]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add text names for number of the key_mgmt values
[thirdparty/hostap.git] / src / ap / wpa_auth.c
CommitLineData
6fc6879b 1/*
00338a4f 2 * IEEE 802.11 RSN / WPA Authenticator
94ddef3e 3 * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
6fc6879b 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
6fc6879b
JM		 7 */
8
6226e38d 9#include "utils/includes.h"
6fc6879b 10
6226e38d
JM		 11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/state_machine.h"
25ef8529 14#include "utils/bitfield.h"
81f4f619 15#include "common/ieee802_11_defs.h"
03da66bd
JM		 16#include "crypto/aes_wrap.h"
17#include "crypto/crypto.h"
18#include "crypto/sha1.h"
19#include "crypto/sha256.h"
3642c431 20#include "crypto/random.h"
281c950b 21#include "eapol_auth/eapol_auth_sm.h"
6226e38d 22#include "ap_config.h"
6fc6879b 23#include "ieee802_11.h"
6226e38d
JM		 24#include "wpa_auth.h"
25#include "pmksa_cache_auth.h"
6fc6879b
JM		 26#include "wpa_auth_i.h"
27#include "wpa_auth_ie.h"
28
29#define STATE_MACHINE_DATA struct wpa_state_machine
30#define STATE_MACHINE_DEBUG_PREFIX "WPA"
31#define STATE_MACHINE_ADDR sm->addr
32
33
34static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
e4a6ea1d 35static int wpa_sm_step(struct wpa_state_machine *sm);
929a2ea5
JM		 36static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
37 size_t data_len);
6fc6879b
JM		 38static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
39static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
40 struct wpa_group *group);
581a8cde 41static void wpa_request_new_ptk(struct wpa_state_machine *sm);
e6965d4e
JM		 42static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
43 struct wpa_group *group);
1bdb7ab3
JM		 44static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
45 struct wpa_group *group);
f23c5b17
JM		 46static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
47 const u8 *pmk, struct wpa_ptk *ptk);
6fc6879b 48
bae61562
JM		 49static const u32 dot11RSNAConfigGroupUpdateCount = 4;
50static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
51static const u32 eapol_key_timeout_first = 100; /* ms */
52static const u32 eapol_key_timeout_subseq = 1000; /* ms */
00338a4f 53static const u32 eapol_key_timeout_first_group = 500; /* ms */
6fc6879b
JM		 54
55/* TODO: make these configurable */
56static const int dot11RSNAConfigPMKLifetime = 43200;
57static const int dot11RSNAConfigPMKReauthThreshold = 70;
58static const int dot11RSNAConfigSATimeout = 60;
59
60
c772d054 61static inline int wpa_auth_mic_failure_report(
6fc6879b
JM		 62 struct wpa_authenticator *wpa_auth, const u8 *addr)
63{
64 if (wpa_auth->cb.mic_failure_report)
c772d054
JM		 65 return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
66 return 0;
6fc6879b
JM		 67}
68
69
70static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
71 const u8 *addr, wpa_eapol_variable var,
72 int value)
73{
74 if (wpa_auth->cb.set_eapol)
75 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
76}
77
78
79static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
80 const u8 *addr, wpa_eapol_variable var)
81{
82 if (wpa_auth->cb.get_eapol == NULL)
83 return -1;
84 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
85}
86
87
88static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
759fd76b
JM		 89 const u8 *addr,
90 const u8 *p2p_dev_addr,
91 const u8 *prev_psk)
6fc6879b
JM		 92{
93 if (wpa_auth->cb.get_psk == NULL)
94 return NULL;
759fd76b
JM		 95 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr,
96 prev_psk);
6fc6879b
JM		 97}
98
99
100static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
101 const u8 *addr, u8 *msk, size_t *len)
102{
103 if (wpa_auth->cb.get_msk == NULL)
104 return -1;
105 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
106}
107
108
109static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
110 int vlan_id,
71934751 111 enum wpa_alg alg, const u8 *addr, int idx,
6fc6879b
JM		 112 u8 *key, size_t key_len)
113{
114 if (wpa_auth->cb.set_key == NULL)
115 return -1;
116 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
117 key, key_len);
118}
119
120
121static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
122 const u8 *addr, int idx, u8 *seq)
123{
124 if (wpa_auth->cb.get_seqnum == NULL)
125 return -1;
126 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
127}
128
129
6fc6879b
JM		 130static inline int
131wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
132 const u8 *data, size_t data_len, int encrypt)
133{
134 if (wpa_auth->cb.send_eapol == NULL)
135 return -1;
136 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
137 encrypt);
138}
139
140
c50d94f1
BC		 141#ifdef CONFIG_MESH
142static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
143 const u8 *addr)
144{
145 if (wpa_auth->cb.start_ampe == NULL)
146 return -1;
147 return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr);
148}
149#endif /* CONFIG_MESH */
150
151
6fc6879b
JM		 152int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
153 int (*cb)(struct wpa_state_machine *sm, void *ctx),
154 void *cb_ctx)
155{
156 if (wpa_auth->cb.for_each_sta == NULL)
157 return 0;
158 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
159}
160
161
bf98f7f3
JM		 162int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
163 int (*cb)(struct wpa_authenticator *a, void *ctx),
164 void *cb_ctx)
165{
166 if (wpa_auth->cb.for_each_auth == NULL)
167 return 0;
168 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
169}
170
171
6fc6879b
JM		 172void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
173 logger_level level, const char *txt)
174{
175 if (wpa_auth->cb.logger == NULL)
176 return;
177 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
178}
179
180
181void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
182 logger_level level, const char *fmt, ...)
183{
184 char *format;
185 int maxlen;
186 va_list ap;
187
188 if (wpa_auth->cb.logger == NULL)
189 return;
190
191 maxlen = os_strlen(fmt) + 100;
192 format = os_malloc(maxlen);
193 if (!format)
194 return;
195
196 va_start(ap, fmt);
197 vsnprintf(format, maxlen, fmt, ap);
198 va_end(ap);
199
200 wpa_auth_logger(wpa_auth, addr, level, format);
201
202 os_free(format);
203}
204
205
206static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
207 const u8 *addr)
208{
209 if (wpa_auth->cb.disconnect == NULL)
210 return;
afcc9ea1 211 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
6fc6879b
JM		 212 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
213 WLAN_REASON_PREV_AUTH_NOT_VALID);
214}
215
216
217static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
218{
56586197 219 int ret = 0;
6fc6879b 220#ifdef CONFIG_IEEE80211R
56586197
JM		 221 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
222 ret = 1;
6fc6879b 223#endif /* CONFIG_IEEE80211R */
56586197
JM		 224#ifdef CONFIG_IEEE80211W
225 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
226 ret = 1;
227#endif /* CONFIG_IEEE80211W */
a14896e8
JM		 228 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN)
229 ret = 1;
56586197 230 return ret;
6fc6879b
JM		 231}
232
233
234static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
235{
236 struct wpa_authenticator *wpa_auth = eloop_ctx;
237
3642c431 238 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
6fc6879b
JM		 239 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
240 "initialization.");
241 } else {
242 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
5cb9d5c3
JM		 243 wpa_hexdump_key(MSG_DEBUG, "GMK",
244 wpa_auth->group->GMK, WPA_GMK_LEN);
6fc6879b
JM		 245 }
246
247 if (wpa_auth->conf.wpa_gmk_rekey) {
248 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
249 wpa_rekey_gmk, wpa_auth, NULL);
250 }
251}
252
253
254static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
255{
256 struct wpa_authenticator *wpa_auth = eloop_ctx;
257 struct wpa_group *group;
258
259 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
260 for (group = wpa_auth->group; group; group = group->next) {
261 group->GTKReKey = TRUE;
262 do {
263 group->changed = FALSE;
264 wpa_group_sm_step(wpa_auth, group);
265 } while (group->changed);
266 }
267
268 if (wpa_auth->conf.wpa_group_rekey) {
269 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
270 0, wpa_rekey_gtk, wpa_auth, NULL);
271 }
272}
273
274
581a8cde
JM		 275static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
276{
277 struct wpa_authenticator *wpa_auth = eloop_ctx;
278 struct wpa_state_machine *sm = timeout_ctx;
279
280 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
281 wpa_request_new_ptk(sm);
282 wpa_sm_step(sm);
283}
284
285
6fc6879b
JM		 286static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
287{
288 if (sm->pmksa == ctx)
289 sm->pmksa = NULL;
290 return 0;
291}
292
293
294static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
295 void *ctx)
296{
297 struct wpa_authenticator *wpa_auth = ctx;
298 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
299}
300
301
1bdb7ab3
JM		 302static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
303 struct wpa_group *group)
304{
559cdabb 305 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
1bdb7ab3 306 u8 rkey[32];
559cdabb 307 unsigned long ptr;
1bdb7ab3 308
3642c431 309 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
1bdb7ab3
JM		 310 return -1;
311 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
312
313 /*
314 * Counter = PRF-256(Random number, "Init Counter",
315 * Local MAC Address || Time)
316 */
317 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
318 wpa_get_ntp_timestamp(buf + ETH_ALEN);
559cdabb
JM		 319 ptr = (unsigned long) group;
320 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
3642c431 321 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
1bdb7ab3
JM		 322 return -1;
323
324 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
325 group->Counter, WPA_NONCE_LEN) < 0)
326 return -1;
327 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
328 group->Counter, WPA_NONCE_LEN);
329
330 return 0;
331}
332
333
e6965d4e 334static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
bdffdc5d 335 int vlan_id, int delay_init)
e6965d4e
JM		 336{
337 struct wpa_group *group;
e6965d4e
JM		 338
339 group = os_zalloc(sizeof(struct wpa_group));
340 if (group == NULL)
341 return NULL;
342
343 group->GTKAuthenticator = TRUE;
344 group->vlan_id = vlan_id;
c3550295 345 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
6fc6879b 346
08704cd8
JM		 347 if (random_pool_ready() != 1) {
348 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
349 "for secure operations - update keys later when "
350 "the first station connects");
351 }
352
1bdb7ab3
JM		 353 /*
354 * Set initial GMK/Counter value here. The actual values that will be
355 * used in negotiations will be set once the first station tries to
356 * connect. This allows more time for collecting additional randomness
357 * on embedded devices.
6fc6879b 358 */
1bdb7ab3 359 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
6fc6879b
JM		 360 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
361 "initialization.");
362 os_free(group);
363 return NULL;
364 }
6fc6879b
JM		 365
366 group->GInit = TRUE;
bdffdc5d
JM		 367 if (delay_init) {
368 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
369 "until Beacon frames have been configured");
370 /* Initialization is completed in wpa_init_keys(). */
371 } else {
372 wpa_group_sm_step(wpa_auth, group);
373 group->GInit = FALSE;
374 wpa_group_sm_step(wpa_auth, group);
375 }
6fc6879b
JM		 376
377 return group;
378}
379
380
381/**
382 * wpa_init - Initialize WPA authenticator
383 * @addr: Authenticator address
384 * @conf: Configuration for WPA authenticator
a17df5fb 385 * @cb: Callback functions for WPA authenticator
6fc6879b
JM		 386 * Returns: Pointer to WPA authenticator data or %NULL on failure
387 */
388struct wpa_authenticator * wpa_init(const u8 *addr,
389 struct wpa_auth_config *conf,
390 struct wpa_auth_callbacks *cb)
391{
392 struct wpa_authenticator *wpa_auth;
393
394 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
395 if (wpa_auth == NULL)
396 return NULL;
397 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
398 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
399 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
400
401 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
402 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
403 os_free(wpa_auth);
404 return NULL;
405 }
406
bdffdc5d 407 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
6fc6879b
JM		 408 if (wpa_auth->group == NULL) {
409 os_free(wpa_auth->wpa_ie);
410 os_free(wpa_auth);
411 return NULL;
412 }
413
4bb081f1
JM		 414 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
415 wpa_auth);
6fc6879b
JM		 416 if (wpa_auth->pmksa == NULL) {
417 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
418 os_free(wpa_auth->wpa_ie);
419 os_free(wpa_auth);
420 return NULL;
421 }
422
423#ifdef CONFIG_IEEE80211R
424 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
425 if (wpa_auth->ft_pmk_cache == NULL) {
426 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
427 os_free(wpa_auth->wpa_ie);
4bb081f1 428 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 429 os_free(wpa_auth);
430 return NULL;
431 }
432#endif /* CONFIG_IEEE80211R */
433
434 if (wpa_auth->conf.wpa_gmk_rekey) {
435 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
436 wpa_rekey_gmk, wpa_auth, NULL);
437 }
438
439 if (wpa_auth->conf.wpa_group_rekey) {
440 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
441 wpa_rekey_gtk, wpa_auth, NULL);
442 }
443
25ef8529
JM		 444#ifdef CONFIG_P2P
445 if (WPA_GET_BE32(conf->ip_addr_start)) {
446 int count = WPA_GET_BE32(conf->ip_addr_end) -
447 WPA_GET_BE32(conf->ip_addr_start) + 1;
448 if (count > 1000)
449 count = 1000;
450 if (count > 0)
451 wpa_auth->ip_pool = bitfield_alloc(count);
452 }
453#endif /* CONFIG_P2P */
454
6fc6879b
JM		 455 return wpa_auth;
456}
457
458
bdffdc5d
JM		 459int wpa_init_keys(struct wpa_authenticator *wpa_auth)
460{
461 struct wpa_group *group = wpa_auth->group;
462
463 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
464 "keys");
465 wpa_group_sm_step(wpa_auth, group);
466 group->GInit = FALSE;
467 wpa_group_sm_step(wpa_auth, group);
7d7f7be2
JM		 468 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
469 return -1;
bdffdc5d
JM		 470 return 0;
471}
472
473
6fc6879b
JM		 474/**
475 * wpa_deinit - Deinitialize WPA authenticator
476 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
477 */
478void wpa_deinit(struct wpa_authenticator *wpa_auth)
479{
480 struct wpa_group *group, *prev;
481
482 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
483 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
484
485#ifdef CONFIG_PEERKEY
486 while (wpa_auth->stsl_negotiations)
487 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
488#endif /* CONFIG_PEERKEY */
489
4bb081f1 490 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 491
492#ifdef CONFIG_IEEE80211R
493 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
494 wpa_auth->ft_pmk_cache = NULL;
495#endif /* CONFIG_IEEE80211R */
496
25ef8529
JM		 497#ifdef CONFIG_P2P
498 bitfield_free(wpa_auth->ip_pool);
499#endif /* CONFIG_P2P */
500
501
6fc6879b
JM		 502 os_free(wpa_auth->wpa_ie);
503
504 group = wpa_auth->group;
505 while (group) {
506 prev = group;
507 group = group->next;
508 os_free(prev);
509 }
510
511 os_free(wpa_auth);
512}
513
514
515/**
516 * wpa_reconfig - Update WPA authenticator configuration
517 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
518 * @conf: Configuration for WPA authenticator
519 */
520int wpa_reconfig(struct wpa_authenticator *wpa_auth,
521 struct wpa_auth_config *conf)
522{
e6965d4e 523 struct wpa_group *group;
6fc6879b
JM		 524 if (wpa_auth == NULL)
525 return 0;
526
527 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
ad08c363
JM		 528 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
529 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
530 return -1;
531 }
532
e6965d4e
JM		 533 /*
534 * Reinitialize GTK to make sure it is suitable for the new
535 * configuration.
536 */
537 group = wpa_auth->group;
c3550295 538 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
e6965d4e
JM		 539 group->GInit = TRUE;
540 wpa_group_sm_step(wpa_auth, group);
541 group->GInit = FALSE;
542 wpa_group_sm_step(wpa_auth, group);
543
6fc6879b
JM		 544 return 0;
545}
546
547
548struct wpa_state_machine *
94ddef3e
JM		 549wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
550 const u8 *p2p_dev_addr)
6fc6879b
JM		 551{
552 struct wpa_state_machine *sm;
553
7d7f7be2
JM		 554 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
555 return NULL;
556
6fc6879b
JM		 557 sm = os_zalloc(sizeof(struct wpa_state_machine));
558 if (sm == NULL)
559 return NULL;
560 os_memcpy(sm->addr, addr, ETH_ALEN);
94ddef3e
JM		 561 if (p2p_dev_addr)
562 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
6fc6879b
JM		 563
564 sm->wpa_auth = wpa_auth;
565 sm->group = wpa_auth->group;
566
567 return sm;
568}
569
570
6f9b5d16
JM		 571int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
572 struct wpa_state_machine *sm)
6fc6879b
JM		 573{
574 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
6f9b5d16 575 return -1;
6fc6879b
JM		 576
577#ifdef CONFIG_IEEE80211R
578 if (sm->ft_completed) {
579 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
580 "FT authentication already completed - do not "
581 "start 4-way handshake");
3d4d2348
JM		 582 /* Go to PTKINITDONE state to allow GTK rekeying */
583 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
6f9b5d16 584 return 0;
6fc6879b
JM		 585 }
586#endif /* CONFIG_IEEE80211R */
587
588 if (sm->started) {
22a299ee 589 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
6fc6879b 590 sm->ReAuthenticationRequest = TRUE;
6f9b5d16 591 return wpa_sm_step(sm);
6fc6879b
JM		 592 }
593
594 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
595 "start authentication");
596 sm->started = 1;
597
598 sm->Init = TRUE;
e4a6ea1d 599 if (wpa_sm_step(sm) == 1)
6f9b5d16 600 return 1; /* should not really happen */
6fc6879b
JM		 601 sm->Init = FALSE;
602 sm->AuthenticationRequest = TRUE;
6f9b5d16 603 return wpa_sm_step(sm);
6fc6879b
JM		 604}
605
606
a8d05fca
JM		 607void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
608{
609 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
610 * reassociates back to the same AP while the previous entry for the
611 * STA has not yet been removed. */
612 if (sm == NULL)
613 return;
614
615 sm->wpa_key_mgmt = 0;
616}
617
618
6fc6879b
JM		 619static void wpa_free_sta_sm(struct wpa_state_machine *sm)
620{
25ef8529
JM		 621#ifdef CONFIG_P2P
622 if (WPA_GET_BE32(sm->ip_addr)) {
623 u32 start;
624 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
625 "address %u.%u.%u.%u from " MACSTR,
626 sm->ip_addr[0], sm->ip_addr[1],
627 sm->ip_addr[2], sm->ip_addr[3],
628 MAC2STR(sm->addr));
629 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
630 bitfield_clear(sm->wpa_auth->ip_pool,
631 WPA_GET_BE32(sm->ip_addr) - start);
632 }
633#endif /* CONFIG_P2P */
2ade8ef2
JM		 634 if (sm->GUpdateStationKeys) {
635 sm->group->GKeyDoneStations--;
636 sm->GUpdateStationKeys = FALSE;
637 }
0f857f43
JM		 638#ifdef CONFIG_IEEE80211R
639 os_free(sm->assoc_resp_ftie);
692ec305 640 wpabuf_free(sm->ft_pending_req_ies);
0f857f43 641#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 642 os_free(sm->last_rx_eapol_key);
643 os_free(sm->wpa_ie);
644 os_free(sm);
645}
646
647
648void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
649{
650 if (sm == NULL)
651 return;
652
653 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
654 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
655 "strict rekeying - force GTK rekey since STA "
656 "is leaving");
657 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
658 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
659 NULL);
660 }
661
662 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
e4bf4db9 663 sm->pending_1_of_4_timeout = 0;
6fc6879b 664 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
581a8cde 665 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 666 if (sm->in_step_loop) {
667 /* Must not free state machine while wpa_sm_step() is running.
668 * Freeing will be completed in the end of wpa_sm_step(). */
669 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
670 "machine deinit for " MACSTR, MAC2STR(sm->addr));
671 sm->pending_deinit = 1;
672 } else
673 wpa_free_sta_sm(sm);
674}
675
676
677static void wpa_request_new_ptk(struct wpa_state_machine *sm)
678{
679 if (sm == NULL)
680 return;
681
682 sm->PTKRequest = TRUE;
683 sm->PTK_valid = 0;
684}
685
686
68921e24 687static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
22a299ee
JM		 688 const u8 *replay_counter)
689{
690 int i;
691 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
68921e24 692 if (!ctr[i].valid)
22a299ee 693 break;
68921e24 694 if (os_memcmp(replay_counter, ctr[i].counter,
22a299ee
JM		 695 WPA_REPLAY_COUNTER_LEN) == 0)
696 return 1;
697 }
698 return 0;
699}
700
701
68921e24
JM		 702static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
703 const u8 *replay_counter)
704{
705 int i;
706 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
707 if (ctr[i].valid &&
708 (replay_counter == NULL ||
709 os_memcmp(replay_counter, ctr[i].counter,
710 WPA_REPLAY_COUNTER_LEN) == 0))
711 ctr[i].valid = FALSE;
712 }
713}
714
715
0f857f43
JM		 716#ifdef CONFIG_IEEE80211R
717static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
718 struct wpa_state_machine *sm,
719 struct wpa_eapol_ie_parse *kde)
720{
721 struct wpa_ie_data ie;
722 struct rsn_mdie *mdie;
723
724 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
725 ie.num_pmkid != 1 || ie.pmkid == NULL) {
726 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
727 "FT 4-way handshake message 2/4");
728 return -1;
729 }
730
731 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
732 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
733 sm->sup_pmk_r1_name, PMKID_LEN);
734
735 if (!kde->mdie || !kde->ftie) {
736 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
737 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
738 return -1;
739 }
740
741 mdie = (struct rsn_mdie *) (kde->mdie + 2);
742 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
743 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
744 MOBILITY_DOMAIN_ID_LEN) != 0) {
745 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
746 return -1;
747 }
748
749 if (sm->assoc_resp_ftie &&
750 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
751 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
752 2 + sm->assoc_resp_ftie[1]) != 0)) {
753 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
754 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
755 kde->ftie, kde->ftie_len);
756 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
757 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
758 return -1;
759 }
760
761 return 0;
762}
763#endif /* CONFIG_IEEE80211R */
764
765
c772d054
JM		 766static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
767 struct wpa_state_machine *sm, int group)
ec027805
JM		 768{
769 /* Supplicant reported a Michael MIC error */
770 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
771 "received EAPOL-Key Error Request "
772 "(STA detected Michael MIC failure (group=%d))",
773 group);
fbc72d32
JM		 774
775 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
776 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
777 "ignore Michael MIC failure report since "
778 "group cipher is not TKIP");
779 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
780 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
781 "ignore Michael MIC failure report since "
782 "pairwise cipher is not TKIP");
783 } else {
c772d054
JM		 784 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
785 return 1; /* STA entry was removed */
fbc72d32
JM		 786 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
787 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
788 }
ec027805
JM		 789
790 /*
791 * Error report is not a request for a new key handshake, but since
792 * Authenticator may do it, let's change the keys now anyway.
793 */
794 wpa_request_new_ptk(sm);
c772d054 795 return 0;
ec027805
JM		 796}
797
798
f23c5b17
JM		 799static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
800 size_t data_len)
801{
802 struct wpa_ptk PTK;
803 int ok = 0;
804 const u8 *pmk = NULL;
805
806 for (;;) {
807 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
808 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
809 sm->p2p_dev_addr, pmk);
810 if (pmk == NULL)
811 break;
812 } else
813 pmk = sm->PMK;
814
815 wpa_derive_ptk(sm, sm->alt_SNonce, pmk, &PTK);
816
817 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len)
818 == 0) {
819 ok = 1;
820 break;
821 }
822
823 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
824 break;
825 }
826
827 if (!ok) {
828 wpa_printf(MSG_DEBUG,
829 "WPA: Earlier SNonce did not result in matching MIC");
830 return -1;
831 }
832
833 wpa_printf(MSG_DEBUG,
834 "WPA: Earlier SNonce resulted in matching MIC");
835 sm->alt_snonce_valid = 0;
836 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
837 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
838 sm->PTK_valid = TRUE;
839
840 return 0;
841}
842
843
6fc6879b
JM		 844void wpa_receive(struct wpa_authenticator *wpa_auth,
845 struct wpa_state_machine *sm,
846 u8 *data, size_t data_len)
847{
848 struct ieee802_1x_hdr *hdr;
849 struct wpa_eapol_key *key;
850 u16 key_info, key_data_length;
851 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
852 SMK_M1, SMK_M3, SMK_ERROR } msg;
853 char *msgtxt;
854 struct wpa_eapol_ie_parse kde;
26e23750 855 int ft;
1566ec46
JM		 856 const u8 *eapol_key_ie;
857 size_t eapol_key_ie_len;
6fc6879b
JM		 858
859 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
860 return;
861
862 if (data_len < sizeof(*hdr) + sizeof(*key))
863 return;
864
865 hdr = (struct ieee802_1x_hdr *) data;
866 key = (struct wpa_eapol_key *) (hdr + 1);
867 key_info = WPA_GET_BE16(key->key_info);
868 key_data_length = WPA_GET_BE16(key->key_data_length);
0d442aff
JM		 869 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
870 " key_info=0x%x type=%u key_data_length=%u",
871 MAC2STR(sm->addr), key_info, key->type, key_data_length);
6fc6879b
JM		 872 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
873 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
874 "key_data overflow (%d > %lu)",
875 key_data_length,
876 (unsigned long) (data_len - sizeof(*hdr) -
877 sizeof(*key)));
878 return;
879 }
880
f8e96eb6 881 if (sm->wpa == WPA_VERSION_WPA2) {
74590e71
JM		 882 if (key->type == EAPOL_KEY_TYPE_WPA) {
883 /*
884 * Some deployed station implementations seem to send
885 * msg 4/4 with incorrect type value in WPA2 mode.
886 */
887 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
888 "with unexpected WPA type in RSN mode");
889 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
f8e96eb6
JM		 890 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
891 "unexpected type %d in RSN mode",
892 key->type);
893 return;
894 }
895 } else {
896 if (key->type != EAPOL_KEY_TYPE_WPA) {
897 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
898 "unexpected type %d in WPA mode",
899 key->type);
900 return;
901 }
902 }
903
bc8318ac
JM		 904 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
905 WPA_NONCE_LEN);
906 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
907 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
908
6fc6879b
JM		 909 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
910 * are set */
911
912 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
913 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
914 if (key_info & WPA_KEY_INFO_ERROR) {
915 msg = SMK_ERROR;
916 msgtxt = "SMK Error";
917 } else {
918 msg = SMK_M1;
919 msgtxt = "SMK M1";
920 }
921 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
922 msg = SMK_M3;
923 msgtxt = "SMK M3";
924 } else if (key_info & WPA_KEY_INFO_REQUEST) {
925 msg = REQUEST;
926 msgtxt = "Request";
927 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
928 msg = GROUP_2;
929 msgtxt = "2/2 Group";
930 } else if (key_data_length == 0) {
931 msg = PAIRWISE_4;
932 msgtxt = "4/4 Pairwise";
933 } else {
934 msg = PAIRWISE_2;
935 msgtxt = "2/4 Pairwise";
936 }
937
938 /* TODO: key_info type validation for PeerKey */
939 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
940 msg == GROUP_2) {
941 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
eb7719ff
JM		 942 if (sm->pairwise == WPA_CIPHER_CCMP ||
943 sm->pairwise == WPA_CIPHER_GCMP) {
6fc6879b 944 if (wpa_use_aes_cmac(sm) &&
a14896e8 945 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
929a2ea5 946 !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
6fc6879b
JM		 947 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
948 wpa_auth_logger(wpa_auth, sm->addr,
949 LOGGER_WARNING,
950 "advertised support for "
951 "AES-128-CMAC, but did not "
952 "use it");
953 return;
954 }
955
956 if (!wpa_use_aes_cmac(sm) &&
957 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
958 wpa_auth_logger(wpa_auth, sm->addr,
959 LOGGER_WARNING,
960 "did not use HMAC-SHA1-AES "
eb7719ff 961 "with CCMP/GCMP");
6fc6879b
JM		 962 return;
963 }
964 }
929a2ea5
JM		 965
966 if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
967 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
968 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
969 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
970 return;
971 }
6fc6879b
JM		 972 }
973
974 if (key_info & WPA_KEY_INFO_REQUEST) {
975 if (sm->req_replay_counter_used &&
976 os_memcmp(key->replay_counter, sm->req_replay_counter,
977 WPA_REPLAY_COUNTER_LEN) <= 0) {
978 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
979 "received EAPOL-Key request with "
980 "replayed counter");
981 return;
982 }
983 }
984
985 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
68921e24 986 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
22a299ee 987 int i;
68921e24
JM		 988
989 if (msg == PAIRWISE_2 &&
990 wpa_replay_counter_valid(sm->prev_key_replay,
991 key->replay_counter) &&
992 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
993 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
994 {
995 /*
996 * Some supplicant implementations (e.g., Windows XP
997 * WZC) update SNonce for each EAPOL-Key 2/4. This
998 * breaks the workaround on accepting any of the
999 * pending requests, so allow the SNonce to be updated
1000 * even if we have already sent out EAPOL-Key 3/4.
1001 */
1002 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1003 "Process SNonce update from STA "
1004 "based on retransmitted EAPOL-Key "
1005 "1/4");
1006 sm->update_snonce = 1;
f23c5b17
JM		 1007 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1008 sm->alt_snonce_valid = TRUE;
1009 os_memcpy(sm->alt_replay_counter,
1010 sm->key_replay[0].counter,
1011 WPA_REPLAY_COUNTER_LEN);
1012 goto continue_processing;
1013 }
1014
1015 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1016 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1017 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1018 WPA_REPLAY_COUNTER_LEN) == 0) {
1019 /*
1020 * Supplicant may still be using the old SNonce since
1021 * there was two EAPOL-Key 2/4 messages and they had
1022 * different SNonce values.
1023 */
1024 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1025 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
68921e24
JM		 1026 goto continue_processing;
1027 }
1028
1029 if (msg == PAIRWISE_2 &&
1030 wpa_replay_counter_valid(sm->prev_key_replay,
1031 key->replay_counter) &&
1032 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1033 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1034 "ignore retransmitted EAPOL-Key %s - "
1035 "SNonce did not change", msgtxt);
1036 } else {
1037 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1038 "received EAPOL-Key %s with "
1039 "unexpected replay counter", msgtxt);
1040 }
22a299ee
JM		 1041 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
1042 if (!sm->key_replay[i].valid)
1043 break;
1044 wpa_hexdump(MSG_DEBUG, "pending replay counter",
1045 sm->key_replay[i].counter,
1046 WPA_REPLAY_COUNTER_LEN);
1047 }
6fc6879b
JM		 1048 wpa_hexdump(MSG_DEBUG, "received replay counter",
1049 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1050 return;
1051 }
1052
68921e24 1053continue_processing:
6fc6879b
JM		 1054 switch (msg) {
1055 case PAIRWISE_2:
1056 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
68921e24
JM		 1057 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1058 (!sm->update_snonce ||
1059 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
6fc6879b
JM		 1060 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1061 "received EAPOL-Key msg 2/4 in "
1062 "invalid state (%d) - dropped",
1063 sm->wpa_ptk_state);
1064 return;
1065 }
bbb921da 1066 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
08704cd8
JM		 1067 if (sm->group->reject_4way_hs_for_entropy) {
1068 /*
1069 * The system did not have enough entropy to generate
1070 * strong random numbers. Reject the first 4-way
1071 * handshake(s) and collect some entropy based on the
1072 * information from it. Once enough entropy is
1073 * available, the next atempt will trigger GMK/Key
1074 * Counter update and the station will be allowed to
1075 * continue.
1076 */
1077 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
1078 "collect more entropy for random number "
1079 "generation");
08704cd8 1080 random_mark_pool_ready();
08704cd8
JM		 1081 wpa_sta_disconnect(wpa_auth, sm->addr);
1082 return;
1083 }
1566ec46
JM		 1084 if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
1085 &kde) < 0) {
1086 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1087 "received EAPOL-Key msg 2/4 with "
1088 "invalid Key Data contents");
1089 return;
1090 }
1091 if (kde.rsn_ie) {
1092 eapol_key_ie = kde.rsn_ie;
1093 eapol_key_ie_len = kde.rsn_ie_len;
a14896e8
JM		 1094 } else if (kde.osen) {
1095 eapol_key_ie = kde.osen;
1096 eapol_key_ie_len = kde.osen_len;
1566ec46
JM		 1097 } else {
1098 eapol_key_ie = kde.wpa_ie;
1099 eapol_key_ie_len = kde.wpa_ie_len;
1100 }
26e23750
JM		 1101 ft = sm->wpa == WPA_VERSION_WPA2 &&
1102 wpa_key_mgmt_ft(sm->wpa_key_mgmt);
6fc6879b 1103 if (sm->wpa_ie == NULL ||
26e23750
JM		 1104 wpa_compare_rsn_ie(ft,
1105 sm->wpa_ie, sm->wpa_ie_len,
1566ec46 1106 eapol_key_ie, eapol_key_ie_len)) {
6fc6879b
JM		 1107 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1108 "WPA IE from (Re)AssocReq did not "
1109 "match with msg 2/4");
1110 if (sm->wpa_ie) {
1111 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
1112 sm->wpa_ie, sm->wpa_ie_len);
1113 }
1114 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
1566ec46 1115 eapol_key_ie, eapol_key_ie_len);
6fc6879b
JM		 1116 /* MLME-DEAUTHENTICATE.request */
1117 wpa_sta_disconnect(wpa_auth, sm->addr);
1118 return;
1119 }
26e23750 1120#ifdef CONFIG_IEEE80211R
0f857f43
JM		 1121 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
1122 wpa_sta_disconnect(wpa_auth, sm->addr);
1123 return;
26e23750
JM		 1124 }
1125#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 1126#ifdef CONFIG_P2P
1127 if (kde.ip_addr_req && kde.ip_addr_req[0] &&
1128 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
1129 int idx;
1130 wpa_printf(MSG_DEBUG, "P2P: IP address requested in "
1131 "EAPOL-Key exchange");
1132 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
1133 if (idx >= 0) {
1134 u32 start = WPA_GET_BE32(wpa_auth->conf.
1135 ip_addr_start);
1136 bitfield_set(wpa_auth->ip_pool, idx);
1137 WPA_PUT_BE32(sm->ip_addr, start + idx);
1138 wpa_printf(MSG_DEBUG, "P2P: Assigned IP "
1139 "address %u.%u.%u.%u to " MACSTR,
1140 sm->ip_addr[0], sm->ip_addr[1],
1141 sm->ip_addr[2], sm->ip_addr[3],
1142 MAC2STR(sm->addr));
1143 }
1144 }
1145#endif /* CONFIG_P2P */
6fc6879b
JM		 1146 break;
1147 case PAIRWISE_4:
1148 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1149 !sm->PTK_valid) {
1150 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1151 "received EAPOL-Key msg 4/4 in "
1152 "invalid state (%d) - dropped",
1153 sm->wpa_ptk_state);
1154 return;
1155 }
1156 break;
1157 case GROUP_2:
1158 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1159 || !sm->PTK_valid) {
1160 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1161 "received EAPOL-Key msg 2/2 in "
1162 "invalid state (%d) - dropped",
1163 sm->wpa_ptk_group_state);
1164 return;
1165 }
1166 break;
1167#ifdef CONFIG_PEERKEY
1168 case SMK_M1:
1169 case SMK_M3:
1170 case SMK_ERROR:
1171 if (!wpa_auth->conf.peerkey) {
1172 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
1173 "PeerKey use disabled - ignoring message");
1174 return;
1175 }
1176 if (!sm->PTK_valid) {
1177 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1178 "received EAPOL-Key msg SMK in "
1179 "invalid state - dropped");
1180 return;
1181 }
1182 break;
1183#else /* CONFIG_PEERKEY */
1184 case SMK_M1:
1185 case SMK_M3:
1186 case SMK_ERROR:
1187 return; /* STSL disabled - ignore SMK messages */
1188#endif /* CONFIG_PEERKEY */
1189 case REQUEST:
1190 break;
1191 }
1192
1193 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1194 "received EAPOL-Key frame (%s)", msgtxt);
1195
1196 if (key_info & WPA_KEY_INFO_ACK) {
1197 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1198 "received invalid EAPOL-Key: Key Ack set");
1199 return;
1200 }
1201
1202 if (!(key_info & WPA_KEY_INFO_MIC)) {
1203 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1204 "received invalid EAPOL-Key: Key MIC not set");
1205 return;
1206 }
1207
1208 sm->MICVerified = FALSE;
68921e24 1209 if (sm->PTK_valid && !sm->update_snonce) {
929a2ea5 1210 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,
f23c5b17
JM		 1211 data_len) &&
1212 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1213 wpa_try_alt_snonce(sm, data, data_len))) {
6fc6879b
JM		 1214 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1215 "received EAPOL-Key with invalid MIC");
1216 return;
1217 }
1218 sm->MICVerified = TRUE;
1219 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
e4bf4db9 1220 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1221 }
1222
1223 if (key_info & WPA_KEY_INFO_REQUEST) {
1224 if (sm->MICVerified) {
1225 sm->req_replay_counter_used = 1;
1226 os_memcpy(sm->req_replay_counter, key->replay_counter,
1227 WPA_REPLAY_COUNTER_LEN);
1228 } else {
1229 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1230 "received EAPOL-Key request with "
1231 "invalid MIC");
1232 return;
1233 }
1234
1235 /*
1236 * TODO: should decrypt key data field if encryption was used;
1237 * even though MAC address KDE is not normally encrypted,
1238 * supplicant is allowed to encrypt it.
1239 */
1240 if (msg == SMK_ERROR) {
1241#ifdef CONFIG_PEERKEY
5c6787a6
JM		 1242 wpa_smk_error(wpa_auth, sm, (const u8 *) (key + 1),
1243 key_data_length);
6fc6879b
JM		 1244#endif /* CONFIG_PEERKEY */
1245 return;
1246 } else if (key_info & WPA_KEY_INFO_ERROR) {
c772d054
JM		 1247 if (wpa_receive_error_report(
1248 wpa_auth, sm,
1249 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1250 return; /* STA entry was removed */
6fc6879b
JM		 1251 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1252 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1253 "received EAPOL-Key Request for new "
1254 "4-Way Handshake");
1255 wpa_request_new_ptk(sm);
1256#ifdef CONFIG_PEERKEY
1257 } else if (msg == SMK_M1) {
5c6787a6
JM		 1258 wpa_smk_m1(wpa_auth, sm, key, (const u8 *) (key + 1),
1259 key_data_length);
6fc6879b
JM		 1260#endif /* CONFIG_PEERKEY */
1261 } else if (key_data_length > 0 &&
1262 wpa_parse_kde_ies((const u8 *) (key + 1),
1263 key_data_length, &kde) == 0 &&
1264 kde.mac_addr) {
1265 } else {
1266 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1267 "received EAPOL-Key Request for GTK "
1268 "rekeying");
6fc6879b
JM		 1269 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1270 wpa_rekey_gtk(wpa_auth, NULL);
1271 }
1272 } else {
68921e24
JM		 1273 /* Do not allow the same key replay counter to be reused. */
1274 wpa_replay_counter_mark_invalid(sm->key_replay,
1275 key->replay_counter);
1276
1277 if (msg == PAIRWISE_2) {
1278 /*
1279 * Maintain a copy of the pending EAPOL-Key frames in
1280 * case the EAPOL-Key frame was retransmitted. This is
1281 * needed to allow EAPOL-Key msg 2/4 reply to another
1282 * pending msg 1/4 to update the SNonce to work around
1283 * unexpected supplicant behavior.
1284 */
1285 os_memcpy(sm->prev_key_replay, sm->key_replay,
1286 sizeof(sm->key_replay));
1287 } else {
1288 os_memset(sm->prev_key_replay, 0,
1289 sizeof(sm->prev_key_replay));
1290 }
1291
1292 /*
1293 * Make sure old valid counters are not accepted anymore and
1294 * do not get copied again.
1295 */
1296 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
6fc6879b
JM		 1297 }
1298
1299#ifdef CONFIG_PEERKEY
1300 if (msg == SMK_M3) {
5c6787a6
JM		 1301 wpa_smk_m3(wpa_auth, sm, key, (const u8 *) (key + 1),
1302 key_data_length);
6fc6879b
JM		 1303 return;
1304 }
1305#endif /* CONFIG_PEERKEY */
1306
1307 os_free(sm->last_rx_eapol_key);
1308 sm->last_rx_eapol_key = os_malloc(data_len);
1309 if (sm->last_rx_eapol_key == NULL)
1310 return;
1311 os_memcpy(sm->last_rx_eapol_key, data, data_len);
1312 sm->last_rx_eapol_key_len = data_len;
1313
0d442aff 1314 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
6fc6879b
JM		 1315 sm->EAPOLKeyReceived = TRUE;
1316 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1317 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1318 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1319 wpa_sm_step(sm);
1320}
1321
1322
3c7302c2
JM		 1323static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1324 const u8 *gnonce, u8 *gtk, size_t gtk_len)
6fc6879b 1325{
5cb9d5c3
JM		 1326 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1327 u8 *pos;
3c7302c2 1328 int ret = 0;
6fc6879b 1329
5cb9d5c3
JM		 1330 /* GTK = PRF-X(GMK, "Group key expansion",
1331 * AA || GNonce || Time || random data)
1332 * The example described in the IEEE 802.11 standard uses only AA and
1333 * GNonce as inputs here. Add some more entropy since this derivation
1334 * is done only at the Authenticator and as such, does not need to be
1335 * exactly same.
1336 */
6fc6879b
JM		 1337 os_memcpy(data, addr, ETH_ALEN);
1338 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
5cb9d5c3
JM		 1339 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1340 wpa_get_ntp_timestamp(pos);
1341 pos += 8;
3642c431 1342 if (random_get_bytes(pos, 16) < 0)
3c7302c2 1343 ret = -1;
6fc6879b 1344
56586197 1345#ifdef CONFIG_IEEE80211W
5cb9d5c3 1346 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
56586197 1347#else /* CONFIG_IEEE80211W */
3c7302c2
JM		 1348 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1349 < 0)
1350 ret = -1;
56586197 1351#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 1352
1353 return ret;
6fc6879b
JM		 1354}
1355
1356
1357static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1358{
1359 struct wpa_authenticator *wpa_auth = eloop_ctx;
1360 struct wpa_state_machine *sm = timeout_ctx;
1361
e4bf4db9 1362 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1363 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1364 sm->TimeoutEvt = TRUE;
1365 wpa_sm_step(sm);
1366}
1367
1368
1369void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1370 struct wpa_state_machine *sm, int key_info,
1371 const u8 *key_rsc, const u8 *nonce,
1372 const u8 *kde, size_t kde_len,
1373 int keyidx, int encr, int force_version)
1374{
1375 struct ieee802_1x_hdr *hdr;
1376 struct wpa_eapol_key *key;
1377 size_t len;
1378 int alg;
1379 int key_data_len, pad_len = 0;
1380 u8 *buf, *pos;
1381 int version, pairwise;
22a299ee 1382 int i;
6fc6879b
JM		 1383
1384 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
1385
1386 if (force_version)
1387 version = force_version;
929a2ea5
JM		 1388 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
1389 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt))
a14896e8 1390 version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
6fc6879b
JM		 1391 else if (wpa_use_aes_cmac(sm))
1392 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
eb7719ff 1393 else if (sm->pairwise != WPA_CIPHER_TKIP)
6fc6879b
JM		 1394 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1395 else
1396 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1397
8543ed8a 1398 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
6fc6879b
JM		 1399
1400 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1401 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1402 "encr=%d)",
1403 version,
1404 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1405 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1406 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1407 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1408 pairwise, (unsigned long) kde_len, keyidx, encr);
1409
1410 key_data_len = kde_len;
1411
1412 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
a14896e8 1413 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
929a2ea5 1414 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
6fc6879b
JM		 1415 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1416 pad_len = key_data_len % 8;
1417 if (pad_len)
1418 pad_len = 8 - pad_len;
1419 key_data_len += pad_len + 8;
1420 }
1421
1422 len += key_data_len;
1423
1424 hdr = os_zalloc(len);
1425 if (hdr == NULL)
1426 return;
1427 hdr->version = wpa_auth->conf.eapol_version;
1428 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1429 hdr->length = host_to_be16(len - sizeof(*hdr));
1430 key = (struct wpa_eapol_key *) (hdr + 1);
1431
1432 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1433 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1434 key_info |= version;
1435 if (encr && sm->wpa == WPA_VERSION_WPA2)
1436 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1437 if (sm->wpa != WPA_VERSION_WPA2)
1438 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1439 WPA_PUT_BE16(key->key_info, key_info);
1440
1441 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
c3550295 1442 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
6fc6879b
JM		 1443 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1444 WPA_PUT_BE16(key->key_length, 0);
1445
1446 /* FIX: STSL: what to use as key_replay_counter? */
22a299ee
JM		 1447 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1448 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1449 os_memcpy(sm->key_replay[i].counter,
1450 sm->key_replay[i - 1].counter,
1451 WPA_REPLAY_COUNTER_LEN);
1452 }
1453 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1454 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
6fc6879b 1455 WPA_REPLAY_COUNTER_LEN);
db099951
JM		 1456 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
1457 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
22a299ee 1458 sm->key_replay[0].valid = TRUE;
6fc6879b
JM		 1459
1460 if (nonce)
1461 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1462
1463 if (key_rsc)
1464 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1465
1466 if (kde && !encr) {
1467 os_memcpy(key + 1, kde, kde_len);
1468 WPA_PUT_BE16(key->key_data_length, kde_len);
1469 } else if (encr && kde) {
1470 buf = os_zalloc(key_data_len);
1471 if (buf == NULL) {
1472 os_free(hdr);
1473 return;
1474 }
1475 pos = buf;
1476 os_memcpy(pos, kde, kde_len);
1477 pos += kde_len;
1478
1479 if (pad_len)
1480 *pos++ = 0xdd;
1481
1482 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1483 buf, key_data_len);
1484 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
a14896e8 1485 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
929a2ea5 1486 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
6fc6879b 1487 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
eefec1e4
JM		 1488 if (aes_wrap(sm->PTK.kek, 16,
1489 (key_data_len - 8) / 8, buf,
6fc6879b
JM		 1490 (u8 *) (key + 1))) {
1491 os_free(hdr);
1492 os_free(buf);
1493 return;
1494 }
1495 WPA_PUT_BE16(key->key_data_length, key_data_len);
1496 } else {
1497 u8 ek[32];
1498 os_memcpy(key->key_iv,
1499 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1500 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1501 os_memcpy(ek, key->key_iv, 16);
1502 os_memcpy(ek + 16, sm->PTK.kek, 16);
1503 os_memcpy(key + 1, buf, key_data_len);
1504 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1505 WPA_PUT_BE16(key->key_data_length, key_data_len);
1506 }
1507 os_free(buf);
1508 }
1509
1510 if (key_info & WPA_KEY_INFO_MIC) {
1511 if (!sm->PTK_valid) {
1512 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1513 "PTK not valid when sending EAPOL-Key "
1514 "frame");
1515 os_free(hdr);
1516 return;
1517 }
929a2ea5
JM		 1518 wpa_eapol_key_mic(sm->PTK.kck, sm->wpa_key_mgmt, version,
1519 (u8 *) hdr, len, key->key_mic);
7af092a0
JB		 1520#ifdef CONFIG_TESTING_OPTIONS
1521 if (!pairwise &&
06df2aa6 1522 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
7af092a0
JB		 1523 drand48() <
1524 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1525 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1526 "Corrupting group EAPOL-Key Key MIC");
1527 key->key_mic[0]++;
1528 }
1529#endif /* CONFIG_TESTING_OPTIONS */
6fc6879b
JM		 1530 }
1531
1532 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1533 1);
1534 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1535 sm->pairwise_set);
1536 os_free(hdr);
1537}
1538
1539
1540static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1541 struct wpa_state_machine *sm, int key_info,
1542 const u8 *key_rsc, const u8 *nonce,
1543 const u8 *kde, size_t kde_len,
1544 int keyidx, int encr)
1545{
1546 int timeout_ms;
1547 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
bae61562 1548 int ctr;
6fc6879b
JM		 1549
1550 if (sm == NULL)
1551 return;
1552
1553 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1554 keyidx, encr, 0);
1555
bae61562 1556 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
e4bf4db9 1557 if (ctr == 1 && wpa_auth->conf.tx_status)
00338a4f
JM		 1558 timeout_ms = pairwise ? eapol_key_timeout_first :
1559 eapol_key_timeout_first_group;
bae61562
JM		 1560 else
1561 timeout_ms = eapol_key_timeout_subseq;
e4bf4db9
JM		 1562 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1563 sm->pending_1_of_4_timeout = 1;
1564 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1565 "counter %d)", timeout_ms, ctr);
6fc6879b
JM		 1566 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1567 wpa_send_eapol_timeout, wpa_auth, sm);
1568}
1569
1570
929a2ea5
JM		 1571static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
1572 size_t data_len)
6fc6879b
JM		 1573{
1574 struct ieee802_1x_hdr *hdr;
1575 struct wpa_eapol_key *key;
1576 u16 key_info;
1577 int ret = 0;
1578 u8 mic[16];
1579
1580 if (data_len < sizeof(*hdr) + sizeof(*key))
1581 return -1;
1582
1583 hdr = (struct ieee802_1x_hdr *) data;
1584 key = (struct wpa_eapol_key *) (hdr + 1);
1585 key_info = WPA_GET_BE16(key->key_info);
1586 os_memcpy(mic, key->key_mic, 16);
1587 os_memset(key->key_mic, 0, 16);
929a2ea5 1588 if (wpa_eapol_key_mic(PTK->kck, akmp, key_info & WPA_KEY_INFO_TYPE_MASK,
6fc6879b 1589 data, data_len, key->key_mic) ||
870834a1 1590 os_memcmp_const(mic, key->key_mic, 16) != 0)
6fc6879b
JM		 1591 ret = -1;
1592 os_memcpy(key->key_mic, mic, 16);
1593 return ret;
1594}
1595
1596
1597void wpa_remove_ptk(struct wpa_state_machine *sm)
1598{
1599 sm->PTK_valid = FALSE;
1600 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
26083221 1601 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
6fc6879b 1602 sm->pairwise_set = FALSE;
581a8cde 1603 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 1604}
1605
1606
6f9b5d16 1607int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
6fc6879b 1608{
5d22a1d5
JM		 1609 int remove_ptk = 1;
1610
6fc6879b 1611 if (sm == NULL)
6f9b5d16 1612 return -1;
6fc6879b
JM		 1613
1614 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1615 "event %d notification", event);
1616
1617 switch (event) {
1618 case WPA_AUTH:
c50d94f1
BC		 1619#ifdef CONFIG_MESH
1620 /* PTKs are derived through AMPE */
1621 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1622 /* not mesh */
1623 break;
1624 }
1625 return 0;
1626#endif /* CONFIG_MESH */
6fc6879b
JM		 1627 case WPA_ASSOC:
1628 break;
1629 case WPA_DEAUTH:
1630 case WPA_DISASSOC:
1631 sm->DeauthenticationRequest = TRUE;
1632 break;
1633 case WPA_REAUTH:
1634 case WPA_REAUTH_EAPOL:
3ab72b62
JM		 1635 if (!sm->started) {
1636 /*
1637 * When using WPS, we may end up here if the STA
1638 * manages to re-associate without the previous STA
1639 * entry getting removed. Consequently, we need to make
1640 * sure that the WPA state machines gets initialized
1641 * properly at this point.
1642 */
1643 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1644 "started - initialize now");
1645 sm->started = 1;
1646 sm->Init = TRUE;
1647 if (wpa_sm_step(sm) == 1)
1648 return 1; /* should not really happen */
1649 sm->Init = FALSE;
1650 sm->AuthenticationRequest = TRUE;
1651 break;
1652 }
9663596f
JM		 1653 if (sm->GUpdateStationKeys) {
1654 /*
1655 * Reauthentication cancels the pending group key
1656 * update for this STA.
1657 */
1658 sm->group->GKeyDoneStations--;
1659 sm->GUpdateStationKeys = FALSE;
1660 sm->PtkGroupInit = TRUE;
1661 }
6fc6879b
JM		 1662 sm->ReAuthenticationRequest = TRUE;
1663 break;
1664 case WPA_ASSOC_FT:
1665#ifdef CONFIG_IEEE80211R
81a658d7
JM		 1666 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1667 "after association");
1668 wpa_ft_install_ptk(sm);
1669
6fc6879b
JM		 1670 /* Using FT protocol, not WPA auth state machine */
1671 sm->ft_completed = 1;
6f9b5d16 1672 return 0;
6fc6879b
JM		 1673#else /* CONFIG_IEEE80211R */
1674 break;
1675#endif /* CONFIG_IEEE80211R */
1676 }
1677
1678#ifdef CONFIG_IEEE80211R
1679 sm->ft_completed = 0;
1680#endif /* CONFIG_IEEE80211R */
1681
5d22a1d5
JM		 1682#ifdef CONFIG_IEEE80211W
1683 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1684 remove_ptk = 0;
1685#endif /* CONFIG_IEEE80211W */
6fc6879b 1686
5d22a1d5
JM		 1687 if (remove_ptk) {
1688 sm->PTK_valid = FALSE;
1689 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1690
1691 if (event != WPA_REAUTH_EAPOL)
1692 wpa_remove_ptk(sm);
1693 }
6fc6879b 1694
6f9b5d16 1695 return wpa_sm_step(sm);
6fc6879b
JM		 1696}
1697
1698
6fc6879b
JM		 1699SM_STATE(WPA_PTK, INITIALIZE)
1700{
1701 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1702 if (sm->Init) {
1703 /* Init flag is not cleared here, so avoid busy
1704 * loop by claiming nothing changed. */
1705 sm->changed = FALSE;
1706 }
1707
1708 sm->keycount = 0;
1709 if (sm->GUpdateStationKeys)
1710 sm->group->GKeyDoneStations--;
1711 sm->GUpdateStationKeys = FALSE;
1712 if (sm->wpa == WPA_VERSION_WPA)
1713 sm->PInitAKeys = FALSE;
1714 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1715 * Local AA > Remote AA)) */) {
1716 sm->Pair = TRUE;
1717 }
1718 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1719 wpa_remove_ptk(sm);
1720 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1721 sm->TimeoutCtr = 0;
56586197 1722 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1723 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1724 WPA_EAPOL_authorized, 0);
1725 }
1726}
1727
1728
1729SM_STATE(WPA_PTK, DISCONNECT)
1730{
1731 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1732 sm->Disconnect = FALSE;
1733 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1734}
1735
1736
1737SM_STATE(WPA_PTK, DISCONNECTED)
1738{
1739 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1740 sm->DeauthenticationRequest = FALSE;
1741}
1742
1743
1744SM_STATE(WPA_PTK, AUTHENTICATION)
1745{
1746 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1747 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1748 sm->PTK_valid = FALSE;
1749 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1750 1);
1751 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1752 sm->AuthenticationRequest = FALSE;
1753}
1754
1755
40d00d2b
NC		 1756static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1757 struct wpa_group *group)
1bdb7ab3 1758{
40d00d2b
NC		 1759 if (group->first_sta_seen)
1760 return;
1bdb7ab3
JM		 1761 /*
1762 * System has run bit further than at the time hostapd was started
1763 * potentially very early during boot up. This provides better chances
1764 * of collecting more randomness on embedded systems. Re-initialize the
1765 * GMK and Counter here to improve their strength if there was not
1766 * enough entropy available immediately after system startup.
1767 */
1768 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1769 "station");
08704cd8
JM		 1770 if (random_pool_ready() != 1) {
1771 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1772 "to proceed - reject first 4-way handshake");
1773 group->reject_4way_hs_for_entropy = TRUE;
40d00d2b
NC		 1774 } else {
1775 group->first_sta_seen = TRUE;
1776 group->reject_4way_hs_for_entropy = FALSE;
08704cd8 1777 }
40d00d2b 1778
1bdb7ab3
JM		 1779 wpa_group_init_gmk_and_counter(wpa_auth, group);
1780 wpa_gtk_update(wpa_auth, group);
1781 wpa_group_config_group_keys(wpa_auth, group);
1782}
1783
1784
6fc6879b
JM		 1785SM_STATE(WPA_PTK, AUTHENTICATION2)
1786{
1787 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1bdb7ab3 1788
40d00d2b 1789 wpa_group_ensure_init(sm->wpa_auth, sm->group);
65a32cdb 1790 sm->ReAuthenticationRequest = FALSE;
1bdb7ab3 1791
3825a19b
JM		 1792 /*
1793 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
1794 * ambiguous. The Authenticator state machine uses a counter that is
1795 * incremented by one for each 4-way handshake. However, the security
1796 * analysis of 4-way handshake points out that unpredictable nonces
1797 * help in preventing precomputation attacks. Instead of the state
1798 * machine definition, use an unpredictable nonce value here to provide
1799 * stronger protection against potential precomputation attacks.
1800 */
1801 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1802 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
1803 "ANonce.");
65a32cdb 1804 sm->Disconnect = TRUE;
3825a19b
JM		 1805 return;
1806 }
bc8318ac
JM		 1807 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1808 WPA_NONCE_LEN);
6fc6879b
JM		 1809 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1810 * logical place than INITIALIZE since AUTHENTICATION2 can be
1811 * re-entered on ReAuthenticationRequest without going through
1812 * INITIALIZE. */
1813 sm->TimeoutCtr = 0;
1814}
1815
1816
1817SM_STATE(WPA_PTK, INITPMK)
1818{
1819 u8 msk[2 * PMK_LEN];
1820 size_t len = 2 * PMK_LEN;
1821
1822 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1823#ifdef CONFIG_IEEE80211R
1824 sm->xxkey_len = 0;
1825#endif /* CONFIG_IEEE80211R */
1826 if (sm->pmksa) {
1827 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1828 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1829 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1830 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1831 "(len=%lu)", (unsigned long) len);
1832 os_memcpy(sm->PMK, msk, PMK_LEN);
1833#ifdef CONFIG_IEEE80211R
1834 if (len >= 2 * PMK_LEN) {
1835 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1836 sm->xxkey_len = PMK_LEN;
1837 }
1838#endif /* CONFIG_IEEE80211R */
1839 } else {
1840 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1841 }
1842
1843 sm->req_replay_counter_used = 0;
1844 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1845 * will break reauthentication since EAPOL state machines may not be
1846 * get into AUTHENTICATING state that clears keyRun before WPA state
1847 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1848 * state and takes PMK from the previously used AAA Key. This will
1849 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1850 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1851 * be good workaround for this issue. */
1852 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1853}
1854
1855
1856SM_STATE(WPA_PTK, INITPSK)
1857{
1858 const u8 *psk;
1859 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
759fd76b 1860 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL);
6fc6879b
JM		 1861 if (psk) {
1862 os_memcpy(sm->PMK, psk, PMK_LEN);
1863#ifdef CONFIG_IEEE80211R
1864 os_memcpy(sm->xxkey, psk, PMK_LEN);
1865 sm->xxkey_len = PMK_LEN;
1866#endif /* CONFIG_IEEE80211R */
1867 }
1868 sm->req_replay_counter_used = 0;
1869}
1870
1871
1872SM_STATE(WPA_PTK, PTKSTART)
1873{
1874 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1875 size_t pmkid_len = 0;
1876
1877 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1878 sm->PTKRequest = FALSE;
1879 sm->TimeoutEvt = FALSE;
f23c5b17 1880 sm->alt_snonce_valid = FALSE;
bae61562
JM		 1881
1882 sm->TimeoutCtr++;
1883 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1884 /* No point in sending the EAPOL-Key - we will disconnect
1885 * immediately following this. */
1886 return;
1887 }
1888
6fc6879b
JM		 1889 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1890 "sending 1/4 msg of 4-Way Handshake");
1891 /*
1892 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1893 * one possible PSK for this STA.
1894 */
1895 if (sm->wpa == WPA_VERSION_WPA2 &&
a14896e8
JM		 1896 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1897 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
6fc6879b
JM		 1898 pmkid = buf;
1899 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1900 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1901 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1902 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
929a2ea5 1903 if (sm->pmksa) {
6fc6879b
JM		 1904 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1905 sm->pmksa->pmkid, PMKID_LEN);
929a2ea5
JM		 1906 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
1907 /* No KCK available to derive PMKID */
1908 pmkid = NULL;
1909 } else {
6fc6879b
JM		 1910 /*
1911 * Calculate PMKID since no PMKSA cache entry was
1912 * available with pre-calculated PMKID.
1913 */
1914 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
56586197
JM		 1915 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1916 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1917 }
1918 }
1919 wpa_send_eapol(sm->wpa_auth, sm,
1920 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1921 sm->ANonce, pmkid, pmkid_len, 0, 0);
6fc6879b
JM		 1922}
1923
1924
f23c5b17
JM		 1925static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
1926 const u8 *pmk, struct wpa_ptk *ptk)
6fc6879b 1927{
3b9c5176 1928 size_t ptk_len = wpa_cipher_key_len(sm->pairwise) + 32;
6fc6879b 1929#ifdef CONFIG_IEEE80211R
56586197 1930 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
c0a61908 1931 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
6fc6879b
JM		 1932#endif /* CONFIG_IEEE80211R */
1933
1934 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
f23c5b17 1935 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
c0a61908 1936 (u8 *) ptk, ptk_len,
56586197 1937 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1938
1939 return 0;
1940}
1941
1942
1943SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1944{
1945 struct wpa_ptk PTK;
1946 int ok = 0;
1947 const u8 *pmk = NULL;
1948
1949 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1950 sm->EAPOLKeyReceived = FALSE;
68921e24 1951 sm->update_snonce = FALSE;
6fc6879b
JM		 1952
1953 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1954 * WPA-PSK: iterate through possible PSKs and select the one matching
1955 * the packet */
1956 for (;;) {
56586197 1957 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
759fd76b
JM		 1958 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
1959 sm->p2p_dev_addr, pmk);
6fc6879b
JM		 1960 if (pmk == NULL)
1961 break;
1962 } else
1963 pmk = sm->PMK;
1964
f23c5b17 1965 wpa_derive_ptk(sm, sm->SNonce, pmk, &PTK);
6fc6879b 1966
929a2ea5
JM		 1967 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
1968 sm->last_rx_eapol_key,
6fc6879b
JM		 1969 sm->last_rx_eapol_key_len) == 0) {
1970 ok = 1;
1971 break;
1972 }
1973
56586197 1974 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
6fc6879b
JM		 1975 break;
1976 }
1977
1978 if (!ok) {
1979 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1980 "invalid MIC in msg 2/4 of 4-Way Handshake");
1981 return;
1982 }
1983
26e23750
JM		 1984#ifdef CONFIG_IEEE80211R
1985 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1986 /*
1987 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
1988 * with the value we derived.
1989 */
870834a1
JM		 1990 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
1991 WPA_PMK_NAME_LEN) != 0) {
26e23750
JM		 1992 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1993 "PMKR1Name mismatch in FT 4-way "
1994 "handshake");
1995 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
1996 "Supplicant",
1997 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
1998 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
1999 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2000 return;
2001 }
2002 }
2003#endif /* CONFIG_IEEE80211R */
2004
e4bf4db9 2005 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 2006 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2007
56586197 2008 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2009 /* PSK may have changed from the previous choice, so update
2010 * state machine data based on whatever PSK was selected here.
2011 */
2012 os_memcpy(sm->PMK, pmk, PMK_LEN);
2013 }
2014
2015 sm->MICVerified = TRUE;
2016
2017 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
2018 sm->PTK_valid = TRUE;
2019}
2020
2021
2022SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2023{
2024 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2025 sm->TimeoutCtr = 0;
2026}
2027
2028
2029#ifdef CONFIG_IEEE80211W
2030
2031static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2032{
2033 if (sm->mgmt_frame_prot) {
8dd9f9cd
JM		 2034 size_t len;
2035 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2036 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
6fc6879b
JM		 2037 }
2038
2039 return 0;
2040}
2041
2042
2043static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2044{
2045 struct wpa_igtk_kde igtk;
2046 struct wpa_group *gsm = sm->group;
03610ad2 2047 u8 rsc[WPA_KEY_RSC_LEN];
8dd9f9cd 2048 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
6fc6879b
JM		 2049
2050 if (!sm->mgmt_frame_prot)
2051 return pos;
2052
2053 igtk.keyid[0] = gsm->GN_igtk;
2054 igtk.keyid[1] = 0;
7b1080da 2055 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
03610ad2 2056 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
6fc6879b 2057 os_memset(igtk.pn, 0, sizeof(igtk.pn));
03610ad2
JM		 2058 else
2059 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
8dd9f9cd 2060 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
83421850
JM		 2061 if (sm->wpa_auth->conf.disable_gtk) {
2062 /*
2063 * Provide unique random IGTK to each STA to prevent use of
2064 * IGTK in the BSS.
2065 */
8dd9f9cd 2066 if (random_get_bytes(igtk.igtk, len) < 0)
83421850
JM		 2067 return pos;
2068 }
6fc6879b 2069 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
8dd9f9cd
JM		 2070 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
2071 NULL, 0);
6fc6879b
JM		 2072
2073 return pos;
2074}
2075
2076#else /* CONFIG_IEEE80211W */
2077
2078static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2079{
2080 return 0;
2081}
2082
2083
2084static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2085{
2086 return pos;
2087}
2088
2089#endif /* CONFIG_IEEE80211W */
2090
2091
2092SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
2093{
83421850 2094 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
6fc6879b
JM		 2095 size_t gtk_len, kde_len;
2096 struct wpa_group *gsm = sm->group;
2097 u8 *wpa_ie;
2098 int wpa_ie_len, secure, keyidx, encr = 0;
2099
2100 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
2101 sm->TimeoutEvt = FALSE;
bae61562
JM		 2102
2103 sm->TimeoutCtr++;
2104 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
2105 /* No point in sending the EAPOL-Key - we will disconnect
2106 * immediately following this. */
2107 return;
2108 }
2109
86dfabb8
JM		 2110 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
2111 GTK[GN], IGTK, [FTIE], [TIE * 2])
6fc6879b
JM		 2112 */
2113 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2114 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
86dfabb8 2115 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6fc6879b
JM		 2116 wpa_ie = sm->wpa_auth->wpa_ie;
2117 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
2118 if (sm->wpa == WPA_VERSION_WPA &&
2119 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
2120 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
2121 /* WPA-only STA, remove RSN IE */
2122 wpa_ie = wpa_ie + wpa_ie[1] + 2;
2123 wpa_ie_len = wpa_ie[1] + 2;
2124 }
2125 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2126 "sending 3/4 msg of 4-Way Handshake");
2127 if (sm->wpa == WPA_VERSION_WPA2) {
2128 /* WPA2 send GTK in the 4-way handshake */
2129 secure = 1;
2130 gtk = gsm->GTK[gsm->GN - 1];
2131 gtk_len = gsm->GTK_len;
83421850
JM		 2132 if (sm->wpa_auth->conf.disable_gtk) {
2133 /*
2134 * Provide unique random GTK to each STA to prevent use
2135 * of GTK in the BSS.
2136 */
2137 if (random_get_bytes(dummy_gtk, gtk_len) < 0)
2138 return;
2139 gtk = dummy_gtk;
2140 }
6fc6879b
JM		 2141 keyidx = gsm->GN;
2142 _rsc = rsc;
2143 encr = 1;
2144 } else {
2145 /* WPA does not include GTK in msg 3/4 */
2146 secure = 0;
2147 gtk = NULL;
2148 gtk_len = 0;
2149 keyidx = 0;
2150 _rsc = NULL;
0d442aff
JM		 2151 if (sm->rx_eapol_key_secure) {
2152 /*
2153 * It looks like Windows 7 supplicant tries to use
2154 * Secure bit in msg 2/4 after having reported Michael
2155 * MIC failure and it then rejects the 4-way handshake
2156 * if msg 3/4 does not set Secure bit. Work around this
2157 * by setting the Secure bit here even in the case of
2158 * WPA if the supplicant used it first.
2159 */
2160 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4740d5b9
JM		 2161 "STA used Secure bit in WPA msg 2/4 - "
2162 "set Secure for 3/4 as workaround");
0d442aff
JM		 2163 secure = 1;
2164 }
6fc6879b
JM		 2165 }
2166
2167 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
2168 if (gtk)
2169 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
26e23750 2170#ifdef CONFIG_IEEE80211R
86dfabb8
JM		 2171 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2172 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
2173 kde_len += 300; /* FTIE + 2 * TIE */
2174 }
26e23750 2175#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 2176#ifdef CONFIG_P2P
2177 if (WPA_GET_BE32(sm->ip_addr) > 0)
2178 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
2179#endif /* CONFIG_P2P */
6fc6879b
JM		 2180 kde = os_malloc(kde_len);
2181 if (kde == NULL)
2182 return;
2183
2184 pos = kde;
2185 os_memcpy(pos, wpa_ie, wpa_ie_len);
2186 pos += wpa_ie_len;
26e23750
JM		 2187#ifdef CONFIG_IEEE80211R
2188 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2189 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
2190 if (res < 0) {
2191 wpa_printf(MSG_ERROR, "FT: Failed to insert "
2192 "PMKR1Name into RSN IE in EAPOL-Key data");
2193 os_free(kde);
2194 return;
2195 }
2196 pos += res;
2197 }
2198#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 2199 if (gtk) {
2200 u8 hdr[2];
2201 hdr[0] = keyidx & 0x03;
2202 hdr[1] = 0;
2203 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2204 gtk, gtk_len);
2205 }
2206 pos = ieee80211w_kde_add(sm, pos);
2207
86dfabb8
JM		 2208#ifdef CONFIG_IEEE80211R
2209 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2210 int res;
2211 struct wpa_auth_config *conf;
2212
2213 conf = &sm->wpa_auth->conf;
2214 res = wpa_write_ftie(conf, conf->r0_key_holder,
2215 conf->r0_key_holder_len,
2216 NULL, NULL, pos, kde + kde_len - pos,
2217 NULL, 0);
2218 if (res < 0) {
2219 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
2220 "into EAPOL-Key Key Data");
2221 os_free(kde);
2222 return;
2223 }
2224 pos += res;
2225
2226 /* TIE[ReassociationDeadline] (TU) */
2227 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2228 *pos++ = 5;
2229 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
2230 WPA_PUT_LE32(pos, conf->reassociation_deadline);
2231 pos += 4;
2232
2233 /* TIE[KeyLifetime] (seconds) */
2234 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2235 *pos++ = 5;
2236 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
2237 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
2238 pos += 4;
2239 }
2240#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 2241#ifdef CONFIG_P2P
2242 if (WPA_GET_BE32(sm->ip_addr) > 0) {
2243 u8 addr[3 * 4];
2244 os_memcpy(addr, sm->ip_addr, 4);
2245 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
2246 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
2247 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
2248 addr, sizeof(addr), NULL, 0);
2249 }
2250#endif /* CONFIG_P2P */
86dfabb8 2251
6fc6879b
JM		 2252 wpa_send_eapol(sm->wpa_auth, sm,
2253 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
2254 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
2255 WPA_KEY_INFO_KEY_TYPE,
2256 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
2257 os_free(kde);
6fc6879b
JM		 2258}
2259
2260
2261SM_STATE(WPA_PTK, PTKINITDONE)
2262{
2263 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
2264 sm->EAPOLKeyReceived = FALSE;
2265 if (sm->Pair) {
c3550295
JM		 2266 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
2267 int klen = wpa_cipher_key_len(sm->pairwise);
6fc6879b
JM		 2268 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2269 sm->PTK.tk1, klen)) {
2270 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2271 return;
2272 }
2273 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2274 sm->pairwise_set = TRUE;
2275
581a8cde
JM		 2276 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
2277 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2278 eloop_register_timeout(sm->wpa_auth->conf.
2279 wpa_ptk_rekey, 0, wpa_rekey_ptk,
2280 sm->wpa_auth, sm);
2281 }
2282
56586197 2283 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2284 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2285 WPA_EAPOL_authorized, 1);
2286 }
2287 }
2288
2289 if (0 /* IBSS == TRUE */) {
2290 sm->keycount++;
2291 if (sm->keycount == 2) {
2292 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2293 WPA_EAPOL_portValid, 1);
2294 }
2295 } else {
2296 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
2297 1);
2298 }
2299 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
2300 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
2301 if (sm->wpa == WPA_VERSION_WPA)
2302 sm->PInitAKeys = TRUE;
2303 else
2304 sm->has_GTK = TRUE;
2305 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2306 "pairwise key handshake completed (%s)",
2307 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2308
2309#ifdef CONFIG_IEEE80211R
2310 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
2311#endif /* CONFIG_IEEE80211R */
2312}
2313
2314
2315SM_STEP(WPA_PTK)
2316{
2317 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2318
2319 if (sm->Init)
2320 SM_ENTER(WPA_PTK, INITIALIZE);
2321 else if (sm->Disconnect
1aae01fc
BG		 2322 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
2323 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2324 "WPA_PTK: sm->Disconnect");
6fc6879b 2325 SM_ENTER(WPA_PTK, DISCONNECT);
1aae01fc 2326 }
6fc6879b
JM		 2327 else if (sm->DeauthenticationRequest)
2328 SM_ENTER(WPA_PTK, DISCONNECTED);
2329 else if (sm->AuthenticationRequest)
2330 SM_ENTER(WPA_PTK, AUTHENTICATION);
2331 else if (sm->ReAuthenticationRequest)
2332 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2333 else if (sm->PTKRequest)
2334 SM_ENTER(WPA_PTK, PTKSTART);
2335 else switch (sm->wpa_ptk_state) {
2336 case WPA_PTK_INITIALIZE:
2337 break;
2338 case WPA_PTK_DISCONNECT:
2339 SM_ENTER(WPA_PTK, DISCONNECTED);
2340 break;
2341 case WPA_PTK_DISCONNECTED:
2342 SM_ENTER(WPA_PTK, INITIALIZE);
2343 break;
2344 case WPA_PTK_AUTHENTICATION:
2345 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2346 break;
2347 case WPA_PTK_AUTHENTICATION2:
56586197 2348 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6fc6879b
JM		 2349 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2350 WPA_EAPOL_keyRun) > 0)
2351 SM_ENTER(WPA_PTK, INITPMK);
56586197 2352 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
6fc6879b
JM		 2353 /* FIX: && 802.1X::keyRun */)
2354 SM_ENTER(WPA_PTK, INITPSK);
2355 break;
2356 case WPA_PTK_INITPMK:
2357 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2358 WPA_EAPOL_keyAvailable) > 0)
2359 SM_ENTER(WPA_PTK, PTKSTART);
2360 else {
2361 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2362 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2363 "INITPMK - keyAvailable = false");
6fc6879b
JM		 2364 SM_ENTER(WPA_PTK, DISCONNECT);
2365 }
2366 break;
2367 case WPA_PTK_INITPSK:
759fd76b
JM		 2368 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
2369 NULL))
6fc6879b
JM		 2370 SM_ENTER(WPA_PTK, PTKSTART);
2371 else {
2372 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2373 "no PSK configured for the STA");
2374 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2375 SM_ENTER(WPA_PTK, DISCONNECT);
2376 }
2377 break;
2378 case WPA_PTK_PTKSTART:
2379 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2380 sm->EAPOLKeyPairwise)
2381 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2382 else if (sm->TimeoutCtr >
2383 (int) dot11RSNAConfigPairwiseUpdateCount) {
2384 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2385 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2386 "PTKSTART: Retry limit %d reached",
2387 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2388 SM_ENTER(WPA_PTK, DISCONNECT);
2389 } else if (sm->TimeoutEvt)
2390 SM_ENTER(WPA_PTK, PTKSTART);
2391 break;
2392 case WPA_PTK_PTKCALCNEGOTIATING:
2393 if (sm->MICVerified)
2394 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2395 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2396 sm->EAPOLKeyPairwise)
2397 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2398 else if (sm->TimeoutEvt)
2399 SM_ENTER(WPA_PTK, PTKSTART);
2400 break;
2401 case WPA_PTK_PTKCALCNEGOTIATING2:
2402 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2403 break;
2404 case WPA_PTK_PTKINITNEGOTIATING:
68921e24
JM		 2405 if (sm->update_snonce)
2406 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2407 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2408 sm->EAPOLKeyPairwise && sm->MICVerified)
6fc6879b
JM		 2409 SM_ENTER(WPA_PTK, PTKINITDONE);
2410 else if (sm->TimeoutCtr >
2411 (int) dot11RSNAConfigPairwiseUpdateCount) {
2412 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2413 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2414 "PTKINITNEGOTIATING: Retry limit %d "
2415 "reached",
2416 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2417 SM_ENTER(WPA_PTK, DISCONNECT);
2418 } else if (sm->TimeoutEvt)
2419 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2420 break;
2421 case WPA_PTK_PTKINITDONE:
2422 break;
2423 }
2424}
2425
2426
2427SM_STATE(WPA_PTK_GROUP, IDLE)
2428{
2429 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2430 if (sm->Init) {
2431 /* Init flag is not cleared here, so avoid busy
2432 * loop by claiming nothing changed. */
2433 sm->changed = FALSE;
2434 }
2435 sm->GTimeoutCtr = 0;
2436}
2437
2438
2439SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2440{
2441 u8 rsc[WPA_KEY_RSC_LEN];
2442 struct wpa_group *gsm = sm->group;
e41e4f9e
JM		 2443 const u8 *kde;
2444 u8 *kde_buf = NULL, *pos, hdr[2];
6fc6879b 2445 size_t kde_len;
83421850 2446 u8 *gtk, dummy_gtk[32];
6fc6879b
JM		 2447
2448 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
bae61562
JM		 2449
2450 sm->GTimeoutCtr++;
2451 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2452 /* No point in sending the EAPOL-Key - we will disconnect
2453 * immediately following this. */
2454 return;
2455 }
2456
6fc6879b
JM		 2457 if (sm->wpa == WPA_VERSION_WPA)
2458 sm->PInitAKeys = FALSE;
2459 sm->TimeoutEvt = FALSE;
2460 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2461 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2462 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2463 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2464 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2465 "sending 1/2 msg of Group Key Handshake");
2466
83421850
JM		 2467 gtk = gsm->GTK[gsm->GN - 1];
2468 if (sm->wpa_auth->conf.disable_gtk) {
2469 /*
2470 * Provide unique random GTK to each STA to prevent use
2471 * of GTK in the BSS.
2472 */
2473 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
2474 return;
2475 gtk = dummy_gtk;
2476 }
6fc6879b
JM		 2477 if (sm->wpa == WPA_VERSION_WPA2) {
2478 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2479 ieee80211w_kde_len(sm);
e41e4f9e
JM		 2480 kde_buf = os_malloc(kde_len);
2481 if (kde_buf == NULL)
6fc6879b
JM		 2482 return;
2483
e41e4f9e 2484 kde = pos = kde_buf;
6fc6879b
JM		 2485 hdr[0] = gsm->GN & 0x03;
2486 hdr[1] = 0;
2487 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
83421850 2488 gtk, gsm->GTK_len);
6fc6879b 2489 pos = ieee80211w_kde_add(sm, pos);
e41e4f9e 2490 kde_len = pos - kde;
6fc6879b 2491 } else {
83421850 2492 kde = gtk;
e41e4f9e 2493 kde_len = gsm->GTK_len;
6fc6879b
JM		 2494 }
2495
2496 wpa_send_eapol(sm->wpa_auth, sm,
2497 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
2498 WPA_KEY_INFO_ACK |
2499 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
e41e4f9e
JM		 2500 rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1);
2501
2502 os_free(kde_buf);
6fc6879b
JM		 2503}
2504
2505
2506SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2507{
2508 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2509 sm->EAPOLKeyReceived = FALSE;
2510 if (sm->GUpdateStationKeys)
2511 sm->group->GKeyDoneStations--;
2512 sm->GUpdateStationKeys = FALSE;
2513 sm->GTimeoutCtr = 0;
2514 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2515 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2516 "group key handshake completed (%s)",
2517 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2518 sm->has_GTK = TRUE;
2519}
2520
2521
2522SM_STATE(WPA_PTK_GROUP, KEYERROR)
2523{
2524 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2525 if (sm->GUpdateStationKeys)
2526 sm->group->GKeyDoneStations--;
2527 sm->GUpdateStationKeys = FALSE;
2528 sm->Disconnect = TRUE;
2529}
2530
2531
2532SM_STEP(WPA_PTK_GROUP)
2533{
9663596f 2534 if (sm->Init || sm->PtkGroupInit) {
6fc6879b 2535 SM_ENTER(WPA_PTK_GROUP, IDLE);
9663596f
JM		 2536 sm->PtkGroupInit = FALSE;
2537 } else switch (sm->wpa_ptk_group_state) {
6fc6879b
JM		 2538 case WPA_PTK_GROUP_IDLE:
2539 if (sm->GUpdateStationKeys ||
2540 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2541 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2542 break;
2543 case WPA_PTK_GROUP_REKEYNEGOTIATING:
2544 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2545 !sm->EAPOLKeyPairwise && sm->MICVerified)
2546 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2547 else if (sm->GTimeoutCtr >
2548 (int) dot11RSNAConfigGroupUpdateCount)
2549 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2550 else if (sm->TimeoutEvt)
2551 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2552 break;
2553 case WPA_PTK_GROUP_KEYERROR:
2554 SM_ENTER(WPA_PTK_GROUP, IDLE);
2555 break;
2556 case WPA_PTK_GROUP_REKEYESTABLISHED:
2557 SM_ENTER(WPA_PTK_GROUP, IDLE);
2558 break;
2559 }
2560}
2561
2562
2563static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2564 struct wpa_group *group)
2565{
2566 int ret = 0;
2567
6fc6879b
JM		 2568 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2569 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2570 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2571 wpa_auth->addr, group->GNonce,
2572 group->GTK[group->GN - 1], group->GTK_len) < 0)
2573 ret = -1;
5cb9d5c3
JM		 2574 wpa_hexdump_key(MSG_DEBUG, "GTK",
2575 group->GTK[group->GN - 1], group->GTK_len);
6fc6879b
JM		 2576
2577#ifdef CONFIG_IEEE80211W
70f8cc8e 2578 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
8dd9f9cd
JM		 2579 size_t len;
2580 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
5cb9d5c3
JM		 2581 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2582 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2583 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2584 wpa_auth->addr, group->GNonce,
8dd9f9cd 2585 group->IGTK[group->GN_igtk - 4], len) < 0)
3c7302c2 2586 ret = -1;
6fc6879b 2587 wpa_hexdump_key(MSG_DEBUG, "IGTK",
8dd9f9cd 2588 group->IGTK[group->GN_igtk - 4], len);
6fc6879b
JM		 2589 }
2590#endif /* CONFIG_IEEE80211W */
2591
2592 return ret;
2593}
2594
2595
2596static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2597 struct wpa_group *group)
2598{
2599 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2600 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2601 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2602 group->wpa_group_state = WPA_GROUP_GTK_INIT;
2603
2604 /* GTK[0..N] = 0 */
2605 os_memset(group->GTK, 0, sizeof(group->GTK));
2606 group->GN = 1;
2607 group->GM = 2;
2608#ifdef CONFIG_IEEE80211W
2609 group->GN_igtk = 4;
2610 group->GM_igtk = 5;
2611#endif /* CONFIG_IEEE80211W */
2612 /* GTK[GN] = CalcGTK() */
2613 wpa_gtk_update(wpa_auth, group);
2614}
2615
2616
2617static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2618{
473b6f22
MB		 2619 if (ctx != NULL && ctx != sm->group)
2620 return 0;
2621
6fc6879b
JM		 2622 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2623 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2624 "Not in PTKINITDONE; skip Group Key update");
3c183894 2625 sm->GUpdateStationKeys = FALSE;
6fc6879b
JM		 2626 return 0;
2627 }
9663596f
JM		 2628 if (sm->GUpdateStationKeys) {
2629 /*
3c183894
JM		 2630 * This should not really happen, so add a debug log entry.
2631 * Since we clear the GKeyDoneStations before the loop, the
2632 * station needs to be counted here anyway.
9663596f
JM		 2633 */
2634 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3c183894
JM		 2635 "GUpdateStationKeys was already set when "
2636 "marking station for GTK rekeying");
9663596f 2637 }
3c183894 2638
ad3872a3 2639 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
d32d94db
XC		 2640 if (sm->is_wnmsleep)
2641 return 0;
d32d94db 2642
3c183894
JM		 2643 sm->group->GKeyDoneStations++;
2644 sm->GUpdateStationKeys = TRUE;
2645
6fc6879b
JM		 2646 wpa_sm_step(sm);
2647 return 0;
2648}
2649
2650
ad3872a3
JM		 2651#ifdef CONFIG_WNM
2652/* update GTK when exiting WNM-Sleep Mode */
d32d94db
XC		 2653void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
2654{
629edfef 2655 if (sm == NULL || sm->is_wnmsleep)
d32d94db
XC		 2656 return;
2657
2658 wpa_group_update_sta(sm, NULL);
2659}
2660
2661
2662void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
2663{
629edfef
JM		 2664 if (sm)
2665 sm->is_wnmsleep = !!flag;
d32d94db
XC		 2666}
2667
2668
2669int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2670{
d32d94db 2671 struct wpa_group *gsm = sm->group;
835822d4 2672 u8 *start = pos;
d32d94db
XC		 2673
2674 /*
835822d4 2675 * GTK subelement:
d32d94db 2676 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
835822d4 2677 * Key[5..32]
d32d94db 2678 */
835822d4
JM		 2679 *pos++ = WNM_SLEEP_SUBELEM_GTK;
2680 *pos++ = 11 + gsm->GTK_len;
d32d94db 2681 /* Key ID in B0-B1 of Key Info */
835822d4
JM		 2682 WPA_PUT_LE16(pos, gsm->GN & 0x03);
2683 pos += 2;
2684 *pos++ = gsm->GTK_len;
2685 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
d32d94db 2686 return 0;
835822d4
JM		 2687 pos += 8;
2688 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2689 pos += gsm->GTK_len;
d32d94db 2690
835822d4
JM		 2691 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
2692 gsm->GN);
2693 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
d32d94db 2694 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
d32d94db 2695
835822d4 2696 return pos - start;
d32d94db
XC		 2697}
2698
2699
2700#ifdef CONFIG_IEEE80211W
2701int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2702{
d32d94db 2703 struct wpa_group *gsm = sm->group;
835822d4 2704 u8 *start = pos;
8dd9f9cd 2705 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
d32d94db 2706
835822d4
JM		 2707 /*
2708 * IGTK subelement:
2709 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
2710 */
2711 *pos++ = WNM_SLEEP_SUBELEM_IGTK;
8dd9f9cd 2712 *pos++ = 2 + 6 + len;
835822d4
JM		 2713 WPA_PUT_LE16(pos, gsm->GN_igtk);
2714 pos += 2;
2715 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
d32d94db 2716 return 0;
835822d4 2717 pos += 6;
d32d94db 2718
8dd9f9cd
JM		 2719 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
2720 pos += len;
d32d94db 2721
835822d4
JM		 2722 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
2723 gsm->GN_igtk);
2724 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
8dd9f9cd 2725 gsm->IGTK[gsm->GN_igtk - 4], len);
d32d94db 2726
835822d4 2727 return pos - start;
d32d94db
XC		 2728}
2729#endif /* CONFIG_IEEE80211W */
ad3872a3 2730#endif /* CONFIG_WNM */
d32d94db
XC		 2731
2732
6fc6879b
JM		 2733static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2734 struct wpa_group *group)
2735{
2736 int tmp;
2737
2738 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2739 "SETKEYS (VLAN-ID %d)", group->vlan_id);
2740 group->changed = TRUE;
2741 group->wpa_group_state = WPA_GROUP_SETKEYS;
2742 group->GTKReKey = FALSE;
2743 tmp = group->GM;
2744 group->GM = group->GN;
2745 group->GN = tmp;
2746#ifdef CONFIG_IEEE80211W
2747 tmp = group->GM_igtk;
2748 group->GM_igtk = group->GN_igtk;
2749 group->GN_igtk = tmp;
2750#endif /* CONFIG_IEEE80211W */
2751 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2752 * counting the STAs that are marked with GUpdateStationKeys instead of
2753 * including all STAs that could be in not-yet-completed state. */
2754 wpa_gtk_update(wpa_auth, group);
2755
3c183894
JM		 2756 if (group->GKeyDoneStations) {
2757 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
2758 "GKeyDoneStations=%d when starting new GTK rekey",
2759 group->GKeyDoneStations);
2760 group->GKeyDoneStations = 0;
2761 }
473b6f22 2762 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
6fc6879b
JM		 2763 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2764 group->GKeyDoneStations);
2765}
2766
2767
1bdb7ab3
JM		 2768static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
2769 struct wpa_group *group)
6fc6879b 2770{
3c7302c2
JM		 2771 int ret = 0;
2772
3c7302c2 2773 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
c3550295 2774 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
0382097e
JM		 2775 broadcast_ether_addr, group->GN,
2776 group->GTK[group->GN - 1], group->GTK_len) < 0)
3c7302c2 2777 ret = -1;
6fc6879b
JM		 2778
2779#ifdef CONFIG_IEEE80211W
8dd9f9cd
JM		 2780 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2781 enum wpa_alg alg;
2782 size_t len;
2783
2784 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
2785 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2786
2787 if (ret == 0 &&
2788 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
2789 broadcast_ether_addr, group->GN_igtk,
2790 group->IGTK[group->GN_igtk - 4], len) < 0)
2791 ret = -1;
2792 }
6fc6879b 2793#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 2794
2795 return ret;
6fc6879b
JM		 2796}
2797
2798
7d7f7be2
JM		 2799static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
2800{
2801 if (sm->group == ctx) {
2802 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
2803 " for discconnection due to fatal failure",
2804 MAC2STR(sm->addr));
2805 sm->Disconnect = TRUE;
2806 }
2807
2808 return 0;
2809}
2810
2811
2812static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
2813 struct wpa_group *group)
2814{
2815 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
2816 group->changed = TRUE;
2817 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
2818 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
2819}
2820
2821
1bdb7ab3
JM		 2822static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2823 struct wpa_group *group)
2824{
2825 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2826 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2827 group->changed = TRUE;
2828 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2829
7d7f7be2
JM		 2830 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
2831 wpa_group_fatal_failure(wpa_auth, group);
1bdb7ab3 2832 return -1;
7d7f7be2 2833 }
1bdb7ab3
JM		 2834
2835 return 0;
2836}
2837
2838
6fc6879b
JM		 2839static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2840 struct wpa_group *group)
2841{
2842 if (group->GInit) {
2843 wpa_group_gtk_init(wpa_auth, group);
7d7f7be2
JM		 2844 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
2845 /* Do not allow group operations */
6fc6879b
JM		 2846 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2847 group->GTKAuthenticator) {
2848 wpa_group_setkeysdone(wpa_auth, group);
2849 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2850 group->GTKReKey) {
2851 wpa_group_setkeys(wpa_auth, group);
2852 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2853 if (group->GKeyDoneStations == 0)
2854 wpa_group_setkeysdone(wpa_auth, group);
2855 else if (group->GTKReKey)
2856 wpa_group_setkeys(wpa_auth, group);
2857 }
2858}
2859
2860
e4a6ea1d 2861static int wpa_sm_step(struct wpa_state_machine *sm)
6fc6879b
JM		 2862{
2863 if (sm == NULL)
e4a6ea1d 2864 return 0;
6fc6879b
JM		 2865
2866 if (sm->in_step_loop) {
2867 /* This should not happen, but if it does, make sure we do not
2868 * end up freeing the state machine too early by exiting the
2869 * recursive call. */
2870 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
e4a6ea1d 2871 return 0;
6fc6879b
JM		 2872 }
2873
2874 sm->in_step_loop = 1;
2875 do {
2876 if (sm->pending_deinit)
2877 break;
2878
2879 sm->changed = FALSE;
2880 sm->wpa_auth->group->changed = FALSE;
2881
2882 SM_STEP_RUN(WPA_PTK);
2883 if (sm->pending_deinit)
2884 break;
2885 SM_STEP_RUN(WPA_PTK_GROUP);
2886 if (sm->pending_deinit)
2887 break;
2888 wpa_group_sm_step(sm->wpa_auth, sm->group);
2889 } while (sm->changed || sm->wpa_auth->group->changed);
2890 sm->in_step_loop = 0;
2891
2892 if (sm->pending_deinit) {
2893 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2894 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2895 wpa_free_sta_sm(sm);
e4a6ea1d 2896 return 1;
6fc6879b 2897 }
e4a6ea1d 2898 return 0;
6fc6879b
JM		 2899}
2900
2901
2902static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2903{
2904 struct wpa_state_machine *sm = eloop_ctx;
2905 wpa_sm_step(sm);
2906}
2907
2908
2909void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2910{
2911 if (sm == NULL)
2912 return;
2913 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2914}
2915
2916
2917void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2918{
2919 int tmp, i;
2920 struct wpa_group *group;
2921
2922 if (wpa_auth == NULL)
2923 return;
2924
2925 group = wpa_auth->group;
2926
2927 for (i = 0; i < 2; i++) {
2928 tmp = group->GM;
2929 group->GM = group->GN;
2930 group->GN = tmp;
2931#ifdef CONFIG_IEEE80211W
2932 tmp = group->GM_igtk;
2933 group->GM_igtk = group->GN_igtk;
2934 group->GN_igtk = tmp;
2935#endif /* CONFIG_IEEE80211W */
2936 wpa_gtk_update(wpa_auth, group);
9354e594 2937 wpa_group_config_group_keys(wpa_auth, group);
6fc6879b
JM		 2938 }
2939}
2940
2941
2942static const char * wpa_bool_txt(int bool)
2943{
2944 return bool ? "TRUE" : "FALSE";
2945}
2946
2947
6fc6879b
JM		 2948#define RSN_SUITE "%02x-%02x-%02x-%d"
2949#define RSN_SUITE_ARG(s) \
2950((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2951
2952int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2953{
2954 int len = 0, ret;
2955 char pmkid_txt[PMKID_LEN * 2 + 1];
8ce58ceb
IH		 2956#ifdef CONFIG_RSN_PREAUTH
2957 const int preauth = 1;
2958#else /* CONFIG_RSN_PREAUTH */
2959 const int preauth = 0;
2960#endif /* CONFIG_RSN_PREAUTH */
6fc6879b
JM		 2961
2962 if (wpa_auth == NULL)
2963 return len;
2964
2965 ret = os_snprintf(buf + len, buflen - len,
2966 "dot11RSNAOptionImplemented=TRUE\n"
8ce58ceb 2967 "dot11RSNAPreauthenticationImplemented=%s\n"
6fc6879b
JM		 2968 "dot11RSNAEnabled=%s\n"
2969 "dot11RSNAPreauthenticationEnabled=%s\n",
8ce58ceb 2970 wpa_bool_txt(preauth),
6fc6879b
JM		 2971 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2972 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
d85e1fc8 2973 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 2974 return len;
2975 len += ret;
2976
2977 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2978 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2979
2980 ret = os_snprintf(
2981 buf + len, buflen - len,
2982 "dot11RSNAConfigVersion=%u\n"
2983 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2984 /* FIX: dot11RSNAConfigGroupCipher */
2985 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2986 /* FIX: dot11RSNAConfigGroupRekeyTime */
2987 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2988 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2989 "dot11RSNAConfigGroupUpdateCount=%u\n"
2990 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2991 "dot11RSNAConfigGroupCipherSize=%u\n"
2992 "dot11RSNAConfigPMKLifetime=%u\n"
2993 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2994 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2995 "dot11RSNAConfigSATimeout=%u\n"
2996 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2997 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2998 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2999 "dot11RSNAPMKIDUsed=%s\n"
3000 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3001 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3002 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3003 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
3004 "dot11RSNA4WayHandshakeFailures=%u\n"
3005 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
3006 RSN_VERSION,
3007 !!wpa_auth->conf.wpa_strict_rekey,
3008 dot11RSNAConfigGroupUpdateCount,
3009 dot11RSNAConfigPairwiseUpdateCount,
c3550295 3010 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
6fc6879b
JM		 3011 dot11RSNAConfigPMKLifetime,
3012 dot11RSNAConfigPMKReauthThreshold,
3013 dot11RSNAConfigSATimeout,
3014 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
3015 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
3016 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
3017 pmkid_txt,
3018 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
3019 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
3020 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
3021 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
3022 wpa_auth->dot11RSNA4WayHandshakeFailures);
d85e1fc8 3023 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3024 return len;
3025 len += ret;
3026
3027 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
3028 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
3029
3030 /* Private MIB */
3031 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
3032 wpa_auth->group->wpa_group_state);
d85e1fc8 3033 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3034 return len;
3035 len += ret;
3036
3037 return len;
3038}
3039
3040
3041int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
3042{
3043 int len = 0, ret;
3044 u32 pairwise = 0;
3045
3046 if (sm == NULL)
3047 return 0;
3048
3049 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
3050
3051 /* dot11RSNAStatsEntry */
3052
c3550295
JM		 3053 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
3054 WPA_PROTO_RSN : WPA_PROTO_WPA,
3055 sm->pairwise);
3056 if (pairwise == 0)
6fc6879b
JM		 3057 return 0;
3058
3059 ret = os_snprintf(
3060 buf + len, buflen - len,
3061 /* TODO: dot11RSNAStatsIndex */
3062 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
3063 "dot11RSNAStatsVersion=1\n"
3064 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
3065 /* TODO: dot11RSNAStatsTKIPICVErrors */
3066 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
d9040cdb 3067 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
6fc6879b
JM		 3068 /* TODO: dot11RSNAStatsCCMPReplays */
3069 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
3070 /* TODO: dot11RSNAStatsTKIPReplays */,
3071 MAC2STR(sm->addr),
3072 RSN_SUITE_ARG(pairwise),
3073 sm->dot11RSNAStatsTKIPLocalMICFailures,
3074 sm->dot11RSNAStatsTKIPRemoteMICFailures);
d85e1fc8 3075 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3076 return len;
3077 len += ret;
3078
3079 /* Private MIB */
3080 ret = os_snprintf(buf + len, buflen - len,
3081 "hostapdWPAPTKState=%d\n"
3082 "hostapdWPAPTKGroupState=%d\n",
3083 sm->wpa_ptk_state,
3084 sm->wpa_ptk_group_state);
d85e1fc8 3085 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3086 return len;
3087 len += ret;
3088
3089 return len;
3090}
3091
3092
3093void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
3094{
3095 if (wpa_auth)
3096 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
3097}
3098
3099
3100int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
3101{
3102 return sm && sm->pairwise_set;
3103}
3104
3105
ff36ff00
JM		 3106int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
3107{
3108 return sm->pairwise;
3109}
3110
3111
6fc6879b
JM		 3112int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
3113{
3114 if (sm == NULL)
3115 return -1;
3116 return sm->wpa_key_mgmt;
3117}
3118
3119
3120int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3121{
3122 if (sm == NULL)
3123 return 0;
3124 return sm->wpa;
3125}
3126
3127
3128int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3129 struct rsn_pmksa_cache_entry *entry)
3130{
3131 if (sm == NULL || sm->pmksa != entry)
3132 return -1;
3133 sm->pmksa = NULL;
3134 return 0;
3135}
3136
3137
3138struct rsn_pmksa_cache_entry *
3139wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3140{
3141 return sm ? sm->pmksa : NULL;
3142}
3143
3144
3145void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
3146{
3147 if (sm)
3148 sm->dot11RSNAStatsTKIPLocalMICFailures++;
3149}
3150
3151
3152const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
3153{
3154 if (wpa_auth == NULL)
3155 return NULL;
3156 *len = wpa_auth->wpa_ie_len;
3157 return wpa_auth->wpa_ie;
3158}
3159
3160
3161int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
3162 int session_timeout, struct eapol_state_machine *eapol)
3163{
cb465555
JM		 3164 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
3165 sm->wpa_auth->conf.disable_pmksa_caching)
6fc6879b
JM		 3166 return -1;
3167
4bb081f1 3168 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
087a1f4e 3169 sm->PTK.kck, sizeof(sm->PTK.kck),
4bb081f1
JM		 3170 sm->wpa_auth->addr, sm->addr, session_timeout,
3171 eapol, sm->wpa_key_mgmt))
6fc6879b
JM		 3172 return 0;
3173
3174 return -1;
3175}
3176
3177
3178int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
3179 const u8 *pmk, size_t len, const u8 *sta_addr,
3180 int session_timeout,
3181 struct eapol_state_machine *eapol)
3182{
3183 if (wpa_auth == NULL)
3184 return -1;
3185
087a1f4e
JM		 3186 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len,
3187 NULL, 0,
3188 wpa_auth->addr,
4bb081f1
JM		 3189 sta_addr, session_timeout, eapol,
3190 WPA_KEY_MGMT_IEEE8021X))
6fc6879b
JM		 3191 return 0;
3192
3193 return -1;
3194}
3195
3196
f2991170
JM		 3197int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
3198 const u8 *pmk)
3199{
3200 if (wpa_auth->conf.disable_pmksa_caching)
3201 return -1;
3202
3203 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN,
087a1f4e 3204 NULL, 0,
f2991170
JM		 3205 wpa_auth->addr, addr, 0, NULL,
3206 WPA_KEY_MGMT_SAE))
3207 return 0;
3208
3209 return -1;
3210}
3211
3212
901d1fe1
JM		 3213void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
3214 const u8 *sta_addr)
3215{
3216 struct rsn_pmksa_cache_entry *pmksa;
3217
3218 if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
3219 return;
3220 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3221 if (pmksa) {
3222 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
3223 MACSTR " based on request", MAC2STR(sta_addr));
3224 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
3225 }
3226}
3227
3228
6fc6879b
JM		 3229static struct wpa_group *
3230wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3231{
3232 struct wpa_group *group;
3233
3234 if (wpa_auth == NULL || wpa_auth->group == NULL)
3235 return NULL;
3236
3237 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
3238 vlan_id);
bdffdc5d 3239 group = wpa_group_init(wpa_auth, vlan_id, 0);
6fc6879b
JM		 3240 if (group == NULL)
3241 return NULL;
3242
3243 group->next = wpa_auth->group->next;
3244 wpa_auth->group->next = group;
3245
3246 return group;
3247}
3248
3249
3250int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
3251{
3252 struct wpa_group *group;
3253
3254 if (sm == NULL || sm->wpa_auth == NULL)
3255 return 0;
3256
3257 group = sm->wpa_auth->group;
3258 while (group) {
3259 if (group->vlan_id == vlan_id)
3260 break;
3261 group = group->next;
3262 }
3263
3264 if (group == NULL) {
3265 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
3266 if (group == NULL)
3267 return -1;
3268 }
3269
3270 if (sm->group == group)
3271 return 0;
3272
7d7f7be2
JM		 3273 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3274 return -1;
3275
6fc6879b
JM		 3276 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
3277 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
3278
3279 sm->group = group;
3280 return 0;
3281}
e4bf4db9
JM		 3282
3283
3284void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
3285 struct wpa_state_machine *sm, int ack)
3286{
3287 if (wpa_auth == NULL || sm == NULL)
3288 return;
3289 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
3290 " ack=%d", MAC2STR(sm->addr), ack);
3291 if (sm->pending_1_of_4_timeout && ack) {
3292 /*
3293 * Some deployed supplicant implementations update their SNonce
3294 * for each EAPOL-Key 2/4 message even within the same 4-way
3295 * handshake and then fail to use the first SNonce when
3296 * deriving the PTK. This results in unsuccessful 4-way
3297 * handshake whenever the relatively short initial timeout is
3298 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
3299 * around this by increasing the timeout now that we know that
3300 * the station has received the frame.
3301 */
3302 int timeout_ms = eapol_key_timeout_subseq;
3303 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
3304 "timeout by %u ms because of acknowledged frame",
3305 timeout_ms);
3306 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
3307 eloop_register_timeout(timeout_ms / 1000,
3308 (timeout_ms % 1000) * 1000,
3309 wpa_send_eapol_timeout, wpa_auth, sm);
3310 }
3311}
c10347f2
JM		 3312
3313
3314int wpa_auth_uses_sae(struct wpa_state_machine *sm)
3315{
3316 if (sm == NULL)
3317 return 0;
3318 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
3319}
aa189ac9
JM		 3320
3321
3322int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
3323{
3324 if (sm == NULL)
3325 return 0;
3326 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
3327}
25ef8529
JM		 3328
3329
3330#ifdef CONFIG_P2P
3331int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
3332{
3333 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
3334 return -1;
3335 os_memcpy(addr, sm->ip_addr, 4);
3336 return 0;
3337}
3338#endif /* CONFIG_P2P */
Unnamed repository; edit this file 'description' to name the repository.