]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
FT: Do not include RSN IE in (Re)Assoc Resp during initial MD association
[thirdparty/hostap.git] / src / ap / wpa_auth.c
CommitLineData
6fc6879b
JM		 1/*
2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
e6965d4e 3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
6fc6879b
JM		 4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
6226e38d 15#include "utils/includes.h"
6fc6879b 16
6226e38d
JM		 17#include "utils/common.h"
18#include "utils/eloop.h"
19#include "utils/state_machine.h"
81f4f619 20#include "common/ieee802_11_defs.h"
03da66bd
JM		 21#include "crypto/aes_wrap.h"
22#include "crypto/crypto.h"
23#include "crypto/sha1.h"
24#include "crypto/sha256.h"
281c950b 25#include "eapol_auth/eapol_auth_sm.h"
6226e38d 26#include "ap_config.h"
6fc6879b 27#include "ieee802_11.h"
6226e38d
JM		 28#include "wpa_auth.h"
29#include "pmksa_cache_auth.h"
6fc6879b
JM		 30#include "wpa_auth_i.h"
31#include "wpa_auth_ie.h"
32
33#define STATE_MACHINE_DATA struct wpa_state_machine
34#define STATE_MACHINE_DEBUG_PREFIX "WPA"
35#define STATE_MACHINE_ADDR sm->addr
36
37
38static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
e4a6ea1d 39static int wpa_sm_step(struct wpa_state_machine *sm);
6fc6879b
JM		 40static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
41static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
42static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
43 struct wpa_group *group);
581a8cde 44static void wpa_request_new_ptk(struct wpa_state_machine *sm);
e6965d4e
JM		 45static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
46 struct wpa_group *group);
6fc6879b 47
bae61562
JM		 48static const u32 dot11RSNAConfigGroupUpdateCount = 4;
49static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
50static const u32 eapol_key_timeout_first = 100; /* ms */
51static const u32 eapol_key_timeout_subseq = 1000; /* ms */
6fc6879b
JM		 52
53/* TODO: make these configurable */
54static const int dot11RSNAConfigPMKLifetime = 43200;
55static const int dot11RSNAConfigPMKReauthThreshold = 70;
56static const int dot11RSNAConfigSATimeout = 60;
57
58
59static inline void wpa_auth_mic_failure_report(
60 struct wpa_authenticator *wpa_auth, const u8 *addr)
61{
62 if (wpa_auth->cb.mic_failure_report)
63 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
64}
65
66
67static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
68 const u8 *addr, wpa_eapol_variable var,
69 int value)
70{
71 if (wpa_auth->cb.set_eapol)
72 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
73}
74
75
76static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
77 const u8 *addr, wpa_eapol_variable var)
78{
79 if (wpa_auth->cb.get_eapol == NULL)
80 return -1;
81 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
82}
83
84
85static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
86 const u8 *addr, const u8 *prev_psk)
87{
88 if (wpa_auth->cb.get_psk == NULL)
89 return NULL;
90 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
91}
92
93
94static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
95 const u8 *addr, u8 *msk, size_t *len)
96{
97 if (wpa_auth->cb.get_msk == NULL)
98 return -1;
99 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
100}
101
102
103static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
104 int vlan_id,
71934751 105 enum wpa_alg alg, const u8 *addr, int idx,
6fc6879b
JM		 106 u8 *key, size_t key_len)
107{
108 if (wpa_auth->cb.set_key == NULL)
109 return -1;
110 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
111 key, key_len);
112}
113
114
115static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
116 const u8 *addr, int idx, u8 *seq)
117{
118 if (wpa_auth->cb.get_seqnum == NULL)
119 return -1;
120 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
121}
122
123
6fc6879b
JM		 124static inline int
125wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
126 const u8 *data, size_t data_len, int encrypt)
127{
128 if (wpa_auth->cb.send_eapol == NULL)
129 return -1;
130 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
131 encrypt);
132}
133
134
135int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
136 int (*cb)(struct wpa_state_machine *sm, void *ctx),
137 void *cb_ctx)
138{
139 if (wpa_auth->cb.for_each_sta == NULL)
140 return 0;
141 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
142}
143
144
bf98f7f3
JM		 145int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
146 int (*cb)(struct wpa_authenticator *a, void *ctx),
147 void *cb_ctx)
148{
149 if (wpa_auth->cb.for_each_auth == NULL)
150 return 0;
151 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
152}
153
154
6fc6879b
JM		 155void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
156 logger_level level, const char *txt)
157{
158 if (wpa_auth->cb.logger == NULL)
159 return;
160 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
161}
162
163
164void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
165 logger_level level, const char *fmt, ...)
166{
167 char *format;
168 int maxlen;
169 va_list ap;
170
171 if (wpa_auth->cb.logger == NULL)
172 return;
173
174 maxlen = os_strlen(fmt) + 100;
175 format = os_malloc(maxlen);
176 if (!format)
177 return;
178
179 va_start(ap, fmt);
180 vsnprintf(format, maxlen, fmt, ap);
181 va_end(ap);
182
183 wpa_auth_logger(wpa_auth, addr, level, format);
184
185 os_free(format);
186}
187
188
189static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
190 const u8 *addr)
191{
192 if (wpa_auth->cb.disconnect == NULL)
193 return;
194 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
195 WLAN_REASON_PREV_AUTH_NOT_VALID);
196}
197
198
199static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
200{
56586197 201 int ret = 0;
6fc6879b 202#ifdef CONFIG_IEEE80211R
56586197
JM		 203 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
204 ret = 1;
6fc6879b 205#endif /* CONFIG_IEEE80211R */
56586197
JM		 206#ifdef CONFIG_IEEE80211W
207 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
208 ret = 1;
209#endif /* CONFIG_IEEE80211W */
210 return ret;
6fc6879b
JM		 211}
212
213
214static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
215{
216 struct wpa_authenticator *wpa_auth = eloop_ctx;
217
218 if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) {
219 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
220 "initialization.");
221 } else {
222 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
223 }
224
225 if (wpa_auth->conf.wpa_gmk_rekey) {
226 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
227 wpa_rekey_gmk, wpa_auth, NULL);
228 }
229}
230
231
232static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
233{
234 struct wpa_authenticator *wpa_auth = eloop_ctx;
235 struct wpa_group *group;
236
237 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
238 for (group = wpa_auth->group; group; group = group->next) {
239 group->GTKReKey = TRUE;
240 do {
241 group->changed = FALSE;
242 wpa_group_sm_step(wpa_auth, group);
243 } while (group->changed);
244 }
245
246 if (wpa_auth->conf.wpa_group_rekey) {
247 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
248 0, wpa_rekey_gtk, wpa_auth, NULL);
249 }
250}
251
252
581a8cde
JM		 253static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
254{
255 struct wpa_authenticator *wpa_auth = eloop_ctx;
256 struct wpa_state_machine *sm = timeout_ctx;
257
258 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
259 wpa_request_new_ptk(sm);
260 wpa_sm_step(sm);
261}
262
263
6fc6879b
JM		 264static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
265{
266 if (sm->pmksa == ctx)
267 sm->pmksa = NULL;
268 return 0;
269}
270
271
272static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
273 void *ctx)
274{
275 struct wpa_authenticator *wpa_auth = ctx;
276 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
277}
278
279
e6965d4e 280static void wpa_group_set_key_len(struct wpa_group *group, int cipher)
6fc6879b 281{
e6965d4e 282 switch (cipher) {
6fc6879b
JM		 283 case WPA_CIPHER_CCMP:
284 group->GTK_len = 16;
285 break;
286 case WPA_CIPHER_TKIP:
287 group->GTK_len = 32;
288 break;
289 case WPA_CIPHER_WEP104:
290 group->GTK_len = 13;
291 break;
292 case WPA_CIPHER_WEP40:
293 group->GTK_len = 5;
294 break;
295 }
e6965d4e
JM		 296}
297
298
299static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
300 int vlan_id)
301{
302 struct wpa_group *group;
303 u8 buf[ETH_ALEN + 8 + sizeof(group)];
304 u8 rkey[32];
305
306 group = os_zalloc(sizeof(struct wpa_group));
307 if (group == NULL)
308 return NULL;
309
310 group->GTKAuthenticator = TRUE;
311 group->vlan_id = vlan_id;
312
313 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
6fc6879b
JM		 314
315 /* Counter = PRF-256(Random number, "Init Counter",
316 * Local MAC Address || Time)
317 */
318 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
319 wpa_get_ntp_timestamp(buf + ETH_ALEN);
320 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
321 if (os_get_random(rkey, sizeof(rkey)) ||
322 os_get_random(group->GMK, WPA_GMK_LEN)) {
323 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
324 "initialization.");
325 os_free(group);
326 return NULL;
327 }
328
329 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
330 group->Counter, WPA_NONCE_LEN);
331
332 group->GInit = TRUE;
333 wpa_group_sm_step(wpa_auth, group);
334 group->GInit = FALSE;
335 wpa_group_sm_step(wpa_auth, group);
336
337 return group;
338}
339
340
341/**
342 * wpa_init - Initialize WPA authenticator
343 * @addr: Authenticator address
344 * @conf: Configuration for WPA authenticator
a17df5fb 345 * @cb: Callback functions for WPA authenticator
6fc6879b
JM		 346 * Returns: Pointer to WPA authenticator data or %NULL on failure
347 */
348struct wpa_authenticator * wpa_init(const u8 *addr,
349 struct wpa_auth_config *conf,
350 struct wpa_auth_callbacks *cb)
351{
352 struct wpa_authenticator *wpa_auth;
353
354 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
355 if (wpa_auth == NULL)
356 return NULL;
357 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
358 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
359 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
360
361 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
362 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
363 os_free(wpa_auth);
364 return NULL;
365 }
366
367 wpa_auth->group = wpa_group_init(wpa_auth, 0);
368 if (wpa_auth->group == NULL) {
369 os_free(wpa_auth->wpa_ie);
370 os_free(wpa_auth);
371 return NULL;
372 }
373
4bb081f1
JM		 374 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
375 wpa_auth);
6fc6879b
JM		 376 if (wpa_auth->pmksa == NULL) {
377 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
378 os_free(wpa_auth->wpa_ie);
379 os_free(wpa_auth);
380 return NULL;
381 }
382
383#ifdef CONFIG_IEEE80211R
384 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
385 if (wpa_auth->ft_pmk_cache == NULL) {
386 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
387 os_free(wpa_auth->wpa_ie);
4bb081f1 388 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 389 os_free(wpa_auth);
390 return NULL;
391 }
392#endif /* CONFIG_IEEE80211R */
393
394 if (wpa_auth->conf.wpa_gmk_rekey) {
395 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
396 wpa_rekey_gmk, wpa_auth, NULL);
397 }
398
399 if (wpa_auth->conf.wpa_group_rekey) {
400 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
401 wpa_rekey_gtk, wpa_auth, NULL);
402 }
403
404 return wpa_auth;
405}
406
407
408/**
409 * wpa_deinit - Deinitialize WPA authenticator
410 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
411 */
412void wpa_deinit(struct wpa_authenticator *wpa_auth)
413{
414 struct wpa_group *group, *prev;
415
416 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
417 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
418
419#ifdef CONFIG_PEERKEY
420 while (wpa_auth->stsl_negotiations)
421 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
422#endif /* CONFIG_PEERKEY */
423
4bb081f1 424 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 425
426#ifdef CONFIG_IEEE80211R
427 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
428 wpa_auth->ft_pmk_cache = NULL;
429#endif /* CONFIG_IEEE80211R */
430
431 os_free(wpa_auth->wpa_ie);
432
433 group = wpa_auth->group;
434 while (group) {
435 prev = group;
436 group = group->next;
437 os_free(prev);
438 }
439
440 os_free(wpa_auth);
441}
442
443
444/**
445 * wpa_reconfig - Update WPA authenticator configuration
446 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
447 * @conf: Configuration for WPA authenticator
448 */
449int wpa_reconfig(struct wpa_authenticator *wpa_auth,
450 struct wpa_auth_config *conf)
451{
e6965d4e 452 struct wpa_group *group;
6fc6879b
JM		 453 if (wpa_auth == NULL)
454 return 0;
455
456 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
ad08c363
JM		 457 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
458 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
459 return -1;
460 }
461
e6965d4e
JM		 462 /*
463 * Reinitialize GTK to make sure it is suitable for the new
464 * configuration.
465 */
466 group = wpa_auth->group;
467 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
468 group->GInit = TRUE;
469 wpa_group_sm_step(wpa_auth, group);
470 group->GInit = FALSE;
471 wpa_group_sm_step(wpa_auth, group);
472
6fc6879b
JM		 473 return 0;
474}
475
476
477struct wpa_state_machine *
478wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
479{
480 struct wpa_state_machine *sm;
481
482 sm = os_zalloc(sizeof(struct wpa_state_machine));
483 if (sm == NULL)
484 return NULL;
485 os_memcpy(sm->addr, addr, ETH_ALEN);
486
487 sm->wpa_auth = wpa_auth;
488 sm->group = wpa_auth->group;
489
490 return sm;
491}
492
493
6f9b5d16
JM		 494int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
495 struct wpa_state_machine *sm)
6fc6879b
JM		 496{
497 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
6f9b5d16 498 return -1;
6fc6879b
JM		 499
500#ifdef CONFIG_IEEE80211R
501 if (sm->ft_completed) {
502 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
503 "FT authentication already completed - do not "
504 "start 4-way handshake");
6f9b5d16 505 return 0;
6fc6879b
JM		 506 }
507#endif /* CONFIG_IEEE80211R */
508
509 if (sm->started) {
22a299ee 510 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
6fc6879b 511 sm->ReAuthenticationRequest = TRUE;
6f9b5d16 512 return wpa_sm_step(sm);
6fc6879b
JM		 513 }
514
515 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
516 "start authentication");
517 sm->started = 1;
518
519 sm->Init = TRUE;
e4a6ea1d 520 if (wpa_sm_step(sm) == 1)
6f9b5d16 521 return 1; /* should not really happen */
6fc6879b
JM		 522 sm->Init = FALSE;
523 sm->AuthenticationRequest = TRUE;
6f9b5d16 524 return wpa_sm_step(sm);
6fc6879b
JM		 525}
526
527
a8d05fca
JM		 528void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
529{
530 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
531 * reassociates back to the same AP while the previous entry for the
532 * STA has not yet been removed. */
533 if (sm == NULL)
534 return;
535
536 sm->wpa_key_mgmt = 0;
537}
538
539
6fc6879b
JM		 540static void wpa_free_sta_sm(struct wpa_state_machine *sm)
541{
542 os_free(sm->last_rx_eapol_key);
543 os_free(sm->wpa_ie);
544 os_free(sm);
545}
546
547
548void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
549{
550 if (sm == NULL)
551 return;
552
553 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
554 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
555 "strict rekeying - force GTK rekey since STA "
556 "is leaving");
557 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
558 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
559 NULL);
560 }
561
562 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
563 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
581a8cde 564 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 565 if (sm->in_step_loop) {
566 /* Must not free state machine while wpa_sm_step() is running.
567 * Freeing will be completed in the end of wpa_sm_step(). */
568 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
569 "machine deinit for " MACSTR, MAC2STR(sm->addr));
570 sm->pending_deinit = 1;
571 } else
572 wpa_free_sta_sm(sm);
573}
574
575
576static void wpa_request_new_ptk(struct wpa_state_machine *sm)
577{
578 if (sm == NULL)
579 return;
580
581 sm->PTKRequest = TRUE;
582 sm->PTK_valid = 0;
583}
584
585
22a299ee
JM		 586static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
587 const u8 *replay_counter)
588{
589 int i;
590 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
591 if (!sm->key_replay[i].valid)
592 break;
593 if (os_memcmp(replay_counter, sm->key_replay[i].counter,
594 WPA_REPLAY_COUNTER_LEN) == 0)
595 return 1;
596 }
597 return 0;
598}
599
600
6fc6879b
JM		 601void wpa_receive(struct wpa_authenticator *wpa_auth,
602 struct wpa_state_machine *sm,
603 u8 *data, size_t data_len)
604{
605 struct ieee802_1x_hdr *hdr;
606 struct wpa_eapol_key *key;
607 u16 key_info, key_data_length;
608 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
609 SMK_M1, SMK_M3, SMK_ERROR } msg;
610 char *msgtxt;
611 struct wpa_eapol_ie_parse kde;
612
613 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
614 return;
615
616 if (data_len < sizeof(*hdr) + sizeof(*key))
617 return;
618
619 hdr = (struct ieee802_1x_hdr *) data;
620 key = (struct wpa_eapol_key *) (hdr + 1);
621 key_info = WPA_GET_BE16(key->key_info);
622 key_data_length = WPA_GET_BE16(key->key_data_length);
623 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
624 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
625 "key_data overflow (%d > %lu)",
626 key_data_length,
627 (unsigned long) (data_len - sizeof(*hdr) -
628 sizeof(*key)));
629 return;
630 }
631
f8e96eb6
JM		 632 if (sm->wpa == WPA_VERSION_WPA2) {
633 if (key->type != EAPOL_KEY_TYPE_RSN) {
634 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
635 "unexpected type %d in RSN mode",
636 key->type);
637 return;
638 }
639 } else {
640 if (key->type != EAPOL_KEY_TYPE_WPA) {
641 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
642 "unexpected type %d in WPA mode",
643 key->type);
644 return;
645 }
646 }
647
6fc6879b
JM		 648 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
649 * are set */
650
651 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
652 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
653 if (key_info & WPA_KEY_INFO_ERROR) {
654 msg = SMK_ERROR;
655 msgtxt = "SMK Error";
656 } else {
657 msg = SMK_M1;
658 msgtxt = "SMK M1";
659 }
660 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
661 msg = SMK_M3;
662 msgtxt = "SMK M3";
663 } else if (key_info & WPA_KEY_INFO_REQUEST) {
664 msg = REQUEST;
665 msgtxt = "Request";
666 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
667 msg = GROUP_2;
668 msgtxt = "2/2 Group";
669 } else if (key_data_length == 0) {
670 msg = PAIRWISE_4;
671 msgtxt = "4/4 Pairwise";
672 } else {
673 msg = PAIRWISE_2;
674 msgtxt = "2/4 Pairwise";
675 }
676
677 /* TODO: key_info type validation for PeerKey */
678 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
679 msg == GROUP_2) {
680 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
681 if (sm->pairwise == WPA_CIPHER_CCMP) {
682 if (wpa_use_aes_cmac(sm) &&
683 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
684 wpa_auth_logger(wpa_auth, sm->addr,
685 LOGGER_WARNING,
686 "advertised support for "
687 "AES-128-CMAC, but did not "
688 "use it");
689 return;
690 }
691
692 if (!wpa_use_aes_cmac(sm) &&
693 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
694 wpa_auth_logger(wpa_auth, sm->addr,
695 LOGGER_WARNING,
696 "did not use HMAC-SHA1-AES "
697 "with CCMP");
698 return;
699 }
700 }
701 }
702
703 if (key_info & WPA_KEY_INFO_REQUEST) {
704 if (sm->req_replay_counter_used &&
705 os_memcmp(key->replay_counter, sm->req_replay_counter,
706 WPA_REPLAY_COUNTER_LEN) <= 0) {
707 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
708 "received EAPOL-Key request with "
709 "replayed counter");
710 return;
711 }
712 }
713
714 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
22a299ee
JM		 715 !wpa_replay_counter_valid(sm, key->replay_counter)) {
716 int i;
6fc6879b
JM		 717 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
718 "received EAPOL-Key %s with unexpected "
719 "replay counter", msgtxt);
22a299ee
JM		 720 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
721 if (!sm->key_replay[i].valid)
722 break;
723 wpa_hexdump(MSG_DEBUG, "pending replay counter",
724 sm->key_replay[i].counter,
725 WPA_REPLAY_COUNTER_LEN);
726 }
6fc6879b
JM		 727 wpa_hexdump(MSG_DEBUG, "received replay counter",
728 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
729 return;
730 }
731
732 switch (msg) {
733 case PAIRWISE_2:
734 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
735 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
736 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
737 "received EAPOL-Key msg 2/4 in "
738 "invalid state (%d) - dropped",
739 sm->wpa_ptk_state);
740 return;
741 }
742 if (sm->wpa_ie == NULL ||
743 sm->wpa_ie_len != key_data_length ||
744 os_memcmp(sm->wpa_ie, key + 1, key_data_length) != 0) {
745 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
746 "WPA IE from (Re)AssocReq did not "
747 "match with msg 2/4");
748 if (sm->wpa_ie) {
749 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
750 sm->wpa_ie, sm->wpa_ie_len);
751 }
752 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
753 (u8 *) (key + 1), key_data_length);
754 /* MLME-DEAUTHENTICATE.request */
755 wpa_sta_disconnect(wpa_auth, sm->addr);
756 return;
757 }
758 break;
759 case PAIRWISE_4:
760 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
761 !sm->PTK_valid) {
762 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
763 "received EAPOL-Key msg 4/4 in "
764 "invalid state (%d) - dropped",
765 sm->wpa_ptk_state);
766 return;
767 }
768 break;
769 case GROUP_2:
770 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
771 || !sm->PTK_valid) {
772 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
773 "received EAPOL-Key msg 2/2 in "
774 "invalid state (%d) - dropped",
775 sm->wpa_ptk_group_state);
776 return;
777 }
778 break;
779#ifdef CONFIG_PEERKEY
780 case SMK_M1:
781 case SMK_M3:
782 case SMK_ERROR:
783 if (!wpa_auth->conf.peerkey) {
784 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
785 "PeerKey use disabled - ignoring message");
786 return;
787 }
788 if (!sm->PTK_valid) {
789 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
790 "received EAPOL-Key msg SMK in "
791 "invalid state - dropped");
792 return;
793 }
794 break;
795#else /* CONFIG_PEERKEY */
796 case SMK_M1:
797 case SMK_M3:
798 case SMK_ERROR:
799 return; /* STSL disabled - ignore SMK messages */
800#endif /* CONFIG_PEERKEY */
801 case REQUEST:
802 break;
803 }
804
805 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
806 "received EAPOL-Key frame (%s)", msgtxt);
807
808 if (key_info & WPA_KEY_INFO_ACK) {
809 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
810 "received invalid EAPOL-Key: Key Ack set");
811 return;
812 }
813
814 if (!(key_info & WPA_KEY_INFO_MIC)) {
815 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
816 "received invalid EAPOL-Key: Key MIC not set");
817 return;
818 }
819
820 sm->MICVerified = FALSE;
821 if (sm->PTK_valid) {
822 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
823 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
824 "received EAPOL-Key with invalid MIC");
825 return;
826 }
827 sm->MICVerified = TRUE;
828 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
829 }
830
831 if (key_info & WPA_KEY_INFO_REQUEST) {
832 if (sm->MICVerified) {
833 sm->req_replay_counter_used = 1;
834 os_memcpy(sm->req_replay_counter, key->replay_counter,
835 WPA_REPLAY_COUNTER_LEN);
836 } else {
837 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
838 "received EAPOL-Key request with "
839 "invalid MIC");
840 return;
841 }
842
843 /*
844 * TODO: should decrypt key data field if encryption was used;
845 * even though MAC address KDE is not normally encrypted,
846 * supplicant is allowed to encrypt it.
847 */
848 if (msg == SMK_ERROR) {
849#ifdef CONFIG_PEERKEY
850 wpa_smk_error(wpa_auth, sm, key);
851#endif /* CONFIG_PEERKEY */
852 return;
853 } else if (key_info & WPA_KEY_INFO_ERROR) {
854 /* Supplicant reported a Michael MIC error */
855 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
856 "received EAPOL-Key Error Request "
857 "(STA detected Michael MIC failure)");
858 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
859 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
860 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
861 /* Error report is not a request for a new key
862 * handshake, but since Authenticator may do it, let's
863 * change the keys now anyway. */
864 wpa_request_new_ptk(sm);
865 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
866 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
867 "received EAPOL-Key Request for new "
868 "4-Way Handshake");
869 wpa_request_new_ptk(sm);
870#ifdef CONFIG_PEERKEY
871 } else if (msg == SMK_M1) {
872 wpa_smk_m1(wpa_auth, sm, key);
873#endif /* CONFIG_PEERKEY */
874 } else if (key_data_length > 0 &&
875 wpa_parse_kde_ies((const u8 *) (key + 1),
876 key_data_length, &kde) == 0 &&
877 kde.mac_addr) {
878 } else {
879 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
880 "received EAPOL-Key Request for GTK "
881 "rekeying");
882 /* FIX: why was this triggering PTK rekeying for the
883 * STA that requested Group Key rekeying?? */
884 /* wpa_request_new_ptk(sta->wpa_sm); */
885 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
886 wpa_rekey_gtk(wpa_auth, NULL);
887 }
888 } else {
22a299ee
JM		 889 /* Do not allow the same key replay counter to be reused. This
890 * does also invalidate all other pending replay counters if
891 * retransmissions were used, i.e., we will only process one of
892 * the pending replies and ignore rest if more than one is
893 * received. */
894 sm->key_replay[0].valid = FALSE;
6fc6879b
JM		 895 }
896
897#ifdef CONFIG_PEERKEY
898 if (msg == SMK_M3) {
899 wpa_smk_m3(wpa_auth, sm, key);
900 return;
901 }
902#endif /* CONFIG_PEERKEY */
903
904 os_free(sm->last_rx_eapol_key);
905 sm->last_rx_eapol_key = os_malloc(data_len);
906 if (sm->last_rx_eapol_key == NULL)
907 return;
908 os_memcpy(sm->last_rx_eapol_key, data, data_len);
909 sm->last_rx_eapol_key_len = data_len;
910
911 sm->EAPOLKeyReceived = TRUE;
912 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
913 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
914 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
915 wpa_sm_step(sm);
916}
917
918
919static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce,
920 u8 *gtk, size_t gtk_len)
921{
922 u8 data[ETH_ALEN + WPA_NONCE_LEN];
923
924 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
925 os_memcpy(data, addr, ETH_ALEN);
926 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
927
56586197
JM		 928#ifdef CONFIG_IEEE80211W
929 sha256_prf(gmk, WPA_GMK_LEN, "Group key expansion",
930 data, sizeof(data), gtk, gtk_len);
931#else /* CONFIG_IEEE80211W */
6fc6879b
JM		 932 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion",
933 data, sizeof(data), gtk, gtk_len);
56586197 934#endif /* CONFIG_IEEE80211W */
6fc6879b
JM		 935
936 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN);
937 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len);
938}
939
940
941static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
942{
943 struct wpa_authenticator *wpa_auth = eloop_ctx;
944 struct wpa_state_machine *sm = timeout_ctx;
945
946 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
947 sm->TimeoutEvt = TRUE;
948 wpa_sm_step(sm);
949}
950
951
952void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
953 struct wpa_state_machine *sm, int key_info,
954 const u8 *key_rsc, const u8 *nonce,
955 const u8 *kde, size_t kde_len,
956 int keyidx, int encr, int force_version)
957{
958 struct ieee802_1x_hdr *hdr;
959 struct wpa_eapol_key *key;
960 size_t len;
961 int alg;
962 int key_data_len, pad_len = 0;
963 u8 *buf, *pos;
964 int version, pairwise;
22a299ee 965 int i;
6fc6879b
JM		 966
967 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
968
969 if (force_version)
970 version = force_version;
971 else if (wpa_use_aes_cmac(sm))
972 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
973 else if (sm->pairwise == WPA_CIPHER_CCMP)
974 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
975 else
976 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
977
978 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
979
980 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
981 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
982 "encr=%d)",
983 version,
984 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
985 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
986 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
987 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
988 pairwise, (unsigned long) kde_len, keyidx, encr);
989
990 key_data_len = kde_len;
991
992 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
993 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
994 pad_len = key_data_len % 8;
995 if (pad_len)
996 pad_len = 8 - pad_len;
997 key_data_len += pad_len + 8;
998 }
999
1000 len += key_data_len;
1001
1002 hdr = os_zalloc(len);
1003 if (hdr == NULL)
1004 return;
1005 hdr->version = wpa_auth->conf.eapol_version;
1006 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1007 hdr->length = host_to_be16(len - sizeof(*hdr));
1008 key = (struct wpa_eapol_key *) (hdr + 1);
1009
1010 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1011 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1012 key_info |= version;
1013 if (encr && sm->wpa == WPA_VERSION_WPA2)
1014 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1015 if (sm->wpa != WPA_VERSION_WPA2)
1016 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1017 WPA_PUT_BE16(key->key_info, key_info);
1018
1019 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1020 switch (alg) {
1021 case WPA_CIPHER_CCMP:
1022 WPA_PUT_BE16(key->key_length, 16);
1023 break;
1024 case WPA_CIPHER_TKIP:
1025 WPA_PUT_BE16(key->key_length, 32);
1026 break;
1027 case WPA_CIPHER_WEP40:
1028 WPA_PUT_BE16(key->key_length, 5);
1029 break;
1030 case WPA_CIPHER_WEP104:
1031 WPA_PUT_BE16(key->key_length, 13);
1032 break;
1033 }
1034 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1035 WPA_PUT_BE16(key->key_length, 0);
1036
1037 /* FIX: STSL: what to use as key_replay_counter? */
22a299ee
JM		 1038 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1039 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1040 os_memcpy(sm->key_replay[i].counter,
1041 sm->key_replay[i - 1].counter,
1042 WPA_REPLAY_COUNTER_LEN);
1043 }
1044 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1045 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
6fc6879b 1046 WPA_REPLAY_COUNTER_LEN);
22a299ee 1047 sm->key_replay[0].valid = TRUE;
6fc6879b
JM		 1048
1049 if (nonce)
1050 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1051
1052 if (key_rsc)
1053 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1054
1055 if (kde && !encr) {
1056 os_memcpy(key + 1, kde, kde_len);
1057 WPA_PUT_BE16(key->key_data_length, kde_len);
1058 } else if (encr && kde) {
1059 buf = os_zalloc(key_data_len);
1060 if (buf == NULL) {
1061 os_free(hdr);
1062 return;
1063 }
1064 pos = buf;
1065 os_memcpy(pos, kde, kde_len);
1066 pos += kde_len;
1067
1068 if (pad_len)
1069 *pos++ = 0xdd;
1070
1071 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1072 buf, key_data_len);
1073 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1074 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1075 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
1076 (u8 *) (key + 1))) {
1077 os_free(hdr);
1078 os_free(buf);
1079 return;
1080 }
1081 WPA_PUT_BE16(key->key_data_length, key_data_len);
1082 } else {
1083 u8 ek[32];
1084 os_memcpy(key->key_iv,
1085 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1086 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1087 os_memcpy(ek, key->key_iv, 16);
1088 os_memcpy(ek + 16, sm->PTK.kek, 16);
1089 os_memcpy(key + 1, buf, key_data_len);
1090 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1091 WPA_PUT_BE16(key->key_data_length, key_data_len);
1092 }
1093 os_free(buf);
1094 }
1095
1096 if (key_info & WPA_KEY_INFO_MIC) {
1097 if (!sm->PTK_valid) {
1098 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1099 "PTK not valid when sending EAPOL-Key "
1100 "frame");
1101 os_free(hdr);
1102 return;
1103 }
1104 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1105 key->key_mic);
1106 }
1107
1108 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1109 1);
1110 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1111 sm->pairwise_set);
1112 os_free(hdr);
1113}
1114
1115
1116static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1117 struct wpa_state_machine *sm, int key_info,
1118 const u8 *key_rsc, const u8 *nonce,
1119 const u8 *kde, size_t kde_len,
1120 int keyidx, int encr)
1121{
1122 int timeout_ms;
1123 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
bae61562 1124 int ctr;
6fc6879b
JM		 1125
1126 if (sm == NULL)
1127 return;
1128
1129 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1130 keyidx, encr, 0);
1131
bae61562
JM		 1132 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1133 if (ctr == 1)
1134 timeout_ms = eapol_key_timeout_first;
1135 else
1136 timeout_ms = eapol_key_timeout_subseq;
6fc6879b
JM		 1137 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1138 wpa_send_eapol_timeout, wpa_auth, sm);
1139}
1140
1141
1142static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1143{
1144 struct ieee802_1x_hdr *hdr;
1145 struct wpa_eapol_key *key;
1146 u16 key_info;
1147 int ret = 0;
1148 u8 mic[16];
1149
1150 if (data_len < sizeof(*hdr) + sizeof(*key))
1151 return -1;
1152
1153 hdr = (struct ieee802_1x_hdr *) data;
1154 key = (struct wpa_eapol_key *) (hdr + 1);
1155 key_info = WPA_GET_BE16(key->key_info);
1156 os_memcpy(mic, key->key_mic, 16);
1157 os_memset(key->key_mic, 0, 16);
1158 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1159 data, data_len, key->key_mic) ||
1160 os_memcmp(mic, key->key_mic, 16) != 0)
1161 ret = -1;
1162 os_memcpy(key->key_mic, mic, 16);
1163 return ret;
1164}
1165
1166
1167void wpa_remove_ptk(struct wpa_state_machine *sm)
1168{
1169 sm->PTK_valid = FALSE;
1170 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
89d39d9d
JM		 1171 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, (u8 *) "",
1172 0);
6fc6879b 1173 sm->pairwise_set = FALSE;
581a8cde 1174 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 1175}
1176
1177
6f9b5d16 1178int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
6fc6879b 1179{
5d22a1d5
JM		 1180 int remove_ptk = 1;
1181
6fc6879b 1182 if (sm == NULL)
6f9b5d16 1183 return -1;
6fc6879b
JM		 1184
1185 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1186 "event %d notification", event);
1187
1188 switch (event) {
1189 case WPA_AUTH:
1190 case WPA_ASSOC:
1191 break;
1192 case WPA_DEAUTH:
1193 case WPA_DISASSOC:
1194 sm->DeauthenticationRequest = TRUE;
1195 break;
1196 case WPA_REAUTH:
1197 case WPA_REAUTH_EAPOL:
9663596f
JM		 1198 if (sm->GUpdateStationKeys) {
1199 /*
1200 * Reauthentication cancels the pending group key
1201 * update for this STA.
1202 */
1203 sm->group->GKeyDoneStations--;
1204 sm->GUpdateStationKeys = FALSE;
1205 sm->PtkGroupInit = TRUE;
1206 }
6fc6879b
JM		 1207 sm->ReAuthenticationRequest = TRUE;
1208 break;
1209 case WPA_ASSOC_FT:
1210#ifdef CONFIG_IEEE80211R
81a658d7
JM		 1211 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1212 "after association");
1213 wpa_ft_install_ptk(sm);
1214
6fc6879b
JM		 1215 /* Using FT protocol, not WPA auth state machine */
1216 sm->ft_completed = 1;
6f9b5d16 1217 return 0;
6fc6879b
JM		 1218#else /* CONFIG_IEEE80211R */
1219 break;
1220#endif /* CONFIG_IEEE80211R */
1221 }
1222
1223#ifdef CONFIG_IEEE80211R
1224 sm->ft_completed = 0;
1225#endif /* CONFIG_IEEE80211R */
1226
5d22a1d5
JM		 1227#ifdef CONFIG_IEEE80211W
1228 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1229 remove_ptk = 0;
1230#endif /* CONFIG_IEEE80211W */
6fc6879b 1231
5d22a1d5
JM		 1232 if (remove_ptk) {
1233 sm->PTK_valid = FALSE;
1234 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1235
1236 if (event != WPA_REAUTH_EAPOL)
1237 wpa_remove_ptk(sm);
1238 }
6fc6879b 1239
6f9b5d16 1240 return wpa_sm_step(sm);
6fc6879b
JM		 1241}
1242
1243
71934751 1244static enum wpa_alg wpa_alg_enum(int alg)
6fc6879b
JM		 1245{
1246 switch (alg) {
1247 case WPA_CIPHER_CCMP:
89d39d9d 1248 return WPA_ALG_CCMP;
6fc6879b 1249 case WPA_CIPHER_TKIP:
89d39d9d 1250 return WPA_ALG_TKIP;
6fc6879b
JM		 1251 case WPA_CIPHER_WEP104:
1252 case WPA_CIPHER_WEP40:
89d39d9d 1253 return WPA_ALG_WEP;
6fc6879b 1254 default:
89d39d9d 1255 return WPA_ALG_NONE;
6fc6879b
JM		 1256 }
1257}
1258
1259
1260SM_STATE(WPA_PTK, INITIALIZE)
1261{
1262 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1263 if (sm->Init) {
1264 /* Init flag is not cleared here, so avoid busy
1265 * loop by claiming nothing changed. */
1266 sm->changed = FALSE;
1267 }
1268
1269 sm->keycount = 0;
1270 if (sm->GUpdateStationKeys)
1271 sm->group->GKeyDoneStations--;
1272 sm->GUpdateStationKeys = FALSE;
1273 if (sm->wpa == WPA_VERSION_WPA)
1274 sm->PInitAKeys = FALSE;
1275 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1276 * Local AA > Remote AA)) */) {
1277 sm->Pair = TRUE;
1278 }
1279 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1280 wpa_remove_ptk(sm);
1281 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1282 sm->TimeoutCtr = 0;
56586197 1283 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1284 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1285 WPA_EAPOL_authorized, 0);
1286 }
1287}
1288
1289
1290SM_STATE(WPA_PTK, DISCONNECT)
1291{
1292 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1293 sm->Disconnect = FALSE;
1294 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1295}
1296
1297
1298SM_STATE(WPA_PTK, DISCONNECTED)
1299{
1300 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1301 sm->DeauthenticationRequest = FALSE;
1302}
1303
1304
1305SM_STATE(WPA_PTK, AUTHENTICATION)
1306{
1307 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1308 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1309 sm->PTK_valid = FALSE;
1310 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1311 1);
1312 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1313 sm->AuthenticationRequest = FALSE;
1314}
1315
1316
1317SM_STATE(WPA_PTK, AUTHENTICATION2)
1318{
1319 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1320 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
1321 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1322 sm->ReAuthenticationRequest = FALSE;
1323 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1324 * logical place than INITIALIZE since AUTHENTICATION2 can be
1325 * re-entered on ReAuthenticationRequest without going through
1326 * INITIALIZE. */
1327 sm->TimeoutCtr = 0;
1328}
1329
1330
1331SM_STATE(WPA_PTK, INITPMK)
1332{
1333 u8 msk[2 * PMK_LEN];
1334 size_t len = 2 * PMK_LEN;
1335
1336 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1337#ifdef CONFIG_IEEE80211R
1338 sm->xxkey_len = 0;
1339#endif /* CONFIG_IEEE80211R */
1340 if (sm->pmksa) {
1341 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1342 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1343 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1344 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1345 "(len=%lu)", (unsigned long) len);
1346 os_memcpy(sm->PMK, msk, PMK_LEN);
1347#ifdef CONFIG_IEEE80211R
1348 if (len >= 2 * PMK_LEN) {
1349 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1350 sm->xxkey_len = PMK_LEN;
1351 }
1352#endif /* CONFIG_IEEE80211R */
1353 } else {
1354 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1355 }
1356
1357 sm->req_replay_counter_used = 0;
1358 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1359 * will break reauthentication since EAPOL state machines may not be
1360 * get into AUTHENTICATING state that clears keyRun before WPA state
1361 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1362 * state and takes PMK from the previously used AAA Key. This will
1363 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1364 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1365 * be good workaround for this issue. */
1366 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1367}
1368
1369
1370SM_STATE(WPA_PTK, INITPSK)
1371{
1372 const u8 *psk;
1373 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1374 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
1375 if (psk) {
1376 os_memcpy(sm->PMK, psk, PMK_LEN);
1377#ifdef CONFIG_IEEE80211R
1378 os_memcpy(sm->xxkey, psk, PMK_LEN);
1379 sm->xxkey_len = PMK_LEN;
1380#endif /* CONFIG_IEEE80211R */
1381 }
1382 sm->req_replay_counter_used = 0;
1383}
1384
1385
1386SM_STATE(WPA_PTK, PTKSTART)
1387{
1388 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1389 size_t pmkid_len = 0;
1390
1391 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1392 sm->PTKRequest = FALSE;
1393 sm->TimeoutEvt = FALSE;
bae61562
JM		 1394
1395 sm->TimeoutCtr++;
1396 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1397 /* No point in sending the EAPOL-Key - we will disconnect
1398 * immediately following this. */
1399 return;
1400 }
1401
6fc6879b
JM		 1402 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1403 "sending 1/4 msg of 4-Way Handshake");
1404 /*
1405 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1406 * one possible PSK for this STA.
1407 */
1408 if (sm->wpa == WPA_VERSION_WPA2 &&
56586197 1409 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1410 pmkid = buf;
1411 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1412 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1413 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1414 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1415 if (sm->pmksa)
1416 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1417 sm->pmksa->pmkid, PMKID_LEN);
1418 else {
1419 /*
1420 * Calculate PMKID since no PMKSA cache entry was
1421 * available with pre-calculated PMKID.
1422 */
1423 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
56586197
JM		 1424 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1425 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1426 }
1427 }
1428 wpa_send_eapol(sm->wpa_auth, sm,
1429 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1430 sm->ANonce, pmkid, pmkid_len, 0, 0);
6fc6879b
JM		 1431}
1432
1433
1434static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1435 struct wpa_ptk *ptk)
1436{
c0a61908 1437 size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64;
6fc6879b 1438#ifdef CONFIG_IEEE80211R
56586197 1439 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
c0a61908 1440 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
6fc6879b
JM		 1441#endif /* CONFIG_IEEE80211R */
1442
1443 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1444 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
c0a61908 1445 (u8 *) ptk, ptk_len,
56586197 1446 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1447
1448 return 0;
1449}
1450
1451
1452SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1453{
1454 struct wpa_ptk PTK;
1455 int ok = 0;
1456 const u8 *pmk = NULL;
1457
1458 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1459 sm->EAPOLKeyReceived = FALSE;
1460
1461 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1462 * WPA-PSK: iterate through possible PSKs and select the one matching
1463 * the packet */
1464 for (;;) {
56586197 1465 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1466 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
1467 if (pmk == NULL)
1468 break;
1469 } else
1470 pmk = sm->PMK;
1471
1472 wpa_derive_ptk(sm, pmk, &PTK);
1473
1474 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1475 sm->last_rx_eapol_key_len) == 0) {
1476 ok = 1;
1477 break;
1478 }
1479
56586197 1480 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
6fc6879b
JM		 1481 break;
1482 }
1483
1484 if (!ok) {
1485 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1486 "invalid MIC in msg 2/4 of 4-Way Handshake");
1487 return;
1488 }
1489
1490 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1491
56586197 1492 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1493 /* PSK may have changed from the previous choice, so update
1494 * state machine data based on whatever PSK was selected here.
1495 */
1496 os_memcpy(sm->PMK, pmk, PMK_LEN);
1497 }
1498
1499 sm->MICVerified = TRUE;
1500
1501 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1502 sm->PTK_valid = TRUE;
1503}
1504
1505
1506SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1507{
1508 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1509 sm->TimeoutCtr = 0;
1510}
1511
1512
1513#ifdef CONFIG_IEEE80211W
1514
1515static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1516{
1517 if (sm->mgmt_frame_prot) {
1518 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
1519 }
1520
1521 return 0;
1522}
1523
1524
1525static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1526{
1527 struct wpa_igtk_kde igtk;
1528 struct wpa_group *gsm = sm->group;
1529
1530 if (!sm->mgmt_frame_prot)
1531 return pos;
1532
1533 igtk.keyid[0] = gsm->GN_igtk;
1534 igtk.keyid[1] = 0;
7b1080da
JM		 1535 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
1536 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
6fc6879b
JM		 1537 os_memset(igtk.pn, 0, sizeof(igtk.pn));
1538 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
1539 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1540 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
1541
1542 return pos;
1543}
1544
1545#else /* CONFIG_IEEE80211W */
1546
1547static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1548{
1549 return 0;
1550}
1551
1552
1553static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1554{
1555 return pos;
1556}
1557
1558#endif /* CONFIG_IEEE80211W */
1559
1560
1561SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1562{
1563 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
1564 size_t gtk_len, kde_len;
1565 struct wpa_group *gsm = sm->group;
1566 u8 *wpa_ie;
1567 int wpa_ie_len, secure, keyidx, encr = 0;
1568
1569 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1570 sm->TimeoutEvt = FALSE;
bae61562
JM		 1571
1572 sm->TimeoutCtr++;
1573 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1574 /* No point in sending the EAPOL-Key - we will disconnect
1575 * immediately following this. */
1576 return;
1577 }
1578
6fc6879b
JM		 1579 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, GTK[GN])
1580 */
1581 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1582 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1583 wpa_ie = sm->wpa_auth->wpa_ie;
1584 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
1585 if (sm->wpa == WPA_VERSION_WPA &&
1586 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
1587 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
1588 /* WPA-only STA, remove RSN IE */
1589 wpa_ie = wpa_ie + wpa_ie[1] + 2;
1590 wpa_ie_len = wpa_ie[1] + 2;
1591 }
1592 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1593 "sending 3/4 msg of 4-Way Handshake");
1594 if (sm->wpa == WPA_VERSION_WPA2) {
1595 /* WPA2 send GTK in the 4-way handshake */
1596 secure = 1;
1597 gtk = gsm->GTK[gsm->GN - 1];
1598 gtk_len = gsm->GTK_len;
1599 keyidx = gsm->GN;
1600 _rsc = rsc;
1601 encr = 1;
1602 } else {
1603 /* WPA does not include GTK in msg 3/4 */
1604 secure = 0;
1605 gtk = NULL;
1606 gtk_len = 0;
1607 keyidx = 0;
1608 _rsc = NULL;
1609 }
1610
1611 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
1612 if (gtk)
1613 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
1614 kde = os_malloc(kde_len);
1615 if (kde == NULL)
1616 return;
1617
1618 pos = kde;
1619 os_memcpy(pos, wpa_ie, wpa_ie_len);
1620 pos += wpa_ie_len;
1621 if (gtk) {
1622 u8 hdr[2];
1623 hdr[0] = keyidx & 0x03;
1624 hdr[1] = 0;
1625 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1626 gtk, gtk_len);
1627 }
1628 pos = ieee80211w_kde_add(sm, pos);
1629
1630 wpa_send_eapol(sm->wpa_auth, sm,
1631 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
1632 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
1633 WPA_KEY_INFO_KEY_TYPE,
1634 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
1635 os_free(kde);
6fc6879b
JM		 1636}
1637
1638
1639SM_STATE(WPA_PTK, PTKINITDONE)
1640{
1641 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
1642 sm->EAPOLKeyReceived = FALSE;
1643 if (sm->Pair) {
71934751 1644 enum wpa_alg alg;
6fc6879b
JM		 1645 int klen;
1646 if (sm->pairwise == WPA_CIPHER_TKIP) {
89d39d9d 1647 alg = WPA_ALG_TKIP;
6fc6879b
JM		 1648 klen = 32;
1649 } else {
89d39d9d 1650 alg = WPA_ALG_CCMP;
6fc6879b
JM		 1651 klen = 16;
1652 }
1653 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
1654 sm->PTK.tk1, klen)) {
1655 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1656 return;
1657 }
1658 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1659 sm->pairwise_set = TRUE;
1660
581a8cde
JM		 1661 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
1662 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1663 eloop_register_timeout(sm->wpa_auth->conf.
1664 wpa_ptk_rekey, 0, wpa_rekey_ptk,
1665 sm->wpa_auth, sm);
1666 }
1667
56586197 1668 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1669 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1670 WPA_EAPOL_authorized, 1);
1671 }
1672 }
1673
1674 if (0 /* IBSS == TRUE */) {
1675 sm->keycount++;
1676 if (sm->keycount == 2) {
1677 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1678 WPA_EAPOL_portValid, 1);
1679 }
1680 } else {
1681 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
1682 1);
1683 }
1684 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
1685 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
1686 if (sm->wpa == WPA_VERSION_WPA)
1687 sm->PInitAKeys = TRUE;
1688 else
1689 sm->has_GTK = TRUE;
1690 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1691 "pairwise key handshake completed (%s)",
1692 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1693
1694#ifdef CONFIG_IEEE80211R
1695 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
1696#endif /* CONFIG_IEEE80211R */
1697}
1698
1699
1700SM_STEP(WPA_PTK)
1701{
1702 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
1703
1704 if (sm->Init)
1705 SM_ENTER(WPA_PTK, INITIALIZE);
1706 else if (sm->Disconnect
1707 /* || FIX: dot11RSNAConfigSALifetime timeout */)
1708 SM_ENTER(WPA_PTK, DISCONNECT);
1709 else if (sm->DeauthenticationRequest)
1710 SM_ENTER(WPA_PTK, DISCONNECTED);
1711 else if (sm->AuthenticationRequest)
1712 SM_ENTER(WPA_PTK, AUTHENTICATION);
1713 else if (sm->ReAuthenticationRequest)
1714 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1715 else if (sm->PTKRequest)
1716 SM_ENTER(WPA_PTK, PTKSTART);
1717 else switch (sm->wpa_ptk_state) {
1718 case WPA_PTK_INITIALIZE:
1719 break;
1720 case WPA_PTK_DISCONNECT:
1721 SM_ENTER(WPA_PTK, DISCONNECTED);
1722 break;
1723 case WPA_PTK_DISCONNECTED:
1724 SM_ENTER(WPA_PTK, INITIALIZE);
1725 break;
1726 case WPA_PTK_AUTHENTICATION:
1727 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1728 break;
1729 case WPA_PTK_AUTHENTICATION2:
56586197 1730 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6fc6879b
JM		 1731 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1732 WPA_EAPOL_keyRun) > 0)
1733 SM_ENTER(WPA_PTK, INITPMK);
56586197 1734 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
6fc6879b
JM		 1735 /* FIX: && 802.1X::keyRun */)
1736 SM_ENTER(WPA_PTK, INITPSK);
1737 break;
1738 case WPA_PTK_INITPMK:
1739 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1740 WPA_EAPOL_keyAvailable) > 0)
1741 SM_ENTER(WPA_PTK, PTKSTART);
1742 else {
1743 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1744 SM_ENTER(WPA_PTK, DISCONNECT);
1745 }
1746 break;
1747 case WPA_PTK_INITPSK:
1748 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
1749 SM_ENTER(WPA_PTK, PTKSTART);
1750 else {
1751 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1752 "no PSK configured for the STA");
1753 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1754 SM_ENTER(WPA_PTK, DISCONNECT);
1755 }
1756 break;
1757 case WPA_PTK_PTKSTART:
1758 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1759 sm->EAPOLKeyPairwise)
1760 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1761 else if (sm->TimeoutCtr >
1762 (int) dot11RSNAConfigPairwiseUpdateCount) {
1763 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1764 SM_ENTER(WPA_PTK, DISCONNECT);
1765 } else if (sm->TimeoutEvt)
1766 SM_ENTER(WPA_PTK, PTKSTART);
1767 break;
1768 case WPA_PTK_PTKCALCNEGOTIATING:
1769 if (sm->MICVerified)
1770 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
1771 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1772 sm->EAPOLKeyPairwise)
1773 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1774 else if (sm->TimeoutEvt)
1775 SM_ENTER(WPA_PTK, PTKSTART);
1776 break;
1777 case WPA_PTK_PTKCALCNEGOTIATING2:
1778 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1779 break;
1780 case WPA_PTK_PTKINITNEGOTIATING:
1781 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1782 sm->EAPOLKeyPairwise && sm->MICVerified)
1783 SM_ENTER(WPA_PTK, PTKINITDONE);
1784 else if (sm->TimeoutCtr >
1785 (int) dot11RSNAConfigPairwiseUpdateCount) {
1786 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1787 SM_ENTER(WPA_PTK, DISCONNECT);
1788 } else if (sm->TimeoutEvt)
1789 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1790 break;
1791 case WPA_PTK_PTKINITDONE:
1792 break;
1793 }
1794}
1795
1796
1797SM_STATE(WPA_PTK_GROUP, IDLE)
1798{
1799 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
1800 if (sm->Init) {
1801 /* Init flag is not cleared here, so avoid busy
1802 * loop by claiming nothing changed. */
1803 sm->changed = FALSE;
1804 }
1805 sm->GTimeoutCtr = 0;
1806}
1807
1808
1809SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
1810{
1811 u8 rsc[WPA_KEY_RSC_LEN];
1812 struct wpa_group *gsm = sm->group;
1813 u8 *kde, *pos, hdr[2];
1814 size_t kde_len;
1815
1816 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
bae61562
JM		 1817
1818 sm->GTimeoutCtr++;
1819 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
1820 /* No point in sending the EAPOL-Key - we will disconnect
1821 * immediately following this. */
1822 return;
1823 }
1824
6fc6879b
JM		 1825 if (sm->wpa == WPA_VERSION_WPA)
1826 sm->PInitAKeys = FALSE;
1827 sm->TimeoutEvt = FALSE;
1828 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
1829 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1830 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
1831 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1832 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1833 "sending 1/2 msg of Group Key Handshake");
1834
1835 if (sm->wpa == WPA_VERSION_WPA2) {
1836 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
1837 ieee80211w_kde_len(sm);
1838 kde = os_malloc(kde_len);
1839 if (kde == NULL)
1840 return;
1841
1842 pos = kde;
1843 hdr[0] = gsm->GN & 0x03;
1844 hdr[1] = 0;
1845 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1846 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
1847 pos = ieee80211w_kde_add(sm, pos);
1848 } else {
1849 kde = gsm->GTK[gsm->GN - 1];
1850 pos = kde + gsm->GTK_len;
1851 }
1852
1853 wpa_send_eapol(sm->wpa_auth, sm,
1854 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1855 WPA_KEY_INFO_ACK |
1856 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
1857 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
1858 if (sm->wpa == WPA_VERSION_WPA2)
1859 os_free(kde);
6fc6879b
JM		 1860}
1861
1862
1863SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
1864{
1865 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
1866 sm->EAPOLKeyReceived = FALSE;
1867 if (sm->GUpdateStationKeys)
1868 sm->group->GKeyDoneStations--;
1869 sm->GUpdateStationKeys = FALSE;
1870 sm->GTimeoutCtr = 0;
1871 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
1872 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1873 "group key handshake completed (%s)",
1874 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1875 sm->has_GTK = TRUE;
1876}
1877
1878
1879SM_STATE(WPA_PTK_GROUP, KEYERROR)
1880{
1881 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
1882 if (sm->GUpdateStationKeys)
1883 sm->group->GKeyDoneStations--;
1884 sm->GUpdateStationKeys = FALSE;
1885 sm->Disconnect = TRUE;
1886}
1887
1888
1889SM_STEP(WPA_PTK_GROUP)
1890{
9663596f 1891 if (sm->Init || sm->PtkGroupInit) {
6fc6879b 1892 SM_ENTER(WPA_PTK_GROUP, IDLE);
9663596f
JM		 1893 sm->PtkGroupInit = FALSE;
1894 } else switch (sm->wpa_ptk_group_state) {
6fc6879b
JM		 1895 case WPA_PTK_GROUP_IDLE:
1896 if (sm->GUpdateStationKeys ||
1897 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
1898 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1899 break;
1900 case WPA_PTK_GROUP_REKEYNEGOTIATING:
1901 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1902 !sm->EAPOLKeyPairwise && sm->MICVerified)
1903 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
1904 else if (sm->GTimeoutCtr >
1905 (int) dot11RSNAConfigGroupUpdateCount)
1906 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
1907 else if (sm->TimeoutEvt)
1908 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1909 break;
1910 case WPA_PTK_GROUP_KEYERROR:
1911 SM_ENTER(WPA_PTK_GROUP, IDLE);
1912 break;
1913 case WPA_PTK_GROUP_REKEYESTABLISHED:
1914 SM_ENTER(WPA_PTK_GROUP, IDLE);
1915 break;
1916 }
1917}
1918
1919
1920static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
1921 struct wpa_group *group)
1922{
1923 int ret = 0;
1924
1925 /* FIX: is this the correct way of getting GNonce? */
1926 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
1927 inc_byte_array(group->Counter, WPA_NONCE_LEN);
1928 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce,
1929 group->GTK[group->GN - 1], group->GTK_len);
1930
1931#ifdef CONFIG_IEEE80211W
70f8cc8e 1932 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
6fc6879b
JM		 1933 if (os_get_random(group->IGTK[group->GN_igtk - 4],
1934 WPA_IGTK_LEN) < 0) {
1935 wpa_printf(MSG_INFO, "RSN: Failed to get new random "
1936 "IGTK");
1937 ret = -1;
1938 }
1939 wpa_hexdump_key(MSG_DEBUG, "IGTK",
1940 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
1941 }
1942#endif /* CONFIG_IEEE80211W */
1943
1944 return ret;
1945}
1946
1947
1948static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
1949 struct wpa_group *group)
1950{
1951 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1952 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
1953 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
1954 group->wpa_group_state = WPA_GROUP_GTK_INIT;
1955
1956 /* GTK[0..N] = 0 */
1957 os_memset(group->GTK, 0, sizeof(group->GTK));
1958 group->GN = 1;
1959 group->GM = 2;
1960#ifdef CONFIG_IEEE80211W
1961 group->GN_igtk = 4;
1962 group->GM_igtk = 5;
1963#endif /* CONFIG_IEEE80211W */
1964 /* GTK[GN] = CalcGTK() */
1965 wpa_gtk_update(wpa_auth, group);
1966}
1967
1968
1969static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
1970{
1971 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
1972 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1973 "Not in PTKINITDONE; skip Group Key update");
1974 return 0;
1975 }
9663596f
JM		 1976 if (sm->GUpdateStationKeys) {
1977 /*
1978 * This should not really happen, but just in case, make sure
1979 * we do not count the same STA twice in GKeyDoneStations.
1980 */
1981 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1982 "GUpdateStationKeys already set - do not "
1983 "increment GKeyDoneStations");
1984 } else {
1985 sm->group->GKeyDoneStations++;
1986 sm->GUpdateStationKeys = TRUE;
1987 }
6fc6879b
JM		 1988 wpa_sm_step(sm);
1989 return 0;
1990}
1991
1992
1993static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
1994 struct wpa_group *group)
1995{
1996 int tmp;
1997
1998 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1999 "SETKEYS (VLAN-ID %d)", group->vlan_id);
2000 group->changed = TRUE;
2001 group->wpa_group_state = WPA_GROUP_SETKEYS;
2002 group->GTKReKey = FALSE;
2003 tmp = group->GM;
2004 group->GM = group->GN;
2005 group->GN = tmp;
2006#ifdef CONFIG_IEEE80211W
2007 tmp = group->GM_igtk;
2008 group->GM_igtk = group->GN_igtk;
2009 group->GN_igtk = tmp;
2010#endif /* CONFIG_IEEE80211W */
2011 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2012 * counting the STAs that are marked with GUpdateStationKeys instead of
2013 * including all STAs that could be in not-yet-completed state. */
2014 wpa_gtk_update(wpa_auth, group);
2015
2016 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
2017 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2018 group->GKeyDoneStations);
2019}
2020
2021
2022static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2023 struct wpa_group *group)
2024{
2025 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2026 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2027 group->changed = TRUE;
2028 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2029 wpa_auth_set_key(wpa_auth, group->vlan_id,
89d39d9d 2030 wpa_alg_enum(wpa_auth->conf.wpa_group),
6fc6879b
JM		 2031 NULL, group->GN, group->GTK[group->GN - 1],
2032 group->GTK_len);
2033
2034#ifdef CONFIG_IEEE80211W
70f8cc8e 2035 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
89d39d9d 2036 wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
6fc6879b
JM		 2037 NULL, group->GN_igtk,
2038 group->IGTK[group->GN_igtk - 4],
2039 WPA_IGTK_LEN);
2040 }
2041#endif /* CONFIG_IEEE80211W */
2042}
2043
2044
2045static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2046 struct wpa_group *group)
2047{
2048 if (group->GInit) {
2049 wpa_group_gtk_init(wpa_auth, group);
2050 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2051 group->GTKAuthenticator) {
2052 wpa_group_setkeysdone(wpa_auth, group);
2053 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2054 group->GTKReKey) {
2055 wpa_group_setkeys(wpa_auth, group);
2056 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2057 if (group->GKeyDoneStations == 0)
2058 wpa_group_setkeysdone(wpa_auth, group);
2059 else if (group->GTKReKey)
2060 wpa_group_setkeys(wpa_auth, group);
2061 }
2062}
2063
2064
e4a6ea1d 2065static int wpa_sm_step(struct wpa_state_machine *sm)
6fc6879b
JM		 2066{
2067 if (sm == NULL)
e4a6ea1d 2068 return 0;
6fc6879b
JM		 2069
2070 if (sm->in_step_loop) {
2071 /* This should not happen, but if it does, make sure we do not
2072 * end up freeing the state machine too early by exiting the
2073 * recursive call. */
2074 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
e4a6ea1d 2075 return 0;
6fc6879b
JM		 2076 }
2077
2078 sm->in_step_loop = 1;
2079 do {
2080 if (sm->pending_deinit)
2081 break;
2082
2083 sm->changed = FALSE;
2084 sm->wpa_auth->group->changed = FALSE;
2085
2086 SM_STEP_RUN(WPA_PTK);
2087 if (sm->pending_deinit)
2088 break;
2089 SM_STEP_RUN(WPA_PTK_GROUP);
2090 if (sm->pending_deinit)
2091 break;
2092 wpa_group_sm_step(sm->wpa_auth, sm->group);
2093 } while (sm->changed || sm->wpa_auth->group->changed);
2094 sm->in_step_loop = 0;
2095
2096 if (sm->pending_deinit) {
2097 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2098 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2099 wpa_free_sta_sm(sm);
e4a6ea1d 2100 return 1;
6fc6879b 2101 }
e4a6ea1d 2102 return 0;
6fc6879b
JM		 2103}
2104
2105
2106static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2107{
2108 struct wpa_state_machine *sm = eloop_ctx;
2109 wpa_sm_step(sm);
2110}
2111
2112
2113void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2114{
2115 if (sm == NULL)
2116 return;
2117 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2118}
2119
2120
2121void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2122{
2123 int tmp, i;
2124 struct wpa_group *group;
2125
2126 if (wpa_auth == NULL)
2127 return;
2128
2129 group = wpa_auth->group;
2130
2131 for (i = 0; i < 2; i++) {
2132 tmp = group->GM;
2133 group->GM = group->GN;
2134 group->GN = tmp;
2135#ifdef CONFIG_IEEE80211W
2136 tmp = group->GM_igtk;
2137 group->GM_igtk = group->GN_igtk;
2138 group->GN_igtk = tmp;
2139#endif /* CONFIG_IEEE80211W */
2140 wpa_gtk_update(wpa_auth, group);
2141 }
2142}
2143
2144
2145static const char * wpa_bool_txt(int bool)
2146{
2147 return bool ? "TRUE" : "FALSE";
2148}
2149
2150
2151static int wpa_cipher_bits(int cipher)
2152{
2153 switch (cipher) {
2154 case WPA_CIPHER_CCMP:
2155 return 128;
2156 case WPA_CIPHER_TKIP:
2157 return 256;
2158 case WPA_CIPHER_WEP104:
2159 return 104;
2160 case WPA_CIPHER_WEP40:
2161 return 40;
2162 default:
2163 return 0;
2164 }
2165}
2166
2167
2168#define RSN_SUITE "%02x-%02x-%02x-%d"
2169#define RSN_SUITE_ARG(s) \
2170((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2171
2172int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2173{
2174 int len = 0, ret;
2175 char pmkid_txt[PMKID_LEN * 2 + 1];
2176
2177 if (wpa_auth == NULL)
2178 return len;
2179
2180 ret = os_snprintf(buf + len, buflen - len,
2181 "dot11RSNAOptionImplemented=TRUE\n"
2182#ifdef CONFIG_RSN_PREAUTH
2183 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2184#else /* CONFIG_RSN_PREAUTH */
2185 "dot11RSNAPreauthenticationImplemented=FALSE\n"
2186#endif /* CONFIG_RSN_PREAUTH */
2187 "dot11RSNAEnabled=%s\n"
2188 "dot11RSNAPreauthenticationEnabled=%s\n",
2189 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2190 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2191 if (ret < 0 || (size_t) ret >= buflen - len)
2192 return len;
2193 len += ret;
2194
2195 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2196 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2197
2198 ret = os_snprintf(
2199 buf + len, buflen - len,
2200 "dot11RSNAConfigVersion=%u\n"
2201 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2202 /* FIX: dot11RSNAConfigGroupCipher */
2203 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2204 /* FIX: dot11RSNAConfigGroupRekeyTime */
2205 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2206 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2207 "dot11RSNAConfigGroupUpdateCount=%u\n"
2208 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2209 "dot11RSNAConfigGroupCipherSize=%u\n"
2210 "dot11RSNAConfigPMKLifetime=%u\n"
2211 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2212 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2213 "dot11RSNAConfigSATimeout=%u\n"
2214 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2215 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2216 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2217 "dot11RSNAPMKIDUsed=%s\n"
2218 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2219 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2220 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2221 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2222 "dot11RSNA4WayHandshakeFailures=%u\n"
2223 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2224 RSN_VERSION,
2225 !!wpa_auth->conf.wpa_strict_rekey,
2226 dot11RSNAConfigGroupUpdateCount,
2227 dot11RSNAConfigPairwiseUpdateCount,
2228 wpa_cipher_bits(wpa_auth->conf.wpa_group),
2229 dot11RSNAConfigPMKLifetime,
2230 dot11RSNAConfigPMKReauthThreshold,
2231 dot11RSNAConfigSATimeout,
2232 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2233 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2234 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2235 pmkid_txt,
2236 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2237 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2238 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2239 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2240 wpa_auth->dot11RSNA4WayHandshakeFailures);
2241 if (ret < 0 || (size_t) ret >= buflen - len)
2242 return len;
2243 len += ret;
2244
2245 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2246 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2247
2248 /* Private MIB */
2249 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2250 wpa_auth->group->wpa_group_state);
2251 if (ret < 0 || (size_t) ret >= buflen - len)
2252 return len;
2253 len += ret;
2254
2255 return len;
2256}
2257
2258
2259int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2260{
2261 int len = 0, ret;
2262 u32 pairwise = 0;
2263
2264 if (sm == NULL)
2265 return 0;
2266
2267 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2268
2269 /* dot11RSNAStatsEntry */
2270
2271 if (sm->wpa == WPA_VERSION_WPA) {
2272 if (sm->pairwise == WPA_CIPHER_CCMP)
2273 pairwise = WPA_CIPHER_SUITE_CCMP;
2274 else if (sm->pairwise == WPA_CIPHER_TKIP)
2275 pairwise = WPA_CIPHER_SUITE_TKIP;
2276 else if (sm->pairwise == WPA_CIPHER_WEP104)
2277 pairwise = WPA_CIPHER_SUITE_WEP104;
2278 else if (sm->pairwise == WPA_CIPHER_WEP40)
2279 pairwise = WPA_CIPHER_SUITE_WEP40;
2280 else if (sm->pairwise == WPA_CIPHER_NONE)
2281 pairwise = WPA_CIPHER_SUITE_NONE;
2282 } else if (sm->wpa == WPA_VERSION_WPA2) {
2283 if (sm->pairwise == WPA_CIPHER_CCMP)
2284 pairwise = RSN_CIPHER_SUITE_CCMP;
2285 else if (sm->pairwise == WPA_CIPHER_TKIP)
2286 pairwise = RSN_CIPHER_SUITE_TKIP;
2287 else if (sm->pairwise == WPA_CIPHER_WEP104)
2288 pairwise = RSN_CIPHER_SUITE_WEP104;
2289 else if (sm->pairwise == WPA_CIPHER_WEP40)
2290 pairwise = RSN_CIPHER_SUITE_WEP40;
2291 else if (sm->pairwise == WPA_CIPHER_NONE)
2292 pairwise = RSN_CIPHER_SUITE_NONE;
2293 } else
2294 return 0;
2295
2296 ret = os_snprintf(
2297 buf + len, buflen - len,
2298 /* TODO: dot11RSNAStatsIndex */
2299 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2300 "dot11RSNAStatsVersion=1\n"
2301 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2302 /* TODO: dot11RSNAStatsTKIPICVErrors */
2303 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2304 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
2305 /* TODO: dot11RSNAStatsCCMPReplays */
2306 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2307 /* TODO: dot11RSNAStatsTKIPReplays */,
2308 MAC2STR(sm->addr),
2309 RSN_SUITE_ARG(pairwise),
2310 sm->dot11RSNAStatsTKIPLocalMICFailures,
2311 sm->dot11RSNAStatsTKIPRemoteMICFailures);
2312 if (ret < 0 || (size_t) ret >= buflen - len)
2313 return len;
2314 len += ret;
2315
2316 /* Private MIB */
2317 ret = os_snprintf(buf + len, buflen - len,
2318 "hostapdWPAPTKState=%d\n"
2319 "hostapdWPAPTKGroupState=%d\n",
2320 sm->wpa_ptk_state,
2321 sm->wpa_ptk_group_state);
2322 if (ret < 0 || (size_t) ret >= buflen - len)
2323 return len;
2324 len += ret;
2325
2326 return len;
2327}
2328
2329
2330void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2331{
2332 if (wpa_auth)
2333 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2334}
2335
2336
2337int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2338{
2339 return sm && sm->pairwise_set;
2340}
2341
2342
ff36ff00
JM		 2343int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
2344{
2345 return sm->pairwise;
2346}
2347
2348
6fc6879b
JM		 2349int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2350{
2351 if (sm == NULL)
2352 return -1;
2353 return sm->wpa_key_mgmt;
2354}
2355
2356
2357int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
2358{
2359 if (sm == NULL)
2360 return 0;
2361 return sm->wpa;
2362}
2363
2364
2365int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
2366 struct rsn_pmksa_cache_entry *entry)
2367{
2368 if (sm == NULL || sm->pmksa != entry)
2369 return -1;
2370 sm->pmksa = NULL;
2371 return 0;
2372}
2373
2374
2375struct rsn_pmksa_cache_entry *
2376wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
2377{
2378 return sm ? sm->pmksa : NULL;
2379}
2380
2381
2382void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
2383{
2384 if (sm)
2385 sm->dot11RSNAStatsTKIPLocalMICFailures++;
2386}
2387
2388
2389const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
2390{
2391 if (wpa_auth == NULL)
2392 return NULL;
2393 *len = wpa_auth->wpa_ie_len;
2394 return wpa_auth->wpa_ie;
2395}
2396
2397
2398int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
2399 int session_timeout, struct eapol_state_machine *eapol)
2400{
2401 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
2402 return -1;
2403
4bb081f1
JM		 2404 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
2405 sm->wpa_auth->addr, sm->addr, session_timeout,
2406 eapol, sm->wpa_key_mgmt))
6fc6879b
JM		 2407 return 0;
2408
2409 return -1;
2410}
2411
2412
2413int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
2414 const u8 *pmk, size_t len, const u8 *sta_addr,
2415 int session_timeout,
2416 struct eapol_state_machine *eapol)
2417{
2418 if (wpa_auth == NULL)
2419 return -1;
2420
4bb081f1
JM		 2421 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
2422 sta_addr, session_timeout, eapol,
2423 WPA_KEY_MGMT_IEEE8021X))
6fc6879b
JM		 2424 return 0;
2425
2426 return -1;
2427}
2428
2429
2430static struct wpa_group *
2431wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
2432{
2433 struct wpa_group *group;
2434
2435 if (wpa_auth == NULL || wpa_auth->group == NULL)
2436 return NULL;
2437
2438 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
2439 vlan_id);
2440 group = wpa_group_init(wpa_auth, vlan_id);
2441 if (group == NULL)
2442 return NULL;
2443
2444 group->next = wpa_auth->group->next;
2445 wpa_auth->group->next = group;
2446
2447 return group;
2448}
2449
2450
2451int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
2452{
2453 struct wpa_group *group;
2454
2455 if (sm == NULL || sm->wpa_auth == NULL)
2456 return 0;
2457
2458 group = sm->wpa_auth->group;
2459 while (group) {
2460 if (group->vlan_id == vlan_id)
2461 break;
2462 group = group->next;
2463 }
2464
2465 if (group == NULL) {
2466 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
2467 if (group == NULL)
2468 return -1;
2469 }
2470
2471 if (sm->group == group)
2472 return 0;
2473
2474 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
2475 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
2476
2477 sm->group = group;
2478 return 0;
2479}
Unnamed repository; edit this file 'description' to name the repository.