d)", group->vlan_id);
2347 group->changed = TRUE;
2348 group->wpa_group_state = WPA_GROUP_SETKEYS;
2349 group->GTKReKey = FALSE;
2350 tmp = group->GM;
2351 group->GM = group->GN;
2352 group->GN = tmp;
2353#ifdef CONFIG_IEEE80211W
2354 tmp = group->GM_igtk;
2355 group->GM_igtk = group->GN_igtk;
2356 group->GN_igtk = tmp;
2357#endif /* CONFIG_IEEE80211W */
2358 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2359 * counting the STAs that are marked with GUpdateStationKeys instead of
2360 * including all STAs that could be in not-yet-completed state. */
2361 wpa_gtk_update(wpa_auth, group);
2362
3c183894
JM		 2363 if (group->GKeyDoneStations) {
2364 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
2365 "GKeyDoneStations=%d when starting new GTK rekey",
2366 group->GKeyDoneStations);
2367 group->GKeyDoneStations = 0;
2368 }
6fc6879b
JM		 2369 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
2370 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2371 group->GKeyDoneStations);
2372}
2373
2374
1bdb7ab3
JM		 2375static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
2376 struct wpa_group *group)
6fc6879b 2377{
3c7302c2
JM		 2378 int ret = 0;
2379
3c7302c2
JM		 2380 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
2381 wpa_alg_enum(wpa_auth->conf.wpa_group),
0382097e
JM		 2382 broadcast_ether_addr, group->GN,
2383 group->GTK[group->GN - 1], group->GTK_len) < 0)
3c7302c2 2384 ret = -1;
6fc6879b
JM		 2385
2386#ifdef CONFIG_IEEE80211W
3c7302c2
JM		 2387 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION &&
2388 wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
0382097e 2389 broadcast_ether_addr, group->GN_igtk,
3c7302c2
JM		 2390 group->IGTK[group->GN_igtk - 4],
2391 WPA_IGTK_LEN) < 0)
2392 ret = -1;
6fc6879b 2393#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 2394
2395 return ret;
6fc6879b
JM		 2396}
2397
2398
1bdb7ab3
JM		 2399static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2400 struct wpa_group *group)
2401{
2402 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2403 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2404 group->changed = TRUE;
2405 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2406
2407 if (wpa_group_config_group_keys(wpa_auth, group) < 0)
2408 return -1;
2409
2410 return 0;
2411}
2412
2413
6fc6879b
JM		 2414static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2415 struct wpa_group *group)
2416{
2417 if (group->GInit) {
2418 wpa_group_gtk_init(wpa_auth, group);
2419 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2420 group->GTKAuthenticator) {
2421 wpa_group_setkeysdone(wpa_auth, group);
2422 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2423 group->GTKReKey) {
2424 wpa_group_setkeys(wpa_auth, group);
2425 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2426 if (group->GKeyDoneStations == 0)
2427 wpa_group_setkeysdone(wpa_auth, group);
2428 else if (group->GTKReKey)
2429 wpa_group_setkeys(wpa_auth, group);
2430 }
2431}
2432
2433
e4a6ea1d 2434static int wpa_sm_step(struct wpa_state_machine *sm)
6fc6879b
JM		 2435{
2436 if (sm == NULL)
e4a6ea1d 2437 return 0;
6fc6879b
JM		 2438
2439 if (sm->in_step_loop) {
2440 /* This should not happen, but if it does, make sure we do not
2441 * end up freeing the state machine too early by exiting the
2442 * recursive call. */
2443 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
e4a6ea1d 2444 return 0;
6fc6879b
JM		 2445 }
2446
2447 sm->in_step_loop = 1;
2448 do {
2449 if (sm->pending_deinit)
2450 break;
2451
2452 sm->changed = FALSE;
2453 sm->wpa_auth->group->changed = FALSE;
2454
2455 SM_STEP_RUN(WPA_PTK);
2456 if (sm->pending_deinit)
2457 break;
2458 SM_STEP_RUN(WPA_PTK_GROUP);
2459 if (sm->pending_deinit)
2460 break;
2461 wpa_group_sm_step(sm->wpa_auth, sm->group);
2462 } while (sm->changed || sm->wpa_auth->group->changed);
2463 sm->in_step_loop = 0;
2464
2465 if (sm->pending_deinit) {
2466 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2467 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2468 wpa_free_sta_sm(sm);
e4a6ea1d 2469 return 1;
6fc6879b 2470 }
e4a6ea1d 2471 return 0;
6fc6879b
JM		 2472}
2473
2474
2475static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2476{
2477 struct wpa_state_machine *sm = eloop_ctx;
2478 wpa_sm_step(sm);
2479}
2480
2481
2482void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2483{
2484 if (sm == NULL)
2485 return;
2486 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2487}
2488
2489
2490void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2491{
2492 int tmp, i;
2493 struct wpa_group *group;
2494
2495 if (wpa_auth == NULL)
2496 return;
2497
2498 group = wpa_auth->group;
2499
2500 for (i = 0; i < 2; i++) {
2501 tmp = group->GM;
2502 group->GM = group->GN;
2503 group->GN = tmp;
2504#ifdef CONFIG_IEEE80211W
2505 tmp = group->GM_igtk;
2506 group->GM_igtk = group->GN_igtk;
2507 group->GN_igtk = tmp;
2508#endif /* CONFIG_IEEE80211W */
2509 wpa_gtk_update(wpa_auth, group);
2510 }
2511}
2512
2513
2514static const char * wpa_bool_txt(int bool)
2515{
2516 return bool ? "TRUE" : "FALSE";
2517}
2518
2519
2520static int wpa_cipher_bits(int cipher)
2521{
2522 switch (cipher) {
2523 case WPA_CIPHER_CCMP:
2524 return 128;
2525 case WPA_CIPHER_TKIP:
2526 return 256;
2527 case WPA_CIPHER_WEP104:
2528 return 104;
2529 case WPA_CIPHER_WEP40:
2530 return 40;
2531 default:
2532 return 0;
2533 }
2534}
2535
2536
2537#define RSN_SUITE "%02x-%02x-%02x-%d"
2538#define RSN_SUITE_ARG(s) \
2539((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2540
2541int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2542{
2543 int len = 0, ret;
2544 char pmkid_txt[PMKID_LEN * 2 + 1];
8ce58ceb
IH		 2545#ifdef CONFIG_RSN_PREAUTH
2546 const int preauth = 1;
2547#else /* CONFIG_RSN_PREAUTH */
2548 const int preauth = 0;
2549#endif /* CONFIG_RSN_PREAUTH */
6fc6879b
JM		 2550
2551 if (wpa_auth == NULL)
2552 return len;
2553
2554 ret = os_snprintf(buf + len, buflen - len,
2555 "dot11RSNAOptionImplemented=TRUE\n"
8ce58ceb 2556 "dot11RSNAPreauthenticationImplemented=%s\n"
6fc6879b
JM		 2557 "dot11RSNAEnabled=%s\n"
2558 "dot11RSNAPreauthenticationEnabled=%s\n",
8ce58ceb 2559 wpa_bool_txt(preauth),
6fc6879b
JM		 2560 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2561 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2562 if (ret < 0 || (size_t) ret >= buflen - len)
2563 return len;
2564 len += ret;
2565
2566 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2567 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2568
2569 ret = os_snprintf(
2570 buf + len, buflen - len,
2571 "dot11RSNAConfigVersion=%u\n"
2572 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2573 /* FIX: dot11RSNAConfigGroupCipher */
2574 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2575 /* FIX: dot11RSNAConfigGroupRekeyTime */
2576 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2577 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2578 "dot11RSNAConfigGroupUpdateCount=%u\n"
2579 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2580 "dot11RSNAConfigGroupCipherSize=%u\n"
2581 "dot11RSNAConfigPMKLifetime=%u\n"
2582 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2583 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2584 "dot11RSNAConfigSATimeout=%u\n"
2585 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2586 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2587 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2588 "dot11RSNAPMKIDUsed=%s\n"
2589 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2590 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2591 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2592 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2593 "dot11RSNA4WayHandshakeFailures=%u\n"
2594 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2595 RSN_VERSION,
2596 !!wpa_auth->conf.wpa_strict_rekey,
2597 dot11RSNAConfigGroupUpdateCount,
2598 dot11RSNAConfigPairwiseUpdateCount,
2599 wpa_cipher_bits(wpa_auth->conf.wpa_group),
2600 dot11RSNAConfigPMKLifetime,
2601 dot11RSNAConfigPMKReauthThreshold,
2602 dot11RSNAConfigSATimeout,
2603 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2604 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2605 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2606 pmkid_txt,
2607 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2608 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2609 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2610 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2611 wpa_auth->dot11RSNA4WayHandshakeFailures);
2612 if (ret < 0 || (size_t) ret >= buflen - len)
2613 return len;
2614 len += ret;
2615
2616 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2617 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2618
2619 /* Private MIB */
2620 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2621 wpa_auth->group->wpa_group_state);
2622 if (ret < 0 || (size_t) ret >= buflen - len)
2623 return len;
2624 len += ret;
2625
2626 return len;
2627}
2628
2629
2630int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2631{
2632 int len = 0, ret;
2633 u32 pairwise = 0;
2634
2635 if (sm == NULL)
2636 return 0;
2637
2638 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2639
2640 /* dot11RSNAStatsEntry */
2641
2642 if (sm->wpa == WPA_VERSION_WPA) {
2643 if (sm->pairwise == WPA_CIPHER_CCMP)
2644 pairwise = WPA_CIPHER_SUITE_CCMP;
2645 else if (sm->pairwise == WPA_CIPHER_TKIP)
2646 pairwise = WPA_CIPHER_SUITE_TKIP;
2647 else if (sm->pairwise == WPA_CIPHER_WEP104)
2648 pairwise = WPA_CIPHER_SUITE_WEP104;
2649 else if (sm->pairwise == WPA_CIPHER_WEP40)
2650 pairwise = WPA_CIPHER_SUITE_WEP40;
2651 else if (sm->pairwise == WPA_CIPHER_NONE)
2652 pairwise = WPA_CIPHER_SUITE_NONE;
2653 } else if (sm->wpa == WPA_VERSION_WPA2) {
2654 if (sm->pairwise == WPA_CIPHER_CCMP)
2655 pairwise = RSN_CIPHER_SUITE_CCMP;
2656 else if (sm->pairwise == WPA_CIPHER_TKIP)
2657 pairwise = RSN_CIPHER_SUITE_TKIP;
2658 else if (sm->pairwise == WPA_CIPHER_WEP104)
2659 pairwise = RSN_CIPHER_SUITE_WEP104;
2660 else if (sm->pairwise == WPA_CIPHER_WEP40)
2661 pairwise = RSN_CIPHER_SUITE_WEP40;
2662 else if (sm->pairwise == WPA_CIPHER_NONE)
2663 pairwise = RSN_CIPHER_SUITE_NONE;
2664 } else
2665 return 0;
2666
2667 ret = os_snprintf(
2668 buf + len, buflen - len,
2669 /* TODO: dot11RSNAStatsIndex */
2670 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2671 "dot11RSNAStatsVersion=1\n"
2672 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2673 /* TODO: dot11RSNAStatsTKIPICVErrors */
2674 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
d9040cdb 2675 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
6fc6879b
JM		 2676 /* TODO: dot11RSNAStatsCCMPReplays */
2677 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2678 /* TODO: dot11RSNAStatsTKIPReplays */,
2679 MAC2STR(sm->addr),
2680 RSN_SUITE_ARG(pairwise),
2681 sm->dot11RSNAStatsTKIPLocalMICFailures,
2682 sm->dot11RSNAStatsTKIPRemoteMICFailures);
2683 if (ret < 0 || (size_t) ret >= buflen - len)
2684 return len;
2685 len += ret;
2686
2687 /* Private MIB */
2688 ret = os_snprintf(buf + len, buflen - len,
2689 "hostapdWPAPTKState=%d\n"
2690 "hostapdWPAPTKGroupState=%d\n",
2691 sm->wpa_ptk_state,
2692 sm->wpa_ptk_group_state);
2693 if (ret < 0 || (size_t) ret >= buflen - len)
2694 return len;
2695 len += ret;
2696
2697 return len;
2698}
2699
2700
2701void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2702{
2703 if (wpa_auth)
2704 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2705}
2706
2707
2708int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2709{
2710 return sm && sm->pairwise_set;
2711}
2712
2713
ff36ff00
JM		 2714int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
2715{
2716 return sm->pairwise;
2717}
2718
2719
6fc6879b
JM		 2720int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2721{
2722 if (sm == NULL)
2723 return -1;
2724 return sm->wpa_key_mgmt;
2725}
2726
2727
2728int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
2729{
2730 if (sm == NULL)
2731 return 0;
2732 return sm->wpa;
2733}
2734
2735
2736int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
2737 struct rsn_pmksa_cache_entry *entry)
2738{
2739 if (sm == NULL || sm->pmksa != entry)
2740 return -1;
2741 sm->pmksa = NULL;
2742 return 0;
2743}
2744
2745
2746struct rsn_pmksa_cache_entry *
2747wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
2748{
2749 return sm ? sm->pmksa : NULL;
2750}
2751
2752
2753void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
2754{
2755 if (sm)
2756 sm->dot11RSNAStatsTKIPLocalMICFailures++;
2757}
2758
2759
2760const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
2761{
2762 if (wpa_auth == NULL)
2763 return NULL;
2764 *len = wpa_auth->wpa_ie_len;
2765 return wpa_auth->wpa_ie;
2766}
2767
2768
2769int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
2770 int session_timeout, struct eapol_state_machine *eapol)
2771{
cb465555
JM		 2772 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
2773 sm->wpa_auth->conf.disable_pmksa_caching)
6fc6879b
JM		 2774 return -1;
2775
4bb081f1
JM		 2776 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
2777 sm->wpa_auth->addr, sm->addr, session_timeout,
2778 eapol, sm->wpa_key_mgmt))
6fc6879b
JM		 2779 return 0;
2780
2781 return -1;
2782}
2783
2784
2785int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
2786 const u8 *pmk, size_t len, const u8 *sta_addr,
2787 int session_timeout,
2788 struct eapol_state_machine *eapol)
2789{
2790 if (wpa_auth == NULL)
2791 return -1;
2792
4bb081f1
JM		 2793 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
2794 sta_addr, session_timeout, eapol,
2795 WPA_KEY_MGMT_IEEE8021X))
6fc6879b
JM		 2796 return 0;
2797
2798 return -1;
2799}
2800
2801
2802static struct wpa_group *
2803wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
2804{
2805 struct wpa_group *group;
2806
2807 if (wpa_auth == NULL || wpa_auth->group == NULL)
2808 return NULL;
2809
2810 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
2811 vlan_id);
bdffdc5d 2812 group = wpa_group_init(wpa_auth, vlan_id, 0);
6fc6879b
JM		 2813 if (group == NULL)
2814 return NULL;
2815
2816 group->next = wpa_auth->group->next;
2817 wpa_auth->group->next = group;
2818
2819 return group;
2820}
2821
2822
2823int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
2824{
2825 struct wpa_group *group;
2826
2827 if (sm == NULL || sm->wpa_auth == NULL)
2828 return 0;
2829
2830 group = sm->wpa_auth->group;
2831 while (group) {
2832 if (group->vlan_id == vlan_id)
2833 break;
2834 group = group->next;
2835 }
2836
2837 if (group == NULL) {
2838 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
2839 if (group == NULL)
2840 return -1;
2841 }
2842
2843 if (sm->group == group)
2844 return 0;
2845
2846 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
2847 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
2848
2849 sm->group = group;
2850 return 0;
2851}
e4bf4db9
JM		 2852
2853
2854void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
2855 struct wpa_state_machine *sm, int ack)
2856{
2857 if (wpa_auth == NULL || sm == NULL)
2858 return;
2859 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
2860 " ack=%d", MAC2STR(sm->addr), ack);
2861 if (sm->pending_1_of_4_timeout && ack) {
2862 /*
2863 * Some deployed supplicant implementations update their SNonce
2864 * for each EAPOL-Key 2/4 message even within the same 4-way
2865 * handshake and then fail to use the first SNonce when
2866 * deriving the PTK. This results in unsuccessful 4-way
2867 * handshake whenever the relatively short initial timeout is
2868 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
2869 * around this by increasing the timeout now that we know that
2870 * the station has received the frame.
2871 */
2872 int timeout_ms = eapol_key_timeout_subseq;
2873 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
2874 "timeout by %u ms because of acknowledged frame",
2875 timeout_ms);
2876 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
2877 eloop_register_timeout(timeout_ms / 1000,
2878 (timeout_ms % 1000) * 1000,
2879 wpa_send_eapol_timeout, wpa_auth, sm);
2880 }
2881}
Unnamed repository; edit this file 'description' to name the repository.