]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
wpa_gui: Sort frequency and signal numerically in the scan results dialog
[thirdparty/hostap.git] / src / ap / wpa_auth.c
CommitLineData
6fc6879b 1/*
00338a4f 2 * IEEE 802.11 RSN / WPA Authenticator
94ddef3e 3 * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
6fc6879b 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
6fc6879b
JM		 7 */
8
6226e38d 9#include "utils/includes.h"
6fc6879b 10
6226e38d
JM		 11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/state_machine.h"
25ef8529 14#include "utils/bitfield.h"
81f4f619 15#include "common/ieee802_11_defs.h"
03da66bd
JM		 16#include "crypto/aes_wrap.h"
17#include "crypto/crypto.h"
18#include "crypto/sha1.h"
19#include "crypto/sha256.h"
3642c431 20#include "crypto/random.h"
281c950b 21#include "eapol_auth/eapol_auth_sm.h"
6226e38d 22#include "ap_config.h"
6fc6879b 23#include "ieee802_11.h"
6226e38d
JM		 24#include "wpa_auth.h"
25#include "pmksa_cache_auth.h"
6fc6879b
JM		 26#include "wpa_auth_i.h"
27#include "wpa_auth_ie.h"
28
29#define STATE_MACHINE_DATA struct wpa_state_machine
30#define STATE_MACHINE_DEBUG_PREFIX "WPA"
31#define STATE_MACHINE_ADDR sm->addr
32
33
34static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
e4a6ea1d 35static int wpa_sm_step(struct wpa_state_machine *sm);
929a2ea5
JM		 36static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
37 size_t data_len);
6fc6879b
JM		 38static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
39static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
40 struct wpa_group *group);
581a8cde 41static void wpa_request_new_ptk(struct wpa_state_machine *sm);
e6965d4e
JM		 42static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
43 struct wpa_group *group);
1bdb7ab3
JM		 44static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
45 struct wpa_group *group);
f23c5b17
JM		 46static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
47 const u8 *pmk, struct wpa_ptk *ptk);
6fc6879b 48
bae61562
JM		 49static const u32 dot11RSNAConfigGroupUpdateCount = 4;
50static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
51static const u32 eapol_key_timeout_first = 100; /* ms */
52static const u32 eapol_key_timeout_subseq = 1000; /* ms */
00338a4f 53static const u32 eapol_key_timeout_first_group = 500; /* ms */
6fc6879b
JM		 54
55/* TODO: make these configurable */
56static const int dot11RSNAConfigPMKLifetime = 43200;
57static const int dot11RSNAConfigPMKReauthThreshold = 70;
58static const int dot11RSNAConfigSATimeout = 60;
59
60
c772d054 61static inline int wpa_auth_mic_failure_report(
6fc6879b
JM		 62 struct wpa_authenticator *wpa_auth, const u8 *addr)
63{
64 if (wpa_auth->cb.mic_failure_report)
c772d054
JM		 65 return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
66 return 0;
6fc6879b
JM		 67}
68
69
70static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
71 const u8 *addr, wpa_eapol_variable var,
72 int value)
73{
74 if (wpa_auth->cb.set_eapol)
75 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
76}
77
78
79static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
80 const u8 *addr, wpa_eapol_variable var)
81{
82 if (wpa_auth->cb.get_eapol == NULL)
83 return -1;
84 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
85}
86
87
88static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
759fd76b
JM		 89 const u8 *addr,
90 const u8 *p2p_dev_addr,
91 const u8 *prev_psk)
6fc6879b
JM		 92{
93 if (wpa_auth->cb.get_psk == NULL)
94 return NULL;
759fd76b
JM		 95 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr,
96 prev_psk);
6fc6879b
JM		 97}
98
99
100static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
101 const u8 *addr, u8 *msk, size_t *len)
102{
103 if (wpa_auth->cb.get_msk == NULL)
104 return -1;
105 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
106}
107
108
109static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
110 int vlan_id,
71934751 111 enum wpa_alg alg, const u8 *addr, int idx,
6fc6879b
JM		 112 u8 *key, size_t key_len)
113{
114 if (wpa_auth->cb.set_key == NULL)
115 return -1;
116 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
117 key, key_len);
118}
119
120
121static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
122 const u8 *addr, int idx, u8 *seq)
123{
124 if (wpa_auth->cb.get_seqnum == NULL)
125 return -1;
126 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
127}
128
129
6fc6879b
JM		 130static inline int
131wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
132 const u8 *data, size_t data_len, int encrypt)
133{
134 if (wpa_auth->cb.send_eapol == NULL)
135 return -1;
136 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
137 encrypt);
138}
139
140
c50d94f1
BC		 141#ifdef CONFIG_MESH
142static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
143 const u8 *addr)
144{
145 if (wpa_auth->cb.start_ampe == NULL)
146 return -1;
147 return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr);
148}
149#endif /* CONFIG_MESH */
150
151
6fc6879b
JM		 152int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
153 int (*cb)(struct wpa_state_machine *sm, void *ctx),
154 void *cb_ctx)
155{
156 if (wpa_auth->cb.for_each_sta == NULL)
157 return 0;
158 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
159}
160
161
bf98f7f3
JM		 162int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
163 int (*cb)(struct wpa_authenticator *a, void *ctx),
164 void *cb_ctx)
165{
166 if (wpa_auth->cb.for_each_auth == NULL)
167 return 0;
168 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
169}
170
171
6fc6879b
JM		 172void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
173 logger_level level, const char *txt)
174{
175 if (wpa_auth->cb.logger == NULL)
176 return;
177 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
178}
179
180
181void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
182 logger_level level, const char *fmt, ...)
183{
184 char *format;
185 int maxlen;
186 va_list ap;
187
188 if (wpa_auth->cb.logger == NULL)
189 return;
190
191 maxlen = os_strlen(fmt) + 100;
192 format = os_malloc(maxlen);
193 if (!format)
194 return;
195
196 va_start(ap, fmt);
197 vsnprintf(format, maxlen, fmt, ap);
198 va_end(ap);
199
200 wpa_auth_logger(wpa_auth, addr, level, format);
201
202 os_free(format);
203}
204
205
206static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
207 const u8 *addr)
208{
209 if (wpa_auth->cb.disconnect == NULL)
210 return;
afcc9ea1 211 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
6fc6879b
JM		 212 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
213 WLAN_REASON_PREV_AUTH_NOT_VALID);
214}
215
216
217static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
218{
56586197 219 int ret = 0;
6fc6879b 220#ifdef CONFIG_IEEE80211R
56586197
JM		 221 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
222 ret = 1;
6fc6879b 223#endif /* CONFIG_IEEE80211R */
56586197
JM		 224#ifdef CONFIG_IEEE80211W
225 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
226 ret = 1;
227#endif /* CONFIG_IEEE80211W */
a14896e8
JM		 228 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN)
229 ret = 1;
56586197 230 return ret;
6fc6879b
JM		 231}
232
233
234static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
235{
236 struct wpa_authenticator *wpa_auth = eloop_ctx;
237
3642c431 238 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
6fc6879b
JM		 239 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
240 "initialization.");
241 } else {
242 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
5cb9d5c3
JM		 243 wpa_hexdump_key(MSG_DEBUG, "GMK",
244 wpa_auth->group->GMK, WPA_GMK_LEN);
6fc6879b
JM		 245 }
246
247 if (wpa_auth->conf.wpa_gmk_rekey) {
248 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
249 wpa_rekey_gmk, wpa_auth, NULL);
250 }
251}
252
253
254static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
255{
256 struct wpa_authenticator *wpa_auth = eloop_ctx;
257 struct wpa_group *group;
258
259 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
260 for (group = wpa_auth->group; group; group = group->next) {
261 group->GTKReKey = TRUE;
262 do {
263 group->changed = FALSE;
264 wpa_group_sm_step(wpa_auth, group);
265 } while (group->changed);
266 }
267
268 if (wpa_auth->conf.wpa_group_rekey) {
269 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
270 0, wpa_rekey_gtk, wpa_auth, NULL);
271 }
272}
273
274
581a8cde
JM		 275static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
276{
277 struct wpa_authenticator *wpa_auth = eloop_ctx;
278 struct wpa_state_machine *sm = timeout_ctx;
279
280 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
281 wpa_request_new_ptk(sm);
282 wpa_sm_step(sm);
283}
284
285
6fc6879b
JM		 286static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
287{
288 if (sm->pmksa == ctx)
289 sm->pmksa = NULL;
290 return 0;
291}
292
293
294static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
295 void *ctx)
296{
297 struct wpa_authenticator *wpa_auth = ctx;
298 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
299}
300
301
1bdb7ab3
JM		 302static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
303 struct wpa_group *group)
304{
559cdabb 305 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
1bdb7ab3 306 u8 rkey[32];
559cdabb 307 unsigned long ptr;
1bdb7ab3 308
3642c431 309 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
1bdb7ab3
JM		 310 return -1;
311 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
312
313 /*
314 * Counter = PRF-256(Random number, "Init Counter",
315 * Local MAC Address || Time)
316 */
317 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
318 wpa_get_ntp_timestamp(buf + ETH_ALEN);
559cdabb
JM		 319 ptr = (unsigned long) group;
320 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
3642c431 321 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
1bdb7ab3
JM		 322 return -1;
323
324 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
325 group->Counter, WPA_NONCE_LEN) < 0)
326 return -1;
327 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
328 group->Counter, WPA_NONCE_LEN);
329
330 return 0;
331}
332
333
e6965d4e 334static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
bdffdc5d 335 int vlan_id, int delay_init)
e6965d4e
JM		 336{
337 struct wpa_group *group;
e6965d4e
JM		 338
339 group = os_zalloc(sizeof(struct wpa_group));
340 if (group == NULL)
341 return NULL;
342
343 group->GTKAuthenticator = TRUE;
344 group->vlan_id = vlan_id;
c3550295 345 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
6fc6879b 346
08704cd8
JM		 347 if (random_pool_ready() != 1) {
348 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
349 "for secure operations - update keys later when "
350 "the first station connects");
351 }
352
1bdb7ab3
JM		 353 /*
354 * Set initial GMK/Counter value here. The actual values that will be
355 * used in negotiations will be set once the first station tries to
356 * connect. This allows more time for collecting additional randomness
357 * on embedded devices.
6fc6879b 358 */
1bdb7ab3 359 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
6fc6879b
JM		 360 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
361 "initialization.");
362 os_free(group);
363 return NULL;
364 }
6fc6879b
JM		 365
366 group->GInit = TRUE;
bdffdc5d
JM		 367 if (delay_init) {
368 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
369 "until Beacon frames have been configured");
370 /* Initialization is completed in wpa_init_keys(). */
371 } else {
372 wpa_group_sm_step(wpa_auth, group);
373 group->GInit = FALSE;
374 wpa_group_sm_step(wpa_auth, group);
375 }
6fc6879b
JM		 376
377 return group;
378}
379
380
381/**
382 * wpa_init - Initialize WPA authenticator
383 * @addr: Authenticator address
384 * @conf: Configuration for WPA authenticator
a17df5fb 385 * @cb: Callback functions for WPA authenticator
6fc6879b
JM		 386 * Returns: Pointer to WPA authenticator data or %NULL on failure
387 */
388struct wpa_authenticator * wpa_init(const u8 *addr,
389 struct wpa_auth_config *conf,
390 struct wpa_auth_callbacks *cb)
391{
392 struct wpa_authenticator *wpa_auth;
393
394 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
395 if (wpa_auth == NULL)
396 return NULL;
397 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
398 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
399 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
400
401 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
402 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
403 os_free(wpa_auth);
404 return NULL;
405 }
406
bdffdc5d 407 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
6fc6879b
JM		 408 if (wpa_auth->group == NULL) {
409 os_free(wpa_auth->wpa_ie);
410 os_free(wpa_auth);
411 return NULL;
412 }
413
4bb081f1
JM		 414 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
415 wpa_auth);
6fc6879b
JM		 416 if (wpa_auth->pmksa == NULL) {
417 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
27d9701d 418 os_free(wpa_auth->group);
6fc6879b
JM		 419 os_free(wpa_auth->wpa_ie);
420 os_free(wpa_auth);
421 return NULL;
422 }
423
424#ifdef CONFIG_IEEE80211R
425 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
426 if (wpa_auth->ft_pmk_cache == NULL) {
427 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
27d9701d 428 os_free(wpa_auth->group);
6fc6879b 429 os_free(wpa_auth->wpa_ie);
4bb081f1 430 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 431 os_free(wpa_auth);
432 return NULL;
433 }
434#endif /* CONFIG_IEEE80211R */
435
436 if (wpa_auth->conf.wpa_gmk_rekey) {
437 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
438 wpa_rekey_gmk, wpa_auth, NULL);
439 }
440
441 if (wpa_auth->conf.wpa_group_rekey) {
442 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
443 wpa_rekey_gtk, wpa_auth, NULL);
444 }
445
25ef8529
JM		 446#ifdef CONFIG_P2P
447 if (WPA_GET_BE32(conf->ip_addr_start)) {
448 int count = WPA_GET_BE32(conf->ip_addr_end) -
449 WPA_GET_BE32(conf->ip_addr_start) + 1;
450 if (count > 1000)
451 count = 1000;
452 if (count > 0)
453 wpa_auth->ip_pool = bitfield_alloc(count);
454 }
455#endif /* CONFIG_P2P */
456
6fc6879b
JM		 457 return wpa_auth;
458}
459
460
bdffdc5d
JM		 461int wpa_init_keys(struct wpa_authenticator *wpa_auth)
462{
463 struct wpa_group *group = wpa_auth->group;
464
465 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
466 "keys");
467 wpa_group_sm_step(wpa_auth, group);
468 group->GInit = FALSE;
469 wpa_group_sm_step(wpa_auth, group);
7d7f7be2
JM		 470 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
471 return -1;
bdffdc5d
JM		 472 return 0;
473}
474
475
6fc6879b
JM		 476/**
477 * wpa_deinit - Deinitialize WPA authenticator
478 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
479 */
480void wpa_deinit(struct wpa_authenticator *wpa_auth)
481{
482 struct wpa_group *group, *prev;
483
484 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
485 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
486
487#ifdef CONFIG_PEERKEY
488 while (wpa_auth->stsl_negotiations)
489 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
490#endif /* CONFIG_PEERKEY */
491
4bb081f1 492 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 493
494#ifdef CONFIG_IEEE80211R
495 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
496 wpa_auth->ft_pmk_cache = NULL;
497#endif /* CONFIG_IEEE80211R */
498
25ef8529
JM		 499#ifdef CONFIG_P2P
500 bitfield_free(wpa_auth->ip_pool);
501#endif /* CONFIG_P2P */
502
503
6fc6879b
JM		 504 os_free(wpa_auth->wpa_ie);
505
506 group = wpa_auth->group;
507 while (group) {
508 prev = group;
509 group = group->next;
510 os_free(prev);
511 }
512
513 os_free(wpa_auth);
514}
515
516
517/**
518 * wpa_reconfig - Update WPA authenticator configuration
519 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
520 * @conf: Configuration for WPA authenticator
521 */
522int wpa_reconfig(struct wpa_authenticator *wpa_auth,
523 struct wpa_auth_config *conf)
524{
e6965d4e 525 struct wpa_group *group;
6fc6879b
JM		 526 if (wpa_auth == NULL)
527 return 0;
528
529 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
ad08c363
JM		 530 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
531 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
532 return -1;
533 }
534
e6965d4e
JM		 535 /*
536 * Reinitialize GTK to make sure it is suitable for the new
537 * configuration.
538 */
539 group = wpa_auth->group;
c3550295 540 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
e6965d4e
JM		 541 group->GInit = TRUE;
542 wpa_group_sm_step(wpa_auth, group);
543 group->GInit = FALSE;
544 wpa_group_sm_step(wpa_auth, group);
545
6fc6879b
JM		 546 return 0;
547}
548
549
550struct wpa_state_machine *
94ddef3e
JM		 551wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
552 const u8 *p2p_dev_addr)
6fc6879b
JM		 553{
554 struct wpa_state_machine *sm;
555
7d7f7be2
JM		 556 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
557 return NULL;
558
6fc6879b
JM		 559 sm = os_zalloc(sizeof(struct wpa_state_machine));
560 if (sm == NULL)
561 return NULL;
562 os_memcpy(sm->addr, addr, ETH_ALEN);
94ddef3e
JM		 563 if (p2p_dev_addr)
564 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
6fc6879b
JM		 565
566 sm->wpa_auth = wpa_auth;
567 sm->group = wpa_auth->group;
568
569 return sm;
570}
571
572
6f9b5d16
JM		 573int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
574 struct wpa_state_machine *sm)
6fc6879b
JM		 575{
576 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
6f9b5d16 577 return -1;
6fc6879b
JM		 578
579#ifdef CONFIG_IEEE80211R
580 if (sm->ft_completed) {
581 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
582 "FT authentication already completed - do not "
583 "start 4-way handshake");
3d4d2348
JM		 584 /* Go to PTKINITDONE state to allow GTK rekeying */
585 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
6f9b5d16 586 return 0;
6fc6879b
JM		 587 }
588#endif /* CONFIG_IEEE80211R */
589
590 if (sm->started) {
22a299ee 591 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
6fc6879b 592 sm->ReAuthenticationRequest = TRUE;
6f9b5d16 593 return wpa_sm_step(sm);
6fc6879b
JM		 594 }
595
596 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
597 "start authentication");
598 sm->started = 1;
599
600 sm->Init = TRUE;
e4a6ea1d 601 if (wpa_sm_step(sm) == 1)
6f9b5d16 602 return 1; /* should not really happen */
6fc6879b
JM		 603 sm->Init = FALSE;
604 sm->AuthenticationRequest = TRUE;
6f9b5d16 605 return wpa_sm_step(sm);
6fc6879b
JM		 606}
607
608
a8d05fca
JM		 609void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
610{
611 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
612 * reassociates back to the same AP while the previous entry for the
613 * STA has not yet been removed. */
614 if (sm == NULL)
615 return;
616
617 sm->wpa_key_mgmt = 0;
618}
619
620
6fc6879b
JM		 621static void wpa_free_sta_sm(struct wpa_state_machine *sm)
622{
25ef8529
JM		 623#ifdef CONFIG_P2P
624 if (WPA_GET_BE32(sm->ip_addr)) {
625 u32 start;
626 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
627 "address %u.%u.%u.%u from " MACSTR,
628 sm->ip_addr[0], sm->ip_addr[1],
629 sm->ip_addr[2], sm->ip_addr[3],
630 MAC2STR(sm->addr));
631 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
632 bitfield_clear(sm->wpa_auth->ip_pool,
633 WPA_GET_BE32(sm->ip_addr) - start);
634 }
635#endif /* CONFIG_P2P */
2ade8ef2
JM		 636 if (sm->GUpdateStationKeys) {
637 sm->group->GKeyDoneStations--;
638 sm->GUpdateStationKeys = FALSE;
639 }
0f857f43
JM		 640#ifdef CONFIG_IEEE80211R
641 os_free(sm->assoc_resp_ftie);
692ec305 642 wpabuf_free(sm->ft_pending_req_ies);
0f857f43 643#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 644 os_free(sm->last_rx_eapol_key);
645 os_free(sm->wpa_ie);
646 os_free(sm);
647}
648
649
650void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
651{
652 if (sm == NULL)
653 return;
654
655 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
656 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
657 "strict rekeying - force GTK rekey since STA "
658 "is leaving");
659 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
660 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
661 NULL);
662 }
663
664 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
e4bf4db9 665 sm->pending_1_of_4_timeout = 0;
6fc6879b 666 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
581a8cde 667 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 668 if (sm->in_step_loop) {
669 /* Must not free state machine while wpa_sm_step() is running.
670 * Freeing will be completed in the end of wpa_sm_step(). */
671 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
672 "machine deinit for " MACSTR, MAC2STR(sm->addr));
673 sm->pending_deinit = 1;
674 } else
675 wpa_free_sta_sm(sm);
676}
677
678
679static void wpa_request_new_ptk(struct wpa_state_machine *sm)
680{
681 if (sm == NULL)
682 return;
683
684 sm->PTKRequest = TRUE;
685 sm->PTK_valid = 0;
686}
687
688
68921e24 689static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
22a299ee
JM		 690 const u8 *replay_counter)
691{
692 int i;
693 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
68921e24 694 if (!ctr[i].valid)
22a299ee 695 break;
68921e24 696 if (os_memcmp(replay_counter, ctr[i].counter,
22a299ee
JM		 697 WPA_REPLAY_COUNTER_LEN) == 0)
698 return 1;
699 }
700 return 0;
701}
702
703
68921e24
JM		 704static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
705 const u8 *replay_counter)
706{
707 int i;
708 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
709 if (ctr[i].valid &&
710 (replay_counter == NULL ||
711 os_memcmp(replay_counter, ctr[i].counter,
712 WPA_REPLAY_COUNTER_LEN) == 0))
713 ctr[i].valid = FALSE;
714 }
715}
716
717
0f857f43
JM		 718#ifdef CONFIG_IEEE80211R
719static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
720 struct wpa_state_machine *sm,
721 struct wpa_eapol_ie_parse *kde)
722{
723 struct wpa_ie_data ie;
724 struct rsn_mdie *mdie;
725
726 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
727 ie.num_pmkid != 1 || ie.pmkid == NULL) {
728 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
729 "FT 4-way handshake message 2/4");
730 return -1;
731 }
732
733 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
734 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
735 sm->sup_pmk_r1_name, PMKID_LEN);
736
737 if (!kde->mdie || !kde->ftie) {
738 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
739 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
740 return -1;
741 }
742
743 mdie = (struct rsn_mdie *) (kde->mdie + 2);
744 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
745 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
746 MOBILITY_DOMAIN_ID_LEN) != 0) {
747 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
748 return -1;
749 }
750
751 if (sm->assoc_resp_ftie &&
752 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
753 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
754 2 + sm->assoc_resp_ftie[1]) != 0)) {
755 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
756 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
757 kde->ftie, kde->ftie_len);
758 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
759 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
760 return -1;
761 }
762
763 return 0;
764}
765#endif /* CONFIG_IEEE80211R */
766
767
c772d054
JM		 768static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
769 struct wpa_state_machine *sm, int group)
ec027805
JM		 770{
771 /* Supplicant reported a Michael MIC error */
772 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
773 "received EAPOL-Key Error Request "
774 "(STA detected Michael MIC failure (group=%d))",
775 group);
fbc72d32
JM		 776
777 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
778 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
779 "ignore Michael MIC failure report since "
780 "group cipher is not TKIP");
781 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
782 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
783 "ignore Michael MIC failure report since "
784 "pairwise cipher is not TKIP");
785 } else {
c772d054
JM		 786 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
787 return 1; /* STA entry was removed */
fbc72d32
JM		 788 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
789 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
790 }
ec027805
JM		 791
792 /*
793 * Error report is not a request for a new key handshake, but since
794 * Authenticator may do it, let's change the keys now anyway.
795 */
796 wpa_request_new_ptk(sm);
c772d054 797 return 0;
ec027805
JM		 798}
799
800
f23c5b17
JM		 801static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
802 size_t data_len)
803{
804 struct wpa_ptk PTK;
805 int ok = 0;
806 const u8 *pmk = NULL;
807
808 for (;;) {
809 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
810 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
811 sm->p2p_dev_addr, pmk);
812 if (pmk == NULL)
813 break;
814 } else
815 pmk = sm->PMK;
816
817 wpa_derive_ptk(sm, sm->alt_SNonce, pmk, &PTK);
818
819 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len)
820 == 0) {
821 ok = 1;
822 break;
823 }
824
825 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
826 break;
827 }
828
829 if (!ok) {
830 wpa_printf(MSG_DEBUG,
831 "WPA: Earlier SNonce did not result in matching MIC");
832 return -1;
833 }
834
835 wpa_printf(MSG_DEBUG,
836 "WPA: Earlier SNonce resulted in matching MIC");
837 sm->alt_snonce_valid = 0;
838 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
839 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
840 sm->PTK_valid = TRUE;
841
842 return 0;
843}
844
845
6fc6879b
JM		 846void wpa_receive(struct wpa_authenticator *wpa_auth,
847 struct wpa_state_machine *sm,
848 u8 *data, size_t data_len)
849{
850 struct ieee802_1x_hdr *hdr;
851 struct wpa_eapol_key *key;
852 u16 key_info, key_data_length;
853 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
854 SMK_M1, SMK_M3, SMK_ERROR } msg;
855 char *msgtxt;
856 struct wpa_eapol_ie_parse kde;
26e23750 857 int ft;
1566ec46
JM		 858 const u8 *eapol_key_ie;
859 size_t eapol_key_ie_len;
6fc6879b
JM		 860
861 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
862 return;
863
864 if (data_len < sizeof(*hdr) + sizeof(*key))
865 return;
866
867 hdr = (struct ieee802_1x_hdr *) data;
868 key = (struct wpa_eapol_key *) (hdr + 1);
869 key_info = WPA_GET_BE16(key->key_info);
870 key_data_length = WPA_GET_BE16(key->key_data_length);
0d442aff
JM		 871 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
872 " key_info=0x%x type=%u key_data_length=%u",
873 MAC2STR(sm->addr), key_info, key->type, key_data_length);
6fc6879b
JM		 874 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
875 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
876 "key_data overflow (%d > %lu)",
877 key_data_length,
878 (unsigned long) (data_len - sizeof(*hdr) -
879 sizeof(*key)));
880 return;
881 }
882
f8e96eb6 883 if (sm->wpa == WPA_VERSION_WPA2) {
74590e71
JM		 884 if (key->type == EAPOL_KEY_TYPE_WPA) {
885 /*
886 * Some deployed station implementations seem to send
887 * msg 4/4 with incorrect type value in WPA2 mode.
888 */
889 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
890 "with unexpected WPA type in RSN mode");
891 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
f8e96eb6
JM		 892 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
893 "unexpected type %d in RSN mode",
894 key->type);
895 return;
896 }
897 } else {
898 if (key->type != EAPOL_KEY_TYPE_WPA) {
899 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
900 "unexpected type %d in WPA mode",
901 key->type);
902 return;
903 }
904 }
905
bc8318ac
JM		 906 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
907 WPA_NONCE_LEN);
908 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
909 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
910
6fc6879b
JM		 911 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
912 * are set */
913
914 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
915 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
916 if (key_info & WPA_KEY_INFO_ERROR) {
917 msg = SMK_ERROR;
918 msgtxt = "SMK Error";
919 } else {
920 msg = SMK_M1;
921 msgtxt = "SMK M1";
922 }
923 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
924 msg = SMK_M3;
925 msgtxt = "SMK M3";
926 } else if (key_info & WPA_KEY_INFO_REQUEST) {
927 msg = REQUEST;
928 msgtxt = "Request";
929 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
930 msg = GROUP_2;
931 msgtxt = "2/2 Group";
932 } else if (key_data_length == 0) {
933 msg = PAIRWISE_4;
934 msgtxt = "4/4 Pairwise";
935 } else {
936 msg = PAIRWISE_2;
937 msgtxt = "2/4 Pairwise";
938 }
939
940 /* TODO: key_info type validation for PeerKey */
941 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
942 msg == GROUP_2) {
943 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
eb7719ff
JM		 944 if (sm->pairwise == WPA_CIPHER_CCMP ||
945 sm->pairwise == WPA_CIPHER_GCMP) {
6fc6879b 946 if (wpa_use_aes_cmac(sm) &&
a14896e8 947 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
929a2ea5 948 !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
6fc6879b
JM		 949 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
950 wpa_auth_logger(wpa_auth, sm->addr,
951 LOGGER_WARNING,
952 "advertised support for "
953 "AES-128-CMAC, but did not "
954 "use it");
955 return;
956 }
957
958 if (!wpa_use_aes_cmac(sm) &&
959 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
960 wpa_auth_logger(wpa_auth, sm->addr,
961 LOGGER_WARNING,
962 "did not use HMAC-SHA1-AES "
eb7719ff 963 "with CCMP/GCMP");
6fc6879b
JM		 964 return;
965 }
966 }
929a2ea5
JM		 967
968 if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
969 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
970 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
971 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
972 return;
973 }
6fc6879b
JM		 974 }
975
976 if (key_info & WPA_KEY_INFO_REQUEST) {
977 if (sm->req_replay_counter_used &&
978 os_memcmp(key->replay_counter, sm->req_replay_counter,
979 WPA_REPLAY_COUNTER_LEN) <= 0) {
980 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
981 "received EAPOL-Key request with "
982 "replayed counter");
983 return;
984 }
985 }
986
987 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
68921e24 988 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
22a299ee 989 int i;
68921e24
JM		 990
991 if (msg == PAIRWISE_2 &&
992 wpa_replay_counter_valid(sm->prev_key_replay,
993 key->replay_counter) &&
994 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
995 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
996 {
997 /*
998 * Some supplicant implementations (e.g., Windows XP
999 * WZC) update SNonce for each EAPOL-Key 2/4. This
1000 * breaks the workaround on accepting any of the
1001 * pending requests, so allow the SNonce to be updated
1002 * even if we have already sent out EAPOL-Key 3/4.
1003 */
1004 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1005 "Process SNonce update from STA "
1006 "based on retransmitted EAPOL-Key "
1007 "1/4");
1008 sm->update_snonce = 1;
f23c5b17
JM		 1009 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1010 sm->alt_snonce_valid = TRUE;
1011 os_memcpy(sm->alt_replay_counter,
1012 sm->key_replay[0].counter,
1013 WPA_REPLAY_COUNTER_LEN);
1014 goto continue_processing;
1015 }
1016
1017 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1018 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1019 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1020 WPA_REPLAY_COUNTER_LEN) == 0) {
1021 /*
1022 * Supplicant may still be using the old SNonce since
1023 * there was two EAPOL-Key 2/4 messages and they had
1024 * different SNonce values.
1025 */
1026 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1027 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
68921e24
JM		 1028 goto continue_processing;
1029 }
1030
1031 if (msg == PAIRWISE_2 &&
1032 wpa_replay_counter_valid(sm->prev_key_replay,
1033 key->replay_counter) &&
1034 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1035 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1036 "ignore retransmitted EAPOL-Key %s - "
1037 "SNonce did not change", msgtxt);
1038 } else {
1039 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1040 "received EAPOL-Key %s with "
1041 "unexpected replay counter", msgtxt);
1042 }
22a299ee
JM		 1043 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
1044 if (!sm->key_replay[i].valid)
1045 break;
1046 wpa_hexdump(MSG_DEBUG, "pending replay counter",
1047 sm->key_replay[i].counter,
1048 WPA_REPLAY_COUNTER_LEN);
1049 }
6fc6879b
JM		 1050 wpa_hexdump(MSG_DEBUG, "received replay counter",
1051 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1052 return;
1053 }
1054
68921e24 1055continue_processing:
6fc6879b
JM		 1056 switch (msg) {
1057 case PAIRWISE_2:
1058 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
68921e24
JM		 1059 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1060 (!sm->update_snonce ||
1061 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
6fc6879b
JM		 1062 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1063 "received EAPOL-Key msg 2/4 in "
1064 "invalid state (%d) - dropped",
1065 sm->wpa_ptk_state);
1066 return;
1067 }
bbb921da 1068 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
08704cd8
JM		 1069 if (sm->group->reject_4way_hs_for_entropy) {
1070 /*
1071 * The system did not have enough entropy to generate
1072 * strong random numbers. Reject the first 4-way
1073 * handshake(s) and collect some entropy based on the
1074 * information from it. Once enough entropy is
1075 * available, the next atempt will trigger GMK/Key
1076 * Counter update and the station will be allowed to
1077 * continue.
1078 */
1079 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
1080 "collect more entropy for random number "
1081 "generation");
08704cd8 1082 random_mark_pool_ready();
08704cd8
JM		 1083 wpa_sta_disconnect(wpa_auth, sm->addr);
1084 return;
1085 }
1566ec46
JM		 1086 if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
1087 &kde) < 0) {
1088 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1089 "received EAPOL-Key msg 2/4 with "
1090 "invalid Key Data contents");
1091 return;
1092 }
1093 if (kde.rsn_ie) {
1094 eapol_key_ie = kde.rsn_ie;
1095 eapol_key_ie_len = kde.rsn_ie_len;
a14896e8
JM		 1096 } else if (kde.osen) {
1097 eapol_key_ie = kde.osen;
1098 eapol_key_ie_len = kde.osen_len;
1566ec46
JM		 1099 } else {
1100 eapol_key_ie = kde.wpa_ie;
1101 eapol_key_ie_len = kde.wpa_ie_len;
1102 }
26e23750
JM		 1103 ft = sm->wpa == WPA_VERSION_WPA2 &&
1104 wpa_key_mgmt_ft(sm->wpa_key_mgmt);
6fc6879b 1105 if (sm->wpa_ie == NULL ||
26e23750
JM		 1106 wpa_compare_rsn_ie(ft,
1107 sm->wpa_ie, sm->wpa_ie_len,
1566ec46 1108 eapol_key_ie, eapol_key_ie_len)) {
6fc6879b
JM		 1109 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1110 "WPA IE from (Re)AssocReq did not "
1111 "match with msg 2/4");
1112 if (sm->wpa_ie) {
1113 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
1114 sm->wpa_ie, sm->wpa_ie_len);
1115 }
1116 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
1566ec46 1117 eapol_key_ie, eapol_key_ie_len);
6fc6879b
JM		 1118 /* MLME-DEAUTHENTICATE.request */
1119 wpa_sta_disconnect(wpa_auth, sm->addr);
1120 return;
1121 }
26e23750 1122#ifdef CONFIG_IEEE80211R
0f857f43
JM		 1123 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
1124 wpa_sta_disconnect(wpa_auth, sm->addr);
1125 return;
26e23750
JM		 1126 }
1127#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 1128#ifdef CONFIG_P2P
1129 if (kde.ip_addr_req && kde.ip_addr_req[0] &&
1130 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
1131 int idx;
1132 wpa_printf(MSG_DEBUG, "P2P: IP address requested in "
1133 "EAPOL-Key exchange");
1134 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
1135 if (idx >= 0) {
1136 u32 start = WPA_GET_BE32(wpa_auth->conf.
1137 ip_addr_start);
1138 bitfield_set(wpa_auth->ip_pool, idx);
1139 WPA_PUT_BE32(sm->ip_addr, start + idx);
1140 wpa_printf(MSG_DEBUG, "P2P: Assigned IP "
1141 "address %u.%u.%u.%u to " MACSTR,
1142 sm->ip_addr[0], sm->ip_addr[1],
1143 sm->ip_addr[2], sm->ip_addr[3],
1144 MAC2STR(sm->addr));
1145 }
1146 }
1147#endif /* CONFIG_P2P */
6fc6879b
JM		 1148 break;
1149 case PAIRWISE_4:
1150 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1151 !sm->PTK_valid) {
1152 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1153 "received EAPOL-Key msg 4/4 in "
1154 "invalid state (%d) - dropped",
1155 sm->wpa_ptk_state);
1156 return;
1157 }
1158 break;
1159 case GROUP_2:
1160 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1161 || !sm->PTK_valid) {
1162 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1163 "received EAPOL-Key msg 2/2 in "
1164 "invalid state (%d) - dropped",
1165 sm->wpa_ptk_group_state);
1166 return;
1167 }
1168 break;
1169#ifdef CONFIG_PEERKEY
1170 case SMK_M1:
1171 case SMK_M3:
1172 case SMK_ERROR:
1173 if (!wpa_auth->conf.peerkey) {
1174 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
1175 "PeerKey use disabled - ignoring message");
1176 return;
1177 }
1178 if (!sm->PTK_valid) {
1179 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1180 "received EAPOL-Key msg SMK in "
1181 "invalid state - dropped");
1182 return;
1183 }
1184 break;
1185#else /* CONFIG_PEERKEY */
1186 case SMK_M1:
1187 case SMK_M3:
1188 case SMK_ERROR:
1189 return; /* STSL disabled - ignore SMK messages */
1190#endif /* CONFIG_PEERKEY */
1191 case REQUEST:
1192 break;
1193 }
1194
1195 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1196 "received EAPOL-Key frame (%s)", msgtxt);
1197
1198 if (key_info & WPA_KEY_INFO_ACK) {
1199 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1200 "received invalid EAPOL-Key: Key Ack set");
1201 return;
1202 }
1203
1204 if (!(key_info & WPA_KEY_INFO_MIC)) {
1205 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1206 "received invalid EAPOL-Key: Key MIC not set");
1207 return;
1208 }
1209
1210 sm->MICVerified = FALSE;
68921e24 1211 if (sm->PTK_valid && !sm->update_snonce) {
929a2ea5 1212 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,
f23c5b17
JM		 1213 data_len) &&
1214 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1215 wpa_try_alt_snonce(sm, data, data_len))) {
6fc6879b
JM		 1216 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1217 "received EAPOL-Key with invalid MIC");
1218 return;
1219 }
1220 sm->MICVerified = TRUE;
1221 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
e4bf4db9 1222 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1223 }
1224
1225 if (key_info & WPA_KEY_INFO_REQUEST) {
1226 if (sm->MICVerified) {
1227 sm->req_replay_counter_used = 1;
1228 os_memcpy(sm->req_replay_counter, key->replay_counter,
1229 WPA_REPLAY_COUNTER_LEN);
1230 } else {
1231 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1232 "received EAPOL-Key request with "
1233 "invalid MIC");
1234 return;
1235 }
1236
1237 /*
1238 * TODO: should decrypt key data field if encryption was used;
1239 * even though MAC address KDE is not normally encrypted,
1240 * supplicant is allowed to encrypt it.
1241 */
1242 if (msg == SMK_ERROR) {
1243#ifdef CONFIG_PEERKEY
5c6787a6
JM		 1244 wpa_smk_error(wpa_auth, sm, (const u8 *) (key + 1),
1245 key_data_length);
6fc6879b
JM		 1246#endif /* CONFIG_PEERKEY */
1247 return;
1248 } else if (key_info & WPA_KEY_INFO_ERROR) {
c772d054
JM		 1249 if (wpa_receive_error_report(
1250 wpa_auth, sm,
1251 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1252 return; /* STA entry was removed */
6fc6879b
JM		 1253 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1254 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1255 "received EAPOL-Key Request for new "
1256 "4-Way Handshake");
1257 wpa_request_new_ptk(sm);
1258#ifdef CONFIG_PEERKEY
1259 } else if (msg == SMK_M1) {
5c6787a6
JM		 1260 wpa_smk_m1(wpa_auth, sm, key, (const u8 *) (key + 1),
1261 key_data_length);
6fc6879b
JM		 1262#endif /* CONFIG_PEERKEY */
1263 } else if (key_data_length > 0 &&
1264 wpa_parse_kde_ies((const u8 *) (key + 1),
1265 key_data_length, &kde) == 0 &&
1266 kde.mac_addr) {
1267 } else {
1268 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1269 "received EAPOL-Key Request for GTK "
1270 "rekeying");
6fc6879b
JM		 1271 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1272 wpa_rekey_gtk(wpa_auth, NULL);
1273 }
1274 } else {
68921e24
JM		 1275 /* Do not allow the same key replay counter to be reused. */
1276 wpa_replay_counter_mark_invalid(sm->key_replay,
1277 key->replay_counter);
1278
1279 if (msg == PAIRWISE_2) {
1280 /*
1281 * Maintain a copy of the pending EAPOL-Key frames in
1282 * case the EAPOL-Key frame was retransmitted. This is
1283 * needed to allow EAPOL-Key msg 2/4 reply to another
1284 * pending msg 1/4 to update the SNonce to work around
1285 * unexpected supplicant behavior.
1286 */
1287 os_memcpy(sm->prev_key_replay, sm->key_replay,
1288 sizeof(sm->key_replay));
1289 } else {
1290 os_memset(sm->prev_key_replay, 0,
1291 sizeof(sm->prev_key_replay));
1292 }
1293
1294 /*
1295 * Make sure old valid counters are not accepted anymore and
1296 * do not get copied again.
1297 */
1298 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
6fc6879b
JM		 1299 }
1300
1301#ifdef CONFIG_PEERKEY
1302 if (msg == SMK_M3) {
5c6787a6
JM		 1303 wpa_smk_m3(wpa_auth, sm, key, (const u8 *) (key + 1),
1304 key_data_length);
6fc6879b
JM		 1305 return;
1306 }
1307#endif /* CONFIG_PEERKEY */
1308
1309 os_free(sm->last_rx_eapol_key);
1310 sm->last_rx_eapol_key = os_malloc(data_len);
1311 if (sm->last_rx_eapol_key == NULL)
1312 return;
1313 os_memcpy(sm->last_rx_eapol_key, data, data_len);
1314 sm->last_rx_eapol_key_len = data_len;
1315
0d442aff 1316 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
6fc6879b
JM		 1317 sm->EAPOLKeyReceived = TRUE;
1318 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1319 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1320 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1321 wpa_sm_step(sm);
1322}
1323
1324
3c7302c2
JM		 1325static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1326 const u8 *gnonce, u8 *gtk, size_t gtk_len)
6fc6879b 1327{
5cb9d5c3
JM		 1328 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1329 u8 *pos;
3c7302c2 1330 int ret = 0;
6fc6879b 1331
5cb9d5c3
JM		 1332 /* GTK = PRF-X(GMK, "Group key expansion",
1333 * AA || GNonce || Time || random data)
1334 * The example described in the IEEE 802.11 standard uses only AA and
1335 * GNonce as inputs here. Add some more entropy since this derivation
1336 * is done only at the Authenticator and as such, does not need to be
1337 * exactly same.
1338 */
6fc6879b
JM		 1339 os_memcpy(data, addr, ETH_ALEN);
1340 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
5cb9d5c3
JM		 1341 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1342 wpa_get_ntp_timestamp(pos);
1343 pos += 8;
3642c431 1344 if (random_get_bytes(pos, 16) < 0)
3c7302c2 1345 ret = -1;
6fc6879b 1346
56586197 1347#ifdef CONFIG_IEEE80211W
5cb9d5c3 1348 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
56586197 1349#else /* CONFIG_IEEE80211W */
3c7302c2
JM		 1350 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1351 < 0)
1352 ret = -1;
56586197 1353#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 1354
1355 return ret;
6fc6879b
JM		 1356}
1357
1358
1359static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1360{
1361 struct wpa_authenticator *wpa_auth = eloop_ctx;
1362 struct wpa_state_machine *sm = timeout_ctx;
1363
e4bf4db9 1364 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1365 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1366 sm->TimeoutEvt = TRUE;
1367 wpa_sm_step(sm);
1368}
1369
1370
1371void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1372 struct wpa_state_machine *sm, int key_info,
1373 const u8 *key_rsc, const u8 *nonce,
1374 const u8 *kde, size_t kde_len,
1375 int keyidx, int encr, int force_version)
1376{
1377 struct ieee802_1x_hdr *hdr;
1378 struct wpa_eapol_key *key;
1379 size_t len;
1380 int alg;
1381 int key_data_len, pad_len = 0;
1382 u8 *buf, *pos;
1383 int version, pairwise;
22a299ee 1384 int i;
6fc6879b
JM		 1385
1386 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
1387
1388 if (force_version)
1389 version = force_version;
929a2ea5
JM		 1390 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
1391 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt))
a14896e8 1392 version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
6fc6879b
JM		 1393 else if (wpa_use_aes_cmac(sm))
1394 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
eb7719ff 1395 else if (sm->pairwise != WPA_CIPHER_TKIP)
6fc6879b
JM		 1396 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1397 else
1398 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1399
8543ed8a 1400 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
6fc6879b
JM		 1401
1402 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1403 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1404 "encr=%d)",
1405 version,
1406 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1407 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1408 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1409 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1410 pairwise, (unsigned long) kde_len, keyidx, encr);
1411
1412 key_data_len = kde_len;
1413
1414 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
a14896e8 1415 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
929a2ea5 1416 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
6fc6879b
JM		 1417 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1418 pad_len = key_data_len % 8;
1419 if (pad_len)
1420 pad_len = 8 - pad_len;
1421 key_data_len += pad_len + 8;
1422 }
1423
1424 len += key_data_len;
1425
1426 hdr = os_zalloc(len);
1427 if (hdr == NULL)
1428 return;
1429 hdr->version = wpa_auth->conf.eapol_version;
1430 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1431 hdr->length = host_to_be16(len - sizeof(*hdr));
1432 key = (struct wpa_eapol_key *) (hdr + 1);
1433
1434 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1435 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1436 key_info |= version;
1437 if (encr && sm->wpa == WPA_VERSION_WPA2)
1438 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1439 if (sm->wpa != WPA_VERSION_WPA2)
1440 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1441 WPA_PUT_BE16(key->key_info, key_info);
1442
1443 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
c3550295 1444 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
6fc6879b
JM		 1445 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1446 WPA_PUT_BE16(key->key_length, 0);
1447
1448 /* FIX: STSL: what to use as key_replay_counter? */
22a299ee
JM		 1449 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1450 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1451 os_memcpy(sm->key_replay[i].counter,
1452 sm->key_replay[i - 1].counter,
1453 WPA_REPLAY_COUNTER_LEN);
1454 }
1455 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1456 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
6fc6879b 1457 WPA_REPLAY_COUNTER_LEN);
db099951
JM		 1458 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
1459 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
22a299ee 1460 sm->key_replay[0].valid = TRUE;
6fc6879b
JM		 1461
1462 if (nonce)
1463 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1464
1465 if (key_rsc)
1466 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1467
1468 if (kde && !encr) {
1469 os_memcpy(key + 1, kde, kde_len);
1470 WPA_PUT_BE16(key->key_data_length, kde_len);
1471 } else if (encr && kde) {
1472 buf = os_zalloc(key_data_len);
1473 if (buf == NULL) {
1474 os_free(hdr);
1475 return;
1476 }
1477 pos = buf;
1478 os_memcpy(pos, kde, kde_len);
1479 pos += kde_len;
1480
1481 if (pad_len)
1482 *pos++ = 0xdd;
1483
1484 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1485 buf, key_data_len);
1486 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
a14896e8 1487 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
929a2ea5 1488 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
6fc6879b 1489 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
eefec1e4
JM		 1490 if (aes_wrap(sm->PTK.kek, 16,
1491 (key_data_len - 8) / 8, buf,
6fc6879b
JM		 1492 (u8 *) (key + 1))) {
1493 os_free(hdr);
1494 os_free(buf);
1495 return;
1496 }
1497 WPA_PUT_BE16(key->key_data_length, key_data_len);
1498 } else {
1499 u8 ek[32];
1500 os_memcpy(key->key_iv,
1501 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1502 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1503 os_memcpy(ek, key->key_iv, 16);
1504 os_memcpy(ek + 16, sm->PTK.kek, 16);
1505 os_memcpy(key + 1, buf, key_data_len);
1506 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1507 WPA_PUT_BE16(key->key_data_length, key_data_len);
1508 }
1509 os_free(buf);
1510 }
1511
1512 if (key_info & WPA_KEY_INFO_MIC) {
1513 if (!sm->PTK_valid) {
1514 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1515 "PTK not valid when sending EAPOL-Key "
1516 "frame");
1517 os_free(hdr);
1518 return;
1519 }
929a2ea5
JM		 1520 wpa_eapol_key_mic(sm->PTK.kck, sm->wpa_key_mgmt, version,
1521 (u8 *) hdr, len, key->key_mic);
7af092a0
JB		 1522#ifdef CONFIG_TESTING_OPTIONS
1523 if (!pairwise &&
06df2aa6 1524 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
7af092a0
JB		 1525 drand48() <
1526 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1527 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1528 "Corrupting group EAPOL-Key Key MIC");
1529 key->key_mic[0]++;
1530 }
1531#endif /* CONFIG_TESTING_OPTIONS */
6fc6879b
JM		 1532 }
1533
1534 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1535 1);
1536 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1537 sm->pairwise_set);
1538 os_free(hdr);
1539}
1540
1541
1542static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1543 struct wpa_state_machine *sm, int key_info,
1544 const u8 *key_rsc, const u8 *nonce,
1545 const u8 *kde, size_t kde_len,
1546 int keyidx, int encr)
1547{
1548 int timeout_ms;
1549 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
bae61562 1550 int ctr;
6fc6879b
JM		 1551
1552 if (sm == NULL)
1553 return;
1554
1555 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1556 keyidx, encr, 0);
1557
bae61562 1558 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
e4bf4db9 1559 if (ctr == 1 && wpa_auth->conf.tx_status)
00338a4f
JM		 1560 timeout_ms = pairwise ? eapol_key_timeout_first :
1561 eapol_key_timeout_first_group;
bae61562
JM		 1562 else
1563 timeout_ms = eapol_key_timeout_subseq;
e4bf4db9
JM		 1564 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1565 sm->pending_1_of_4_timeout = 1;
1566 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1567 "counter %d)", timeout_ms, ctr);
6fc6879b
JM		 1568 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1569 wpa_send_eapol_timeout, wpa_auth, sm);
1570}
1571
1572
929a2ea5
JM		 1573static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
1574 size_t data_len)
6fc6879b
JM		 1575{
1576 struct ieee802_1x_hdr *hdr;
1577 struct wpa_eapol_key *key;
1578 u16 key_info;
1579 int ret = 0;
1580 u8 mic[16];
1581
1582 if (data_len < sizeof(*hdr) + sizeof(*key))
1583 return -1;
1584
1585 hdr = (struct ieee802_1x_hdr *) data;
1586 key = (struct wpa_eapol_key *) (hdr + 1);
1587 key_info = WPA_GET_BE16(key->key_info);
1588 os_memcpy(mic, key->key_mic, 16);
1589 os_memset(key->key_mic, 0, 16);
929a2ea5 1590 if (wpa_eapol_key_mic(PTK->kck, akmp, key_info & WPA_KEY_INFO_TYPE_MASK,
6fc6879b 1591 data, data_len, key->key_mic) ||
870834a1 1592 os_memcmp_const(mic, key->key_mic, 16) != 0)
6fc6879b
JM		 1593 ret = -1;
1594 os_memcpy(key->key_mic, mic, 16);
1595 return ret;
1596}
1597
1598
1599void wpa_remove_ptk(struct wpa_state_machine *sm)
1600{
1601 sm->PTK_valid = FALSE;
1602 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
26083221 1603 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
6fc6879b 1604 sm->pairwise_set = FALSE;
581a8cde 1605 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 1606}
1607
1608
6f9b5d16 1609int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
6fc6879b 1610{
5d22a1d5
JM		 1611 int remove_ptk = 1;
1612
6fc6879b 1613 if (sm == NULL)
6f9b5d16 1614 return -1;
6fc6879b
JM		 1615
1616 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1617 "event %d notification", event);
1618
1619 switch (event) {
1620 case WPA_AUTH:
c50d94f1
BC		 1621#ifdef CONFIG_MESH
1622 /* PTKs are derived through AMPE */
1623 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1624 /* not mesh */
1625 break;
1626 }
1627 return 0;
1628#endif /* CONFIG_MESH */
6fc6879b
JM		 1629 case WPA_ASSOC:
1630 break;
1631 case WPA_DEAUTH:
1632 case WPA_DISASSOC:
1633 sm->DeauthenticationRequest = TRUE;
1634 break;
1635 case WPA_REAUTH:
1636 case WPA_REAUTH_EAPOL:
3ab72b62
JM		 1637 if (!sm->started) {
1638 /*
1639 * When using WPS, we may end up here if the STA
1640 * manages to re-associate without the previous STA
1641 * entry getting removed. Consequently, we need to make
1642 * sure that the WPA state machines gets initialized
1643 * properly at this point.
1644 */
1645 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1646 "started - initialize now");
1647 sm->started = 1;
1648 sm->Init = TRUE;
1649 if (wpa_sm_step(sm) == 1)
1650 return 1; /* should not really happen */
1651 sm->Init = FALSE;
1652 sm->AuthenticationRequest = TRUE;
1653 break;
1654 }
9663596f
JM		 1655 if (sm->GUpdateStationKeys) {
1656 /*
1657 * Reauthentication cancels the pending group key
1658 * update for this STA.
1659 */
1660 sm->group->GKeyDoneStations--;
1661 sm->GUpdateStationKeys = FALSE;
1662 sm->PtkGroupInit = TRUE;
1663 }
6fc6879b
JM		 1664 sm->ReAuthenticationRequest = TRUE;
1665 break;
1666 case WPA_ASSOC_FT:
1667#ifdef CONFIG_IEEE80211R
81a658d7
JM		 1668 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1669 "after association");
1670 wpa_ft_install_ptk(sm);
1671
6fc6879b
JM		 1672 /* Using FT protocol, not WPA auth state machine */
1673 sm->ft_completed = 1;
6f9b5d16 1674 return 0;
6fc6879b
JM		 1675#else /* CONFIG_IEEE80211R */
1676 break;
1677#endif /* CONFIG_IEEE80211R */
1678 }
1679
1680#ifdef CONFIG_IEEE80211R
1681 sm->ft_completed = 0;
1682#endif /* CONFIG_IEEE80211R */
1683
5d22a1d5
JM		 1684#ifdef CONFIG_IEEE80211W
1685 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1686 remove_ptk = 0;
1687#endif /* CONFIG_IEEE80211W */
6fc6879b 1688
5d22a1d5
JM		 1689 if (remove_ptk) {
1690 sm->PTK_valid = FALSE;
1691 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1692
1693 if (event != WPA_REAUTH_EAPOL)
1694 wpa_remove_ptk(sm);
1695 }
6fc6879b 1696
6f9b5d16 1697 return wpa_sm_step(sm);
6fc6879b
JM		 1698}
1699
1700
6fc6879b
JM		 1701SM_STATE(WPA_PTK, INITIALIZE)
1702{
1703 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1704 if (sm->Init) {
1705 /* Init flag is not cleared here, so avoid busy
1706 * loop by claiming nothing changed. */
1707 sm->changed = FALSE;
1708 }
1709
1710 sm->keycount = 0;
1711 if (sm->GUpdateStationKeys)
1712 sm->group->GKeyDoneStations--;
1713 sm->GUpdateStationKeys = FALSE;
1714 if (sm->wpa == WPA_VERSION_WPA)
1715 sm->PInitAKeys = FALSE;
1716 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1717 * Local AA > Remote AA)) */) {
1718 sm->Pair = TRUE;
1719 }
1720 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1721 wpa_remove_ptk(sm);
1722 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1723 sm->TimeoutCtr = 0;
56586197 1724 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1725 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1726 WPA_EAPOL_authorized, 0);
1727 }
1728}
1729
1730
1731SM_STATE(WPA_PTK, DISCONNECT)
1732{
1733 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1734 sm->Disconnect = FALSE;
1735 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1736}
1737
1738
1739SM_STATE(WPA_PTK, DISCONNECTED)
1740{
1741 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1742 sm->DeauthenticationRequest = FALSE;
1743}
1744
1745
1746SM_STATE(WPA_PTK, AUTHENTICATION)
1747{
1748 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1749 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1750 sm->PTK_valid = FALSE;
1751 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1752 1);
1753 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1754 sm->AuthenticationRequest = FALSE;
1755}
1756
1757
40d00d2b
NC		 1758static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1759 struct wpa_group *group)
1bdb7ab3 1760{
40d00d2b
NC		 1761 if (group->first_sta_seen)
1762 return;
1bdb7ab3
JM		 1763 /*
1764 * System has run bit further than at the time hostapd was started
1765 * potentially very early during boot up. This provides better chances
1766 * of collecting more randomness on embedded systems. Re-initialize the
1767 * GMK and Counter here to improve their strength if there was not
1768 * enough entropy available immediately after system startup.
1769 */
1770 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1771 "station");
08704cd8
JM		 1772 if (random_pool_ready() != 1) {
1773 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1774 "to proceed - reject first 4-way handshake");
1775 group->reject_4way_hs_for_entropy = TRUE;
40d00d2b
NC		 1776 } else {
1777 group->first_sta_seen = TRUE;
1778 group->reject_4way_hs_for_entropy = FALSE;
08704cd8 1779 }
40d00d2b 1780
1bdb7ab3
JM		 1781 wpa_group_init_gmk_and_counter(wpa_auth, group);
1782 wpa_gtk_update(wpa_auth, group);
1783 wpa_group_config_group_keys(wpa_auth, group);
1784}
1785
1786
6fc6879b
JM		 1787SM_STATE(WPA_PTK, AUTHENTICATION2)
1788{
1789 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1bdb7ab3 1790
40d00d2b 1791 wpa_group_ensure_init(sm->wpa_auth, sm->group);
65a32cdb 1792 sm->ReAuthenticationRequest = FALSE;
1bdb7ab3 1793
3825a19b
JM		 1794 /*
1795 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
1796 * ambiguous. The Authenticator state machine uses a counter that is
1797 * incremented by one for each 4-way handshake. However, the security
1798 * analysis of 4-way handshake points out that unpredictable nonces
1799 * help in preventing precomputation attacks. Instead of the state
1800 * machine definition, use an unpredictable nonce value here to provide
1801 * stronger protection against potential precomputation attacks.
1802 */
1803 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1804 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
1805 "ANonce.");
65a32cdb 1806 sm->Disconnect = TRUE;
3825a19b
JM		 1807 return;
1808 }
bc8318ac
JM		 1809 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1810 WPA_NONCE_LEN);
6fc6879b
JM		 1811 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1812 * logical place than INITIALIZE since AUTHENTICATION2 can be
1813 * re-entered on ReAuthenticationRequest without going through
1814 * INITIALIZE. */
1815 sm->TimeoutCtr = 0;
1816}
1817
1818
1819SM_STATE(WPA_PTK, INITPMK)
1820{
1821 u8 msk[2 * PMK_LEN];
1822 size_t len = 2 * PMK_LEN;
1823
1824 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1825#ifdef CONFIG_IEEE80211R
1826 sm->xxkey_len = 0;
1827#endif /* CONFIG_IEEE80211R */
1828 if (sm->pmksa) {
1829 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1830 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1831 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1832 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1833 "(len=%lu)", (unsigned long) len);
1834 os_memcpy(sm->PMK, msk, PMK_LEN);
1835#ifdef CONFIG_IEEE80211R
1836 if (len >= 2 * PMK_LEN) {
1837 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1838 sm->xxkey_len = PMK_LEN;
1839 }
1840#endif /* CONFIG_IEEE80211R */
1841 } else {
1842 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1843 }
1844
1845 sm->req_replay_counter_used = 0;
1846 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1847 * will break reauthentication since EAPOL state machines may not be
1848 * get into AUTHENTICATING state that clears keyRun before WPA state
1849 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1850 * state and takes PMK from the previously used AAA Key. This will
1851 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1852 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1853 * be good workaround for this issue. */
1854 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1855}
1856
1857
1858SM_STATE(WPA_PTK, INITPSK)
1859{
1860 const u8 *psk;
1861 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
759fd76b 1862 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL);
6fc6879b
JM		 1863 if (psk) {
1864 os_memcpy(sm->PMK, psk, PMK_LEN);
1865#ifdef CONFIG_IEEE80211R
1866 os_memcpy(sm->xxkey, psk, PMK_LEN);
1867 sm->xxkey_len = PMK_LEN;
1868#endif /* CONFIG_IEEE80211R */
1869 }
1870 sm->req_replay_counter_used = 0;
1871}
1872
1873
1874SM_STATE(WPA_PTK, PTKSTART)
1875{
1876 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1877 size_t pmkid_len = 0;
1878
1879 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1880 sm->PTKRequest = FALSE;
1881 sm->TimeoutEvt = FALSE;
f23c5b17 1882 sm->alt_snonce_valid = FALSE;
bae61562
JM		 1883
1884 sm->TimeoutCtr++;
1885 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1886 /* No point in sending the EAPOL-Key - we will disconnect
1887 * immediately following this. */
1888 return;
1889 }
1890
6fc6879b
JM		 1891 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1892 "sending 1/4 msg of 4-Way Handshake");
1893 /*
1894 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1895 * one possible PSK for this STA.
1896 */
1897 if (sm->wpa == WPA_VERSION_WPA2 &&
a14896e8
JM		 1898 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1899 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
6fc6879b
JM		 1900 pmkid = buf;
1901 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1902 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1903 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1904 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
929a2ea5 1905 if (sm->pmksa) {
6fc6879b
JM		 1906 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1907 sm->pmksa->pmkid, PMKID_LEN);
929a2ea5
JM		 1908 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
1909 /* No KCK available to derive PMKID */
1910 pmkid = NULL;
1911 } else {
6fc6879b
JM		 1912 /*
1913 * Calculate PMKID since no PMKSA cache entry was
1914 * available with pre-calculated PMKID.
1915 */
1916 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
56586197
JM		 1917 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1918 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1919 }
1920 }
1921 wpa_send_eapol(sm->wpa_auth, sm,
1922 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1923 sm->ANonce, pmkid, pmkid_len, 0, 0);
6fc6879b
JM		 1924}
1925
1926
f23c5b17
JM		 1927static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
1928 const u8 *pmk, struct wpa_ptk *ptk)
6fc6879b 1929{
3b9c5176 1930 size_t ptk_len = wpa_cipher_key_len(sm->pairwise) + 32;
6fc6879b 1931#ifdef CONFIG_IEEE80211R
56586197 1932 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
c0a61908 1933 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
6fc6879b
JM		 1934#endif /* CONFIG_IEEE80211R */
1935
1936 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
f23c5b17 1937 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
c0a61908 1938 (u8 *) ptk, ptk_len,
56586197 1939 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1940
1941 return 0;
1942}
1943
1944
1945SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1946{
1947 struct wpa_ptk PTK;
1948 int ok = 0;
1949 const u8 *pmk = NULL;
1950
1951 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1952 sm->EAPOLKeyReceived = FALSE;
68921e24 1953 sm->update_snonce = FALSE;
6fc6879b
JM		 1954
1955 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1956 * WPA-PSK: iterate through possible PSKs and select the one matching
1957 * the packet */
1958 for (;;) {
56586197 1959 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
759fd76b
JM		 1960 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
1961 sm->p2p_dev_addr, pmk);
6fc6879b
JM		 1962 if (pmk == NULL)
1963 break;
1964 } else
1965 pmk = sm->PMK;
1966
f23c5b17 1967 wpa_derive_ptk(sm, sm->SNonce, pmk, &PTK);
6fc6879b 1968
929a2ea5
JM		 1969 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
1970 sm->last_rx_eapol_key,
6fc6879b
JM		 1971 sm->last_rx_eapol_key_len) == 0) {
1972 ok = 1;
1973 break;
1974 }
1975
56586197 1976 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
6fc6879b
JM		 1977 break;
1978 }
1979
1980 if (!ok) {
1981 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1982 "invalid MIC in msg 2/4 of 4-Way Handshake");
1983 return;
1984 }
1985
26e23750
JM		 1986#ifdef CONFIG_IEEE80211R
1987 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1988 /*
1989 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
1990 * with the value we derived.
1991 */
870834a1
JM		 1992 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
1993 WPA_PMK_NAME_LEN) != 0) {
26e23750
JM		 1994 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1995 "PMKR1Name mismatch in FT 4-way "
1996 "handshake");
1997 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
1998 "Supplicant",
1999 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
2000 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
2001 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2002 return;
2003 }
2004 }
2005#endif /* CONFIG_IEEE80211R */
2006
e4bf4db9 2007 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 2008 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2009
56586197 2010 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2011 /* PSK may have changed from the previous choice, so update
2012 * state machine data based on whatever PSK was selected here.
2013 */
2014 os_memcpy(sm->PMK, pmk, PMK_LEN);
2015 }
2016
2017 sm->MICVerified = TRUE;
2018
2019 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
2020 sm->PTK_valid = TRUE;
2021}
2022
2023
2024SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2025{
2026 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2027 sm->TimeoutCtr = 0;
2028}
2029
2030
2031#ifdef CONFIG_IEEE80211W
2032
2033static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2034{
2035 if (sm->mgmt_frame_prot) {
8dd9f9cd
JM		 2036 size_t len;
2037 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2038 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
6fc6879b
JM		 2039 }
2040
2041 return 0;
2042}
2043
2044
2045static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2046{
2047 struct wpa_igtk_kde igtk;
2048 struct wpa_group *gsm = sm->group;
03610ad2 2049 u8 rsc[WPA_KEY_RSC_LEN];
8dd9f9cd 2050 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
6fc6879b
JM		 2051
2052 if (!sm->mgmt_frame_prot)
2053 return pos;
2054
2055 igtk.keyid[0] = gsm->GN_igtk;
2056 igtk.keyid[1] = 0;
7b1080da 2057 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
03610ad2 2058 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
6fc6879b 2059 os_memset(igtk.pn, 0, sizeof(igtk.pn));
03610ad2
JM		 2060 else
2061 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
8dd9f9cd 2062 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
83421850
JM		 2063 if (sm->wpa_auth->conf.disable_gtk) {
2064 /*
2065 * Provide unique random IGTK to each STA to prevent use of
2066 * IGTK in the BSS.
2067 */
8dd9f9cd 2068 if (random_get_bytes(igtk.igtk, len) < 0)
83421850
JM		 2069 return pos;
2070 }
6fc6879b 2071 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
8dd9f9cd
JM		 2072 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
2073 NULL, 0);
6fc6879b
JM		 2074
2075 return pos;
2076}
2077
2078#else /* CONFIG_IEEE80211W */
2079
2080static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2081{
2082 return 0;
2083}
2084
2085
2086static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2087{
2088 return pos;
2089}
2090
2091#endif /* CONFIG_IEEE80211W */
2092
2093
2094SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
2095{
83421850 2096 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
6fc6879b
JM		 2097 size_t gtk_len, kde_len;
2098 struct wpa_group *gsm = sm->group;
2099 u8 *wpa_ie;
2100 int wpa_ie_len, secure, keyidx, encr = 0;
2101
2102 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
2103 sm->TimeoutEvt = FALSE;
bae61562
JM		 2104
2105 sm->TimeoutCtr++;
2106 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
2107 /* No point in sending the EAPOL-Key - we will disconnect
2108 * immediately following this. */
2109 return;
2110 }
2111
86dfabb8
JM		 2112 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
2113 GTK[GN], IGTK, [FTIE], [TIE * 2])
6fc6879b
JM		 2114 */
2115 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2116 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
86dfabb8 2117 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6fc6879b
JM		 2118 wpa_ie = sm->wpa_auth->wpa_ie;
2119 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
2120 if (sm->wpa == WPA_VERSION_WPA &&
2121 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
2122 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
774d4145 2123 /* WPA-only STA, remove RSN IE and possible MDIE */
6fc6879b 2124 wpa_ie = wpa_ie + wpa_ie[1] + 2;
774d4145
JM		 2125 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
2126 wpa_ie = wpa_ie + wpa_ie[1] + 2;
6fc6879b
JM		 2127 wpa_ie_len = wpa_ie[1] + 2;
2128 }
2129 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2130 "sending 3/4 msg of 4-Way Handshake");
2131 if (sm->wpa == WPA_VERSION_WPA2) {
2132 /* WPA2 send GTK in the 4-way handshake */
2133 secure = 1;
2134 gtk = gsm->GTK[gsm->GN - 1];
2135 gtk_len = gsm->GTK_len;
83421850
JM		 2136 if (sm->wpa_auth->conf.disable_gtk) {
2137 /*
2138 * Provide unique random GTK to each STA to prevent use
2139 * of GTK in the BSS.
2140 */
2141 if (random_get_bytes(dummy_gtk, gtk_len) < 0)
2142 return;
2143 gtk = dummy_gtk;
2144 }
6fc6879b
JM		 2145 keyidx = gsm->GN;
2146 _rsc = rsc;
2147 encr = 1;
2148 } else {
2149 /* WPA does not include GTK in msg 3/4 */
2150 secure = 0;
2151 gtk = NULL;
2152 gtk_len = 0;
2153 keyidx = 0;
2154 _rsc = NULL;
0d442aff
JM		 2155 if (sm->rx_eapol_key_secure) {
2156 /*
2157 * It looks like Windows 7 supplicant tries to use
2158 * Secure bit in msg 2/4 after having reported Michael
2159 * MIC failure and it then rejects the 4-way handshake
2160 * if msg 3/4 does not set Secure bit. Work around this
2161 * by setting the Secure bit here even in the case of
2162 * WPA if the supplicant used it first.
2163 */
2164 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4740d5b9
JM		 2165 "STA used Secure bit in WPA msg 2/4 - "
2166 "set Secure for 3/4 as workaround");
0d442aff
JM		 2167 secure = 1;
2168 }
6fc6879b
JM		 2169 }
2170
2171 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
2172 if (gtk)
2173 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
26e23750 2174#ifdef CONFIG_IEEE80211R
86dfabb8
JM		 2175 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2176 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
2177 kde_len += 300; /* FTIE + 2 * TIE */
2178 }
26e23750 2179#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 2180#ifdef CONFIG_P2P
2181 if (WPA_GET_BE32(sm->ip_addr) > 0)
2182 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
2183#endif /* CONFIG_P2P */
6fc6879b
JM		 2184 kde = os_malloc(kde_len);
2185 if (kde == NULL)
2186 return;
2187
2188 pos = kde;
2189 os_memcpy(pos, wpa_ie, wpa_ie_len);
2190 pos += wpa_ie_len;
26e23750
JM		 2191#ifdef CONFIG_IEEE80211R
2192 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2193 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
2194 if (res < 0) {
2195 wpa_printf(MSG_ERROR, "FT: Failed to insert "
2196 "PMKR1Name into RSN IE in EAPOL-Key data");
2197 os_free(kde);
2198 return;
2199 }
2200 pos += res;
2201 }
2202#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 2203 if (gtk) {
2204 u8 hdr[2];
2205 hdr[0] = keyidx & 0x03;
2206 hdr[1] = 0;
2207 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2208 gtk, gtk_len);
2209 }
2210 pos = ieee80211w_kde_add(sm, pos);
2211
86dfabb8
JM		 2212#ifdef CONFIG_IEEE80211R
2213 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2214 int res;
2215 struct wpa_auth_config *conf;
2216
2217 conf = &sm->wpa_auth->conf;
2218 res = wpa_write_ftie(conf, conf->r0_key_holder,
2219 conf->r0_key_holder_len,
2220 NULL, NULL, pos, kde + kde_len - pos,
2221 NULL, 0);
2222 if (res < 0) {
2223 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
2224 "into EAPOL-Key Key Data");
2225 os_free(kde);
2226 return;
2227 }
2228 pos += res;
2229
2230 /* TIE[ReassociationDeadline] (TU) */
2231 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2232 *pos++ = 5;
2233 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
2234 WPA_PUT_LE32(pos, conf->reassociation_deadline);
2235 pos += 4;
2236
2237 /* TIE[KeyLifetime] (seconds) */
2238 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2239 *pos++ = 5;
2240 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
2241 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
2242 pos += 4;
2243 }
2244#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 2245#ifdef CONFIG_P2P
2246 if (WPA_GET_BE32(sm->ip_addr) > 0) {
2247 u8 addr[3 * 4];
2248 os_memcpy(addr, sm->ip_addr, 4);
2249 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
2250 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
2251 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
2252 addr, sizeof(addr), NULL, 0);
2253 }
2254#endif /* CONFIG_P2P */
86dfabb8 2255
6fc6879b
JM		 2256 wpa_send_eapol(sm->wpa_auth, sm,
2257 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
2258 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
2259 WPA_KEY_INFO_KEY_TYPE,
2260 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
2261 os_free(kde);
6fc6879b
JM		 2262}
2263
2264
2265SM_STATE(WPA_PTK, PTKINITDONE)
2266{
2267 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
2268 sm->EAPOLKeyReceived = FALSE;
2269 if (sm->Pair) {
c3550295
JM		 2270 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
2271 int klen = wpa_cipher_key_len(sm->pairwise);
6fc6879b
JM		 2272 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2273 sm->PTK.tk1, klen)) {
2274 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2275 return;
2276 }
2277 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2278 sm->pairwise_set = TRUE;
2279
581a8cde
JM		 2280 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
2281 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2282 eloop_register_timeout(sm->wpa_auth->conf.
2283 wpa_ptk_rekey, 0, wpa_rekey_ptk,
2284 sm->wpa_auth, sm);
2285 }
2286
56586197 2287 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2288 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2289 WPA_EAPOL_authorized, 1);
2290 }
2291 }
2292
2293 if (0 /* IBSS == TRUE */) {
2294 sm->keycount++;
2295 if (sm->keycount == 2) {
2296 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2297 WPA_EAPOL_portValid, 1);
2298 }
2299 } else {
2300 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
2301 1);
2302 }
2303 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
2304 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
2305 if (sm->wpa == WPA_VERSION_WPA)
2306 sm->PInitAKeys = TRUE;
2307 else
2308 sm->has_GTK = TRUE;
2309 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2310 "pairwise key handshake completed (%s)",
2311 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2312
2313#ifdef CONFIG_IEEE80211R
2314 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
2315#endif /* CONFIG_IEEE80211R */
2316}
2317
2318
2319SM_STEP(WPA_PTK)
2320{
2321 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2322
2323 if (sm->Init)
2324 SM_ENTER(WPA_PTK, INITIALIZE);
2325 else if (sm->Disconnect
1aae01fc
BG		 2326 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
2327 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2328 "WPA_PTK: sm->Disconnect");
6fc6879b 2329 SM_ENTER(WPA_PTK, DISCONNECT);
1aae01fc 2330 }
6fc6879b
JM		 2331 else if (sm->DeauthenticationRequest)
2332 SM_ENTER(WPA_PTK, DISCONNECTED);
2333 else if (sm->AuthenticationRequest)
2334 SM_ENTER(WPA_PTK, AUTHENTICATION);
2335 else if (sm->ReAuthenticationRequest)
2336 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2337 else if (sm->PTKRequest)
2338 SM_ENTER(WPA_PTK, PTKSTART);
2339 else switch (sm->wpa_ptk_state) {
2340 case WPA_PTK_INITIALIZE:
2341 break;
2342 case WPA_PTK_DISCONNECT:
2343 SM_ENTER(WPA_PTK, DISCONNECTED);
2344 break;
2345 case WPA_PTK_DISCONNECTED:
2346 SM_ENTER(WPA_PTK, INITIALIZE);
2347 break;
2348 case WPA_PTK_AUTHENTICATION:
2349 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2350 break;
2351 case WPA_PTK_AUTHENTICATION2:
56586197 2352 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6fc6879b
JM		 2353 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2354 WPA_EAPOL_keyRun) > 0)
2355 SM_ENTER(WPA_PTK, INITPMK);
56586197 2356 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
6fc6879b
JM		 2357 /* FIX: && 802.1X::keyRun */)
2358 SM_ENTER(WPA_PTK, INITPSK);
2359 break;
2360 case WPA_PTK_INITPMK:
2361 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2362 WPA_EAPOL_keyAvailable) > 0)
2363 SM_ENTER(WPA_PTK, PTKSTART);
2364 else {
2365 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2366 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2367 "INITPMK - keyAvailable = false");
6fc6879b
JM		 2368 SM_ENTER(WPA_PTK, DISCONNECT);
2369 }
2370 break;
2371 case WPA_PTK_INITPSK:
759fd76b
JM		 2372 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
2373 NULL))
6fc6879b
JM		 2374 SM_ENTER(WPA_PTK, PTKSTART);
2375 else {
2376 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2377 "no PSK configured for the STA");
2378 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2379 SM_ENTER(WPA_PTK, DISCONNECT);
2380 }
2381 break;
2382 case WPA_PTK_PTKSTART:
2383 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2384 sm->EAPOLKeyPairwise)
2385 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2386 else if (sm->TimeoutCtr >
2387 (int) dot11RSNAConfigPairwiseUpdateCount) {
2388 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2389 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2390 "PTKSTART: Retry limit %d reached",
2391 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2392 SM_ENTER(WPA_PTK, DISCONNECT);
2393 } else if (sm->TimeoutEvt)
2394 SM_ENTER(WPA_PTK, PTKSTART);
2395 break;
2396 case WPA_PTK_PTKCALCNEGOTIATING:
2397 if (sm->MICVerified)
2398 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2399 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2400 sm->EAPOLKeyPairwise)
2401 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2402 else if (sm->TimeoutEvt)
2403 SM_ENTER(WPA_PTK, PTKSTART);
2404 break;
2405 case WPA_PTK_PTKCALCNEGOTIATING2:
2406 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2407 break;
2408 case WPA_PTK_PTKINITNEGOTIATING:
68921e24
JM		 2409 if (sm->update_snonce)
2410 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2411 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2412 sm->EAPOLKeyPairwise && sm->MICVerified)
6fc6879b
JM		 2413 SM_ENTER(WPA_PTK, PTKINITDONE);
2414 else if (sm->TimeoutCtr >
2415 (int) dot11RSNAConfigPairwiseUpdateCount) {
2416 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2417 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2418 "PTKINITNEGOTIATING: Retry limit %d "
2419 "reached",
2420 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2421 SM_ENTER(WPA_PTK, DISCONNECT);
2422 } else if (sm->TimeoutEvt)
2423 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2424 break;
2425 case WPA_PTK_PTKINITDONE:
2426 break;
2427 }
2428}
2429
2430
2431SM_STATE(WPA_PTK_GROUP, IDLE)
2432{
2433 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2434 if (sm->Init) {
2435 /* Init flag is not cleared here, so avoid busy
2436 * loop by claiming nothing changed. */
2437 sm->changed = FALSE;
2438 }
2439 sm->GTimeoutCtr = 0;
2440}
2441
2442
2443SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2444{
2445 u8 rsc[WPA_KEY_RSC_LEN];
2446 struct wpa_group *gsm = sm->group;
e41e4f9e
JM		 2447 const u8 *kde;
2448 u8 *kde_buf = NULL, *pos, hdr[2];
6fc6879b 2449 size_t kde_len;
83421850 2450 u8 *gtk, dummy_gtk[32];
6fc6879b
JM		 2451
2452 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
bae61562
JM		 2453
2454 sm->GTimeoutCtr++;
2455 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2456 /* No point in sending the EAPOL-Key - we will disconnect
2457 * immediately following this. */
2458 return;
2459 }
2460
6fc6879b
JM		 2461 if (sm->wpa == WPA_VERSION_WPA)
2462 sm->PInitAKeys = FALSE;
2463 sm->TimeoutEvt = FALSE;
2464 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2465 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2466 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2467 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2468 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2469 "sending 1/2 msg of Group Key Handshake");
2470
83421850
JM		 2471 gtk = gsm->GTK[gsm->GN - 1];
2472 if (sm->wpa_auth->conf.disable_gtk) {
2473 /*
2474 * Provide unique random GTK to each STA to prevent use
2475 * of GTK in the BSS.
2476 */
2477 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
2478 return;
2479 gtk = dummy_gtk;
2480 }
6fc6879b
JM		 2481 if (sm->wpa == WPA_VERSION_WPA2) {
2482 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2483 ieee80211w_kde_len(sm);
e41e4f9e
JM		 2484 kde_buf = os_malloc(kde_len);
2485 if (kde_buf == NULL)
6fc6879b
JM		 2486 return;
2487
e41e4f9e 2488 kde = pos = kde_buf;
6fc6879b
JM		 2489 hdr[0] = gsm->GN & 0x03;
2490 hdr[1] = 0;
2491 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
83421850 2492 gtk, gsm->GTK_len);
6fc6879b 2493 pos = ieee80211w_kde_add(sm, pos);
e41e4f9e 2494 kde_len = pos - kde;
6fc6879b 2495 } else {
83421850 2496 kde = gtk;
e41e4f9e 2497 kde_len = gsm->GTK_len;
6fc6879b
JM		 2498 }
2499
2500 wpa_send_eapol(sm->wpa_auth, sm,
2501 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
2502 WPA_KEY_INFO_ACK |
2503 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
e41e4f9e
JM		 2504 rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1);
2505
2506 os_free(kde_buf);
6fc6879b
JM		 2507}
2508
2509
2510SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2511{
2512 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2513 sm->EAPOLKeyReceived = FALSE;
2514 if (sm->GUpdateStationKeys)
2515 sm->group->GKeyDoneStations--;
2516 sm->GUpdateStationKeys = FALSE;
2517 sm->GTimeoutCtr = 0;
2518 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2519 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2520 "group key handshake completed (%s)",
2521 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2522 sm->has_GTK = TRUE;
2523}
2524
2525
2526SM_STATE(WPA_PTK_GROUP, KEYERROR)
2527{
2528 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2529 if (sm->GUpdateStationKeys)
2530 sm->group->GKeyDoneStations--;
2531 sm->GUpdateStationKeys = FALSE;
2532 sm->Disconnect = TRUE;
2533}
2534
2535
2536SM_STEP(WPA_PTK_GROUP)
2537{
9663596f 2538 if (sm->Init || sm->PtkGroupInit) {
6fc6879b 2539 SM_ENTER(WPA_PTK_GROUP, IDLE);
9663596f
JM		 2540 sm->PtkGroupInit = FALSE;
2541 } else switch (sm->wpa_ptk_group_state) {
6fc6879b
JM		 2542 case WPA_PTK_GROUP_IDLE:
2543 if (sm->GUpdateStationKeys ||
2544 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2545 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2546 break;
2547 case WPA_PTK_GROUP_REKEYNEGOTIATING:
2548 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2549 !sm->EAPOLKeyPairwise && sm->MICVerified)
2550 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2551 else if (sm->GTimeoutCtr >
2552 (int) dot11RSNAConfigGroupUpdateCount)
2553 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2554 else if (sm->TimeoutEvt)
2555 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2556 break;
2557 case WPA_PTK_GROUP_KEYERROR:
2558 SM_ENTER(WPA_PTK_GROUP, IDLE);
2559 break;
2560 case WPA_PTK_GROUP_REKEYESTABLISHED:
2561 SM_ENTER(WPA_PTK_GROUP, IDLE);
2562 break;
2563 }
2564}
2565
2566
2567static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2568 struct wpa_group *group)
2569{
2570 int ret = 0;
2571
6fc6879b
JM		 2572 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2573 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2574 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2575 wpa_auth->addr, group->GNonce,
2576 group->GTK[group->GN - 1], group->GTK_len) < 0)
2577 ret = -1;
5cb9d5c3
JM		 2578 wpa_hexdump_key(MSG_DEBUG, "GTK",
2579 group->GTK[group->GN - 1], group->GTK_len);
6fc6879b
JM		 2580
2581#ifdef CONFIG_IEEE80211W
70f8cc8e 2582 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
8dd9f9cd
JM		 2583 size_t len;
2584 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
5cb9d5c3
JM		 2585 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2586 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2587 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2588 wpa_auth->addr, group->GNonce,
8dd9f9cd 2589 group->IGTK[group->GN_igtk - 4], len) < 0)
3c7302c2 2590 ret = -1;
6fc6879b 2591 wpa_hexdump_key(MSG_DEBUG, "IGTK",
8dd9f9cd 2592 group->IGTK[group->GN_igtk - 4], len);
6fc6879b
JM		 2593 }
2594#endif /* CONFIG_IEEE80211W */
2595
2596 return ret;
2597}
2598
2599
2600static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2601 struct wpa_group *group)
2602{
2603 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2604 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2605 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2606 group->wpa_group_state = WPA_GROUP_GTK_INIT;
2607
2608 /* GTK[0..N] = 0 */
2609 os_memset(group->GTK, 0, sizeof(group->GTK));
2610 group->GN = 1;
2611 group->GM = 2;
2612#ifdef CONFIG_IEEE80211W
2613 group->GN_igtk = 4;
2614 group->GM_igtk = 5;
2615#endif /* CONFIG_IEEE80211W */
2616 /* GTK[GN] = CalcGTK() */
2617 wpa_gtk_update(wpa_auth, group);
2618}
2619
2620
2621static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2622{
473b6f22
MB		 2623 if (ctx != NULL && ctx != sm->group)
2624 return 0;
2625
6fc6879b
JM		 2626 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2627 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2628 "Not in PTKINITDONE; skip Group Key update");
3c183894 2629 sm->GUpdateStationKeys = FALSE;
6fc6879b
JM		 2630 return 0;
2631 }
9663596f
JM		 2632 if (sm->GUpdateStationKeys) {
2633 /*
3c183894
JM		 2634 * This should not really happen, so add a debug log entry.
2635 * Since we clear the GKeyDoneStations before the loop, the
2636 * station needs to be counted here anyway.
9663596f
JM		 2637 */
2638 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3c183894
JM		 2639 "GUpdateStationKeys was already set when "
2640 "marking station for GTK rekeying");
9663596f 2641 }
3c183894 2642
ad3872a3 2643 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
d32d94db
XC		 2644 if (sm->is_wnmsleep)
2645 return 0;
d32d94db 2646
3c183894
JM		 2647 sm->group->GKeyDoneStations++;
2648 sm->GUpdateStationKeys = TRUE;
2649
6fc6879b
JM		 2650 wpa_sm_step(sm);
2651 return 0;
2652}
2653
2654
ad3872a3
JM		 2655#ifdef CONFIG_WNM
2656/* update GTK when exiting WNM-Sleep Mode */
d32d94db
XC		 2657void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
2658{
629edfef 2659 if (sm == NULL || sm->is_wnmsleep)
d32d94db
XC		 2660 return;
2661
2662 wpa_group_update_sta(sm, NULL);
2663}
2664
2665
2666void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
2667{
629edfef
JM		 2668 if (sm)
2669 sm->is_wnmsleep = !!flag;
d32d94db
XC		 2670}
2671
2672
2673int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2674{
d32d94db 2675 struct wpa_group *gsm = sm->group;
835822d4 2676 u8 *start = pos;
d32d94db
XC		 2677
2678 /*
835822d4 2679 * GTK subelement:
d32d94db 2680 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
835822d4 2681 * Key[5..32]
d32d94db 2682 */
835822d4
JM		 2683 *pos++ = WNM_SLEEP_SUBELEM_GTK;
2684 *pos++ = 11 + gsm->GTK_len;
d32d94db 2685 /* Key ID in B0-B1 of Key Info */
835822d4
JM		 2686 WPA_PUT_LE16(pos, gsm->GN & 0x03);
2687 pos += 2;
2688 *pos++ = gsm->GTK_len;
2689 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
d32d94db 2690 return 0;
835822d4
JM		 2691 pos += 8;
2692 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2693 pos += gsm->GTK_len;
d32d94db 2694
835822d4
JM		 2695 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
2696 gsm->GN);
2697 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
d32d94db 2698 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
d32d94db 2699
835822d4 2700 return pos - start;
d32d94db
XC		 2701}
2702
2703
2704#ifdef CONFIG_IEEE80211W
2705int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2706{
d32d94db 2707 struct wpa_group *gsm = sm->group;
835822d4 2708 u8 *start = pos;
8dd9f9cd 2709 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
d32d94db 2710
835822d4
JM		 2711 /*
2712 * IGTK subelement:
2713 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
2714 */
2715 *pos++ = WNM_SLEEP_SUBELEM_IGTK;
8dd9f9cd 2716 *pos++ = 2 + 6 + len;
835822d4
JM		 2717 WPA_PUT_LE16(pos, gsm->GN_igtk);
2718 pos += 2;
2719 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
d32d94db 2720 return 0;
835822d4 2721 pos += 6;
d32d94db 2722
8dd9f9cd
JM		 2723 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
2724 pos += len;
d32d94db 2725
835822d4
JM		 2726 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
2727 gsm->GN_igtk);
2728 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
8dd9f9cd 2729 gsm->IGTK[gsm->GN_igtk - 4], len);
d32d94db 2730
835822d4 2731 return pos - start;
d32d94db
XC		 2732}
2733#endif /* CONFIG_IEEE80211W */
ad3872a3 2734#endif /* CONFIG_WNM */
d32d94db
XC		 2735
2736
6fc6879b
JM		 2737static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2738 struct wpa_group *group)
2739{
2740 int tmp;
2741
2742 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2743 "SETKEYS (VLAN-ID %d)", group->vlan_id);
2744 group->changed = TRUE;
2745 group->wpa_group_state = WPA_GROUP_SETKEYS;
2746 group->GTKReKey = FALSE;
2747 tmp = group->GM;
2748 group->GM = group->GN;
2749 group->GN = tmp;
2750#ifdef CONFIG_IEEE80211W
2751 tmp = group->GM_igtk;
2752 group->GM_igtk = group->GN_igtk;
2753 group->GN_igtk = tmp;
2754#endif /* CONFIG_IEEE80211W */
2755 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2756 * counting the STAs that are marked with GUpdateStationKeys instead of
2757 * including all STAs that could be in not-yet-completed state. */
2758 wpa_gtk_update(wpa_auth, group);
2759
3c183894
JM		 2760 if (group->GKeyDoneStations) {
2761 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
2762 "GKeyDoneStations=%d when starting new GTK rekey",
2763 group->GKeyDoneStations);
2764 group->GKeyDoneStations = 0;
2765 }
473b6f22 2766 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
6fc6879b
JM		 2767 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2768 group->GKeyDoneStations);
2769}
2770
2771
1bdb7ab3
JM		 2772static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
2773 struct wpa_group *group)
6fc6879b 2774{
3c7302c2
JM		 2775 int ret = 0;
2776
3c7302c2 2777 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
c3550295 2778 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
0382097e
JM		 2779 broadcast_ether_addr, group->GN,
2780 group->GTK[group->GN - 1], group->GTK_len) < 0)
3c7302c2 2781 ret = -1;
6fc6879b
JM		 2782
2783#ifdef CONFIG_IEEE80211W
8dd9f9cd
JM		 2784 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2785 enum wpa_alg alg;
2786 size_t len;
2787
2788 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
2789 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2790
2791 if (ret == 0 &&
2792 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
2793 broadcast_ether_addr, group->GN_igtk,
2794 group->IGTK[group->GN_igtk - 4], len) < 0)
2795 ret = -1;
2796 }
6fc6879b 2797#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 2798
2799 return ret;
6fc6879b
JM		 2800}
2801
2802
7d7f7be2
JM		 2803static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
2804{
2805 if (sm->group == ctx) {
2806 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
2807 " for discconnection due to fatal failure",
2808 MAC2STR(sm->addr));
2809 sm->Disconnect = TRUE;
2810 }
2811
2812 return 0;
2813}
2814
2815
2816static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
2817 struct wpa_group *group)
2818{
2819 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
2820 group->changed = TRUE;
2821 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
2822 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
2823}
2824
2825
1bdb7ab3
JM		 2826static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2827 struct wpa_group *group)
2828{
2829 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2830 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2831 group->changed = TRUE;
2832 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2833
7d7f7be2
JM		 2834 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
2835 wpa_group_fatal_failure(wpa_auth, group);
1bdb7ab3 2836 return -1;
7d7f7be2 2837 }
1bdb7ab3
JM		 2838
2839 return 0;
2840}
2841
2842
6fc6879b
JM		 2843static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2844 struct wpa_group *group)
2845{
2846 if (group->GInit) {
2847 wpa_group_gtk_init(wpa_auth, group);
7d7f7be2
JM		 2848 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
2849 /* Do not allow group operations */
6fc6879b
JM		 2850 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2851 group->GTKAuthenticator) {
2852 wpa_group_setkeysdone(wpa_auth, group);
2853 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2854 group->GTKReKey) {
2855 wpa_group_setkeys(wpa_auth, group);
2856 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2857 if (group->GKeyDoneStations == 0)
2858 wpa_group_setkeysdone(wpa_auth, group);
2859 else if (group->GTKReKey)
2860 wpa_group_setkeys(wpa_auth, group);
2861 }
2862}
2863
2864
e4a6ea1d 2865static int wpa_sm_step(struct wpa_state_machine *sm)
6fc6879b
JM		 2866{
2867 if (sm == NULL)
e4a6ea1d 2868 return 0;
6fc6879b
JM		 2869
2870 if (sm->in_step_loop) {
2871 /* This should not happen, but if it does, make sure we do not
2872 * end up freeing the state machine too early by exiting the
2873 * recursive call. */
2874 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
e4a6ea1d 2875 return 0;
6fc6879b
JM		 2876 }
2877
2878 sm->in_step_loop = 1;
2879 do {
2880 if (sm->pending_deinit)
2881 break;
2882
2883 sm->changed = FALSE;
2884 sm->wpa_auth->group->changed = FALSE;
2885
2886 SM_STEP_RUN(WPA_PTK);
2887 if (sm->pending_deinit)
2888 break;
2889 SM_STEP_RUN(WPA_PTK_GROUP);
2890 if (sm->pending_deinit)
2891 break;
2892 wpa_group_sm_step(sm->wpa_auth, sm->group);
2893 } while (sm->changed || sm->wpa_auth->group->changed);
2894 sm->in_step_loop = 0;
2895
2896 if (sm->pending_deinit) {
2897 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2898 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2899 wpa_free_sta_sm(sm);
e4a6ea1d 2900 return 1;
6fc6879b 2901 }
e4a6ea1d 2902 return 0;
6fc6879b
JM		 2903}
2904
2905
2906static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2907{
2908 struct wpa_state_machine *sm = eloop_ctx;
2909 wpa_sm_step(sm);
2910}
2911
2912
2913void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2914{
2915 if (sm == NULL)
2916 return;
2917 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2918}
2919
2920
2921void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2922{
2923 int tmp, i;
2924 struct wpa_group *group;
2925
2926 if (wpa_auth == NULL)
2927 return;
2928
2929 group = wpa_auth->group;
2930
2931 for (i = 0; i < 2; i++) {
2932 tmp = group->GM;
2933 group->GM = group->GN;
2934 group->GN = tmp;
2935#ifdef CONFIG_IEEE80211W
2936 tmp = group->GM_igtk;
2937 group->GM_igtk = group->GN_igtk;
2938 group->GN_igtk = tmp;
2939#endif /* CONFIG_IEEE80211W */
2940 wpa_gtk_update(wpa_auth, group);
9354e594 2941 wpa_group_config_group_keys(wpa_auth, group);
6fc6879b
JM		 2942 }
2943}
2944
2945
2946static const char * wpa_bool_txt(int bool)
2947{
2948 return bool ? "TRUE" : "FALSE";
2949}
2950
2951
6fc6879b
JM		 2952#define RSN_SUITE "%02x-%02x-%02x-%d"
2953#define RSN_SUITE_ARG(s) \
2954((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2955
2956int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2957{
2958 int len = 0, ret;
2959 char pmkid_txt[PMKID_LEN * 2 + 1];
8ce58ceb
IH		 2960#ifdef CONFIG_RSN_PREAUTH
2961 const int preauth = 1;
2962#else /* CONFIG_RSN_PREAUTH */
2963 const int preauth = 0;
2964#endif /* CONFIG_RSN_PREAUTH */
6fc6879b
JM		 2965
2966 if (wpa_auth == NULL)
2967 return len;
2968
2969 ret = os_snprintf(buf + len, buflen - len,
2970 "dot11RSNAOptionImplemented=TRUE\n"
8ce58ceb 2971 "dot11RSNAPreauthenticationImplemented=%s\n"
6fc6879b
JM		 2972 "dot11RSNAEnabled=%s\n"
2973 "dot11RSNAPreauthenticationEnabled=%s\n",
8ce58ceb 2974 wpa_bool_txt(preauth),
6fc6879b
JM		 2975 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2976 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
d85e1fc8 2977 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 2978 return len;
2979 len += ret;
2980
2981 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2982 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2983
2984 ret = os_snprintf(
2985 buf + len, buflen - len,
2986 "dot11RSNAConfigVersion=%u\n"
2987 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2988 /* FIX: dot11RSNAConfigGroupCipher */
2989 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2990 /* FIX: dot11RSNAConfigGroupRekeyTime */
2991 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2992 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2993 "dot11RSNAConfigGroupUpdateCount=%u\n"
2994 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2995 "dot11RSNAConfigGroupCipherSize=%u\n"
2996 "dot11RSNAConfigPMKLifetime=%u\n"
2997 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2998 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2999 "dot11RSNAConfigSATimeout=%u\n"
3000 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3001 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3002 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3003 "dot11RSNAPMKIDUsed=%s\n"
3004 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3005 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3006 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3007 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
3008 "dot11RSNA4WayHandshakeFailures=%u\n"
3009 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
3010 RSN_VERSION,
3011 !!wpa_auth->conf.wpa_strict_rekey,
3012 dot11RSNAConfigGroupUpdateCount,
3013 dot11RSNAConfigPairwiseUpdateCount,
c3550295 3014 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
6fc6879b
JM		 3015 dot11RSNAConfigPMKLifetime,
3016 dot11RSNAConfigPMKReauthThreshold,
3017 dot11RSNAConfigSATimeout,
3018 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
3019 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
3020 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
3021 pmkid_txt,
3022 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
3023 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
3024 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
3025 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
3026 wpa_auth->dot11RSNA4WayHandshakeFailures);
d85e1fc8 3027 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3028 return len;
3029 len += ret;
3030
3031 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
3032 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
3033
3034 /* Private MIB */
3035 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
3036 wpa_auth->group->wpa_group_state);
d85e1fc8 3037 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3038 return len;
3039 len += ret;
3040
3041 return len;
3042}
3043
3044
3045int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
3046{
3047 int len = 0, ret;
3048 u32 pairwise = 0;
3049
3050 if (sm == NULL)
3051 return 0;
3052
3053 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
3054
3055 /* dot11RSNAStatsEntry */
3056
c3550295
JM		 3057 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
3058 WPA_PROTO_RSN : WPA_PROTO_WPA,
3059 sm->pairwise);
3060 if (pairwise == 0)
6fc6879b
JM		 3061 return 0;
3062
3063 ret = os_snprintf(
3064 buf + len, buflen - len,
3065 /* TODO: dot11RSNAStatsIndex */
3066 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
3067 "dot11RSNAStatsVersion=1\n"
3068 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
3069 /* TODO: dot11RSNAStatsTKIPICVErrors */
3070 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
d9040cdb 3071 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
6fc6879b
JM		 3072 /* TODO: dot11RSNAStatsCCMPReplays */
3073 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
3074 /* TODO: dot11RSNAStatsTKIPReplays */,
3075 MAC2STR(sm->addr),
3076 RSN_SUITE_ARG(pairwise),
3077 sm->dot11RSNAStatsTKIPLocalMICFailures,
3078 sm->dot11RSNAStatsTKIPRemoteMICFailures);
d85e1fc8 3079 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3080 return len;
3081 len += ret;
3082
3083 /* Private MIB */
3084 ret = os_snprintf(buf + len, buflen - len,
3085 "hostapdWPAPTKState=%d\n"
3086 "hostapdWPAPTKGroupState=%d\n",
3087 sm->wpa_ptk_state,
3088 sm->wpa_ptk_group_state);
d85e1fc8 3089 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3090 return len;
3091 len += ret;
3092
3093 return len;
3094}
3095
3096
3097void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
3098{
3099 if (wpa_auth)
3100 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
3101}
3102
3103
3104int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
3105{
3106 return sm && sm->pairwise_set;
3107}
3108
3109
ff36ff00
JM		 3110int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
3111{
3112 return sm->pairwise;
3113}
3114
3115
6fc6879b
JM		 3116int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
3117{
3118 if (sm == NULL)
3119 return -1;
3120 return sm->wpa_key_mgmt;
3121}
3122
3123
3124int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3125{
3126 if (sm == NULL)
3127 return 0;
3128 return sm->wpa;
3129}
3130
3131
3132int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3133 struct rsn_pmksa_cache_entry *entry)
3134{
3135 if (sm == NULL || sm->pmksa != entry)
3136 return -1;
3137 sm->pmksa = NULL;
3138 return 0;
3139}
3140
3141
3142struct rsn_pmksa_cache_entry *
3143wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3144{
3145 return sm ? sm->pmksa : NULL;
3146}
3147
3148
3149void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
3150{
3151 if (sm)
3152 sm->dot11RSNAStatsTKIPLocalMICFailures++;
3153}
3154
3155
3156const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
3157{
3158 if (wpa_auth == NULL)
3159 return NULL;
3160 *len = wpa_auth->wpa_ie_len;
3161 return wpa_auth->wpa_ie;
3162}
3163
3164
3165int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
3166 int session_timeout, struct eapol_state_machine *eapol)
3167{
cb465555
JM		 3168 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
3169 sm->wpa_auth->conf.disable_pmksa_caching)
6fc6879b
JM		 3170 return -1;
3171
4bb081f1 3172 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
087a1f4e 3173 sm->PTK.kck, sizeof(sm->PTK.kck),
4bb081f1
JM		 3174 sm->wpa_auth->addr, sm->addr, session_timeout,
3175 eapol, sm->wpa_key_mgmt))
6fc6879b
JM		 3176 return 0;
3177
3178 return -1;
3179}
3180
3181
3182int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
3183 const u8 *pmk, size_t len, const u8 *sta_addr,
3184 int session_timeout,
3185 struct eapol_state_machine *eapol)
3186{
3187 if (wpa_auth == NULL)
3188 return -1;
3189
087a1f4e
JM		 3190 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len,
3191 NULL, 0,
3192 wpa_auth->addr,
4bb081f1
JM		 3193 sta_addr, session_timeout, eapol,
3194 WPA_KEY_MGMT_IEEE8021X))
6fc6879b
JM		 3195 return 0;
3196
3197 return -1;
3198}
3199
3200
f2991170
JM		 3201int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
3202 const u8 *pmk)
3203{
3204 if (wpa_auth->conf.disable_pmksa_caching)
3205 return -1;
3206
3207 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN,
087a1f4e 3208 NULL, 0,
f2991170
JM		 3209 wpa_auth->addr, addr, 0, NULL,
3210 WPA_KEY_MGMT_SAE))
3211 return 0;
3212
3213 return -1;
3214}
3215
3216
901d1fe1
JM		 3217void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
3218 const u8 *sta_addr)
3219{
3220 struct rsn_pmksa_cache_entry *pmksa;
3221
3222 if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
3223 return;
3224 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3225 if (pmksa) {
3226 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
3227 MACSTR " based on request", MAC2STR(sta_addr));
3228 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
3229 }
3230}
3231
3232
6fc6879b
JM		 3233static struct wpa_group *
3234wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3235{
3236 struct wpa_group *group;
3237
3238 if (wpa_auth == NULL || wpa_auth->group == NULL)
3239 return NULL;
3240
3241 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
3242 vlan_id);
bdffdc5d 3243 group = wpa_group_init(wpa_auth, vlan_id, 0);
6fc6879b
JM		 3244 if (group == NULL)
3245 return NULL;
3246
3247 group->next = wpa_auth->group->next;
3248 wpa_auth->group->next = group;
3249
3250 return group;
3251}
3252
3253
3254int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
3255{
3256 struct wpa_group *group;
3257
3258 if (sm == NULL || sm->wpa_auth == NULL)
3259 return 0;
3260
3261 group = sm->wpa_auth->group;
3262 while (group) {
3263 if (group->vlan_id == vlan_id)
3264 break;
3265 group = group->next;
3266 }
3267
3268 if (group == NULL) {
3269 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
3270 if (group == NULL)
3271 return -1;
3272 }
3273
3274 if (sm->group == group)
3275 return 0;
3276
7d7f7be2
JM		 3277 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3278 return -1;
3279
6fc6879b
JM		 3280 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
3281 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
3282
3283 sm->group = group;
3284 return 0;
3285}
e4bf4db9
JM		 3286
3287
3288void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
3289 struct wpa_state_machine *sm, int ack)
3290{
3291 if (wpa_auth == NULL || sm == NULL)
3292 return;
3293 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
3294 " ack=%d", MAC2STR(sm->addr), ack);
3295 if (sm->pending_1_of_4_timeout && ack) {
3296 /*
3297 * Some deployed supplicant implementations update their SNonce
3298 * for each EAPOL-Key 2/4 message even within the same 4-way
3299 * handshake and then fail to use the first SNonce when
3300 * deriving the PTK. This results in unsuccessful 4-way
3301 * handshake whenever the relatively short initial timeout is
3302 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
3303 * around this by increasing the timeout now that we know that
3304 * the station has received the frame.
3305 */
3306 int timeout_ms = eapol_key_timeout_subseq;
3307 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
3308 "timeout by %u ms because of acknowledged frame",
3309 timeout_ms);
3310 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
3311 eloop_register_timeout(timeout_ms / 1000,
3312 (timeout_ms % 1000) * 1000,
3313 wpa_send_eapol_timeout, wpa_auth, sm);
3314 }
3315}
c10347f2
JM		 3316
3317
3318int wpa_auth_uses_sae(struct wpa_state_machine *sm)
3319{
3320 if (sm == NULL)
3321 return 0;
3322 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
3323}
aa189ac9
JM		 3324
3325
3326int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
3327{
3328 if (sm == NULL)
3329 return 0;
3330 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
3331}
25ef8529
JM		 3332
3333
3334#ifdef CONFIG_P2P
3335int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
3336{
3337 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
3338 return -1;
3339 os_memcpy(addr, sm->ip_addr, 4);
3340 return 0;
3341}
3342#endif /* CONFIG_P2P */
cbc210de
JM		 3343
3344
3345int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
3346 struct radius_das_attrs *attr)
3347{
3348 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
3349}
Unnamed repository; edit this file 'description' to name the repository.