]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
nl80211: Configure PMKSA lifetime and reauth threshold timer to driver
[thirdparty/hostap.git] / src / ap / wpa_auth.c
CommitLineData
6fc6879b 1/*
00338a4f 2 * IEEE 802.11 RSN / WPA Authenticator
bb05d036 3 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
6fc6879b 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
6fc6879b
JM		 7 */
8
6226e38d 9#include "utils/includes.h"
6fc6879b 10
6226e38d
JM		 11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/state_machine.h"
25ef8529 14#include "utils/bitfield.h"
81f4f619 15#include "common/ieee802_11_defs.h"
17c2559c 16#include "common/ocv.h"
3b5b7aa8 17#include "crypto/aes.h"
03da66bd 18#include "crypto/aes_wrap.h"
3b5b7aa8 19#include "crypto/aes_siv.h"
03da66bd
JM		 20#include "crypto/crypto.h"
21#include "crypto/sha1.h"
22#include "crypto/sha256.h"
c6eb3e34 23#include "crypto/sha384.h"
3642c431 24#include "crypto/random.h"
281c950b 25#include "eapol_auth/eapol_auth_sm.h"
17c2559c 26#include "drivers/driver.h"
6226e38d 27#include "ap_config.h"
6fc6879b 28#include "ieee802_11.h"
6226e38d
JM		 29#include "wpa_auth.h"
30#include "pmksa_cache_auth.h"
6fc6879b
JM		 31#include "wpa_auth_i.h"
32#include "wpa_auth_ie.h"
33
34#define STATE_MACHINE_DATA struct wpa_state_machine
35#define STATE_MACHINE_DEBUG_PREFIX "WPA"
36#define STATE_MACHINE_ADDR sm->addr
37
38
39static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
e4a6ea1d 40static int wpa_sm_step(struct wpa_state_machine *sm);
567da5bb
JM		 41static int wpa_verify_key_mic(int akmp, size_t pmk_len, struct wpa_ptk *PTK,
42 u8 *data, size_t data_len);
75c8563e
JM		 43#ifdef CONFIG_FILS
44static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
45 u8 *buf, size_t buf_len, u16 *_key_data_len);
9392859d
JM		 46static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm,
47 const struct wpabuf *hlp);
75c8563e 48#endif /* CONFIG_FILS */
6fc6879b
JM		 49static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
50static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
51 struct wpa_group *group);
581a8cde 52static void wpa_request_new_ptk(struct wpa_state_machine *sm);
e6965d4e
JM		 53static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
54 struct wpa_group *group);
1bdb7ab3
JM		 55static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
56 struct wpa_group *group);
f23c5b17 57static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
207976f0 58 const u8 *pmk, unsigned int pmk_len,
65a44e84 59 struct wpa_ptk *ptk, int force_sha256);
a0ad9e8c
MB		 60static void wpa_group_free(struct wpa_authenticator *wpa_auth,
61 struct wpa_group *group);
62static void wpa_group_get(struct wpa_authenticator *wpa_auth,
63 struct wpa_group *group);
64static void wpa_group_put(struct wpa_authenticator *wpa_auth,
65 struct wpa_group *group);
16889aff 66static int ieee80211w_kde_len(struct wpa_state_machine *sm);
e73ffa09 67static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos);
6fc6879b 68
bae61562
JM		 69static const u32 eapol_key_timeout_first = 100; /* ms */
70static const u32 eapol_key_timeout_subseq = 1000; /* ms */
00338a4f 71static const u32 eapol_key_timeout_first_group = 500; /* ms */
6f234c1e 72static const u32 eapol_key_timeout_no_retrans = 4000; /* ms */
6fc6879b
JM		 73
74/* TODO: make these configurable */
75static const int dot11RSNAConfigPMKLifetime = 43200;
76static const int dot11RSNAConfigPMKReauthThreshold = 70;
77static const int dot11RSNAConfigSATimeout = 60;
78
79
c772d054 80static inline int wpa_auth_mic_failure_report(
6fc6879b
JM		 81 struct wpa_authenticator *wpa_auth, const u8 *addr)
82{
cef8fac0
JB		 83 if (wpa_auth->cb->mic_failure_report)
84 return wpa_auth->cb->mic_failure_report(wpa_auth->cb_ctx, addr);
c772d054 85 return 0;
6fc6879b
JM		 86}
87
88
2c502460
JM		 89static inline void wpa_auth_psk_failure_report(
90 struct wpa_authenticator *wpa_auth, const u8 *addr)
91{
cef8fac0
JB		 92 if (wpa_auth->cb->psk_failure_report)
93 wpa_auth->cb->psk_failure_report(wpa_auth->cb_ctx, addr);
2c502460
JM		 94}
95
96
6fc6879b
JM		 97static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
98 const u8 *addr, wpa_eapol_variable var,
99 int value)
100{
cef8fac0
JB		 101 if (wpa_auth->cb->set_eapol)
102 wpa_auth->cb->set_eapol(wpa_auth->cb_ctx, addr, var, value);
6fc6879b
JM		 103}
104
105
106static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
107 const u8 *addr, wpa_eapol_variable var)
108{
cef8fac0 109 if (wpa_auth->cb->get_eapol == NULL)
6fc6879b 110 return -1;
cef8fac0 111 return wpa_auth->cb->get_eapol(wpa_auth->cb_ctx, addr, var);
6fc6879b
JM		 112}
113
114
115static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
759fd76b
JM		 116 const u8 *addr,
117 const u8 *p2p_dev_addr,
dbfa691d
JM		 118 const u8 *prev_psk, size_t *psk_len,
119 int *vlan_id)
6fc6879b 120{
cef8fac0 121 if (wpa_auth->cb->get_psk == NULL)
6fc6879b 122 return NULL;
cef8fac0 123 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
dbfa691d 124 prev_psk, psk_len, vlan_id);
6fc6879b
JM		 125}
126
127
128static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
129 const u8 *addr, u8 *msk, size_t *len)
130{
cef8fac0 131 if (wpa_auth->cb->get_msk == NULL)
6fc6879b 132 return -1;
cef8fac0 133 return wpa_auth->cb->get_msk(wpa_auth->cb_ctx, addr, msk, len);
6fc6879b
JM		 134}
135
136
137static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
138 int vlan_id,
71934751 139 enum wpa_alg alg, const u8 *addr, int idx,
a919a260
AW		 140 u8 *key, size_t key_len,
141 enum key_flag key_flag)
6fc6879b 142{
cef8fac0 143 if (wpa_auth->cb->set_key == NULL)
6fc6879b 144 return -1;
cef8fac0 145 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
a919a260 146 key, key_len, key_flag);
6fc6879b
JM		 147}
148
149
150static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
151 const u8 *addr, int idx, u8 *seq)
152{
8d84c75f
JM		 153 int res;
154
cef8fac0 155 if (wpa_auth->cb->get_seqnum == NULL)
6fc6879b 156 return -1;
8d84c75f
JM		 157 res = wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
158#ifdef CONFIG_TESTING_OPTIONS
159 if (!addr && idx < 4 && wpa_auth->conf.gtk_rsc_override_set) {
160 wpa_printf(MSG_DEBUG,
161 "TESTING: Override GTK RSC %016llx --> %016llx",
162 (long long unsigned) WPA_GET_LE64(seq),
163 (long long unsigned)
164 WPA_GET_LE64(wpa_auth->conf.gtk_rsc_override));
165 os_memcpy(seq, wpa_auth->conf.gtk_rsc_override,
166 WPA_KEY_RSC_LEN);
167 }
168 if (!addr && idx >= 4 && idx <= 5 &&
169 wpa_auth->conf.igtk_rsc_override_set) {
170 wpa_printf(MSG_DEBUG,
171 "TESTING: Override IGTK RSC %016llx --> %016llx",
172 (long long unsigned) WPA_GET_LE64(seq),
173 (long long unsigned)
174 WPA_GET_LE64(wpa_auth->conf.igtk_rsc_override));
175 os_memcpy(seq, wpa_auth->conf.igtk_rsc_override,
176 WPA_KEY_RSC_LEN);
177 }
178#endif /* CONFIG_TESTING_OPTIONS */
179 return res;
6fc6879b
JM		 180}
181
182
6fc6879b
JM		 183static inline int
184wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
185 const u8 *data, size_t data_len, int encrypt)
186{
cef8fac0 187 if (wpa_auth->cb->send_eapol == NULL)
6fc6879b 188 return -1;
cef8fac0
JB		 189 return wpa_auth->cb->send_eapol(wpa_auth->cb_ctx, addr, data, data_len,
190 encrypt);
6fc6879b
JM		 191}
192
193
c50d94f1
BC		 194#ifdef CONFIG_MESH
195static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
196 const u8 *addr)
197{
cef8fac0 198 if (wpa_auth->cb->start_ampe == NULL)
c50d94f1 199 return -1;
cef8fac0 200 return wpa_auth->cb->start_ampe(wpa_auth->cb_ctx, addr);
c50d94f1
BC		 201}
202#endif /* CONFIG_MESH */
203
204
6fc6879b
JM		 205int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
206 int (*cb)(struct wpa_state_machine *sm, void *ctx),
207 void *cb_ctx)
208{
cef8fac0 209 if (wpa_auth->cb->for_each_sta == NULL)
6fc6879b 210 return 0;
cef8fac0 211 return wpa_auth->cb->for_each_sta(wpa_auth->cb_ctx, cb, cb_ctx);
6fc6879b
JM		 212}
213
214
bf98f7f3
JM		 215int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
216 int (*cb)(struct wpa_authenticator *a, void *ctx),
217 void *cb_ctx)
218{
cef8fac0 219 if (wpa_auth->cb->for_each_auth == NULL)
bf98f7f3 220 return 0;
cef8fac0 221 return wpa_auth->cb->for_each_auth(wpa_auth->cb_ctx, cb, cb_ctx);
bf98f7f3
JM		 222}
223
224
6fc6879b
JM		 225void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
226 logger_level level, const char *txt)
227{
cef8fac0 228 if (wpa_auth->cb->logger == NULL)
6fc6879b 229 return;
cef8fac0 230 wpa_auth->cb->logger(wpa_auth->cb_ctx, addr, level, txt);
6fc6879b
JM		 231}
232
233
234void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
235 logger_level level, const char *fmt, ...)
236{
237 char *format;
238 int maxlen;
239 va_list ap;
240
cef8fac0 241 if (wpa_auth->cb->logger == NULL)
6fc6879b
JM		 242 return;
243
244 maxlen = os_strlen(fmt) + 100;
245 format = os_malloc(maxlen);
246 if (!format)
247 return;
248
249 va_start(ap, fmt);
250 vsnprintf(format, maxlen, fmt, ap);
251 va_end(ap);
252
253 wpa_auth_logger(wpa_auth, addr, level, format);
254
255 os_free(format);
256}
257
258
259static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
567da5bb 260 const u8 *addr, u16 reason)
6fc6879b 261{
cef8fac0 262 if (wpa_auth->cb->disconnect == NULL)
6fc6879b 263 return;
567da5bb
JM		 264 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR " (reason %u)",
265 MAC2STR(addr), reason);
266 wpa_auth->cb->disconnect(wpa_auth->cb_ctx, addr, reason);
6fc6879b
JM		 267}
268
269
17c2559c
MV		 270#ifdef CONFIG_OCV
271static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
272 struct wpa_channel_info *ci)
273{
274 if (!wpa_auth->cb->channel_info)
275 return -1;
276 return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
277}
278#endif /* CONFIG_OCV */
279
280
dbfa691d
JM		 281static int wpa_auth_update_vlan(struct wpa_authenticator *wpa_auth,
282 const u8 *addr, int vlan_id)
283{
284 if (!wpa_auth->cb->update_vlan)
285 return -1;
286 return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_id);
287}
288
289
6fc6879b
JM		 290static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
291{
292 struct wpa_authenticator *wpa_auth = eloop_ctx;
293
3642c431 294 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
6fc6879b
JM		 295 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
296 "initialization.");
297 } else {
298 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
5cb9d5c3
JM		 299 wpa_hexdump_key(MSG_DEBUG, "GMK",
300 wpa_auth->group->GMK, WPA_GMK_LEN);
6fc6879b
JM		 301 }
302
303 if (wpa_auth->conf.wpa_gmk_rekey) {
304 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
305 wpa_rekey_gmk, wpa_auth, NULL);
306 }
307}
308
309
310static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
311{
312 struct wpa_authenticator *wpa_auth = eloop_ctx;
a0ad9e8c 313 struct wpa_group *group, *next;
6fc6879b
JM		 314
315 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
a0ad9e8c
MB		 316 group = wpa_auth->group;
317 while (group) {
318 wpa_group_get(wpa_auth, group);
319
6fc6879b
JM		 320 group->GTKReKey = TRUE;
321 do {
322 group->changed = FALSE;
323 wpa_group_sm_step(wpa_auth, group);
324 } while (group->changed);
a0ad9e8c
MB		 325
326 next = group->next;
327 wpa_group_put(wpa_auth, group);
328 group = next;
6fc6879b
JM		 329 }
330
331 if (wpa_auth->conf.wpa_group_rekey) {
332 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
333 0, wpa_rekey_gtk, wpa_auth, NULL);
334 }
335}
336
337
581a8cde
JM		 338static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
339{
340 struct wpa_authenticator *wpa_auth = eloop_ctx;
341 struct wpa_state_machine *sm = timeout_ctx;
342
343 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
344 wpa_request_new_ptk(sm);
345 wpa_sm_step(sm);
346}
347
348
a40bd06e
JM		 349void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm)
350{
351 if (sm && sm->wpa_auth->conf.wpa_ptk_rekey) {
352 wpa_printf(MSG_DEBUG, "WPA: Start PTK rekeying timer for "
353 MACSTR " (%d seconds)", MAC2STR(sm->addr),
354 sm->wpa_auth->conf.wpa_ptk_rekey);
355 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
356 eloop_register_timeout(sm->wpa_auth->conf.wpa_ptk_rekey, 0,
357 wpa_rekey_ptk, sm->wpa_auth, sm);
358 }
359}
360
361
6fc6879b
JM		 362static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
363{
364 if (sm->pmksa == ctx)
365 sm->pmksa = NULL;
366 return 0;
367}
368
369
370static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
371 void *ctx)
372{
373 struct wpa_authenticator *wpa_auth = ctx;
374 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
375}
376
377
1bdb7ab3
JM		 378static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
379 struct wpa_group *group)
380{
559cdabb 381 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
1bdb7ab3 382 u8 rkey[32];
559cdabb 383 unsigned long ptr;
1bdb7ab3 384
3642c431 385 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
1bdb7ab3
JM		 386 return -1;
387 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
388
389 /*
390 * Counter = PRF-256(Random number, "Init Counter",
391 * Local MAC Address || Time)
392 */
393 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
394 wpa_get_ntp_timestamp(buf + ETH_ALEN);
559cdabb
JM		 395 ptr = (unsigned long) group;
396 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
525923b1
JM		 397#ifdef TEST_FUZZ
398 os_memset(buf + ETH_ALEN, 0xab, 8);
399 os_memset(buf + ETH_ALEN + 8, 0xcd, sizeof(ptr));
400#endif /* TEST_FUZZ */
3642c431 401 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
1bdb7ab3
JM		 402 return -1;
403
404 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
405 group->Counter, WPA_NONCE_LEN) < 0)
406 return -1;
407 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
408 group->Counter, WPA_NONCE_LEN);
409
410 return 0;
411}
412
413
e6965d4e 414static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
bdffdc5d 415 int vlan_id, int delay_init)
e6965d4e
JM		 416{
417 struct wpa_group *group;
e6965d4e
JM		 418
419 group = os_zalloc(sizeof(struct wpa_group));
420 if (group == NULL)
421 return NULL;
422
423 group->GTKAuthenticator = TRUE;
424 group->vlan_id = vlan_id;
c3550295 425 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
6fc6879b 426
08704cd8
JM		 427 if (random_pool_ready() != 1) {
428 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
429 "for secure operations - update keys later when "
430 "the first station connects");
431 }
432
1bdb7ab3
JM		 433 /*
434 * Set initial GMK/Counter value here. The actual values that will be
435 * used in negotiations will be set once the first station tries to
436 * connect. This allows more time for collecting additional randomness
437 * on embedded devices.
6fc6879b 438 */
1bdb7ab3 439 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
6fc6879b
JM		 440 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
441 "initialization.");
442 os_free(group);
443 return NULL;
444 }
6fc6879b
JM		 445
446 group->GInit = TRUE;
bdffdc5d
JM		 447 if (delay_init) {
448 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
449 "until Beacon frames have been configured");
450 /* Initialization is completed in wpa_init_keys(). */
451 } else {
452 wpa_group_sm_step(wpa_auth, group);
453 group->GInit = FALSE;
454 wpa_group_sm_step(wpa_auth, group);
455 }
6fc6879b
JM		 456
457 return group;
458}
459
460
461/**
462 * wpa_init - Initialize WPA authenticator
463 * @addr: Authenticator address
464 * @conf: Configuration for WPA authenticator
a17df5fb 465 * @cb: Callback functions for WPA authenticator
6fc6879b
JM		 466 * Returns: Pointer to WPA authenticator data or %NULL on failure
467 */
468struct wpa_authenticator * wpa_init(const u8 *addr,
469 struct wpa_auth_config *conf,
cef8fac0
JB		 470 const struct wpa_auth_callbacks *cb,
471 void *cb_ctx)
6fc6879b
JM		 472{
473 struct wpa_authenticator *wpa_auth;
474
475 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
476 if (wpa_auth == NULL)
477 return NULL;
478 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
479 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
cef8fac0
JB		 480 wpa_auth->cb = cb;
481 wpa_auth->cb_ctx = cb_ctx;
6fc6879b
JM		 482
483 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
484 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
485 os_free(wpa_auth);
486 return NULL;
487 }
488
bdffdc5d 489 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
6fc6879b
JM		 490 if (wpa_auth->group == NULL) {
491 os_free(wpa_auth->wpa_ie);
492 os_free(wpa_auth);
493 return NULL;
494 }
495
4bb081f1
JM		 496 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
497 wpa_auth);
6fc6879b
JM		 498 if (wpa_auth->pmksa == NULL) {
499 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
27d9701d 500 os_free(wpa_auth->group);
6fc6879b
JM		 501 os_free(wpa_auth->wpa_ie);
502 os_free(wpa_auth);
503 return NULL;
504 }
505
4ec1fd8e 506#ifdef CONFIG_IEEE80211R_AP
6fc6879b
JM		 507 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
508 if (wpa_auth->ft_pmk_cache == NULL) {
509 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
27d9701d 510 os_free(wpa_auth->group);
6fc6879b 511 os_free(wpa_auth->wpa_ie);
4bb081f1 512 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 513 os_free(wpa_auth);
514 return NULL;
515 }
4ec1fd8e 516#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 517
518 if (wpa_auth->conf.wpa_gmk_rekey) {
519 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
520 wpa_rekey_gmk, wpa_auth, NULL);
521 }
522
523 if (wpa_auth->conf.wpa_group_rekey) {
524 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
525 wpa_rekey_gtk, wpa_auth, NULL);
526 }
527
25ef8529
JM		 528#ifdef CONFIG_P2P
529 if (WPA_GET_BE32(conf->ip_addr_start)) {
530 int count = WPA_GET_BE32(conf->ip_addr_end) -
531 WPA_GET_BE32(conf->ip_addr_start) + 1;
532 if (count > 1000)
533 count = 1000;
534 if (count > 0)
535 wpa_auth->ip_pool = bitfield_alloc(count);
536 }
537#endif /* CONFIG_P2P */
538
6fc6879b
JM		 539 return wpa_auth;
540}
541
542
bdffdc5d
JM		 543int wpa_init_keys(struct wpa_authenticator *wpa_auth)
544{
545 struct wpa_group *group = wpa_auth->group;
546
547 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
548 "keys");
549 wpa_group_sm_step(wpa_auth, group);
550 group->GInit = FALSE;
551 wpa_group_sm_step(wpa_auth, group);
7d7f7be2
JM		 552 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
553 return -1;
bdffdc5d
JM		 554 return 0;
555}
556
557
6fc6879b
JM		 558/**
559 * wpa_deinit - Deinitialize WPA authenticator
560 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
561 */
562void wpa_deinit(struct wpa_authenticator *wpa_auth)
563{
564 struct wpa_group *group, *prev;
565
566 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
567 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
568
4bb081f1 569 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b 570
4ec1fd8e 571#ifdef CONFIG_IEEE80211R_AP
6fc6879b
JM		 572 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
573 wpa_auth->ft_pmk_cache = NULL;
eefe8630 574 wpa_ft_deinit(wpa_auth);
4ec1fd8e 575#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 576
25ef8529
JM		 577#ifdef CONFIG_P2P
578 bitfield_free(wpa_auth->ip_pool);
579#endif /* CONFIG_P2P */
580
581
6fc6879b
JM		 582 os_free(wpa_auth->wpa_ie);
583
584 group = wpa_auth->group;
585 while (group) {
586 prev = group;
587 group = group->next;
588 os_free(prev);
589 }
590
591 os_free(wpa_auth);
592}
593
594
595/**
596 * wpa_reconfig - Update WPA authenticator configuration
597 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
598 * @conf: Configuration for WPA authenticator
599 */
600int wpa_reconfig(struct wpa_authenticator *wpa_auth,
601 struct wpa_auth_config *conf)
602{
e6965d4e 603 struct wpa_group *group;
6fc6879b
JM		 604 if (wpa_auth == NULL)
605 return 0;
606
607 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
ad08c363
JM		 608 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
609 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
610 return -1;
611 }
612
e6965d4e
JM		 613 /*
614 * Reinitialize GTK to make sure it is suitable for the new
615 * configuration.
616 */
617 group = wpa_auth->group;
c3550295 618 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
e6965d4e
JM		 619 group->GInit = TRUE;
620 wpa_group_sm_step(wpa_auth, group);
621 group->GInit = FALSE;
622 wpa_group_sm_step(wpa_auth, group);
623
6fc6879b
JM		 624 return 0;
625}
626
627
628struct wpa_state_machine *
94ddef3e
JM		 629wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
630 const u8 *p2p_dev_addr)
6fc6879b
JM		 631{
632 struct wpa_state_machine *sm;
633
7d7f7be2
JM		 634 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
635 return NULL;
636
6fc6879b
JM		 637 sm = os_zalloc(sizeof(struct wpa_state_machine));
638 if (sm == NULL)
639 return NULL;
640 os_memcpy(sm->addr, addr, ETH_ALEN);
94ddef3e
JM		 641 if (p2p_dev_addr)
642 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
6fc6879b
JM		 643
644 sm->wpa_auth = wpa_auth;
645 sm->group = wpa_auth->group;
a0ad9e8c 646 wpa_group_get(sm->wpa_auth, sm->group);
6fc6879b
JM		 647
648 return sm;
649}
650
651
6f9b5d16
JM		 652int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
653 struct wpa_state_machine *sm)
6fc6879b
JM		 654{
655 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
6f9b5d16 656 return -1;
6fc6879b 657
4ec1fd8e 658#ifdef CONFIG_IEEE80211R_AP
6fc6879b
JM		 659 if (sm->ft_completed) {
660 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
661 "FT authentication already completed - do not "
662 "start 4-way handshake");
3d4d2348
JM		 663 /* Go to PTKINITDONE state to allow GTK rekeying */
664 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
3bbc4705 665 sm->Pair = TRUE;
6f9b5d16 666 return 0;
6fc6879b 667 }
4ec1fd8e 668#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 669
07e0117d
JM		 670#ifdef CONFIG_FILS
671 if (sm->fils_completed) {
672 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
673 "FILS authentication already completed - do not start 4-way handshake");
674 /* Go to PTKINITDONE state to allow GTK rekeying */
675 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
3bbc4705 676 sm->Pair = TRUE;
07e0117d
JM		 677 return 0;
678 }
679#endif /* CONFIG_FILS */
680
6fc6879b 681 if (sm->started) {
22a299ee 682 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
6fc6879b 683 sm->ReAuthenticationRequest = TRUE;
6f9b5d16 684 return wpa_sm_step(sm);
6fc6879b
JM		 685 }
686
687 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
688 "start authentication");
689 sm->started = 1;
690
691 sm->Init = TRUE;
e4a6ea1d 692 if (wpa_sm_step(sm) == 1)
6f9b5d16 693 return 1; /* should not really happen */
6fc6879b
JM		 694 sm->Init = FALSE;
695 sm->AuthenticationRequest = TRUE;
6f9b5d16 696 return wpa_sm_step(sm);
6fc6879b
JM		 697}
698
699
a8d05fca
JM		 700void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
701{
702 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
703 * reassociates back to the same AP while the previous entry for the
704 * STA has not yet been removed. */
705 if (sm == NULL)
706 return;
707
708 sm->wpa_key_mgmt = 0;
709}
710
711
6fc6879b
JM		 712static void wpa_free_sta_sm(struct wpa_state_machine *sm)
713{
25ef8529
JM		 714#ifdef CONFIG_P2P
715 if (WPA_GET_BE32(sm->ip_addr)) {
716 u32 start;
717 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
718 "address %u.%u.%u.%u from " MACSTR,
719 sm->ip_addr[0], sm->ip_addr[1],
720 sm->ip_addr[2], sm->ip_addr[3],
721 MAC2STR(sm->addr));
722 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
723 bitfield_clear(sm->wpa_auth->ip_pool,
724 WPA_GET_BE32(sm->ip_addr) - start);
725 }
726#endif /* CONFIG_P2P */
2ade8ef2
JM		 727 if (sm->GUpdateStationKeys) {
728 sm->group->GKeyDoneStations--;
729 sm->GUpdateStationKeys = FALSE;
730 }
4ec1fd8e 731#ifdef CONFIG_IEEE80211R_AP
0f857f43 732 os_free(sm->assoc_resp_ftie);
692ec305 733 wpabuf_free(sm->ft_pending_req_ies);
4ec1fd8e 734#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 735 os_free(sm->last_rx_eapol_key);
736 os_free(sm->wpa_ie);
d3516cad 737 os_free(sm->rsnxe);
a0ad9e8c 738 wpa_group_put(sm->wpa_auth, sm->group);
10ec6a5f
JM		 739#ifdef CONFIG_DPP2
740 wpabuf_clear_free(sm->dpp_z);
741#endif /* CONFIG_DPP2 */
09ab81b9 742 bin_clear_free(sm, sizeof(*sm));
6fc6879b
JM		 743}
744
745
746void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
747{
748 if (sm == NULL)
749 return;
750
751 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
752 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
753 "strict rekeying - force GTK rekey since STA "
754 "is leaving");
3f5a1860
JB		 755 if (eloop_deplete_timeout(0, 500000, wpa_rekey_gtk,
756 sm->wpa_auth, NULL) == -1)
757 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
758 NULL);
6fc6879b
JM		 759 }
760
761 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
e4bf4db9 762 sm->pending_1_of_4_timeout = 0;
6fc6879b 763 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
581a8cde 764 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
3a46cf93
MB		 765#ifdef CONFIG_IEEE80211R_AP
766 wpa_ft_sta_deinit(sm);
767#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 768 if (sm->in_step_loop) {
769 /* Must not free state machine while wpa_sm_step() is running.
770 * Freeing will be completed in the end of wpa_sm_step(). */
771 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
772 "machine deinit for " MACSTR, MAC2STR(sm->addr));
773 sm->pending_deinit = 1;
774 } else
775 wpa_free_sta_sm(sm);
776}
777
778
779static void wpa_request_new_ptk(struct wpa_state_machine *sm)
780{
781 if (sm == NULL)
782 return;
783
862aac1f 784 if (!sm->use_ext_key_id && sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
1a7963e3
AW		 785 wpa_printf(MSG_INFO,
786 "WPA: PTK0 rekey not allowed, disconnect " MACSTR,
787 MAC2STR(sm->addr));
788 sm->Disconnect = TRUE;
789 /* Try to encourage the STA to reconnect */
790 sm->disconnect_reason =
791 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA;
792 } else {
862aac1f
AW		 793 if (sm->use_ext_key_id)
794 sm->keyidx_active ^= 1; /* flip Key ID */
1a7963e3
AW		 795 sm->PTKRequest = TRUE;
796 sm->PTK_valid = 0;
797 }
6fc6879b
JM		 798}
799
800
68921e24 801static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
22a299ee
JM		 802 const u8 *replay_counter)
803{
804 int i;
805 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
68921e24 806 if (!ctr[i].valid)
22a299ee 807 break;
68921e24 808 if (os_memcmp(replay_counter, ctr[i].counter,
22a299ee
JM		 809 WPA_REPLAY_COUNTER_LEN) == 0)
810 return 1;
811 }
812 return 0;
813}
814
815
68921e24
JM		 816static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
817 const u8 *replay_counter)
818{
819 int i;
820 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
821 if (ctr[i].valid &&
822 (replay_counter == NULL ||
823 os_memcmp(replay_counter, ctr[i].counter,
824 WPA_REPLAY_COUNTER_LEN) == 0))
825 ctr[i].valid = FALSE;
826 }
827}
828
829
4ec1fd8e 830#ifdef CONFIG_IEEE80211R_AP
0f857f43
JM		 831static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
832 struct wpa_state_machine *sm,
833 struct wpa_eapol_ie_parse *kde)
834{
835 struct wpa_ie_data ie;
836 struct rsn_mdie *mdie;
837
838 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
839 ie.num_pmkid != 1 || ie.pmkid == NULL) {
840 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
841 "FT 4-way handshake message 2/4");
842 return -1;
843 }
844
845 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
846 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
847 sm->sup_pmk_r1_name, PMKID_LEN);
848
849 if (!kde->mdie || !kde->ftie) {
850 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
851 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
852 return -1;
853 }
854
855 mdie = (struct rsn_mdie *) (kde->mdie + 2);
856 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
857 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
858 MOBILITY_DOMAIN_ID_LEN) != 0) {
859 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
860 return -1;
861 }
862
863 if (sm->assoc_resp_ftie &&
864 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
865 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
866 2 + sm->assoc_resp_ftie[1]) != 0)) {
867 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
868 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
869 kde->ftie, kde->ftie_len);
870 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
871 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
872 return -1;
873 }
874
875 return 0;
876}
4ec1fd8e 877#endif /* CONFIG_IEEE80211R_AP */
0f857f43
JM		 878
879
c772d054
JM		 880static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
881 struct wpa_state_machine *sm, int group)
ec027805
JM		 882{
883 /* Supplicant reported a Michael MIC error */
884 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
885 "received EAPOL-Key Error Request "
886 "(STA detected Michael MIC failure (group=%d))",
887 group);
fbc72d32
JM		 888
889 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
890 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
891 "ignore Michael MIC failure report since "
892 "group cipher is not TKIP");
893 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
894 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
895 "ignore Michael MIC failure report since "
896 "pairwise cipher is not TKIP");
897 } else {
c772d054
JM		 898 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
899 return 1; /* STA entry was removed */
fbc72d32
JM		 900 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
901 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
902 }
ec027805
JM		 903
904 /*
905 * Error report is not a request for a new key handshake, but since
906 * Authenticator may do it, let's change the keys now anyway.
907 */
908 wpa_request_new_ptk(sm);
c772d054 909 return 0;
ec027805
JM		 910}
911
912
f23c5b17
JM		 913static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
914 size_t data_len)
915{
916 struct wpa_ptk PTK;
917 int ok = 0;
918 const u8 *pmk = NULL;
7a12edd1 919 size_t pmk_len;
dbfa691d 920 int vlan_id = 0;
f23c5b17 921
b729fd8d 922 os_memset(&PTK, 0, sizeof(PTK));
f23c5b17 923 for (;;) {
e61fea6b
JM		 924 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
925 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
f23c5b17 926 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
dbfa691d
JM		 927 sm->p2p_dev_addr, pmk, &pmk_len,
928 &vlan_id);
f23c5b17
JM		 929 if (pmk == NULL)
930 break;
f9854c18
MK		 931#ifdef CONFIG_IEEE80211R_AP
932 if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
933 os_memcpy(sm->xxkey, pmk, pmk_len);
934 sm->xxkey_len = pmk_len;
935 }
936#endif /* CONFIG_IEEE80211R_AP */
207976f0 937 } else {
f23c5b17 938 pmk = sm->PMK;
207976f0
JM		 939 pmk_len = sm->pmk_len;
940 }
f23c5b17 941
65a44e84
JM		 942 if (wpa_derive_ptk(sm, sm->alt_SNonce, pmk, pmk_len, &PTK, 0) <
943 0)
364c064a 944 break;
f23c5b17 945
567da5bb
JM		 946 if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
947 data, data_len) == 0) {
08dc8efd
JM		 948 if (sm->PMK != pmk) {
949 os_memcpy(sm->PMK, pmk, pmk_len);
950 sm->pmk_len = pmk_len;
951 }
f23c5b17
JM		 952 ok = 1;
953 break;
954 }
955
f5e0a332
JM		 956 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
957 wpa_key_mgmt_sae(sm->wpa_key_mgmt))
f23c5b17
JM		 958 break;
959 }
960
961 if (!ok) {
962 wpa_printf(MSG_DEBUG,
963 "WPA: Earlier SNonce did not result in matching MIC");
964 return -1;
965 }
966
967 wpa_printf(MSG_DEBUG,
968 "WPA: Earlier SNonce resulted in matching MIC");
969 sm->alt_snonce_valid = 0;
dbfa691d
JM		 970
971 if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
972 wpa_auth_update_vlan(sm->wpa_auth, sm->addr, vlan_id) < 0)
973 return -1;
974
f23c5b17
JM		 975 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
976 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
31bc66e4 977 forced_memzero(&PTK, sizeof(PTK));
f23c5b17
JM		 978 sm->PTK_valid = TRUE;
979
980 return 0;
981}
982
983
6fc6879b
JM		 984void wpa_receive(struct wpa_authenticator *wpa_auth,
985 struct wpa_state_machine *sm,
986 u8 *data, size_t data_len)
987{
988 struct ieee802_1x_hdr *hdr;
989 struct wpa_eapol_key *key;
990 u16 key_info, key_data_length;
a0bf1b68 991 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST } msg;
6fc6879b
JM		 992 char *msgtxt;
993 struct wpa_eapol_ie_parse kde;
3b5b7aa8
JM		 994 const u8 *key_data;
995 size_t keyhdrlen, mic_len;
6d014ffc 996 u8 *mic;
6fc6879b
JM		 997
998 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
999 return;
dc5bad48 1000 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL data", data, data_len);
6fc6879b 1001
567da5bb 1002 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
6d014ffc 1003 keyhdrlen = sizeof(*key) + mic_len + 2;
5e3b5197 1004
dc5bad48
JM		 1005 if (data_len < sizeof(*hdr) + keyhdrlen) {
1006 wpa_printf(MSG_DEBUG, "WPA: Ignore too short EAPOL-Key frame");
6fc6879b 1007 return;
dc5bad48 1008 }
6fc6879b
JM		 1009
1010 hdr = (struct ieee802_1x_hdr *) data;
1011 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 1012 mic = (u8 *) (key + 1);
6fc6879b 1013 key_info = WPA_GET_BE16(key->key_info);
6d014ffc
JM		 1014 key_data = mic + mic_len + 2;
1015 key_data_length = WPA_GET_BE16(mic + mic_len);
0d442aff 1016 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
dc5bad48
JM		 1017 " key_info=0x%x type=%u mic_len=%u key_data_length=%u",
1018 MAC2STR(sm->addr), key_info, key->type,
1019 (unsigned int) mic_len, key_data_length);
1020 wpa_hexdump(MSG_MSGDUMP,
1021 "WPA: EAPOL-Key header (ending before Key MIC)",
1022 key, sizeof(*key));
1023 wpa_hexdump(MSG_MSGDUMP, "WPA: EAPOL-Key Key MIC",
1024 mic, mic_len);
5e3b5197 1025 if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
6fc6879b
JM		 1026 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
1027 "key_data overflow (%d > %lu)",
1028 key_data_length,
1029 (unsigned long) (data_len - sizeof(*hdr) -
5e3b5197 1030 keyhdrlen));
6fc6879b
JM		 1031 return;
1032 }
1033
f8e96eb6 1034 if (sm->wpa == WPA_VERSION_WPA2) {
74590e71
JM		 1035 if (key->type == EAPOL_KEY_TYPE_WPA) {
1036 /*
1037 * Some deployed station implementations seem to send
1038 * msg 4/4 with incorrect type value in WPA2 mode.
1039 */
1040 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
1041 "with unexpected WPA type in RSN mode");
1042 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
f8e96eb6
JM		 1043 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
1044 "unexpected type %d in RSN mode",
1045 key->type);
1046 return;
1047 }
1048 } else {
1049 if (key->type != EAPOL_KEY_TYPE_WPA) {
1050 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
1051 "unexpected type %d in WPA mode",
1052 key->type);
1053 return;
1054 }
1055 }
1056
bc8318ac
JM		 1057 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
1058 WPA_NONCE_LEN);
1059 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
1060 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1061
6fc6879b
JM		 1062 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
1063 * are set */
1064
a0bf1b68
JM		 1065 if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
1066 wpa_printf(MSG_DEBUG, "WPA: Ignore SMK message");
1067 return;
1068 }
1069
1070 if (key_info & WPA_KEY_INFO_REQUEST) {
6fc6879b
JM		 1071 msg = REQUEST;
1072 msgtxt = "Request";
1073 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1074 msg = GROUP_2;
1075 msgtxt = "2/2 Group";
3b5b7aa8
JM		 1076 } else if (key_data_length == 0 ||
1077 (mic_len == 0 && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) &&
1078 key_data_length == AES_BLOCK_SIZE)) {
6fc6879b
JM		 1079 msg = PAIRWISE_4;
1080 msgtxt = "4/4 Pairwise";
1081 } else {
1082 msg = PAIRWISE_2;
1083 msgtxt = "2/4 Pairwise";
1084 }
1085
6fc6879b
JM		 1086 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
1087 msg == GROUP_2) {
1088 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
eb7719ff
JM		 1089 if (sm->pairwise == WPA_CIPHER_CCMP ||
1090 sm->pairwise == WPA_CIPHER_GCMP) {
4bc801ab
JM		 1091 if (wpa_use_cmac(sm->wpa_key_mgmt) &&
1092 !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
6fc6879b
JM		 1093 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1094 wpa_auth_logger(wpa_auth, sm->addr,
1095 LOGGER_WARNING,
1096 "advertised support for "
1097 "AES-128-CMAC, but did not "
1098 "use it");
1099 return;
1100 }
1101
4bc801ab
JM		 1102 if (!wpa_use_cmac(sm->wpa_key_mgmt) &&
1103 !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
6fc6879b
JM		 1104 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1105 wpa_auth_logger(wpa_auth, sm->addr,
1106 LOGGER_WARNING,
1107 "did not use HMAC-SHA1-AES "
eb7719ff 1108 "with CCMP/GCMP");
6fc6879b
JM		 1109 return;
1110 }
1111 }
929a2ea5 1112
4bc801ab 1113 if (wpa_use_akm_defined(sm->wpa_key_mgmt) &&
929a2ea5
JM		 1114 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1115 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1116 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
1117 return;
1118 }
6fc6879b
JM		 1119 }
1120
1121 if (key_info & WPA_KEY_INFO_REQUEST) {
1122 if (sm->req_replay_counter_used &&
1123 os_memcmp(key->replay_counter, sm->req_replay_counter,
1124 WPA_REPLAY_COUNTER_LEN) <= 0) {
1125 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1126 "received EAPOL-Key request with "
1127 "replayed counter");
1128 return;
1129 }
1130 }
1131
1132 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
68921e24 1133 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
22a299ee 1134 int i;
68921e24
JM		 1135
1136 if (msg == PAIRWISE_2 &&
1137 wpa_replay_counter_valid(sm->prev_key_replay,
1138 key->replay_counter) &&
1139 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1140 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
1141 {
1142 /*
1143 * Some supplicant implementations (e.g., Windows XP
1144 * WZC) update SNonce for each EAPOL-Key 2/4. This
1145 * breaks the workaround on accepting any of the
1146 * pending requests, so allow the SNonce to be updated
1147 * even if we have already sent out EAPOL-Key 3/4.
1148 */
1149 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1150 "Process SNonce update from STA "
1151 "based on retransmitted EAPOL-Key "
1152 "1/4");
1153 sm->update_snonce = 1;
f23c5b17
JM		 1154 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1155 sm->alt_snonce_valid = TRUE;
1156 os_memcpy(sm->alt_replay_counter,
1157 sm->key_replay[0].counter,
1158 WPA_REPLAY_COUNTER_LEN);
1159 goto continue_processing;
1160 }
1161
1162 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1163 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1164 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1165 WPA_REPLAY_COUNTER_LEN) == 0) {
1166 /*
1167 * Supplicant may still be using the old SNonce since
1168 * there was two EAPOL-Key 2/4 messages and they had
1169 * different SNonce values.
1170 */
1171 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1172 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
68921e24
JM		 1173 goto continue_processing;
1174 }
1175
1176 if (msg == PAIRWISE_2 &&
1177 wpa_replay_counter_valid(sm->prev_key_replay,
1178 key->replay_counter) &&
1179 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1180 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1181 "ignore retransmitted EAPOL-Key %s - "
1182 "SNonce did not change", msgtxt);
1183 } else {
1184 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1185 "received EAPOL-Key %s with "
1186 "unexpected replay counter", msgtxt);
1187 }
22a299ee
JM		 1188 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
1189 if (!sm->key_replay[i].valid)
1190 break;
1191 wpa_hexdump(MSG_DEBUG, "pending replay counter",
1192 sm->key_replay[i].counter,
1193 WPA_REPLAY_COUNTER_LEN);
1194 }
6fc6879b
JM		 1195 wpa_hexdump(MSG_DEBUG, "received replay counter",
1196 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1197 return;
1198 }
1199
68921e24 1200continue_processing:
3b5b7aa8
JM		 1201#ifdef CONFIG_FILS
1202 if (sm->wpa == WPA_VERSION_WPA2 && mic_len == 0 &&
1203 !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1204 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1205 "WPA: Encr Key Data bit not set even though AEAD cipher is supposed to be used - drop frame");
1206 return;
1207 }
1208#endif /* CONFIG_FILS */
1209
6fc6879b
JM		 1210 switch (msg) {
1211 case PAIRWISE_2:
1212 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
68921e24
JM		 1213 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1214 (!sm->update_snonce ||
1215 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
6fc6879b
JM		 1216 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1217 "received EAPOL-Key msg 2/4 in "
1218 "invalid state (%d) - dropped",
1219 sm->wpa_ptk_state);
1220 return;
1221 }
bbb921da 1222 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
08704cd8
JM		 1223 if (sm->group->reject_4way_hs_for_entropy) {
1224 /*
1225 * The system did not have enough entropy to generate
1226 * strong random numbers. Reject the first 4-way
1227 * handshake(s) and collect some entropy based on the
1228 * information from it. Once enough entropy is
1229 * available, the next atempt will trigger GMK/Key
1230 * Counter update and the station will be allowed to
1231 * continue.
1232 */
1233 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
1234 "collect more entropy for random number "
1235 "generation");
08704cd8 1236 random_mark_pool_ready();
567da5bb
JM		 1237 wpa_sta_disconnect(wpa_auth, sm->addr,
1238 WLAN_REASON_PREV_AUTH_NOT_VALID);
08704cd8
JM		 1239 return;
1240 }
6fc6879b
JM		 1241 break;
1242 case PAIRWISE_4:
1243 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1244 !sm->PTK_valid) {
1245 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1246 "received EAPOL-Key msg 4/4 in "
1247 "invalid state (%d) - dropped",
1248 sm->wpa_ptk_state);
1249 return;
1250 }
1251 break;
1252 case GROUP_2:
1253 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1254 || !sm->PTK_valid) {
1255 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1256 "received EAPOL-Key msg 2/2 in "
1257 "invalid state (%d) - dropped",
1258 sm->wpa_ptk_group_state);
1259 return;
1260 }
1261 break;
6fc6879b
JM		 1262 case REQUEST:
1263 break;
1264 }
1265
1266 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1267 "received EAPOL-Key frame (%s)", msgtxt);
1268
1269 if (key_info & WPA_KEY_INFO_ACK) {
1270 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1271 "received invalid EAPOL-Key: Key Ack set");
1272 return;
1273 }
1274
b9866483
JM		 1275 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1276 !(key_info & WPA_KEY_INFO_MIC)) {
6fc6879b
JM		 1277 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1278 "received invalid EAPOL-Key: Key MIC not set");
1279 return;
1280 }
1281
b9866483
JM		 1282#ifdef CONFIG_FILS
1283 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1284 (key_info & WPA_KEY_INFO_MIC)) {
1285 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1286 "received invalid EAPOL-Key: Key MIC set");
1287 return;
1288 }
1289#endif /* CONFIG_FILS */
1290
6fc6879b 1291 sm->MICVerified = FALSE;
68921e24 1292 if (sm->PTK_valid && !sm->update_snonce) {
3b5b7aa8 1293 if (mic_len &&
567da5bb
JM		 1294 wpa_verify_key_mic(sm->wpa_key_mgmt, sm->pmk_len, &sm->PTK,
1295 data, data_len) &&
f23c5b17
JM		 1296 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1297 wpa_try_alt_snonce(sm, data, data_len))) {
6fc6879b
JM		 1298 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1299 "received EAPOL-Key with invalid MIC");
525923b1
JM		 1300#ifdef TEST_FUZZ
1301 wpa_printf(MSG_INFO,
1302 "TEST: Ignore Key MIC failure for fuzz testing");
1303 goto continue_fuzz;
1304#endif /* TEST_FUZZ */
6fc6879b
JM		 1305 return;
1306 }
75c8563e
JM		 1307#ifdef CONFIG_FILS
1308 if (!mic_len &&
1309 wpa_aead_decrypt(sm, &sm->PTK, data, data_len,
1310 &key_data_length) < 0) {
1311 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1312 "received EAPOL-Key with invalid MIC");
525923b1
JM		 1313#ifdef TEST_FUZZ
1314 wpa_printf(MSG_INFO,
1315 "TEST: Ignore Key MIC failure for fuzz testing");
1316 goto continue_fuzz;
1317#endif /* TEST_FUZZ */
75c8563e
JM		 1318 return;
1319 }
1320#endif /* CONFIG_FILS */
525923b1
JM		 1321#ifdef TEST_FUZZ
1322 continue_fuzz:
1323#endif /* TEST_FUZZ */
6fc6879b
JM		 1324 sm->MICVerified = TRUE;
1325 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
e4bf4db9 1326 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1327 }
1328
1329 if (key_info & WPA_KEY_INFO_REQUEST) {
1330 if (sm->MICVerified) {
1331 sm->req_replay_counter_used = 1;
1332 os_memcpy(sm->req_replay_counter, key->replay_counter,
1333 WPA_REPLAY_COUNTER_LEN);
1334 } else {
1335 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1336 "received EAPOL-Key request with "
1337 "invalid MIC");
1338 return;
1339 }
1340
1341 /*
1342 * TODO: should decrypt key data field if encryption was used;
1343 * even though MAC address KDE is not normally encrypted,
1344 * supplicant is allowed to encrypt it.
1345 */
a0bf1b68 1346 if (key_info & WPA_KEY_INFO_ERROR) {
c772d054
JM		 1347 if (wpa_receive_error_report(
1348 wpa_auth, sm,
1349 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1350 return; /* STA entry was removed */
6fc6879b
JM		 1351 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1352 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1353 "received EAPOL-Key Request for new "
1354 "4-Way Handshake");
1355 wpa_request_new_ptk(sm);
6fc6879b 1356 } else if (key_data_length > 0 &&
5e3b5197
JM		 1357 wpa_parse_kde_ies(key_data, key_data_length,
1358 &kde) == 0 &&
6fc6879b
JM		 1359 kde.mac_addr) {
1360 } else {
1361 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1362 "received EAPOL-Key Request for GTK "
1363 "rekeying");
6fc6879b
JM		 1364 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1365 wpa_rekey_gtk(wpa_auth, NULL);
1366 }
1367 } else {
68921e24
JM		 1368 /* Do not allow the same key replay counter to be reused. */
1369 wpa_replay_counter_mark_invalid(sm->key_replay,
1370 key->replay_counter);
1371
1372 if (msg == PAIRWISE_2) {
1373 /*
1374 * Maintain a copy of the pending EAPOL-Key frames in
1375 * case the EAPOL-Key frame was retransmitted. This is
1376 * needed to allow EAPOL-Key msg 2/4 reply to another
1377 * pending msg 1/4 to update the SNonce to work around
1378 * unexpected supplicant behavior.
1379 */
1380 os_memcpy(sm->prev_key_replay, sm->key_replay,
1381 sizeof(sm->key_replay));
1382 } else {
1383 os_memset(sm->prev_key_replay, 0,
1384 sizeof(sm->prev_key_replay));
1385 }
1386
1387 /*
1388 * Make sure old valid counters are not accepted anymore and
1389 * do not get copied again.
1390 */
1391 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
6fc6879b
JM		 1392 }
1393
6fc6879b 1394 os_free(sm->last_rx_eapol_key);
a1f11e34 1395 sm->last_rx_eapol_key = os_memdup(data, data_len);
6fc6879b
JM		 1396 if (sm->last_rx_eapol_key == NULL)
1397 return;
6fc6879b
JM		 1398 sm->last_rx_eapol_key_len = data_len;
1399
0d442aff 1400 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
6fc6879b
JM		 1401 sm->EAPOLKeyReceived = TRUE;
1402 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1403 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1404 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1405 wpa_sm_step(sm);
1406}
1407
1408
3c7302c2
JM		 1409static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1410 const u8 *gnonce, u8 *gtk, size_t gtk_len)
6fc6879b 1411{
c6eb3e34 1412 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + WPA_GTK_MAX_LEN];
5cb9d5c3 1413 u8 *pos;
3c7302c2 1414 int ret = 0;
6fc6879b 1415
5cb9d5c3
JM		 1416 /* GTK = PRF-X(GMK, "Group key expansion",
1417 * AA || GNonce || Time || random data)
1418 * The example described in the IEEE 802.11 standard uses only AA and
1419 * GNonce as inputs here. Add some more entropy since this derivation
1420 * is done only at the Authenticator and as such, does not need to be
1421 * exactly same.
1422 */
c6eb3e34 1423 os_memset(data, 0, sizeof(data));
6fc6879b
JM		 1424 os_memcpy(data, addr, ETH_ALEN);
1425 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
5cb9d5c3
JM		 1426 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1427 wpa_get_ntp_timestamp(pos);
525923b1
JM		 1428#ifdef TEST_FUZZ
1429 os_memset(pos, 0xef, 8);
1430#endif /* TEST_FUZZ */
5cb9d5c3 1431 pos += 8;
c6eb3e34 1432 if (random_get_bytes(pos, gtk_len) < 0)
3c7302c2 1433 ret = -1;
6fc6879b 1434
c6eb3e34
JM		 1435#ifdef CONFIG_SHA384
1436 if (sha384_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data),
1437 gtk, gtk_len) < 0)
3c7302c2 1438 ret = -1;
c6eb3e34
JM		 1439#else /* CONFIG_SHA384 */
1440#ifdef CONFIG_SHA256
1441 if (sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data),
1442 gtk, gtk_len) < 0)
1443 ret = -1;
1444#else /* CONFIG_SHA256 */
1445 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data),
1446 gtk, gtk_len) < 0)
1447 ret = -1;
1448#endif /* CONFIG_SHA256 */
1449#endif /* CONFIG_SHA384 */
3c7302c2 1450
31bc66e4
JM		 1451 forced_memzero(data, sizeof(data));
1452
3c7302c2 1453 return ret;
6fc6879b
JM		 1454}
1455
1456
1457static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1458{
1459 struct wpa_authenticator *wpa_auth = eloop_ctx;
1460 struct wpa_state_machine *sm = timeout_ctx;
1461
e4bf4db9 1462 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1463 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1464 sm->TimeoutEvt = TRUE;
1465 wpa_sm_step(sm);
1466}
1467
1468
1469void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1470 struct wpa_state_machine *sm, int key_info,
1471 const u8 *key_rsc, const u8 *nonce,
1472 const u8 *kde, size_t kde_len,
1473 int keyidx, int encr, int force_version)
1474{
1475 struct ieee802_1x_hdr *hdr;
1476 struct wpa_eapol_key *key;
5e3b5197 1477 size_t len, mic_len, keyhdrlen;
6fc6879b
JM		 1478 int alg;
1479 int key_data_len, pad_len = 0;
1480 u8 *buf, *pos;
1481 int version, pairwise;
22a299ee 1482 int i;
6d014ffc 1483 u8 *key_mic, *key_data;
6fc6879b 1484
567da5bb 1485 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
6d014ffc 1486 keyhdrlen = sizeof(*key) + mic_len + 2;
5e3b5197
JM		 1487
1488 len = sizeof(struct ieee802_1x_hdr) + keyhdrlen;
6fc6879b
JM		 1489
1490 if (force_version)
1491 version = force_version;
4bc801ab 1492 else if (wpa_use_akm_defined(sm->wpa_key_mgmt))
a14896e8 1493 version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
4bc801ab 1494 else if (wpa_use_cmac(sm->wpa_key_mgmt))
6fc6879b 1495 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
eb7719ff 1496 else if (sm->pairwise != WPA_CIPHER_TKIP)
6fc6879b
JM		 1497 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1498 else
1499 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1500
8543ed8a 1501 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
6fc6879b
JM		 1502
1503 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1504 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1505 "encr=%d)",
1506 version,
1507 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1508 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1509 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1510 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1511 pairwise, (unsigned long) kde_len, keyidx, encr);
1512
1513 key_data_len = kde_len;
1514
1515 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
4bc801ab 1516 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) ||
6fc6879b
JM		 1517 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1518 pad_len = key_data_len % 8;
1519 if (pad_len)
1520 pad_len = 8 - pad_len;
1521 key_data_len += pad_len + 8;
1522 }
1523
1524 len += key_data_len;
b729fd8d
JM		 1525 if (!mic_len && encr)
1526 len += AES_BLOCK_SIZE;
6fc6879b
JM		 1527
1528 hdr = os_zalloc(len);
1529 if (hdr == NULL)
1530 return;
1531 hdr->version = wpa_auth->conf.eapol_version;
1532 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1533 hdr->length = host_to_be16(len - sizeof(*hdr));
1534 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 1535 key_mic = (u8 *) (key + 1);
5e3b5197 1536 key_data = ((u8 *) (hdr + 1)) + keyhdrlen;
6fc6879b
JM		 1537
1538 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1539 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1540 key_info |= version;
1541 if (encr && sm->wpa == WPA_VERSION_WPA2)
1542 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1543 if (sm->wpa != WPA_VERSION_WPA2)
1544 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1545 WPA_PUT_BE16(key->key_info, key_info);
1546
1547 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
a0bf1b68 1548 if (sm->wpa == WPA_VERSION_WPA2 && !pairwise)
6fc6879b 1549 WPA_PUT_BE16(key->key_length, 0);
caab23f1
JM		 1550 else
1551 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
6fc6879b 1552
22a299ee
JM		 1553 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1554 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1555 os_memcpy(sm->key_replay[i].counter,
1556 sm->key_replay[i - 1].counter,
1557 WPA_REPLAY_COUNTER_LEN);
1558 }
1559 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1560 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
6fc6879b 1561 WPA_REPLAY_COUNTER_LEN);
db099951
JM		 1562 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
1563 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
22a299ee 1564 sm->key_replay[0].valid = TRUE;
6fc6879b
JM		 1565
1566 if (nonce)
1567 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1568
1569 if (key_rsc)
1570 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1571
1572 if (kde && !encr) {
5e3b5197 1573 os_memcpy(key_data, kde, kde_len);
6d014ffc 1574 WPA_PUT_BE16(key_mic + mic_len, kde_len);
b729fd8d 1575#ifdef CONFIG_FILS
c05f96a3 1576 } else if (!mic_len && kde) {
b729fd8d
JM		 1577 const u8 *aad[1];
1578 size_t aad_len[1];
1579
1580 WPA_PUT_BE16(key_mic, AES_BLOCK_SIZE + kde_len);
1581 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1582 kde, kde_len);
1583
1584 wpa_hexdump_key(MSG_DEBUG, "WPA: KEK",
1585 sm->PTK.kek, sm->PTK.kek_len);
1586 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
1587 * to Key Data (exclusive). */
1588 aad[0] = (u8 *) hdr;
1589 aad_len[0] = key_mic + 2 - (u8 *) hdr;
1590 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len, kde, kde_len,
1591 1, aad, aad_len, key_mic + 2) < 0) {
1592 wpa_printf(MSG_DEBUG, "WPA: AES-SIV encryption failed");
1593 return;
1594 }
1595
1596 wpa_hexdump(MSG_DEBUG, "WPA: Encrypted Key Data from SIV",
1597 key_mic + 2, AES_BLOCK_SIZE + kde_len);
1598#endif /* CONFIG_FILS */
6fc6879b
JM		 1599 } else if (encr && kde) {
1600 buf = os_zalloc(key_data_len);
1601 if (buf == NULL) {
1602 os_free(hdr);
1603 return;
1604 }
1605 pos = buf;
1606 os_memcpy(pos, kde, kde_len);
1607 pos += kde_len;
1608
1609 if (pad_len)
1610 *pos++ = 0xdd;
1611
1612 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1613 buf, key_data_len);
1614 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
4bc801ab 1615 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) ||
6fc6879b 1616 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
ef9627cb
JM		 1617 wpa_printf(MSG_DEBUG,
1618 "WPA: Encrypt Key Data using AES-WRAP (KEK length %u)",
1619 (unsigned int) sm->PTK.kek_len);
98cd3d1c 1620 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
5e3b5197 1621 (key_data_len - 8) / 8, buf, key_data)) {
6fc6879b
JM		 1622 os_free(hdr);
1623 os_free(buf);
1624 return;
1625 }
6d014ffc 1626 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
7cb53ded 1627#ifndef CONFIG_NO_RC4
98cd3d1c 1628 } else if (sm->PTK.kek_len == 16) {
6fc6879b 1629 u8 ek[32];
ef9627cb
JM		 1630
1631 wpa_printf(MSG_DEBUG,
1632 "WPA: Encrypt Key Data using RC4");
6fc6879b
JM		 1633 os_memcpy(key->key_iv,
1634 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1635 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1636 os_memcpy(ek, key->key_iv, 16);
98cd3d1c 1637 os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len);
5e3b5197
JM		 1638 os_memcpy(key_data, buf, key_data_len);
1639 rc4_skip(ek, 32, 256, key_data, key_data_len);
6d014ffc 1640 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
7cb53ded 1641#endif /* CONFIG_NO_RC4 */
98cd3d1c
JM		 1642 } else {
1643 os_free(hdr);
1644 os_free(buf);
1645 return;
6fc6879b
JM		 1646 }
1647 os_free(buf);
1648 }
1649
1650 if (key_info & WPA_KEY_INFO_MIC) {
b729fd8d 1651 if (!sm->PTK_valid || !mic_len) {
6fc6879b
JM		 1652 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1653 "PTK not valid when sending EAPOL-Key "
1654 "frame");
1655 os_free(hdr);
1656 return;
1657 }
5e3b5197 1658
beae255a
JM		 1659 if (wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len,
1660 sm->wpa_key_mgmt, version,
1661 (u8 *) hdr, len, key_mic) < 0) {
1662 os_free(hdr);
1663 return;
1664 }
7af092a0
JB		 1665#ifdef CONFIG_TESTING_OPTIONS
1666 if (!pairwise &&
06df2aa6 1667 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
7af092a0
JB		 1668 drand48() <
1669 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1670 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1671 "Corrupting group EAPOL-Key Key MIC");
5e3b5197 1672 key_mic[0]++;
7af092a0
JB		 1673 }
1674#endif /* CONFIG_TESTING_OPTIONS */
6fc6879b
JM		 1675 }
1676
1677 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1678 1);
1679 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1680 sm->pairwise_set);
1681 os_free(hdr);
1682}
1683
1684
1685static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1686 struct wpa_state_machine *sm, int key_info,
1687 const u8 *key_rsc, const u8 *nonce,
1688 const u8 *kde, size_t kde_len,
1689 int keyidx, int encr)
1690{
1691 int timeout_ms;
1692 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
41f140d3 1693 u32 ctr;
6fc6879b
JM		 1694
1695 if (sm == NULL)
1696 return;
1697
1698 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1699 keyidx, encr, 0);
1700
bae61562 1701 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
e4bf4db9 1702 if (ctr == 1 && wpa_auth->conf.tx_status)
00338a4f
JM		 1703 timeout_ms = pairwise ? eapol_key_timeout_first :
1704 eapol_key_timeout_first_group;
bae61562
JM		 1705 else
1706 timeout_ms = eapol_key_timeout_subseq;
6f234c1e
JM		 1707 if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
1708 (!pairwise || (key_info & WPA_KEY_INFO_MIC)))
1709 timeout_ms = eapol_key_timeout_no_retrans;
e4bf4db9
JM		 1710 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1711 sm->pending_1_of_4_timeout = 1;
525923b1
JM		 1712#ifdef TEST_FUZZ
1713 timeout_ms = 1;
1714#endif /* TEST_FUZZ */
e4bf4db9 1715 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
41f140d3 1716 "counter %u)", timeout_ms, ctr);
6fc6879b
JM		 1717 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1718 wpa_send_eapol_timeout, wpa_auth, sm);
1719}
1720
1721
567da5bb
JM		 1722static int wpa_verify_key_mic(int akmp, size_t pmk_len, struct wpa_ptk *PTK,
1723 u8 *data, size_t data_len)
6fc6879b
JM		 1724{
1725 struct ieee802_1x_hdr *hdr;
1726 struct wpa_eapol_key *key;
1727 u16 key_info;
1728 int ret = 0;
6d014ffc 1729 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN], *mic_pos;
567da5bb 1730 size_t mic_len = wpa_mic_len(akmp, pmk_len);
6fc6879b
JM		 1731
1732 if (data_len < sizeof(*hdr) + sizeof(*key))
1733 return -1;
1734
1735 hdr = (struct ieee802_1x_hdr *) data;
1736 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 1737 mic_pos = (u8 *) (key + 1);
6fc6879b 1738 key_info = WPA_GET_BE16(key->key_info);
6d014ffc
JM		 1739 os_memcpy(mic, mic_pos, mic_len);
1740 os_memset(mic_pos, 0, mic_len);
98cd3d1c
JM		 1741 if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp,
1742 key_info & WPA_KEY_INFO_TYPE_MASK,
6d014ffc
JM		 1743 data, data_len, mic_pos) ||
1744 os_memcmp_const(mic, mic_pos, mic_len) != 0)
6fc6879b 1745 ret = -1;
6d014ffc 1746 os_memcpy(mic_pos, mic, mic_len);
6fc6879b
JM		 1747 return ret;
1748}
1749
1750
1751void wpa_remove_ptk(struct wpa_state_machine *sm)
1752{
1753 sm->PTK_valid = FALSE;
1754 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
2a0b86d3 1755 if (wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL,
a919a260 1756 0, KEY_FLAG_PAIRWISE))
2a0b86d3
JM		 1757 wpa_printf(MSG_DEBUG,
1758 "RSN: PTK removal from the driver failed");
862aac1f
AW		 1759 if (sm->wpa_auth->conf.extended_key_id && sm->use_ext_key_id &&
1760 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 1, NULL,
1761 0, KEY_FLAG_PAIRWISE))
1762 wpa_printf(MSG_DEBUG,
1763 "RSN: PTK Key ID 1 removal from the driver failed");
6fc6879b 1764 sm->pairwise_set = FALSE;
581a8cde 1765 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 1766}
1767
1768
bb119228 1769int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
6fc6879b 1770{
5d22a1d5
JM		 1771 int remove_ptk = 1;
1772
6fc6879b 1773 if (sm == NULL)
6f9b5d16 1774 return -1;
6fc6879b
JM		 1775
1776 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1777 "event %d notification", event);
1778
1779 switch (event) {
1780 case WPA_AUTH:
c50d94f1
BC		 1781#ifdef CONFIG_MESH
1782 /* PTKs are derived through AMPE */
1783 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1784 /* not mesh */
1785 break;
1786 }
1787 return 0;
1788#endif /* CONFIG_MESH */
6fc6879b
JM		 1789 case WPA_ASSOC:
1790 break;
1791 case WPA_DEAUTH:
1792 case WPA_DISASSOC:
1793 sm->DeauthenticationRequest = TRUE;
09ab81b9
JM		 1794#ifdef CONFIG_IEEE80211R_AP
1795 os_memset(sm->PMK, 0, sizeof(sm->PMK));
1796 sm->pmk_len = 0;
1797 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
1798 sm->xxkey_len = 0;
8a576f5e
JM		 1799 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
1800 sm->pmk_r1_len = 0;
09ab81b9 1801#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 1802 break;
1803 case WPA_REAUTH:
1804 case WPA_REAUTH_EAPOL:
3ab72b62
JM		 1805 if (!sm->started) {
1806 /*
1807 * When using WPS, we may end up here if the STA
1808 * manages to re-associate without the previous STA
1809 * entry getting removed. Consequently, we need to make
1810 * sure that the WPA state machines gets initialized
1811 * properly at this point.
1812 */
1813 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1814 "started - initialize now");
1815 sm->started = 1;
1816 sm->Init = TRUE;
1817 if (wpa_sm_step(sm) == 1)
1818 return 1; /* should not really happen */
1819 sm->Init = FALSE;
1820 sm->AuthenticationRequest = TRUE;
1821 break;
862aac1f
AW		 1822 }
1823
1824 if (!sm->use_ext_key_id &&
1825 sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
1a7963e3
AW		 1826 wpa_printf(MSG_INFO,
1827 "WPA: PTK0 rekey not allowed, disconnect "
1828 MACSTR, MAC2STR(sm->addr));
1829 sm->Disconnect = TRUE;
862aac1f 1830 /* Try to encourage the STA to reconnect */
1a7963e3
AW		 1831 sm->disconnect_reason =
1832 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA;
1833 break;
3ab72b62 1834 }
862aac1f
AW		 1835
1836 if (sm->use_ext_key_id)
1837 sm->keyidx_active ^= 1; /* flip Key ID */
1838
9663596f
JM		 1839 if (sm->GUpdateStationKeys) {
1840 /*
1841 * Reauthentication cancels the pending group key
1842 * update for this STA.
1843 */
1844 sm->group->GKeyDoneStations--;
1845 sm->GUpdateStationKeys = FALSE;
1846 sm->PtkGroupInit = TRUE;
1847 }
6fc6879b
JM		 1848 sm->ReAuthenticationRequest = TRUE;
1849 break;
1850 case WPA_ASSOC_FT:
4ec1fd8e 1851#ifdef CONFIG_IEEE80211R_AP
81a658d7
JM		 1852 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1853 "after association");
1854 wpa_ft_install_ptk(sm);
1855
6fc6879b
JM		 1856 /* Using FT protocol, not WPA auth state machine */
1857 sm->ft_completed = 1;
d178ab0d 1858 wpa_auth_set_ptk_rekey_timer(sm);
6f9b5d16 1859 return 0;
4ec1fd8e 1860#else /* CONFIG_IEEE80211R_AP */
6fc6879b 1861 break;
4ec1fd8e 1862#endif /* CONFIG_IEEE80211R_AP */
957bff83
JM		 1863 case WPA_ASSOC_FILS:
1864#ifdef CONFIG_FILS
1865 wpa_printf(MSG_DEBUG,
1866 "FILS: TK configuration after association");
1867 fils_set_tk(sm);
1868 sm->fils_completed = 1;
1869 return 0;
1870#else /* CONFIG_FILS */
1871 break;
1872#endif /* CONFIG_FILS */
0e3bd7ac
MV		 1873 case WPA_DRV_STA_REMOVED:
1874 sm->tk_already_set = FALSE;
1875 return 0;
6fc6879b
JM		 1876 }
1877
4ec1fd8e 1878#ifdef CONFIG_IEEE80211R_AP
6fc6879b 1879 sm->ft_completed = 0;
4ec1fd8e 1880#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 1881
5d22a1d5
JM		 1882 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1883 remove_ptk = 0;
78815f3d 1884#ifdef CONFIG_FILS
da24c5aa
JM		 1885 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1886 (event == WPA_AUTH || event == WPA_ASSOC))
78815f3d
JM		 1887 remove_ptk = 0;
1888#endif /* CONFIG_FILS */
6fc6879b 1889
5d22a1d5
JM		 1890 if (remove_ptk) {
1891 sm->PTK_valid = FALSE;
1892 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1893
1894 if (event != WPA_REAUTH_EAPOL)
1895 wpa_remove_ptk(sm);
1896 }
6fc6879b 1897
43f49c37
JM		 1898 if (sm->in_step_loop) {
1899 /*
1900 * wpa_sm_step() is already running - avoid recursive call to
1901 * it by making the existing loop process the new update.
1902 */
1903 sm->changed = TRUE;
1904 return 0;
1905 }
6f9b5d16 1906 return wpa_sm_step(sm);
6fc6879b
JM		 1907}
1908
1909
6fc6879b
JM		 1910SM_STATE(WPA_PTK, INITIALIZE)
1911{
1912 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1913 if (sm->Init) {
1914 /* Init flag is not cleared here, so avoid busy
1915 * loop by claiming nothing changed. */
1916 sm->changed = FALSE;
1917 }
1918
1919 sm->keycount = 0;
1920 if (sm->GUpdateStationKeys)
1921 sm->group->GKeyDoneStations--;
1922 sm->GUpdateStationKeys = FALSE;
1923 if (sm->wpa == WPA_VERSION_WPA)
1924 sm->PInitAKeys = FALSE;
1925 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1926 * Local AA > Remote AA)) */) {
1927 sm->Pair = TRUE;
1928 }
1929 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1930 wpa_remove_ptk(sm);
1931 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1932 sm->TimeoutCtr = 0;
a1ea1b45 1933 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
567da5bb 1934 sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP ||
a1ea1b45 1935 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) {
6fc6879b
JM		 1936 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1937 WPA_EAPOL_authorized, 0);
1938 }
1939}
1940
1941
1942SM_STATE(WPA_PTK, DISCONNECT)
1943{
567da5bb
JM		 1944 u16 reason = sm->disconnect_reason;
1945
6fc6879b
JM		 1946 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1947 sm->Disconnect = FALSE;
567da5bb
JM		 1948 sm->disconnect_reason = 0;
1949 if (!reason)
1950 reason = WLAN_REASON_PREV_AUTH_NOT_VALID;
1951 wpa_sta_disconnect(sm->wpa_auth, sm->addr, reason);
6fc6879b
JM		 1952}
1953
1954
1955SM_STATE(WPA_PTK, DISCONNECTED)
1956{
1957 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1958 sm->DeauthenticationRequest = FALSE;
1959}
1960
1961
1962SM_STATE(WPA_PTK, AUTHENTICATION)
1963{
1964 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1965 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1966 sm->PTK_valid = FALSE;
1967 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1968 1);
1969 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1970 sm->AuthenticationRequest = FALSE;
1971}
1972
1973
40d00d2b
NC		 1974static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1975 struct wpa_group *group)
1bdb7ab3 1976{
40d00d2b
NC		 1977 if (group->first_sta_seen)
1978 return;
1bdb7ab3
JM		 1979 /*
1980 * System has run bit further than at the time hostapd was started
1981 * potentially very early during boot up. This provides better chances
1982 * of collecting more randomness on embedded systems. Re-initialize the
1983 * GMK and Counter here to improve their strength if there was not
1984 * enough entropy available immediately after system startup.
1985 */
1986 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1987 "station");
08704cd8
JM		 1988 if (random_pool_ready() != 1) {
1989 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1990 "to proceed - reject first 4-way handshake");
1991 group->reject_4way_hs_for_entropy = TRUE;
40d00d2b
NC		 1992 } else {
1993 group->first_sta_seen = TRUE;
1994 group->reject_4way_hs_for_entropy = FALSE;
08704cd8 1995 }
40d00d2b 1996
aac1efec
JM		 1997 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
1998 wpa_gtk_update(wpa_auth, group) < 0 ||
1999 wpa_group_config_group_keys(wpa_auth, group) < 0) {
2000 wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed");
2001 group->first_sta_seen = FALSE;
2002 group->reject_4way_hs_for_entropy = TRUE;
2003 }
1bdb7ab3
JM		 2004}
2005
2006
6fc6879b
JM		 2007SM_STATE(WPA_PTK, AUTHENTICATION2)
2008{
2009 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1bdb7ab3 2010
40d00d2b 2011 wpa_group_ensure_init(sm->wpa_auth, sm->group);
65a32cdb 2012 sm->ReAuthenticationRequest = FALSE;
1bdb7ab3 2013
3825a19b
JM		 2014 /*
2015 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
2016 * ambiguous. The Authenticator state machine uses a counter that is
2017 * incremented by one for each 4-way handshake. However, the security
2018 * analysis of 4-way handshake points out that unpredictable nonces
2019 * help in preventing precomputation attacks. Instead of the state
2020 * machine definition, use an unpredictable nonce value here to provide
2021 * stronger protection against potential precomputation attacks.
2022 */
2023 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
2024 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
2025 "ANonce.");
65a32cdb 2026 sm->Disconnect = TRUE;
3825a19b
JM		 2027 return;
2028 }
bc8318ac
JM		 2029 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
2030 WPA_NONCE_LEN);
6fc6879b
JM		 2031 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
2032 * logical place than INITIALIZE since AUTHENTICATION2 can be
2033 * re-entered on ReAuthenticationRequest without going through
2034 * INITIALIZE. */
2035 sm->TimeoutCtr = 0;
2036}
2037
2038
0adc9b28
JM		 2039static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
2040{
2041 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
2042 wpa_printf(MSG_ERROR,
2043 "WPA: Failed to get random data for ANonce");
2044 sm->Disconnect = TRUE;
2045 return -1;
2046 }
2047 wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
2048 WPA_NONCE_LEN);
2049 sm->TimeoutCtr = 0;
2050 return 0;
2051}
2052
2053
6fc6879b
JM		 2054SM_STATE(WPA_PTK, INITPMK)
2055{
2056 u8 msk[2 * PMK_LEN];
2057 size_t len = 2 * PMK_LEN;
2058
2059 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
4ec1fd8e 2060#ifdef CONFIG_IEEE80211R_AP
6fc6879b 2061 sm->xxkey_len = 0;
4ec1fd8e 2062#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 2063 if (sm->pmksa) {
2064 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
207976f0
JM		 2065 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
2066 sm->pmk_len = sm->pmksa->pmk_len;
567da5bb
JM		 2067#ifdef CONFIG_DPP
2068 } else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP) {
2069 wpa_printf(MSG_DEBUG,
2070 "DPP: No PMKSA cache entry for STA - reject connection");
2071 sm->Disconnect = TRUE;
2072 sm->disconnect_reason = WLAN_REASON_INVALID_PMKID;
2073 return;
2074#endif /* CONFIG_DPP */
6fc6879b 2075 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
207976f0
JM		 2076 unsigned int pmk_len;
2077
834c5d68 2078 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
207976f0
JM		 2079 pmk_len = PMK_LEN_SUITE_B_192;
2080 else
2081 pmk_len = PMK_LEN;
6fc6879b 2082 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
207976f0
JM		 2083 "(MSK len=%lu PMK len=%u)", (unsigned long) len,
2084 pmk_len);
2085 if (len < pmk_len) {
2086 wpa_printf(MSG_DEBUG,
2087 "WPA: MSK not long enough (%u) to create PMK (%u)",
2088 (unsigned int) len, (unsigned int) pmk_len);
2089 sm->Disconnect = TRUE;
2090 return;
2091 }
2092 os_memcpy(sm->PMK, msk, pmk_len);
2093 sm->pmk_len = pmk_len;
4ec1fd8e 2094#ifdef CONFIG_IEEE80211R_AP
6fc6879b 2095 if (len >= 2 * PMK_LEN) {
9f12271b
JM		 2096 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
2097 os_memcpy(sm->xxkey, msk, SHA384_MAC_LEN);
2098 sm->xxkey_len = SHA384_MAC_LEN;
2099 } else {
2100 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
2101 sm->xxkey_len = PMK_LEN;
2102 }
6fc6879b 2103 }
4ec1fd8e 2104#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 2105 } else {
400de9b1 2106 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
cef8fac0 2107 sm->wpa_auth->cb->get_msk);
1180dd66
JM		 2108 sm->Disconnect = TRUE;
2109 return;
6fc6879b 2110 }
31bc66e4 2111 forced_memzero(msk, sizeof(msk));
6fc6879b
JM		 2112
2113 sm->req_replay_counter_used = 0;
2114 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
2115 * will break reauthentication since EAPOL state machines may not be
2116 * get into AUTHENTICATING state that clears keyRun before WPA state
2117 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
2118 * state and takes PMK from the previously used AAA Key. This will
2119 * eventually fail in 4-Way Handshake because Supplicant uses PMK
2120 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
2121 * be good workaround for this issue. */
2122 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
2123}
2124
2125
2126SM_STATE(WPA_PTK, INITPSK)
2127{
2128 const u8 *psk;
7a12edd1
JM		 2129 size_t psk_len;
2130
6fc6879b 2131 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
7a12edd1 2132 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL,
dbfa691d 2133 &psk_len, NULL);
6fc6879b 2134 if (psk) {
7a12edd1
JM		 2135 os_memcpy(sm->PMK, psk, psk_len);
2136 sm->pmk_len = psk_len;
4ec1fd8e 2137#ifdef CONFIG_IEEE80211R_AP
6fc6879b
JM		 2138 os_memcpy(sm->xxkey, psk, PMK_LEN);
2139 sm->xxkey_len = PMK_LEN;
4ec1fd8e 2140#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 2141 }
e61fea6b
JM		 2142#ifdef CONFIG_SAE
2143 if (wpa_auth_uses_sae(sm) && sm->pmksa) {
2144 wpa_printf(MSG_DEBUG, "SAE: PMK from PMKSA cache");
2145 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
2146 sm->pmk_len = sm->pmksa->pmk_len;
6fe3f0f7 2147#ifdef CONFIG_IEEE80211R_AP
2148 os_memcpy(sm->xxkey, sm->pmksa->pmk, sm->pmksa->pmk_len);
2149 sm->xxkey_len = sm->pmksa->pmk_len;
2150#endif /* CONFIG_IEEE80211R_AP */
e61fea6b
JM		 2151 }
2152#endif /* CONFIG_SAE */
6fc6879b
JM		 2153 sm->req_replay_counter_used = 0;
2154}
2155
2156
2157SM_STATE(WPA_PTK, PTKSTART)
2158{
2159 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
2160 size_t pmkid_len = 0;
2161
2162 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
2163 sm->PTKRequest = FALSE;
2164 sm->TimeoutEvt = FALSE;
f23c5b17 2165 sm->alt_snonce_valid = FALSE;
bae61562
JM		 2166
2167 sm->TimeoutCtr++;
41f140d3 2168 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
bae61562
JM		 2169 /* No point in sending the EAPOL-Key - we will disconnect
2170 * immediately following this. */
2171 return;
2172 }
2173
6fc6879b
JM		 2174 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2175 "sending 1/4 msg of 4-Way Handshake");
2176 /*
c6e1a9a0
JM		 2177 * For infrastructure BSS cases, it is better for the AP not to include
2178 * the PMKID KDE in EAPOL-Key msg 1/4 since it could be used to initiate
2179 * offline search for the passphrase/PSK without having to be able to
2180 * capture a 4-way handshake from a STA that has access to the network.
2181 *
2182 * For IBSS cases, addition of PMKID KDE could be considered even with
2183 * WPA2-PSK cases that use multiple PSKs, but only if there is a single
2184 * possible PSK for this STA. However, this should not be done unless
2185 * there is support for using that information on the supplicant side.
2186 * The concern about exposing PMKID unnecessarily in infrastructure BSS
2187 * cases would also apply here, but at least in the IBSS case, this
2188 * would cover a potential real use case.
6fc6879b
JM		 2189 */
2190 if (sm->wpa == WPA_VERSION_WPA2 &&
e61fea6b 2191 (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) ||
d90f10fa 2192 (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && sm->pmksa) ||
e61fea6b 2193 wpa_key_mgmt_sae(sm->wpa_key_mgmt)) &&
a14896e8 2194 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
6fc6879b
JM		 2195 pmkid = buf;
2196 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
2197 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
2198 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
2199 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
929a2ea5 2200 if (sm->pmksa) {
9d94e4bb
JM		 2201 wpa_hexdump(MSG_DEBUG,
2202 "RSN: Message 1/4 PMKID from PMKSA entry",
2203 sm->pmksa->pmkid, PMKID_LEN);
6fc6879b
JM		 2204 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
2205 sm->pmksa->pmkid, PMKID_LEN);
929a2ea5
JM		 2206 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
2207 /* No KCK available to derive PMKID */
9d94e4bb
JM		 2208 wpa_printf(MSG_DEBUG,
2209 "RSN: No KCK available to derive PMKID for message 1/4");
929a2ea5 2210 pmkid = NULL;
a40bd06e
JM		 2211#ifdef CONFIG_FILS
2212 } else if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2213 if (sm->pmkid_set) {
2214 wpa_hexdump(MSG_DEBUG,
2215 "RSN: Message 1/4 PMKID from FILS/ERP",
2216 sm->pmkid, PMKID_LEN);
2217 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
2218 sm->pmkid, PMKID_LEN);
2219 } else {
2220 /* No PMKID available */
2221 wpa_printf(MSG_DEBUG,
2222 "RSN: No FILS/ERP PMKID available for message 1/4");
2223 pmkid = NULL;
2224 }
2225#endif /* CONFIG_FILS */
fb1dee22
JM		 2226#ifdef CONFIG_IEEE80211R_AP
2227 } else if (wpa_key_mgmt_ft(sm->wpa_key_mgmt) &&
2228 sm->ft_completed) {
2229 wpa_printf(MSG_DEBUG,
2230 "FT: No PMKID in message 1/4 when using FT protocol");
2231 pmkid = NULL;
fb1dee22 2232#endif /* CONFIG_IEEE80211R_AP */
9d94e4bb
JM		 2233#ifdef CONFIG_SAE
2234 } else if (wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
2235 if (sm->pmkid_set) {
2236 wpa_hexdump(MSG_DEBUG,
2237 "RSN: Message 1/4 PMKID from SAE",
2238 sm->pmkid, PMKID_LEN);
2239 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
2240 sm->pmkid, PMKID_LEN);
2241 } else {
2242 /* No PMKID available */
2243 wpa_printf(MSG_DEBUG,
2244 "RSN: No SAE PMKID available for message 1/4");
2245 pmkid = NULL;
2246 }
2247#endif /* CONFIG_SAE */
929a2ea5 2248 } else {
6fc6879b
JM		 2249 /*
2250 * Calculate PMKID since no PMKSA cache entry was
2251 * available with pre-calculated PMKID.
2252 */
207976f0 2253 rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr,
56586197 2254 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
41b81914 2255 sm->wpa_key_mgmt);
9d94e4bb
JM		 2256 wpa_hexdump(MSG_DEBUG,
2257 "RSN: Message 1/4 PMKID derived from PMK",
2258 &pmkid[2 + RSN_SELECTOR_LEN], PMKID_LEN);
6fc6879b
JM		 2259 }
2260 }
307cfc32
MK		 2261 if (!pmkid)
2262 pmkid_len = 0;
6fc6879b
JM		 2263 wpa_send_eapol(sm->wpa_auth, sm,
2264 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
2265 sm->ANonce, pmkid, pmkid_len, 0, 0);
6fc6879b
JM		 2266}
2267
2268
f23c5b17 2269static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
207976f0 2270 const u8 *pmk, unsigned int pmk_len,
65a44e84 2271 struct wpa_ptk *ptk, int force_sha256)
6fc6879b 2272{
10ec6a5f
JM		 2273 const u8 *z = NULL;
2274 size_t z_len = 0;
65a44e84 2275 int akmp;
10ec6a5f 2276
4ec1fd8e 2277#ifdef CONFIG_IEEE80211R_AP
b583ed38
JM		 2278 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2279 if (sm->ft_completed) {
2280 u8 ptk_name[WPA_PMK_NAME_LEN];
2281
2282 return wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len,
2283 sm->SNonce, sm->ANonce,
2284 sm->addr, sm->wpa_auth->addr,
2285 sm->pmk_r1_name,
2286 ptk, ptk_name,
2287 sm->wpa_key_mgmt,
2288 sm->pairwise);
2289 }
267c366f 2290 return wpa_auth_derive_ptk_ft(sm, ptk);
b583ed38 2291 }
4ec1fd8e 2292#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 2293
10ec6a5f
JM		 2294#ifdef CONFIG_DPP2
2295 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_z) {
2296 z = wpabuf_head(sm->dpp_z);
2297 z_len = wpabuf_len(sm->dpp_z);
2298 }
2299#endif /* CONFIG_DPP2 */
2300
65a44e84
JM		 2301 akmp = sm->wpa_key_mgmt;
2302 if (force_sha256)
0a76a0b9 2303 akmp |= WPA_KEY_MGMT_PSK_SHA256;
207976f0 2304 return wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
98cd3d1c 2305 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
65a44e84 2306 ptk, akmp, sm->pairwise, z, z_len);
6fc6879b
JM		 2307}
2308
2309
3b5b7aa8 2310#ifdef CONFIG_FILS
c4fd6d8a
JM		 2311
2312int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
80ddf5d9 2313 size_t pmk_len, const u8 *snonce, const u8 *anonce,
4cada9dc 2314 const u8 *dhss, size_t dhss_len,
80ddf5d9 2315 struct wpabuf *g_sta, struct wpabuf *g_ap)
c4fd6d8a
JM		 2316{
2317 u8 ick[FILS_ICK_MAX_LEN];
2318 size_t ick_len;
2319 int res;
8fed47e0
JM		 2320 u8 fils_ft[FILS_FT_MAX_LEN];
2321 size_t fils_ft_len = 0;
c4fd6d8a
JM		 2322
2323 res = fils_pmk_to_ptk(pmk, pmk_len, sm->addr, sm->wpa_auth->addr,
4cada9dc
JM		 2324 snonce, anonce, dhss, dhss_len,
2325 &sm->PTK, ick, &ick_len,
8fed47e0
JM		 2326 sm->wpa_key_mgmt, sm->pairwise,
2327 fils_ft, &fils_ft_len);
c4fd6d8a
JM		 2328 if (res < 0)
2329 return res;
2330 sm->PTK_valid = TRUE;
2f1357fb 2331 sm->tk_already_set = FALSE;
c4fd6d8a 2332
8fed47e0
JM		 2333#ifdef CONFIG_IEEE80211R_AP
2334 if (fils_ft_len) {
2335 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2336 struct wpa_auth_config *conf = &wpa_auth->conf;
994eac7e
JM		 2337 u8 pmk_r0[PMK_LEN_MAX], pmk_r0_name[WPA_PMK_NAME_LEN];
2338 int use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
2339 size_t pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
8fed47e0
JM		 2340
2341 if (wpa_derive_pmk_r0(fils_ft, fils_ft_len,
2342 conf->ssid, conf->ssid_len,
2343 conf->mobility_domain,
2344 conf->r0_key_holder,
2345 conf->r0_key_holder_len,
994eac7e
JM		 2346 sm->addr, pmk_r0, pmk_r0_name,
2347 use_sha384) < 0)
8fed47e0
JM		 2348 return -1;
2349
994eac7e
JM		 2350 wpa_hexdump_key(MSG_DEBUG, "FILS+FT: PMK-R0",
2351 pmk_r0, pmk_r0_len);
8fed47e0
JM		 2352 wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR0Name",
2353 pmk_r0_name, WPA_PMK_NAME_LEN);
89dea17e 2354 wpa_ft_store_pmk_fils(sm, pmk_r0, pmk_r0_name);
31bc66e4 2355 forced_memzero(fils_ft, sizeof(fils_ft));
36536639
JM		 2356
2357 res = wpa_derive_pmk_r1_name(pmk_r0_name, conf->r1_key_holder,
2358 sm->addr, sm->pmk_r1_name,
2359 use_sha384);
31bc66e4 2360 forced_memzero(pmk_r0, PMK_LEN_MAX);
36536639
JM		 2361 if (res < 0)
2362 return -1;
2363 wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR1Name", sm->pmk_r1_name,
2364 WPA_PMK_NAME_LEN);
2365 sm->pmk_r1_name_valid = 1;
8fed47e0
JM		 2366 }
2367#endif /* CONFIG_IEEE80211R_AP */
2368
c4fd6d8a
JM		 2369 res = fils_key_auth_sk(ick, ick_len, snonce, anonce,
2370 sm->addr, sm->wpa_auth->addr,
80ddf5d9
JM		 2371 g_sta ? wpabuf_head(g_sta) : NULL,
2372 g_sta ? wpabuf_len(g_sta) : 0,
2373 g_ap ? wpabuf_head(g_ap) : NULL,
2374 g_ap ? wpabuf_len(g_ap) : 0,
c4fd6d8a
JM		 2375 sm->wpa_key_mgmt, sm->fils_key_auth_sta,
2376 sm->fils_key_auth_ap,
2377 &sm->fils_key_auth_len);
31bc66e4 2378 forced_memzero(ick, sizeof(ick));
78815f3d
JM		 2379
2380 /* Store nonces for (Re)Association Request/Response frame processing */
2381 os_memcpy(sm->SNonce, snonce, FILS_NONCE_LEN);
2382 os_memcpy(sm->ANonce, anonce, FILS_NONCE_LEN);
2383
c4fd6d8a
JM		 2384 return res;
2385}
2386
2387
3b5b7aa8 2388static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
75c8563e 2389 u8 *buf, size_t buf_len, u16 *_key_data_len)
3b5b7aa8
JM		 2390{
2391 struct ieee802_1x_hdr *hdr;
2392 struct wpa_eapol_key *key;
2393 u8 *pos;
2394 u16 key_data_len;
2395 u8 *tmp;
2396 const u8 *aad[1];
2397 size_t aad_len[1];
2398
75c8563e 2399 hdr = (struct ieee802_1x_hdr *) buf;
3b5b7aa8
JM		 2400 key = (struct wpa_eapol_key *) (hdr + 1);
2401 pos = (u8 *) (key + 1);
2402 key_data_len = WPA_GET_BE16(pos);
2403 if (key_data_len < AES_BLOCK_SIZE ||
2404 key_data_len > buf_len - sizeof(*hdr) - sizeof(*key) - 2) {
2405 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2406 "No room for AES-SIV data in the frame");
2407 return -1;
2408 }
2409 pos += 2; /* Pointing at the Encrypted Key Data field */
2410
2411 tmp = os_malloc(key_data_len);
2412 if (!tmp)
2413 return -1;
2414
2415 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
2416 * to Key Data (exclusive). */
75c8563e
JM		 2417 aad[0] = buf;
2418 aad_len[0] = pos - buf;
3b5b7aa8
JM		 2419 if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, key_data_len,
2420 1, aad, aad_len, tmp) < 0) {
2421 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2422 "Invalid AES-SIV data in the frame");
2423 bin_clear_free(tmp, key_data_len);
2424 return -1;
2425 }
2426
2427 /* AEAD decryption and validation completed successfully */
2428 key_data_len -= AES_BLOCK_SIZE;
2429 wpa_hexdump_key(MSG_DEBUG, "WPA: Decrypted Key Data",
2430 tmp, key_data_len);
2431
2432 /* Replace Key Data field with the decrypted version */
2433 os_memcpy(pos, tmp, key_data_len);
2434 pos -= 2; /* Key Data Length field */
2435 WPA_PUT_BE16(pos, key_data_len);
2436 bin_clear_free(tmp, key_data_len);
2437 if (_key_data_len)
2438 *_key_data_len = key_data_len;
2439 return 0;
2440}
78815f3d
JM		 2441
2442
087631b9
JM		 2443const u8 * wpa_fils_validate_fils_session(struct wpa_state_machine *sm,
2444 const u8 *ies, size_t ies_len,
2445 const u8 *fils_session)
2446{
2447 const u8 *ie, *end;
2448 const u8 *session = NULL;
2449
2450 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2451 wpa_printf(MSG_DEBUG,
2452 "FILS: Not a FILS AKM - reject association");
2453 return NULL;
2454 }
2455
2456 /* Verify Session element */
2457 ie = ies;
2458 end = ((const u8 *) ie) + ies_len;
2459 while (ie + 1 < end) {
2460 if (ie + 2 + ie[1] > end)
2461 break;
2462 if (ie[0] == WLAN_EID_EXTENSION &&
2463 ie[1] >= 1 + FILS_SESSION_LEN &&
2464 ie[2] == WLAN_EID_EXT_FILS_SESSION) {
2465 session = ie;
2466 break;
2467 }
2468 ie += 2 + ie[1];
2469 }
2470
2471 if (!session) {
2472 wpa_printf(MSG_DEBUG,
2473 "FILS: %s: Could not find FILS Session element in Assoc Req - reject",
2474 __func__);
2475 return NULL;
2476 }
2477
2478 if (!fils_session) {
2479 wpa_printf(MSG_DEBUG,
2480 "FILS: %s: Could not find FILS Session element in STA entry - reject",
2481 __func__);
2482 return NULL;
2483 }
2484
2485 if (os_memcmp(fils_session, session + 3, FILS_SESSION_LEN) != 0) {
2486 wpa_printf(MSG_DEBUG, "FILS: Session mismatch");
2487 wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session",
2488 fils_session, FILS_SESSION_LEN);
2489 wpa_hexdump(MSG_DEBUG, "FILS: Received FILS Session",
2490 session + 3, FILS_SESSION_LEN);
2491 return NULL;
2492 }
2493 return session;
2494}
2495
2496
bd599353
JM		 2497int wpa_fils_validate_key_confirm(struct wpa_state_machine *sm, const u8 *ies,
2498 size_t ies_len)
2499{
2500 struct ieee802_11_elems elems;
2501
2502 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
2503 wpa_printf(MSG_DEBUG,
2504 "FILS: Failed to parse decrypted elements");
2505 return -1;
2506 }
2507
8b5ddda5
JM		 2508 if (!elems.fils_session) {
2509 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
2510 return -1;
2511 }
2512
bd599353
JM		 2513 if (!elems.fils_key_confirm) {
2514 wpa_printf(MSG_DEBUG, "FILS: No FILS Key Confirm element");
2515 return -1;
2516 }
2517
2518 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) {
2519 wpa_printf(MSG_DEBUG,
2520 "FILS: Unexpected Key-Auth length %d (expected %d)",
2521 elems.fils_key_confirm_len,
2522 (int) sm->fils_key_auth_len);
2523 return -1;
2524 }
2525
2526 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_sta,
2527 sm->fils_key_auth_len) != 0) {
2528 wpa_printf(MSG_DEBUG, "FILS: Key-Auth mismatch");
2529 wpa_hexdump(MSG_DEBUG, "FILS: Received Key-Auth",
2530 elems.fils_key_confirm, elems.fils_key_confirm_len);
2531 wpa_hexdump(MSG_DEBUG, "FILS: Expected Key-Auth",
2532 sm->fils_key_auth_sta, sm->fils_key_auth_len);
2533 return -1;
2534 }
2535
2536 return 0;
2537}
2538
2539
78815f3d
JM		 2540int fils_decrypt_assoc(struct wpa_state_machine *sm, const u8 *fils_session,
2541 const struct ieee80211_mgmt *mgmt, size_t frame_len,
2542 u8 *pos, size_t left)
2543{
2544 u16 fc, stype;
2545 const u8 *end, *ie_start, *ie, *session, *crypt;
78815f3d
JM		 2546 const u8 *aad[5];
2547 size_t aad_len[5];
2548
2549 if (!sm || !sm->PTK_valid) {
2550 wpa_printf(MSG_DEBUG,
2551 "FILS: No KEK to decrypt Assocication Request frame");
2552 return -1;
2553 }
2554
2555 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2556 wpa_printf(MSG_DEBUG,
2557 "FILS: Not a FILS AKM - reject association");
2558 return -1;
2559 }
2560
2561 end = ((const u8 *) mgmt) + frame_len;
2562 fc = le_to_host16(mgmt->frame_control);
2563 stype = WLAN_FC_GET_STYPE(fc);
2564 if (stype == WLAN_FC_STYPE_REASSOC_REQ)
2565 ie_start = mgmt->u.reassoc_req.variable;
2566 else
2567 ie_start = mgmt->u.assoc_req.variable;
2568 ie = ie_start;
2569
2570 /*
2571 * Find FILS Session element which is the last unencrypted element in
2572 * the frame.
2573 */
087631b9
JM		 2574 session = wpa_fils_validate_fils_session(sm, ie, end - ie,
2575 fils_session);
78815f3d 2576 if (!session) {
087631b9 2577 wpa_printf(MSG_DEBUG, "FILS: Session validation failed");
78815f3d
JM		 2578 return -1;
2579 }
087631b9 2580
78815f3d
JM		 2581 crypt = session + 2 + session[1];
2582
2583 if (end - crypt < AES_BLOCK_SIZE) {
2584 wpa_printf(MSG_DEBUG,
2585 "FILS: Too short frame to include AES-SIV data");
2586 return -1;
2587 }
2588
2589 /* AES-SIV AAD vectors */
2590
2591 /* The STA's MAC address */
2592 aad[0] = mgmt->sa;
2593 aad_len[0] = ETH_ALEN;
2594 /* The AP's BSSID */
2595 aad[1] = mgmt->da;
2596 aad_len[1] = ETH_ALEN;
2597 /* The STA's nonce */
2598 aad[2] = sm->SNonce;
2599 aad_len[2] = FILS_NONCE_LEN;
2600 /* The AP's nonce */
2601 aad[3] = sm->ANonce;
2602 aad_len[3] = FILS_NONCE_LEN;
2603 /*
2604 * The (Re)Association Request frame from the Capability Information
2605 * field to the FILS Session element (both inclusive).
2606 */
2607 aad[4] = (const u8 *) &mgmt->u.assoc_req.capab_info;
d77f3304 2608 aad_len[4] = crypt - aad[4];
78815f3d
JM		 2609
2610 if (aes_siv_decrypt(sm->PTK.kek, sm->PTK.kek_len, crypt, end - crypt,
d77f3304 2611 5, aad, aad_len, pos + (crypt - ie_start)) < 0) {
78815f3d
JM		 2612 wpa_printf(MSG_DEBUG,
2613 "FILS: Invalid AES-SIV data in the frame");
2614 return -1;
2615 }
2616 wpa_hexdump(MSG_DEBUG, "FILS: Decrypted Association Request elements",
2617 pos, left - AES_BLOCK_SIZE);
2618
bd599353
JM		 2619 if (wpa_fils_validate_key_confirm(sm, pos, left - AES_BLOCK_SIZE) < 0) {
2620 wpa_printf(MSG_DEBUG, "FILS: Key Confirm validation failed");
78815f3d
JM		 2621 return -1;
2622 }
2623
2624 return left - AES_BLOCK_SIZE;
2625}
2626
e73ffa09
JM		 2627
2628int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf,
91d91abf
JM		 2629 size_t current_len, size_t max_len,
2630 const struct wpabuf *hlp)
e73ffa09
JM		 2631{
2632 u8 *end = buf + max_len;
2633 u8 *pos = buf + current_len;
2634 struct ieee80211_mgmt *mgmt;
2635 struct wpabuf *plain;
e73ffa09
JM		 2636 const u8 *aad[5];
2637 size_t aad_len[5];
2638
2639 if (!sm || !sm->PTK_valid)
2640 return -1;
2641
2642 wpa_hexdump(MSG_DEBUG,
2643 "FILS: Association Response frame before FILS processing",
2644 buf, current_len);
2645
2646 mgmt = (struct ieee80211_mgmt *) buf;
2647
2648 /* AES-SIV AAD vectors */
2649
2650 /* The AP's BSSID */
2651 aad[0] = mgmt->sa;
2652 aad_len[0] = ETH_ALEN;
2653 /* The STA's MAC address */
2654 aad[1] = mgmt->da;
2655 aad_len[1] = ETH_ALEN;
2656 /* The AP's nonce */
2657 aad[2] = sm->ANonce;
2658 aad_len[2] = FILS_NONCE_LEN;
2659 /* The STA's nonce */
2660 aad[3] = sm->SNonce;
2661 aad_len[3] = FILS_NONCE_LEN;
2662 /*
2663 * The (Re)Association Response frame from the Capability Information
2664 * field (the same offset in both Association and Reassociation
2665 * Response frames) to the FILS Session element (both inclusive).
2666 */
2667 aad[4] = (const u8 *) &mgmt->u.assoc_resp.capab_info;
2668 aad_len[4] = pos - aad[4];
2669
2670 /* The following elements will be encrypted with AES-SIV */
9392859d
JM		 2671 plain = fils_prepare_plainbuf(sm, hlp);
2672 if (!plain) {
2673 wpa_printf(MSG_DEBUG, "FILS: Plain buffer prep failed");
2674 return -1;
2675 }
2676
2677 if (pos + wpabuf_len(plain) + AES_BLOCK_SIZE > end) {
2678 wpa_printf(MSG_DEBUG,
2679 "FILS: Not enough room for FILS elements");
ce362f88 2680 wpabuf_clear_free(plain);
9392859d
JM		 2681 return -1;
2682 }
2683
2684 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: Association Response plaintext",
2685 plain);
2686
2687 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len,
2688 wpabuf_head(plain), wpabuf_len(plain),
2689 5, aad, aad_len, pos) < 0) {
ce362f88 2690 wpabuf_clear_free(plain);
9392859d
JM		 2691 return -1;
2692 }
2693
2694 wpa_hexdump(MSG_DEBUG,
2695 "FILS: Encrypted Association Response elements",
2696 pos, AES_BLOCK_SIZE + wpabuf_len(plain));
2697 current_len += wpabuf_len(plain) + AES_BLOCK_SIZE;
ce362f88 2698 wpabuf_clear_free(plain);
9392859d
JM		 2699
2700 sm->fils_completed = 1;
2701
2702 return current_len;
2703}
2704
2705
2706static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm,
2707 const struct wpabuf *hlp)
2708{
2709 struct wpabuf *plain;
2710 u8 *len, *tmp, *tmp2;
2711 u8 hdr[2];
2712 u8 *gtk, dummy_gtk[32];
2713 size_t gtk_len;
2714 struct wpa_group *gsm;
82cc0b0c
JM		 2715 size_t plain_len;
2716 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
e73ffa09 2717
82cc0b0c
JM		 2718 plain_len = 1000 + ieee80211w_kde_len(sm);
2719 if (conf->transition_disable)
2720 plain_len += 2 + RSN_SELECTOR_LEN + 1;
2721 plain = wpabuf_alloc(plain_len);
e73ffa09 2722 if (!plain)
9392859d 2723 return NULL;
e73ffa09
JM		 2724
2725 /* TODO: FILS Public Key */
2726
2727 /* FILS Key Confirmation */
2728 wpabuf_put_u8(plain, WLAN_EID_EXTENSION); /* Element ID */
2729 wpabuf_put_u8(plain, 1 + sm->fils_key_auth_len); /* Length */
2730 /* Element ID Extension */
2731 wpabuf_put_u8(plain, WLAN_EID_EXT_FILS_KEY_CONFIRM);
2732 wpabuf_put_data(plain, sm->fils_key_auth_ap, sm->fils_key_auth_len);
2733
91d91abf
JM		 2734 /* FILS HLP Container */
2735 if (hlp)
2736 wpabuf_put_buf(plain, hlp);
e73ffa09
JM		 2737
2738 /* TODO: FILS IP Address Assignment */
2739
2740 /* Key Delivery */
2741 gsm = sm->group;
2742 wpabuf_put_u8(plain, WLAN_EID_EXTENSION); /* Element ID */
2743 len = wpabuf_put(plain, 1);
2744 wpabuf_put_u8(plain, WLAN_EID_EXT_KEY_DELIVERY);
2745 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN,
2746 wpabuf_put(plain, WPA_KEY_RSC_LEN));
2747 /* GTK KDE */
2748 gtk = gsm->GTK[gsm->GN - 1];
2749 gtk_len = gsm->GTK_len;
8d660a4b
JM		 2750 if (sm->wpa_auth->conf.disable_gtk ||
2751 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
e73ffa09
JM		 2752 /*
2753 * Provide unique random GTK to each STA to prevent use
2754 * of GTK in the BSS.
2755 */
2756 if (random_get_bytes(dummy_gtk, gtk_len) < 0) {
ce362f88 2757 wpabuf_clear_free(plain);
9392859d 2758 return NULL;
e73ffa09
JM		 2759 }
2760 gtk = dummy_gtk;
2761 }
2762 hdr[0] = gsm->GN & 0x03;
2763 hdr[1] = 0;
2764 tmp = wpabuf_put(plain, 0);
2765 tmp2 = wpa_add_kde(tmp, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2766 gtk, gtk_len);
2767 wpabuf_put(plain, tmp2 - tmp);
2768
16889aff 2769 /* IGTK KDE and BIGTK KDE */
e73ffa09
JM		 2770 tmp = wpabuf_put(plain, 0);
2771 tmp2 = ieee80211w_kde_add(sm, tmp);
2772 wpabuf_put(plain, tmp2 - tmp);
2773
82cc0b0c
JM		 2774 if (conf->transition_disable) {
2775 tmp = wpabuf_put(plain, 0);
2776 tmp2 = wpa_add_kde(tmp, WFA_KEY_DATA_TRANSITION_DISABLE,
2777 &conf->transition_disable, 1, NULL, 0);
2778 wpabuf_put(plain, tmp2 - tmp);
2779 }
2780
e73ffa09 2781 *len = (u8 *) wpabuf_put(plain, 0) - len - 1;
99621dc1
MV		 2782
2783#ifdef CONFIG_OCV
2784 if (wpa_auth_uses_ocv(sm)) {
2785 struct wpa_channel_info ci;
2786 u8 *pos;
2787
2788 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
2789 wpa_printf(MSG_WARNING,
2790 "FILS: Failed to get channel info for OCI element");
ce362f88 2791 wpabuf_clear_free(plain);
99621dc1
MV		 2792 return NULL;
2793 }
2794
2795 pos = wpabuf_put(plain, OCV_OCI_EXTENDED_LEN);
2796 if (ocv_insert_extended_oci(&ci, pos) < 0) {
ce362f88 2797 wpabuf_clear_free(plain);
99621dc1
MV		 2798 return NULL;
2799 }
2800 }
2801#endif /* CONFIG_OCV */
2802
9392859d 2803 return plain;
e73ffa09
JM		 2804}
2805
da24c5aa
JM		 2806
2807int fils_set_tk(struct wpa_state_machine *sm)
2808{
2809 enum wpa_alg alg;
2810 int klen;
2811
2f1357fb
JM		 2812 if (!sm || !sm->PTK_valid) {
2813 wpa_printf(MSG_DEBUG, "FILS: No valid PTK available to set TK");
2814 return -1;
2815 }
2816 if (sm->tk_already_set) {
2817 wpa_printf(MSG_DEBUG, "FILS: TK already set to the driver");
da24c5aa 2818 return -1;
2f1357fb 2819 }
da24c5aa
JM		 2820
2821 alg = wpa_cipher_to_alg(sm->pairwise);
2822 klen = wpa_cipher_key_len(sm->pairwise);
2823
2824 wpa_printf(MSG_DEBUG, "FILS: Configure TK to the driver");
2825 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
a919a260 2826 sm->PTK.tk, klen, KEY_FLAG_PAIRWISE_RX_TX)) {
da24c5aa
JM		 2827 wpa_printf(MSG_DEBUG, "FILS: Failed to set TK to the driver");
2828 return -1;
2829 }
2f1357fb 2830 sm->tk_already_set = TRUE;
da24c5aa
JM		 2831
2832 return 0;
2833}
2834
fa61bff6
JM		 2835
2836u8 * hostapd_eid_assoc_fils_session(struct wpa_state_machine *sm, u8 *buf,
8b5ddda5 2837 const u8 *fils_session, struct wpabuf *hlp)
fa61bff6
JM		 2838{
2839 struct wpabuf *plain;
2840 u8 *pos = buf;
2841
2842 /* FILS Session */
2843 *pos++ = WLAN_EID_EXTENSION; /* Element ID */
2844 *pos++ = 1 + FILS_SESSION_LEN; /* Length */
2845 *pos++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
2846 os_memcpy(pos, fils_session, FILS_SESSION_LEN);
2847 pos += FILS_SESSION_LEN;
2848
8b5ddda5 2849 plain = fils_prepare_plainbuf(sm, hlp);
fa61bff6
JM		 2850 if (!plain) {
2851 wpa_printf(MSG_DEBUG, "FILS: Plain buffer prep failed");
2852 return NULL;
2853 }
2854
2855 os_memcpy(pos, wpabuf_head(plain), wpabuf_len(plain));
2856 pos += wpabuf_len(plain);
2857
2858 wpa_printf(MSG_DEBUG, "%s: plain buf_len: %u", __func__,
2859 (unsigned int) wpabuf_len(plain));
ce362f88 2860 wpabuf_clear_free(plain);
fa61bff6
JM		 2861 sm->fils_completed = 1;
2862 return pos;
2863}
2864
3b5b7aa8
JM		 2865#endif /* CONFIG_FILS */
2866
2867
1034f67b
MV		 2868#ifdef CONFIG_OCV
2869int get_sta_tx_parameters(struct wpa_state_machine *sm, int ap_max_chanwidth,
2870 int ap_seg1_idx, int *bandwidth, int *seg1_idx)
2871{
2872 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2873
2874 if (!wpa_auth->cb->get_sta_tx_params)
2875 return -1;
2876 return wpa_auth->cb->get_sta_tx_params(wpa_auth->cb_ctx, sm->addr,
2877 ap_max_chanwidth, ap_seg1_idx,
2878 bandwidth, seg1_idx);
2879}
2880#endif /* CONFIG_OCV */
2881
2882
6fc6879b
JM		 2883SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
2884{
3b5b7aa8 2885 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
6fc6879b 2886 struct wpa_ptk PTK;
2c502460 2887 int ok = 0, psk_found = 0;
6fc6879b 2888 const u8 *pmk = NULL;
7a12edd1 2889 size_t pmk_len;
3b5b7aa8
JM		 2890 int ft;
2891 const u8 *eapol_key_ie, *key_data, *mic;
2892 u16 key_data_length;
2893 size_t mic_len, eapol_key_ie_len;
2894 struct ieee802_1x_hdr *hdr;
2895 struct wpa_eapol_key *key;
2896 struct wpa_eapol_ie_parse kde;
bb05d036 2897 int vlan_id = 0;
65a44e84 2898 int owe_ptk_workaround = !!wpa_auth->conf.owe_ptk_workaround;
6fc6879b
JM		 2899
2900 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
2901 sm->EAPOLKeyReceived = FALSE;
68921e24 2902 sm->update_snonce = FALSE;
b729fd8d 2903 os_memset(&PTK, 0, sizeof(PTK));
6fc6879b 2904
567da5bb 2905 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
3b5b7aa8 2906
6fc6879b
JM		 2907 /* WPA with IEEE 802.1X: use the derived PMK from EAP
2908 * WPA-PSK: iterate through possible PSKs and select the one matching
2909 * the packet */
2910 for (;;) {
e61fea6b
JM		 2911 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
2912 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
759fd76b 2913 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
dbfa691d
JM		 2914 sm->p2p_dev_addr, pmk, &pmk_len,
2915 &vlan_id);
6fc6879b
JM		 2916 if (pmk == NULL)
2917 break;
2c502460 2918 psk_found = 1;
f9854c18
MK		 2919#ifdef CONFIG_IEEE80211R_AP
2920 if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
2921 os_memcpy(sm->xxkey, pmk, pmk_len);
2922 sm->xxkey_len = pmk_len;
2923 }
2924#endif /* CONFIG_IEEE80211R_AP */
207976f0 2925 } else {
6fc6879b 2926 pmk = sm->PMK;
207976f0
JM		 2927 pmk_len = sm->pmk_len;
2928 }
6fc6879b 2929
a40bd06e
JM		 2930 if ((!pmk || !pmk_len) && sm->pmksa) {
2931 wpa_printf(MSG_DEBUG, "WPA: Use PMK from PMKSA cache");
2932 pmk = sm->pmksa->pmk;
2933 pmk_len = sm->pmksa->pmk_len;
2934 }
2935
65a44e84
JM		 2936 if (wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK,
2937 owe_ptk_workaround == 2) < 0)
364c064a 2938 break;
6fc6879b 2939
3b5b7aa8 2940 if (mic_len &&
567da5bb 2941 wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
929a2ea5 2942 sm->last_rx_eapol_key,
6fc6879b 2943 sm->last_rx_eapol_key_len) == 0) {
08dc8efd
JM		 2944 if (sm->PMK != pmk) {
2945 os_memcpy(sm->PMK, pmk, pmk_len);
2946 sm->pmk_len = pmk_len;
2947 }
6fc6879b
JM		 2948 ok = 1;
2949 break;
2950 }
2951
3b5b7aa8 2952#ifdef CONFIG_FILS
75c8563e
JM		 2953 if (!mic_len &&
2954 wpa_aead_decrypt(sm, &PTK, sm->last_rx_eapol_key,
2955 sm->last_rx_eapol_key_len, NULL) == 0) {
3b5b7aa8
JM		 2956 ok = 1;
2957 break;
2958 }
2959#endif /* CONFIG_FILS */
2960
65a44e84
JM		 2961#ifdef CONFIG_OWE
2962 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && pmk_len > 32 &&
2963 owe_ptk_workaround == 1) {
2964 wpa_printf(MSG_DEBUG,
2965 "OWE: Try PTK derivation workaround with SHA256");
2966 owe_ptk_workaround = 2;
2967 continue;
2968 }
2969#endif /* CONFIG_OWE */
2970
f5e0a332
JM		 2971 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
2972 wpa_key_mgmt_sae(sm->wpa_key_mgmt))
6fc6879b
JM		 2973 break;
2974 }
2975
2976 if (!ok) {
2977 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2978 "invalid MIC in msg 2/4 of 4-Way Handshake");
2c502460
JM		 2979 if (psk_found)
2980 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
6fc6879b
JM		 2981 return;
2982 }
2983
3b5b7aa8
JM		 2984 /*
2985 * Note: last_rx_eapol_key length fields have already been validated in
2986 * wpa_receive().
2987 */
2988 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
2989 key = (struct wpa_eapol_key *) (hdr + 1);
2990 mic = (u8 *) (key + 1);
2991 key_data = mic + mic_len + 2;
2992 key_data_length = WPA_GET_BE16(mic + mic_len);
2993 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
2994 sizeof(*key) - mic_len - 2)
2995 return;
2996
2997 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
2998 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2999 "received EAPOL-Key msg 2/4 with invalid Key Data contents");
3000 return;
3001 }
3002 if (kde.rsn_ie) {
3003 eapol_key_ie = kde.rsn_ie;
3004 eapol_key_ie_len = kde.rsn_ie_len;
3005 } else if (kde.osen) {
3006 eapol_key_ie = kde.osen;
3007 eapol_key_ie_len = kde.osen_len;
3008 } else {
3009 eapol_key_ie = kde.wpa_ie;
3010 eapol_key_ie_len = kde.wpa_ie_len;
3011 }
3012 ft = sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt);
3013 if (sm->wpa_ie == NULL ||
3014 wpa_compare_rsn_ie(ft, sm->wpa_ie, sm->wpa_ie_len,
3015 eapol_key_ie, eapol_key_ie_len)) {
3016 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3017 "WPA IE from (Re)AssocReq did not match with msg 2/4");
3018 if (sm->wpa_ie) {
3019 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
3020 sm->wpa_ie, sm->wpa_ie_len);
3021 }
3022 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
3023 eapol_key_ie, eapol_key_ie_len);
3024 /* MLME-DEAUTHENTICATE.request */
567da5bb
JM		 3025 wpa_sta_disconnect(wpa_auth, sm->addr,
3026 WLAN_REASON_PREV_AUTH_NOT_VALID);
3b5b7aa8 3027 return;
74866f53
JM		 3028 }
3029 if ((!sm->rsnxe && kde.rsnxe) ||
3030 (sm->rsnxe && !kde.rsnxe) ||
3031 (sm->rsnxe && kde.rsnxe &&
3032 (sm->rsnxe_len != kde.rsnxe_len ||
3033 os_memcmp(sm->rsnxe, kde.rsnxe, sm->rsnxe_len) != 0))) {
3034 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3035 "RSNXE from (Re)AssocReq did not match the one in EAPOL-Key msg 2/4");
3036 wpa_hexdump(MSG_DEBUG, "RSNXE in AssocReq",
3037 sm->rsnxe, sm->rsnxe_len);
3038 wpa_hexdump(MSG_DEBUG, "RSNXE in EAPOL-Key msg 2/4",
3039 kde.rsnxe, kde.rsnxe_len);
3040 /* MLME-DEAUTHENTICATE.request */
3041 wpa_sta_disconnect(wpa_auth, sm->addr,
3042 WLAN_REASON_PREV_AUTH_NOT_VALID);
3043 return;
3b5b7aa8 3044 }
aed61c4e
MV		 3045#ifdef CONFIG_OCV
3046 if (wpa_auth_uses_ocv(sm)) {
3047 struct wpa_channel_info ci;
3048 int tx_chanwidth;
3049 int tx_seg1_idx;
3050
3051 if (wpa_channel_info(wpa_auth, &ci) != 0) {
3052 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3053 "Failed to get channel info to validate received OCI in EAPOL-Key 2/4");
3054 return;
3055 }
3056
3057 if (get_sta_tx_parameters(sm,
3058 channel_width_to_int(ci.chanwidth),
3059 ci.seg1_idx, &tx_chanwidth,
3060 &tx_seg1_idx) < 0)
3061 return;
3062
3063 if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci,
3064 tx_chanwidth, tx_seg1_idx) != 0) {
3065 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3066 ocv_errorstr);
3067 return;
3068 }
3069 }
3070#endif /* CONFIG_OCV */
4ec1fd8e 3071#ifdef CONFIG_IEEE80211R_AP
3b5b7aa8 3072 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
567da5bb
JM		 3073 wpa_sta_disconnect(wpa_auth, sm->addr,
3074 WLAN_REASON_PREV_AUTH_NOT_VALID);
3b5b7aa8
JM		 3075 return;
3076 }
4ec1fd8e 3077#endif /* CONFIG_IEEE80211R_AP */
3b5b7aa8
JM		 3078#ifdef CONFIG_P2P
3079 if (kde.ip_addr_req && kde.ip_addr_req[0] &&
3080 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
3081 int idx;
3082 wpa_printf(MSG_DEBUG,
3083 "P2P: IP address requested in EAPOL-Key exchange");
3084 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
3085 if (idx >= 0) {
3086 u32 start = WPA_GET_BE32(wpa_auth->conf.ip_addr_start);
3087 bitfield_set(wpa_auth->ip_pool, idx);
3088 WPA_PUT_BE32(sm->ip_addr, start + idx);
3089 wpa_printf(MSG_DEBUG,
3090 "P2P: Assigned IP address %u.%u.%u.%u to "
3091 MACSTR, sm->ip_addr[0], sm->ip_addr[1],
3092 sm->ip_addr[2], sm->ip_addr[3],
3093 MAC2STR(sm->addr));
3094 }
3095 }
3096#endif /* CONFIG_P2P */
3097
4ec1fd8e 3098#ifdef CONFIG_IEEE80211R_AP
26e23750
JM		 3099 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
3100 /*
3101 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
3102 * with the value we derived.
3103 */
870834a1
JM		 3104 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
3105 WPA_PMK_NAME_LEN) != 0) {
26e23750
JM		 3106 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3107 "PMKR1Name mismatch in FT 4-way "
3108 "handshake");
3109 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
3110 "Supplicant",
3111 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
3112 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
3113 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
3114 return;
3115 }
3116 }
4ec1fd8e 3117#endif /* CONFIG_IEEE80211R_AP */
26e23750 3118
dbfa691d
JM		 3119 if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
3120 wpa_auth_update_vlan(wpa_auth, sm->addr, vlan_id) < 0) {
3121 wpa_sta_disconnect(wpa_auth, sm->addr,
3122 WLAN_REASON_PREV_AUTH_NOT_VALID);
3123 return;
3124 }
3125
e4bf4db9 3126 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 3127 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
3128
56586197 3129 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 3130 /* PSK may have changed from the previous choice, so update
3131 * state machine data based on whatever PSK was selected here.
3132 */
3133 os_memcpy(sm->PMK, pmk, PMK_LEN);
207976f0 3134 sm->pmk_len = PMK_LEN;
6fc6879b
JM		 3135 }
3136
3137 sm->MICVerified = TRUE;
3138
3139 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
31bc66e4 3140 forced_memzero(&PTK, sizeof(PTK));
6fc6879b
JM		 3141 sm->PTK_valid = TRUE;
3142}
3143
3144
3145SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
3146{
3147 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
3148 sm->TimeoutCtr = 0;
3149}
3150
3151
6fc6879b
JM		 3152static int ieee80211w_kde_len(struct wpa_state_machine *sm)
3153{
16889aff
JM		 3154 size_t len = 0;
3155
6fc6879b 3156 if (sm->mgmt_frame_prot) {
16889aff
JM		 3157 len += 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN;
3158 len += wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
3159 }
3160 if (sm->mgmt_frame_prot && sm->wpa_auth->conf.beacon_prot) {
3161 len += 2 + RSN_SELECTOR_LEN + WPA_BIGTK_KDE_PREFIX_LEN;
3162 len += wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
6fc6879b
JM		 3163 }
3164
16889aff 3165 return len;
6fc6879b
JM		 3166}
3167
3168
3169static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
3170{
3171 struct wpa_igtk_kde igtk;
16889aff 3172 struct wpa_bigtk_kde bigtk;
6fc6879b 3173 struct wpa_group *gsm = sm->group;
03610ad2 3174 u8 rsc[WPA_KEY_RSC_LEN];
8dd9f9cd 3175 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
6fc6879b
JM		 3176
3177 if (!sm->mgmt_frame_prot)
3178 return pos;
3179
3180 igtk.keyid[0] = gsm->GN_igtk;
3181 igtk.keyid[1] = 0;
7b1080da 3182 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
03610ad2 3183 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
6fc6879b 3184 os_memset(igtk.pn, 0, sizeof(igtk.pn));
03610ad2
JM		 3185 else
3186 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
8dd9f9cd 3187 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
8d660a4b
JM		 3188 if (sm->wpa_auth->conf.disable_gtk ||
3189 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
83421850
JM		 3190 /*
3191 * Provide unique random IGTK to each STA to prevent use of
3192 * IGTK in the BSS.
3193 */
8dd9f9cd 3194 if (random_get_bytes(igtk.igtk, len) < 0)
83421850
JM		 3195 return pos;
3196 }
6fc6879b 3197 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
8dd9f9cd
JM		 3198 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
3199 NULL, 0);
6fc6879b 3200
16889aff
JM		 3201 if (!sm->wpa_auth->conf.beacon_prot)
3202 return pos;
3203
3204 bigtk.keyid[0] = gsm->GN_bigtk;
3205 bigtk.keyid[1] = 0;
3206 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
3207 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_bigtk, rsc) < 0)
3208 os_memset(bigtk.pn, 0, sizeof(bigtk.pn));
3209 else
3210 os_memcpy(bigtk.pn, rsc, sizeof(bigtk.pn));
3211 os_memcpy(bigtk.bigtk, gsm->BIGTK[gsm->GN_bigtk - 6], len);
3212 pos = wpa_add_kde(pos, RSN_KEY_DATA_BIGTK,
3213 (const u8 *) &bigtk, WPA_BIGTK_KDE_PREFIX_LEN + len,
3214 NULL, 0);
3215
6fc6879b
JM		 3216 return pos;
3217}
3218
6fc6879b 3219
17c2559c
MV		 3220static int ocv_oci_len(struct wpa_state_machine *sm)
3221{
3222#ifdef CONFIG_OCV
3223 if (wpa_auth_uses_ocv(sm))
3224 return OCV_OCI_KDE_LEN;
3225#endif /* CONFIG_OCV */
3226 return 0;
3227}
3228
3229static int ocv_oci_add(struct wpa_state_machine *sm, u8 **argpos)
3230{
3231#ifdef CONFIG_OCV
3232 struct wpa_channel_info ci;
3233
3234 if (!wpa_auth_uses_ocv(sm))
3235 return 0;
3236
3237 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3238 wpa_printf(MSG_WARNING,
3239 "Failed to get channel info for OCI element");
3240 return -1;
3241 }
3242
3243 return ocv_insert_oci_kde(&ci, argpos);
3244#else /* CONFIG_OCV */
3245 return 0;
3246#endif /* CONFIG_OCV */
3247}
3248
3249
9128b672
JM		 3250#ifdef CONFIG_TESTING_OPTIONS
3251static u8 * replace_ie(const char *name, const u8 *old_buf, size_t *len, u8 eid,
3252 const u8 *ie, size_t ie_len)
3253{
3254 const u8 *elem;
3255 u8 *buf;
3256
3257 wpa_printf(MSG_DEBUG, "TESTING: %s EAPOL override", name);
3258 wpa_hexdump(MSG_DEBUG, "TESTING: wpa_ie before override",
3259 old_buf, *len);
3260 buf = os_malloc(*len + ie_len);
3261 if (!buf)
3262 return NULL;
3263 os_memcpy(buf, old_buf, *len);
3264 elem = get_ie(buf, *len, eid);
3265 if (elem) {
3266 u8 elem_len = 2 + elem[1];
3267
3268 os_memmove((void *) elem, elem + elem_len,
3269 *len - (elem - buf) - elem_len);
3270 *len -= elem_len;
3271 }
3272 os_memcpy(buf + *len, ie, ie_len);
3273 *len += ie_len;
3274 wpa_hexdump(MSG_DEBUG, "TESTING: wpa_ie after EAPOL override",
3275 buf, *len);
3276
3277 return buf;
3278}
3279#endif /* CONFIG_TESTING_OPTIONS */
3280
3281
6fc6879b
JM		 3282SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
3283{
f2c4b44b 3284 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde = NULL, *pos, dummy_gtk[32];
9128b672 3285 size_t gtk_len, kde_len, wpa_ie_len;
6fc6879b
JM		 3286 struct wpa_group *gsm = sm->group;
3287 u8 *wpa_ie;
9128b672 3288 int secure, gtkidx, encr = 0;
4d64fd37 3289 u8 *wpa_ie_buf = NULL, *wpa_ie_buf2 = NULL;
862aac1f 3290 u8 hdr[2];
82cc0b0c 3291 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
6fc6879b
JM		 3292
3293 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
3294 sm->TimeoutEvt = FALSE;
bae61562
JM		 3295
3296 sm->TimeoutCtr++;
6f234c1e
JM		 3297 if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3298 sm->TimeoutCtr > 1) {
3299 /* Do not allow retransmission of EAPOL-Key msg 3/4 */
3300 return;
3301 }
41f140d3 3302 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
bae61562
JM		 3303 /* No point in sending the EAPOL-Key - we will disconnect
3304 * immediately following this. */
3305 return;
3306 }
3307
86dfabb8 3308 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
16889aff 3309 GTK[GN], IGTK, [BIGTK], [FTIE], [TIE * 2])
6fc6879b
JM		 3310 */
3311 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
3312 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
86dfabb8 3313 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6fc6879b
JM		 3314 wpa_ie = sm->wpa_auth->wpa_ie;
3315 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
3316 if (sm->wpa == WPA_VERSION_WPA &&
3317 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
9128b672 3318 wpa_ie_len > wpa_ie[1] + 2U && wpa_ie[0] == WLAN_EID_RSN) {
774d4145 3319 /* WPA-only STA, remove RSN IE and possible MDIE */
6fc6879b 3320 wpa_ie = wpa_ie + wpa_ie[1] + 2;
774d4145
JM		 3321 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
3322 wpa_ie = wpa_ie + wpa_ie[1] + 2;
6fc6879b
JM		 3323 wpa_ie_len = wpa_ie[1] + 2;
3324 }
f2c4b44b 3325#ifdef CONFIG_TESTING_OPTIONS
4d64fd37
JM		 3326 if (sm->wpa_auth->conf.rsne_override_eapol_set) {
3327 wpa_ie_buf2 = replace_ie(
3328 "RSNE", wpa_ie, &wpa_ie_len, WLAN_EID_RSN,
3329 sm->wpa_auth->conf.rsne_override_eapol,
3330 sm->wpa_auth->conf.rsne_override_eapol_len);
3331 if (!wpa_ie_buf2)
3332 goto done;
3333 wpa_ie = wpa_ie_buf2;
3334 }
9128b672
JM		 3335 if (sm->wpa_auth->conf.rsnxe_override_eapol_set) {
3336 wpa_ie_buf = replace_ie(
3337 "RSNXE", wpa_ie, &wpa_ie_len, WLAN_EID_RSNX,
3338 sm->wpa_auth->conf.rsnxe_override_eapol,
3339 sm->wpa_auth->conf.rsnxe_override_eapol_len);
f2c4b44b 3340 if (!wpa_ie_buf)
9128b672 3341 goto done;
f2c4b44b 3342 wpa_ie = wpa_ie_buf;
f2c4b44b
JM		 3343 }
3344#endif /* CONFIG_TESTING_OPTIONS */
6fc6879b
JM		 3345 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3346 "sending 3/4 msg of 4-Way Handshake");
3347 if (sm->wpa == WPA_VERSION_WPA2) {
862aac1f
AW		 3348 if (sm->use_ext_key_id && sm->TimeoutCtr == 1 &&
3349 wpa_auth_set_key(sm->wpa_auth, 0,
3350 wpa_cipher_to_alg(sm->pairwise),
3351 sm->addr,
3352 sm->keyidx_active, sm->PTK.tk,
3353 wpa_cipher_key_len(sm->pairwise),
3354 KEY_FLAG_PAIRWISE_RX)) {
3355 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
3356 WLAN_REASON_PREV_AUTH_NOT_VALID);
3357 return;
3358 }
3359
6fc6879b
JM		 3360 /* WPA2 send GTK in the 4-way handshake */
3361 secure = 1;
3362 gtk = gsm->GTK[gsm->GN - 1];
3363 gtk_len = gsm->GTK_len;
8d660a4b
JM		 3364 if (sm->wpa_auth->conf.disable_gtk ||
3365 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
83421850
JM		 3366 /*
3367 * Provide unique random GTK to each STA to prevent use
3368 * of GTK in the BSS.
3369 */
3370 if (random_get_bytes(dummy_gtk, gtk_len) < 0)
f2c4b44b 3371 goto done;
83421850
JM		 3372 gtk = dummy_gtk;
3373 }
7a4b01c8 3374 gtkidx = gsm->GN;
6fc6879b
JM		 3375 _rsc = rsc;
3376 encr = 1;
3377 } else {
3378 /* WPA does not include GTK in msg 3/4 */
3379 secure = 0;
3380 gtk = NULL;
3381 gtk_len = 0;
6fc6879b 3382 _rsc = NULL;
0d442aff
JM		 3383 if (sm->rx_eapol_key_secure) {
3384 /*
3385 * It looks like Windows 7 supplicant tries to use
3386 * Secure bit in msg 2/4 after having reported Michael
3387 * MIC failure and it then rejects the 4-way handshake
3388 * if msg 3/4 does not set Secure bit. Work around this
3389 * by setting the Secure bit here even in the case of
3390 * WPA if the supplicant used it first.
3391 */
3392 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4740d5b9
JM		 3393 "STA used Secure bit in WPA msg 2/4 - "
3394 "set Secure for 3/4 as workaround");
0d442aff
JM		 3395 secure = 1;
3396 }
6fc6879b
JM		 3397 }
3398
17c2559c 3399 kde_len = wpa_ie_len + ieee80211w_kde_len(sm) + ocv_oci_len(sm);
862aac1f
AW		 3400
3401 if (sm->use_ext_key_id)
3402 kde_len += 2 + RSN_SELECTOR_LEN + 2;
3403
6fc6879b
JM		 3404 if (gtk)
3405 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
4ec1fd8e 3406#ifdef CONFIG_IEEE80211R_AP
86dfabb8
JM		 3407 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
3408 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
3409 kde_len += 300; /* FTIE + 2 * TIE */
3410 }
4ec1fd8e 3411#endif /* CONFIG_IEEE80211R_AP */
25ef8529
JM		 3412#ifdef CONFIG_P2P
3413 if (WPA_GET_BE32(sm->ip_addr) > 0)
3414 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
3415#endif /* CONFIG_P2P */
82cc0b0c
JM		 3416
3417 if (conf->transition_disable)
3418 kde_len += 2 + RSN_SELECTOR_LEN + 1;
3419
6fc6879b
JM		 3420 kde = os_malloc(kde_len);
3421 if (kde == NULL)
f2c4b44b 3422 goto done;
6fc6879b
JM		 3423
3424 pos = kde;
3425 os_memcpy(pos, wpa_ie, wpa_ie_len);
3426 pos += wpa_ie_len;
4ec1fd8e 3427#ifdef CONFIG_IEEE80211R_AP
26e23750 3428 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
59e78c24
JM		 3429 int res;
3430 size_t elen;
3431
3432 elen = pos - kde;
3433 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
26e23750
JM		 3434 if (res < 0) {
3435 wpa_printf(MSG_ERROR, "FT: Failed to insert "
3436 "PMKR1Name into RSN IE in EAPOL-Key data");
f2c4b44b 3437 goto done;
26e23750 3438 }
59e78c24
JM		 3439 pos -= wpa_ie_len;
3440 pos += elen;
26e23750 3441 }
4ec1fd8e 3442#endif /* CONFIG_IEEE80211R_AP */
862aac1f
AW		 3443 hdr[1] = 0;
3444
3445 if (sm->use_ext_key_id) {
3446 hdr[0] = sm->keyidx_active & 0x01;
3447 pos = wpa_add_kde(pos, RSN_KEY_DATA_KEYID, hdr, 2, NULL, 0);
3448 }
3449
6fc6879b 3450 if (gtk) {
7a4b01c8 3451 hdr[0] = gtkidx & 0x03;
6fc6879b
JM		 3452 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
3453 gtk, gtk_len);
3454 }
3455 pos = ieee80211w_kde_add(sm, pos);
f2c4b44b
JM		 3456 if (ocv_oci_add(sm, &pos) < 0)
3457 goto done;
6fc6879b 3458
4ec1fd8e 3459#ifdef CONFIG_IEEE80211R_AP
86dfabb8
JM		 3460 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
3461 int res;
86dfabb8 3462
9257610a
JM		 3463 if (sm->assoc_resp_ftie &&
3464 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
3465 os_memcpy(pos, sm->assoc_resp_ftie,
3466 2 + sm->assoc_resp_ftie[1]);
3467 res = 2 + sm->assoc_resp_ftie[1];
3468 } else {
a7968ea5
JM		 3469 int use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
3470
3471 res = wpa_write_ftie(conf, use_sha384,
3472 conf->r0_key_holder,
9257610a
JM		 3473 conf->r0_key_holder_len,
3474 NULL, NULL, pos,
3475 kde + kde_len - pos,
51d1924b 3476 NULL, 0, 0);
9257610a 3477 }
86dfabb8
JM		 3478 if (res < 0) {
3479 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
3480 "into EAPOL-Key Key Data");
f2c4b44b 3481 goto done;
86dfabb8
JM		 3482 }
3483 pos += res;
3484
3485 /* TIE[ReassociationDeadline] (TU) */
3486 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
3487 *pos++ = 5;
3488 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
3489 WPA_PUT_LE32(pos, conf->reassociation_deadline);
3490 pos += 4;
3491
3492 /* TIE[KeyLifetime] (seconds) */
3493 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
3494 *pos++ = 5;
3495 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
83fe4bd3 3496 WPA_PUT_LE32(pos, conf->r0_key_lifetime);
86dfabb8
JM		 3497 pos += 4;
3498 }
4ec1fd8e 3499#endif /* CONFIG_IEEE80211R_AP */
25ef8529
JM		 3500#ifdef CONFIG_P2P
3501 if (WPA_GET_BE32(sm->ip_addr) > 0) {
3502 u8 addr[3 * 4];
3503 os_memcpy(addr, sm->ip_addr, 4);
3504 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
3505 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
3506 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
3507 addr, sizeof(addr), NULL, 0);
3508 }
3509#endif /* CONFIG_P2P */
86dfabb8 3510
82cc0b0c
JM		 3511 if (conf->transition_disable)
3512 pos = wpa_add_kde(pos, WFA_KEY_DATA_TRANSITION_DISABLE,
3513 &conf->transition_disable, 1, NULL, 0);
3514
6fc6879b 3515 wpa_send_eapol(sm->wpa_auth, sm,
b729fd8d 3516 (secure ? WPA_KEY_INFO_SECURE : 0) |
567da5bb
JM		 3517 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
3518 WPA_KEY_INFO_MIC : 0) |
6fc6879b
JM		 3519 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
3520 WPA_KEY_INFO_KEY_TYPE,
7a4b01c8 3521 _rsc, sm->ANonce, kde, pos - kde, 0, encr);
f2c4b44b 3522done:
6fc6879b 3523 os_free(kde);
f2c4b44b 3524 os_free(wpa_ie_buf);
4d64fd37 3525 os_free(wpa_ie_buf2);
6fc6879b
JM		 3526}
3527
3528
3529SM_STATE(WPA_PTK, PTKINITDONE)
3530{
3531 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
3532 sm->EAPOLKeyReceived = FALSE;
3533 if (sm->Pair) {
c3550295
JM		 3534 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
3535 int klen = wpa_cipher_key_len(sm->pairwise);
862aac1f
AW		 3536 int res;
3537
3538 if (sm->use_ext_key_id)
3539 res = wpa_auth_set_key(sm->wpa_auth, 0, 0, sm->addr,
3540 sm->keyidx_active, NULL, 0,
3541 KEY_FLAG_PAIRWISE_RX_TX_MODIFY);
3542 else
3543 res = wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr,
3544 0, sm->PTK.tk, klen,
3545 KEY_FLAG_PAIRWISE_RX_TX);
3546 if (res) {
567da5bb
JM		 3547 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
3548 WLAN_REASON_PREV_AUTH_NOT_VALID);
6fc6879b
JM		 3549 return;
3550 }
3551 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
3552 sm->pairwise_set = TRUE;
3553
a40bd06e 3554 wpa_auth_set_ptk_rekey_timer(sm);
581a8cde 3555
a1ea1b45 3556 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
567da5bb 3557 sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP ||
a1ea1b45 3558 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) {
6fc6879b
JM		 3559 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3560 WPA_EAPOL_authorized, 1);
3561 }
3562 }
3563
3564 if (0 /* IBSS == TRUE */) {
3565 sm->keycount++;
3566 if (sm->keycount == 2) {
3567 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3568 WPA_EAPOL_portValid, 1);
3569 }
3570 } else {
3571 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
3572 1);
3573 }
3574 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
3575 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
3576 if (sm->wpa == WPA_VERSION_WPA)
3577 sm->PInitAKeys = TRUE;
3578 else
3579 sm->has_GTK = TRUE;
3580 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3581 "pairwise key handshake completed (%s)",
3582 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
3583
4ec1fd8e 3584#ifdef CONFIG_IEEE80211R_AP
6fc6879b 3585 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
4ec1fd8e 3586#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 3587}
3588
3589
3590SM_STEP(WPA_PTK)
3591{
3592 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3593
3594 if (sm->Init)
3595 SM_ENTER(WPA_PTK, INITIALIZE);
3596 else if (sm->Disconnect
1aae01fc
BG		 3597 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
3598 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
3599 "WPA_PTK: sm->Disconnect");
6fc6879b 3600 SM_ENTER(WPA_PTK, DISCONNECT);
1aae01fc 3601 }
6fc6879b
JM		 3602 else if (sm->DeauthenticationRequest)
3603 SM_ENTER(WPA_PTK, DISCONNECTED);
3604 else if (sm->AuthenticationRequest)
3605 SM_ENTER(WPA_PTK, AUTHENTICATION);
3606 else if (sm->ReAuthenticationRequest)
3607 SM_ENTER(WPA_PTK, AUTHENTICATION2);
0adc9b28
JM		 3608 else if (sm->PTKRequest) {
3609 if (wpa_auth_sm_ptk_update(sm) < 0)
3610 SM_ENTER(WPA_PTK, DISCONNECTED);
3611 else
3612 SM_ENTER(WPA_PTK, PTKSTART);
3613 } else switch (sm->wpa_ptk_state) {
6fc6879b
JM		 3614 case WPA_PTK_INITIALIZE:
3615 break;
3616 case WPA_PTK_DISCONNECT:
3617 SM_ENTER(WPA_PTK, DISCONNECTED);
3618 break;
3619 case WPA_PTK_DISCONNECTED:
3620 SM_ENTER(WPA_PTK, INITIALIZE);
3621 break;
3622 case WPA_PTK_AUTHENTICATION:
3623 SM_ENTER(WPA_PTK, AUTHENTICATION2);
3624 break;
3625 case WPA_PTK_AUTHENTICATION2:
56586197 3626 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6fc6879b
JM		 3627 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
3628 WPA_EAPOL_keyRun) > 0)
3629 SM_ENTER(WPA_PTK, INITPMK);
a1ea1b45
JM		 3630 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
3631 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE
6fc6879b
JM		 3632 /* FIX: && 802.1X::keyRun */)
3633 SM_ENTER(WPA_PTK, INITPSK);
567da5bb
JM		 3634 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP)
3635 SM_ENTER(WPA_PTK, INITPMK);
6fc6879b
JM		 3636 break;
3637 case WPA_PTK_INITPMK:
3638 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
567da5bb 3639 WPA_EAPOL_keyAvailable) > 0) {
6fc6879b 3640 SM_ENTER(WPA_PTK, PTKSTART);
567da5bb
JM		 3641#ifdef CONFIG_DPP
3642 } else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && sm->pmksa) {
3643 SM_ENTER(WPA_PTK, PTKSTART);
3644#endif /* CONFIG_DPP */
3645 } else {
6fc6879b 3646 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 3647 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3648 "INITPMK - keyAvailable = false");
6fc6879b
JM		 3649 SM_ENTER(WPA_PTK, DISCONNECT);
3650 }
3651 break;
3652 case WPA_PTK_INITPSK:
759fd76b 3653 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
dbfa691d 3654 NULL, NULL, NULL)) {
6fc6879b 3655 SM_ENTER(WPA_PTK, PTKSTART);
e61fea6b
JM		 3656#ifdef CONFIG_SAE
3657 } else if (wpa_auth_uses_sae(sm) && sm->pmksa) {
3658 SM_ENTER(WPA_PTK, PTKSTART);
3659#endif /* CONFIG_SAE */
3660 } else {
6fc6879b
JM		 3661 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3662 "no PSK configured for the STA");
3663 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3664 SM_ENTER(WPA_PTK, DISCONNECT);
3665 }
3666 break;
3667 case WPA_PTK_PTKSTART:
3668 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3669 sm->EAPOLKeyPairwise)
3670 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3671 else if (sm->TimeoutCtr >
41f140d3 3672 sm->wpa_auth->conf.wpa_pairwise_update_count) {
6fc6879b 3673 wpa_auth->dot11RSNA4WayHandshakeFailures++;
41f140d3
GK		 3674 wpa_auth_vlogger(
3675 sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3676 "PTKSTART: Retry limit %u reached",
3677 sm->wpa_auth->conf.wpa_pairwise_update_count);
6fc6879b
JM		 3678 SM_ENTER(WPA_PTK, DISCONNECT);
3679 } else if (sm->TimeoutEvt)
3680 SM_ENTER(WPA_PTK, PTKSTART);
3681 break;
3682 case WPA_PTK_PTKCALCNEGOTIATING:
3683 if (sm->MICVerified)
3684 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
3685 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3686 sm->EAPOLKeyPairwise)
3687 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3688 else if (sm->TimeoutEvt)
3689 SM_ENTER(WPA_PTK, PTKSTART);
3690 break;
3691 case WPA_PTK_PTKCALCNEGOTIATING2:
3692 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
3693 break;
3694 case WPA_PTK_PTKINITNEGOTIATING:
68921e24
JM		 3695 if (sm->update_snonce)
3696 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3697 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3698 sm->EAPOLKeyPairwise && sm->MICVerified)
6fc6879b
JM		 3699 SM_ENTER(WPA_PTK, PTKINITDONE);
3700 else if (sm->TimeoutCtr >
6f234c1e
JM		 3701 sm->wpa_auth->conf.wpa_pairwise_update_count ||
3702 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3703 sm->TimeoutCtr > 1)) {
6fc6879b 3704 wpa_auth->dot11RSNA4WayHandshakeFailures++;
41f140d3
GK		 3705 wpa_auth_vlogger(
3706 sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3707 "PTKINITNEGOTIATING: Retry limit %u reached",
3708 sm->wpa_auth->conf.wpa_pairwise_update_count);
6fc6879b
JM		 3709 SM_ENTER(WPA_PTK, DISCONNECT);
3710 } else if (sm->TimeoutEvt)
3711 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
3712 break;
3713 case WPA_PTK_PTKINITDONE:
3714 break;
3715 }
3716}
3717
3718
3719SM_STATE(WPA_PTK_GROUP, IDLE)
3720{
3721 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
3722 if (sm->Init) {
3723 /* Init flag is not cleared here, so avoid busy
3724 * loop by claiming nothing changed. */
3725 sm->changed = FALSE;
3726 }
3727 sm->GTimeoutCtr = 0;
3728}
3729
3730
3731SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
3732{
3733 u8 rsc[WPA_KEY_RSC_LEN];
3734 struct wpa_group *gsm = sm->group;
e41e4f9e
JM		 3735 const u8 *kde;
3736 u8 *kde_buf = NULL, *pos, hdr[2];
6fc6879b 3737 size_t kde_len;
83421850 3738 u8 *gtk, dummy_gtk[32];
6fc6879b
JM		 3739
3740 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
bae61562
JM		 3741
3742 sm->GTimeoutCtr++;
6f234c1e
JM		 3743 if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3744 sm->GTimeoutCtr > 1) {
3745 /* Do not allow retransmission of EAPOL-Key group msg 1/2 */
3746 return;
3747 }
41f140d3 3748 if (sm->GTimeoutCtr > sm->wpa_auth->conf.wpa_group_update_count) {
bae61562
JM		 3749 /* No point in sending the EAPOL-Key - we will disconnect
3750 * immediately following this. */
3751 return;
3752 }
3753
6fc6879b
JM		 3754 if (sm->wpa == WPA_VERSION_WPA)
3755 sm->PInitAKeys = FALSE;
3756 sm->TimeoutEvt = FALSE;
3757 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
3758 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
3759 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
3760 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
3761 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3762 "sending 1/2 msg of Group Key Handshake");
3763
83421850 3764 gtk = gsm->GTK[gsm->GN - 1];
8d660a4b
JM		 3765 if (sm->wpa_auth->conf.disable_gtk ||
3766 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
83421850
JM		 3767 /*
3768 * Provide unique random GTK to each STA to prevent use
3769 * of GTK in the BSS.
3770 */
3771 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
3772 return;
3773 gtk = dummy_gtk;
3774 }
6fc6879b
JM		 3775 if (sm->wpa == WPA_VERSION_WPA2) {
3776 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
17c2559c 3777 ieee80211w_kde_len(sm) + ocv_oci_len(sm);
e41e4f9e
JM		 3778 kde_buf = os_malloc(kde_len);
3779 if (kde_buf == NULL)
6fc6879b
JM		 3780 return;
3781
e41e4f9e 3782 kde = pos = kde_buf;
6fc6879b
JM		 3783 hdr[0] = gsm->GN & 0x03;
3784 hdr[1] = 0;
3785 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
83421850 3786 gtk, gsm->GTK_len);
6fc6879b 3787 pos = ieee80211w_kde_add(sm, pos);
17c2559c
MV		 3788 if (ocv_oci_add(sm, &pos) < 0) {
3789 os_free(kde_buf);
3790 return;
3791 }
e41e4f9e 3792 kde_len = pos - kde;
6fc6879b 3793 } else {
83421850 3794 kde = gtk;
e41e4f9e 3795 kde_len = gsm->GTK_len;
6fc6879b
JM		 3796 }
3797
3798 wpa_send_eapol(sm->wpa_auth, sm,
b729fd8d 3799 WPA_KEY_INFO_SECURE |
567da5bb
JM		 3800 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
3801 WPA_KEY_INFO_MIC : 0) |
6fc6879b
JM		 3802 WPA_KEY_INFO_ACK |
3803 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
b0fb2be7 3804 rsc, NULL, kde, kde_len, gsm->GN, 1);
e41e4f9e
JM		 3805
3806 os_free(kde_buf);
6fc6879b
JM		 3807}
3808
3809
3810SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
3811{
aed61c4e
MV		 3812#ifdef CONFIG_OCV
3813 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3814 const u8 *key_data, *mic;
3815 struct ieee802_1x_hdr *hdr;
3816 struct wpa_eapol_key *key;
3817 struct wpa_eapol_ie_parse kde;
3818 size_t mic_len;
3819 u16 key_data_length;
3820#endif /* CONFIG_OCV */
3821
6fc6879b
JM		 3822 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
3823 sm->EAPOLKeyReceived = FALSE;
aed61c4e
MV		 3824
3825#ifdef CONFIG_OCV
3826 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
3827
3828 /*
3829 * Note: last_rx_eapol_key length fields have already been validated in
3830 * wpa_receive().
3831 */
3832 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
3833 key = (struct wpa_eapol_key *) (hdr + 1);
3834 mic = (u8 *) (key + 1);
3835 key_data = mic + mic_len + 2;
3836 key_data_length = WPA_GET_BE16(mic + mic_len);
3837 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
3838 sizeof(*key) - mic_len - 2)
3839 return;
3840
3841 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
3842 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
3843 "received EAPOL-Key group msg 2/2 with invalid Key Data contents");
3844 return;
3845 }
3846
3847 if (wpa_auth_uses_ocv(sm)) {
3848 struct wpa_channel_info ci;
3849 int tx_chanwidth;
3850 int tx_seg1_idx;
3851
3852 if (wpa_channel_info(wpa_auth, &ci) != 0) {
3853 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3854 "Failed to get channel info to validate received OCI in EAPOL-Key group 1/2");
3855 return;
3856 }
3857
3858 if (get_sta_tx_parameters(sm,
3859 channel_width_to_int(ci.chanwidth),
3860 ci.seg1_idx, &tx_chanwidth,
3861 &tx_seg1_idx) < 0)
3862 return;
3863
3864 if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci,
3865 tx_chanwidth, tx_seg1_idx) != 0) {
3866 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3867 ocv_errorstr);
3868 return;
3869 }
3870 }
3871#endif /* CONFIG_OCV */
3872
6fc6879b
JM		 3873 if (sm->GUpdateStationKeys)
3874 sm->group->GKeyDoneStations--;
3875 sm->GUpdateStationKeys = FALSE;
3876 sm->GTimeoutCtr = 0;
3877 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
3878 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3879 "group key handshake completed (%s)",
3880 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
3881 sm->has_GTK = TRUE;
3882}
3883
3884
3885SM_STATE(WPA_PTK_GROUP, KEYERROR)
3886{
3887 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
3888 if (sm->GUpdateStationKeys)
3889 sm->group->GKeyDoneStations--;
3890 sm->GUpdateStationKeys = FALSE;
3891 sm->Disconnect = TRUE;
4bb9b674
GK		 3892 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3893 "group key handshake failed (%s) after %u tries",
3894 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN",
3895 sm->wpa_auth->conf.wpa_group_update_count);
6fc6879b
JM		 3896}
3897
3898
3899SM_STEP(WPA_PTK_GROUP)
3900{
9663596f 3901 if (sm->Init || sm->PtkGroupInit) {
6fc6879b 3902 SM_ENTER(WPA_PTK_GROUP, IDLE);
9663596f
JM		 3903 sm->PtkGroupInit = FALSE;
3904 } else switch (sm->wpa_ptk_group_state) {
6fc6879b
JM		 3905 case WPA_PTK_GROUP_IDLE:
3906 if (sm->GUpdateStationKeys ||
3907 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
3908 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
3909 break;
3910 case WPA_PTK_GROUP_REKEYNEGOTIATING:
3911 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3912 !sm->EAPOLKeyPairwise && sm->MICVerified)
3913 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
3914 else if (sm->GTimeoutCtr >
6f234c1e
JM		 3915 sm->wpa_auth->conf.wpa_group_update_count ||
3916 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3917 sm->GTimeoutCtr > 1))
6fc6879b
JM		 3918 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
3919 else if (sm->TimeoutEvt)
3920 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
3921 break;
3922 case WPA_PTK_GROUP_KEYERROR:
3923 SM_ENTER(WPA_PTK_GROUP, IDLE);
3924 break;
3925 case WPA_PTK_GROUP_REKEYESTABLISHED:
3926 SM_ENTER(WPA_PTK_GROUP, IDLE);
3927 break;
3928 }
3929}
3930
3931
3932static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
3933 struct wpa_group *group)
3934{
3935 int ret = 0;
555dcd75 3936 size_t len;
6fc6879b 3937
6fc6879b
JM		 3938 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
3939 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 3940 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
3941 wpa_auth->addr, group->GNonce,
3942 group->GTK[group->GN - 1], group->GTK_len) < 0)
3943 ret = -1;
5cb9d5c3
JM		 3944 wpa_hexdump_key(MSG_DEBUG, "GTK",
3945 group->GTK[group->GN - 1], group->GTK_len);
6fc6879b 3946
70f8cc8e 3947 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
8dd9f9cd 3948 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
5cb9d5c3
JM		 3949 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
3950 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 3951 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
3952 wpa_auth->addr, group->GNonce,
8dd9f9cd 3953 group->IGTK[group->GN_igtk - 4], len) < 0)
3c7302c2 3954 ret = -1;
6fc6879b 3955 wpa_hexdump_key(MSG_DEBUG, "IGTK",
8dd9f9cd 3956 group->IGTK[group->GN_igtk - 4], len);
6fc6879b 3957 }
6fc6879b 3958
555dcd75
JM		 3959 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION &&
3960 wpa_auth->conf.beacon_prot) {
3961 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
3962 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
3963 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3964 if (wpa_gmk_to_gtk(group->GMK, "BIGTK key expansion",
3965 wpa_auth->addr, group->GNonce,
3966 group->BIGTK[group->GN_bigtk - 6], len) < 0)
3967 ret = -1;
3968 wpa_hexdump_key(MSG_DEBUG, "BIGTK",
3969 group->BIGTK[group->GN_bigtk - 6], len);
3970 }
3971
6fc6879b
JM		 3972 return ret;
3973}
3974
3975
3976static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
3977 struct wpa_group *group)
3978{
3979 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3980 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
3981 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
3982 group->wpa_group_state = WPA_GROUP_GTK_INIT;
3983
3984 /* GTK[0..N] = 0 */
3985 os_memset(group->GTK, 0, sizeof(group->GTK));
3986 group->GN = 1;
3987 group->GM = 2;
6fc6879b
JM		 3988 group->GN_igtk = 4;
3989 group->GM_igtk = 5;
555dcd75
JM		 3990 group->GN_bigtk = 6;
3991 group->GM_bigtk = 7;
6fc6879b
JM		 3992 /* GTK[GN] = CalcGTK() */
3993 wpa_gtk_update(wpa_auth, group);
3994}
3995
3996
3997static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
3998{
473b6f22
MB		 3999 if (ctx != NULL && ctx != sm->group)
4000 return 0;
4001
6fc6879b
JM		 4002 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
4003 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4004 "Not in PTKINITDONE; skip Group Key update");
3c183894 4005 sm->GUpdateStationKeys = FALSE;
6fc6879b
JM		 4006 return 0;
4007 }
9663596f
JM		 4008 if (sm->GUpdateStationKeys) {
4009 /*
3c183894
JM		 4010 * This should not really happen, so add a debug log entry.
4011 * Since we clear the GKeyDoneStations before the loop, the
4012 * station needs to be counted here anyway.
9663596f
JM		 4013 */
4014 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3c183894
JM		 4015 "GUpdateStationKeys was already set when "
4016 "marking station for GTK rekeying");
9663596f 4017 }
3c183894 4018
ad3872a3 4019 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
d32d94db
XC		 4020 if (sm->is_wnmsleep)
4021 return 0;
d32d94db 4022
3c183894
JM		 4023 sm->group->GKeyDoneStations++;
4024 sm->GUpdateStationKeys = TRUE;
4025
6fc6879b
JM		 4026 wpa_sm_step(sm);
4027 return 0;
4028}
4029
4030
b5bf84ba 4031#ifdef CONFIG_WNM_AP
ad3872a3 4032/* update GTK when exiting WNM-Sleep Mode */
d32d94db
XC		 4033void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
4034{
629edfef 4035 if (sm == NULL || sm->is_wnmsleep)
d32d94db
XC		 4036 return;
4037
4038 wpa_group_update_sta(sm, NULL);
4039}
4040
4041
4042void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
4043{
629edfef
JM		 4044 if (sm)
4045 sm->is_wnmsleep = !!flag;
d32d94db
XC		 4046}
4047
4048
4049int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
4050{
d32d94db 4051 struct wpa_group *gsm = sm->group;
835822d4 4052 u8 *start = pos;
d32d94db
XC		 4053
4054 /*
835822d4 4055 * GTK subelement:
d32d94db 4056 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
835822d4 4057 * Key[5..32]
d32d94db 4058 */
835822d4
JM		 4059 *pos++ = WNM_SLEEP_SUBELEM_GTK;
4060 *pos++ = 11 + gsm->GTK_len;
d32d94db 4061 /* Key ID in B0-B1 of Key Info */
835822d4
JM		 4062 WPA_PUT_LE16(pos, gsm->GN & 0x03);
4063 pos += 2;
4064 *pos++ = gsm->GTK_len;
4065 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
d32d94db 4066 return 0;
835822d4
JM		 4067 pos += 8;
4068 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
4069 pos += gsm->GTK_len;
d32d94db 4070
835822d4
JM		 4071 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
4072 gsm->GN);
4073 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
d32d94db 4074 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
d32d94db 4075
835822d4 4076 return pos - start;
d32d94db
XC		 4077}
4078
4079
d32d94db
XC		 4080int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
4081{
d32d94db 4082 struct wpa_group *gsm = sm->group;
835822d4 4083 u8 *start = pos;
8dd9f9cd 4084 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
d32d94db 4085
835822d4
JM		 4086 /*
4087 * IGTK subelement:
4088 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
4089 */
4090 *pos++ = WNM_SLEEP_SUBELEM_IGTK;
8dd9f9cd 4091 *pos++ = 2 + 6 + len;
835822d4
JM		 4092 WPA_PUT_LE16(pos, gsm->GN_igtk);
4093 pos += 2;
4094 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
d32d94db 4095 return 0;
835822d4 4096 pos += 6;
d32d94db 4097
8dd9f9cd
JM		 4098 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
4099 pos += len;
d32d94db 4100
835822d4
JM		 4101 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
4102 gsm->GN_igtk);
4103 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
8dd9f9cd 4104 gsm->IGTK[gsm->GN_igtk - 4], len);
d32d94db 4105
835822d4 4106 return pos - start;
d32d94db 4107}
7d2ed8ba 4108
16889aff
JM		 4109
4110int wpa_wnmsleep_bigtk_subelem(struct wpa_state_machine *sm, u8 *pos)
4111{
4112 struct wpa_group *gsm = sm->group;
4113 u8 *start = pos;
4114 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
4115
4116 /*
4117 * BIGTK subelement:
4118 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
4119 */
4120 *pos++ = WNM_SLEEP_SUBELEM_BIGTK;
4121 *pos++ = 2 + 6 + len;
4122 WPA_PUT_LE16(pos, gsm->GN_bigtk);
4123 pos += 2;
4124 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_bigtk, pos) != 0)
4125 return 0;
4126 pos += 6;
4127
4128 os_memcpy(pos, gsm->BIGTK[gsm->GN_bigtk - 6], len);
4129 pos += len;
4130
4131 wpa_printf(MSG_DEBUG, "WNM: BIGTK Key ID %u in WNM-Sleep Mode exit",
4132 gsm->GN_bigtk);
4133 wpa_hexdump_key(MSG_DEBUG, "WNM: BIGTK in WNM-Sleep Mode exit",
4134 gsm->IGTK[gsm->GN_bigtk - 6], len);
4135
4136 return pos - start;
4137}
4138
b5bf84ba 4139#endif /* CONFIG_WNM_AP */
d32d94db
XC		 4140
4141
6fc6879b
JM		 4142static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
4143 struct wpa_group *group)
4144{
4145 int tmp;
4146
4147 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
4148 "SETKEYS (VLAN-ID %d)", group->vlan_id);
4149 group->changed = TRUE;
4150 group->wpa_group_state = WPA_GROUP_SETKEYS;
4151 group->GTKReKey = FALSE;
4152 tmp = group->GM;
4153 group->GM = group->GN;
4154 group->GN = tmp;
6fc6879b
JM		 4155 tmp = group->GM_igtk;
4156 group->GM_igtk = group->GN_igtk;
4157 group->GN_igtk = tmp;
555dcd75
JM		 4158 tmp = group->GM_bigtk;
4159 group->GM_bigtk = group->GN_bigtk;
4160 group->GN_bigtk = tmp;
6fc6879b
JM		 4161 /* "GKeyDoneStations = GNoStations" is done in more robust way by
4162 * counting the STAs that are marked with GUpdateStationKeys instead of
4163 * including all STAs that could be in not-yet-completed state. */
4164 wpa_gtk_update(wpa_auth, group);
4165
3c183894
JM		 4166 if (group->GKeyDoneStations) {
4167 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
4168 "GKeyDoneStations=%d when starting new GTK rekey",
4169 group->GKeyDoneStations);
4170 group->GKeyDoneStations = 0;
4171 }
473b6f22 4172 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
6fc6879b
JM		 4173 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
4174 group->GKeyDoneStations);
4175}
4176
4177
1bdb7ab3
JM		 4178static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
4179 struct wpa_group *group)
6fc6879b 4180{
3c7302c2
JM		 4181 int ret = 0;
4182
3c7302c2 4183 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
c3550295 4184 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
0382097e 4185 broadcast_ether_addr, group->GN,
a919a260
AW		 4186 group->GTK[group->GN - 1], group->GTK_len,
4187 KEY_FLAG_GROUP_TX_DEFAULT) < 0)
3c7302c2 4188 ret = -1;
6fc6879b 4189
8dd9f9cd
JM		 4190 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
4191 enum wpa_alg alg;
4192 size_t len;
4193
4194 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
4195 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4196
4197 if (ret == 0 &&
4198 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
4199 broadcast_ether_addr, group->GN_igtk,
a919a260
AW		 4200 group->IGTK[group->GN_igtk - 4], len,
4201 KEY_FLAG_GROUP_TX_DEFAULT) < 0)
8dd9f9cd 4202 ret = -1;
555dcd75
JM		 4203
4204 if (ret == 0 && wpa_auth->conf.beacon_prot &&
4205 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
4206 broadcast_ether_addr, group->GN_bigtk,
4207 group->BIGTK[group->GN_bigtk - 6], len,
4208 KEY_FLAG_GROUP_TX_DEFAULT) < 0)
4209 ret = -1;
8dd9f9cd 4210 }
3c7302c2
JM		 4211
4212 return ret;
6fc6879b
JM		 4213}
4214
4215
7d7f7be2
JM		 4216static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
4217{
4218 if (sm->group == ctx) {
4219 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
4220 " for discconnection due to fatal failure",
4221 MAC2STR(sm->addr));
4222 sm->Disconnect = TRUE;
4223 }
4224
4225 return 0;
4226}
4227
4228
4229static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
4230 struct wpa_group *group)
4231{
4232 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
4233 group->changed = TRUE;
4234 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
4235 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
4236}
4237
4238
1bdb7ab3
JM		 4239static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
4240 struct wpa_group *group)
4241{
4242 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
4243 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
4244 group->changed = TRUE;
4245 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
4246
7d7f7be2
JM		 4247 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
4248 wpa_group_fatal_failure(wpa_auth, group);
1bdb7ab3 4249 return -1;
7d7f7be2 4250 }
1bdb7ab3
JM		 4251
4252 return 0;
4253}
4254
4255
6fc6879b
JM		 4256static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
4257 struct wpa_group *group)
4258{
4259 if (group->GInit) {
4260 wpa_group_gtk_init(wpa_auth, group);
7d7f7be2
JM		 4261 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
4262 /* Do not allow group operations */
6fc6879b
JM		 4263 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
4264 group->GTKAuthenticator) {
4265 wpa_group_setkeysdone(wpa_auth, group);
4266 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
4267 group->GTKReKey) {
4268 wpa_group_setkeys(wpa_auth, group);
4269 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
4270 if (group->GKeyDoneStations == 0)
4271 wpa_group_setkeysdone(wpa_auth, group);
4272 else if (group->GTKReKey)
4273 wpa_group_setkeys(wpa_auth, group);
4274 }
4275}
4276
4277
e4a6ea1d 4278static int wpa_sm_step(struct wpa_state_machine *sm)
6fc6879b
JM		 4279{
4280 if (sm == NULL)
e4a6ea1d 4281 return 0;
6fc6879b
JM		 4282
4283 if (sm->in_step_loop) {
4284 /* This should not happen, but if it does, make sure we do not
4285 * end up freeing the state machine too early by exiting the
4286 * recursive call. */
4287 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
e4a6ea1d 4288 return 0;
6fc6879b
JM		 4289 }
4290
4291 sm->in_step_loop = 1;
4292 do {
4293 if (sm->pending_deinit)
4294 break;
4295
4296 sm->changed = FALSE;
4297 sm->wpa_auth->group->changed = FALSE;
4298
4299 SM_STEP_RUN(WPA_PTK);
4300 if (sm->pending_deinit)
4301 break;
4302 SM_STEP_RUN(WPA_PTK_GROUP);
4303 if (sm->pending_deinit)
4304 break;
4305 wpa_group_sm_step(sm->wpa_auth, sm->group);
4306 } while (sm->changed || sm->wpa_auth->group->changed);
4307 sm->in_step_loop = 0;
4308
4309 if (sm->pending_deinit) {
4310 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
4311 "machine deinit for " MACSTR, MAC2STR(sm->addr));
4312 wpa_free_sta_sm(sm);
e4a6ea1d 4313 return 1;
6fc6879b 4314 }
e4a6ea1d 4315 return 0;
6fc6879b
JM		 4316}
4317
4318
4319static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
4320{
4321 struct wpa_state_machine *sm = eloop_ctx;
4322 wpa_sm_step(sm);
4323}
4324
4325
4326void wpa_auth_sm_notify(struct wpa_state_machine *sm)
4327{
4328 if (sm == NULL)
4329 return;
4330 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
4331}
4332
4333
4334void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
4335{
4336 int tmp, i;
4337 struct wpa_group *group;
4338
4339 if (wpa_auth == NULL)
4340 return;
4341
4342 group = wpa_auth->group;
4343
4344 for (i = 0; i < 2; i++) {
4345 tmp = group->GM;
4346 group->GM = group->GN;
4347 group->GN = tmp;
6fc6879b
JM		 4348 tmp = group->GM_igtk;
4349 group->GM_igtk = group->GN_igtk;
4350 group->GN_igtk = tmp;
555dcd75
JM		 4351 tmp = group->GM_bigtk;
4352 group->GM_bigtk = group->GN_bigtk;
4353 group->GN_bigtk = tmp;
6fc6879b 4354 wpa_gtk_update(wpa_auth, group);
9354e594 4355 wpa_group_config_group_keys(wpa_auth, group);
6fc6879b
JM		 4356 }
4357}
4358
4359
a6da824b 4360static const char * wpa_bool_txt(int val)
6fc6879b 4361{
a6da824b 4362 return val ? "TRUE" : "FALSE";
6fc6879b
JM		 4363}
4364
4365
6fc6879b
JM		 4366#define RSN_SUITE "%02x-%02x-%02x-%d"
4367#define RSN_SUITE_ARG(s) \
4368((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
4369
4370int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
4371{
4372 int len = 0, ret;
4373 char pmkid_txt[PMKID_LEN * 2 + 1];
8ce58ceb
IH		 4374#ifdef CONFIG_RSN_PREAUTH
4375 const int preauth = 1;
4376#else /* CONFIG_RSN_PREAUTH */
4377 const int preauth = 0;
4378#endif /* CONFIG_RSN_PREAUTH */
6fc6879b
JM		 4379
4380 if (wpa_auth == NULL)
4381 return len;
4382
4383 ret = os_snprintf(buf + len, buflen - len,
4384 "dot11RSNAOptionImplemented=TRUE\n"
8ce58ceb 4385 "dot11RSNAPreauthenticationImplemented=%s\n"
6fc6879b
JM		 4386 "dot11RSNAEnabled=%s\n"
4387 "dot11RSNAPreauthenticationEnabled=%s\n",
8ce58ceb 4388 wpa_bool_txt(preauth),
6fc6879b
JM		 4389 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
4390 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
d85e1fc8 4391 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 4392 return len;
4393 len += ret;
4394
4395 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
4396 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
4397
4398 ret = os_snprintf(
4399 buf + len, buflen - len,
4400 "dot11RSNAConfigVersion=%u\n"
4401 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
4402 /* FIX: dot11RSNAConfigGroupCipher */
4403 /* FIX: dot11RSNAConfigGroupRekeyMethod */
4404 /* FIX: dot11RSNAConfigGroupRekeyTime */
4405 /* FIX: dot11RSNAConfigGroupRekeyPackets */
4406 "dot11RSNAConfigGroupRekeyStrict=%u\n"
4407 "dot11RSNAConfigGroupUpdateCount=%u\n"
4408 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
4409 "dot11RSNAConfigGroupCipherSize=%u\n"
4410 "dot11RSNAConfigPMKLifetime=%u\n"
4411 "dot11RSNAConfigPMKReauthThreshold=%u\n"
4412 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
4413 "dot11RSNAConfigSATimeout=%u\n"
4414 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
4415 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
4416 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
4417 "dot11RSNAPMKIDUsed=%s\n"
4418 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
4419 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
4420 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
4421 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
4422 "dot11RSNA4WayHandshakeFailures=%u\n"
4423 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
4424 RSN_VERSION,
4425 !!wpa_auth->conf.wpa_strict_rekey,
41f140d3
GK		 4426 wpa_auth->conf.wpa_group_update_count,
4427 wpa_auth->conf.wpa_pairwise_update_count,
c3550295 4428 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
6fc6879b
JM		 4429 dot11RSNAConfigPMKLifetime,
4430 dot11RSNAConfigPMKReauthThreshold,
4431 dot11RSNAConfigSATimeout,
4432 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
4433 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
4434 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
4435 pmkid_txt,
4436 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
4437 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
4438 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
4439 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
4440 wpa_auth->dot11RSNA4WayHandshakeFailures);
d85e1fc8 4441 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 4442 return len;
4443 len += ret;
4444
4445 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
4446 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
4447
4448 /* Private MIB */
4449 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
4450 wpa_auth->group->wpa_group_state);
d85e1fc8 4451 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 4452 return len;
4453 len += ret;
4454
4455 return len;
4456}
4457
4458
4459int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
4460{
4461 int len = 0, ret;
4462 u32 pairwise = 0;
4463
4464 if (sm == NULL)
4465 return 0;
4466
4467 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
4468
4469 /* dot11RSNAStatsEntry */
4470
c3550295
JM		 4471 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
4472 WPA_PROTO_RSN : WPA_PROTO_WPA,
4473 sm->pairwise);
4474 if (pairwise == 0)
6fc6879b
JM		 4475 return 0;
4476
4477 ret = os_snprintf(
4478 buf + len, buflen - len,
4479 /* TODO: dot11RSNAStatsIndex */
4480 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
4481 "dot11RSNAStatsVersion=1\n"
4482 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
4483 /* TODO: dot11RSNAStatsTKIPICVErrors */
4484 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
d9040cdb 4485 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
6fc6879b
JM		 4486 /* TODO: dot11RSNAStatsCCMPReplays */
4487 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
4488 /* TODO: dot11RSNAStatsTKIPReplays */,
4489 MAC2STR(sm->addr),
4490 RSN_SUITE_ARG(pairwise),
4491 sm->dot11RSNAStatsTKIPLocalMICFailures,
4492 sm->dot11RSNAStatsTKIPRemoteMICFailures);
d85e1fc8 4493 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 4494 return len;
4495 len += ret;
4496
4497 /* Private MIB */
4498 ret = os_snprintf(buf + len, buflen - len,
d1b1f9fa
JM		 4499 "wpa=%d\n"
4500 "AKMSuiteSelector=" RSN_SUITE "\n"
6fc6879b
JM		 4501 "hostapdWPAPTKState=%d\n"
4502 "hostapdWPAPTKGroupState=%d\n",
d1b1f9fa
JM		 4503 sm->wpa,
4504 RSN_SUITE_ARG(wpa_akm_to_suite(sm->wpa_key_mgmt)),
6fc6879b
JM		 4505 sm->wpa_ptk_state,
4506 sm->wpa_ptk_group_state);
d85e1fc8 4507 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 4508 return len;
4509 len += ret;
4510
4511 return len;
4512}
4513
4514
4515void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
4516{
4517 if (wpa_auth)
4518 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
4519}
4520
4521
4522int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
4523{
4524 return sm && sm->pairwise_set;
4525}
4526
4527
ff36ff00
JM		 4528int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
4529{
4530 return sm->pairwise;
4531}
4532
4533
b08c9ad0
MK		 4534const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len)
4535{
4536 if (!sm)
4537 return NULL;
4538 *len = sm->pmk_len;
4539 return sm->PMK;
4540}
4541
4542
6fc6879b
JM		 4543int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
4544{
4545 if (sm == NULL)
4546 return -1;
4547 return sm->wpa_key_mgmt;
4548}
4549
4550
4551int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
4552{
4553 if (sm == NULL)
4554 return 0;
4555 return sm->wpa;
4556}
4557
4558
0e3bd7ac
MV		 4559int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
4560{
4561 if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
4562 return 0;
4563 return sm->tk_already_set;
4564}
4565
4566
2f1357fb
JM		 4567int wpa_auth_sta_fils_tk_already_set(struct wpa_state_machine *sm)
4568{
4569 if (!sm || !wpa_key_mgmt_fils(sm->wpa_key_mgmt))
4570 return 0;
4571 return sm->tk_already_set;
4572}
4573
4574
6fc6879b
JM		 4575int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
4576 struct rsn_pmksa_cache_entry *entry)
4577{
4578 if (sm == NULL || sm->pmksa != entry)
4579 return -1;
4580 sm->pmksa = NULL;
4581 return 0;
4582}
4583
4584
4585struct rsn_pmksa_cache_entry *
4586wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
4587{
4588 return sm ? sm->pmksa : NULL;
4589}
4590
4591
4592void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
4593{
4594 if (sm)
4595 sm->dot11RSNAStatsTKIPLocalMICFailures++;
4596}
4597
4598
4599const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
4600{
4601 if (wpa_auth == NULL)
4602 return NULL;
4603 *len = wpa_auth->wpa_ie_len;
4604 return wpa_auth->wpa_ie;
4605}
4606
4607
4608int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
207976f0 4609 unsigned int pmk_len,
6fc6879b
JM		 4610 int session_timeout, struct eapol_state_machine *eapol)
4611{
cb465555
JM		 4612 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
4613 sm->wpa_auth->conf.disable_pmksa_caching)
6fc6879b
JM		 4614 return -1;
4615
64f48093
JM		 4616#ifdef CONFIG_IEEE80211R_AP
4617 if (pmk_len >= 2 * PMK_LEN && wpa_key_mgmt_ft(sm->wpa_key_mgmt) &&
4618 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
4619 !wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
4620 /* Cache MPMK/XXKey instead of initial part from MSK */
4621 pmk = pmk + PMK_LEN;
4622 pmk_len = PMK_LEN;
4623 } else
4624#endif /* CONFIG_IEEE80211R_AP */
834c5d68 4625 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
207976f0
JM		 4626 if (pmk_len > PMK_LEN_SUITE_B_192)
4627 pmk_len = PMK_LEN_SUITE_B_192;
4628 } else if (pmk_len > PMK_LEN) {
4629 pmk_len = PMK_LEN;
4630 }
4631
64f48093 4632 wpa_hexdump_key(MSG_DEBUG, "RSN: Cache PMK", pmk, pmk_len);
70c93963 4633 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
98cd3d1c 4634 sm->PTK.kck, sm->PTK.kck_len,
4bb081f1
JM		 4635 sm->wpa_auth->addr, sm->addr, session_timeout,
4636 eapol, sm->wpa_key_mgmt))
6fc6879b
JM		 4637 return 0;
4638
4639 return -1;
4640}
4641
4642
4643int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
4644 const u8 *pmk, size_t len, const u8 *sta_addr,
4645 int session_timeout,
4646 struct eapol_state_machine *eapol)
4647{
4648 if (wpa_auth == NULL)
4649 return -1;
4650
64f48093 4651 wpa_hexdump_key(MSG_DEBUG, "RSN: Cache PMK from preauth", pmk, len);
70c93963 4652 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, NULL,
087a1f4e
JM		 4653 NULL, 0,
4654 wpa_auth->addr,
4bb081f1
JM		 4655 sta_addr, session_timeout, eapol,
4656 WPA_KEY_MGMT_IEEE8021X))
6fc6879b
JM		 4657 return 0;
4658
4659 return -1;
4660}
4661
4662
f2991170 4663int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
70c93963 4664 const u8 *pmk, const u8 *pmkid)
f2991170
JM		 4665{
4666 if (wpa_auth->conf.disable_pmksa_caching)
4667 return -1;
4668
64f48093 4669 wpa_hexdump_key(MSG_DEBUG, "RSN: Cache PMK from SAE", pmk, PMK_LEN);
70c93963 4670 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, pmkid,
087a1f4e 4671 NULL, 0,
f2991170
JM		 4672 wpa_auth->addr, addr, 0, NULL,
4673 WPA_KEY_MGMT_SAE))
4674 return 0;
4675
4676 return -1;
4677}
4678
4679
9d94e4bb
JM		 4680void wpa_auth_add_sae_pmkid(struct wpa_state_machine *sm, const u8 *pmkid)
4681{
4682 os_memcpy(sm->pmkid, pmkid, PMKID_LEN);
4683 sm->pmkid_set = 1;
4684}
4685
4686
0c52953b
JM		 4687int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr,
4688 const u8 *pmk, size_t pmk_len, const u8 *pmkid,
4689 int session_timeout, int akmp)
4690{
4691 if (wpa_auth->conf.disable_pmksa_caching)
4692 return -1;
4693
64f48093 4694 wpa_hexdump_key(MSG_DEBUG, "RSN: Cache PMK (2)", pmk, PMK_LEN);
0c52953b
JM		 4695 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
4696 NULL, 0, wpa_auth->addr, addr, session_timeout,
4697 NULL, akmp))
4698 return 0;
4699
4700 return -1;
4701}
4702
4703
901d1fe1
JM		 4704void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
4705 const u8 *sta_addr)
4706{
4707 struct rsn_pmksa_cache_entry *pmksa;
4708
4709 if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
4710 return;
4711 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
4712 if (pmksa) {
4713 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
4714 MACSTR " based on request", MAC2STR(sta_addr));
4715 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
4716 }
4717}
4718
4719
b8daac18
MH		 4720int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
4721 size_t len)
4722{
4723 if (!wpa_auth || !wpa_auth->pmksa)
4724 return 0;
4725 return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
4726}
4727
4728
4c522c77
MH		 4729void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
4730{
4731 if (wpa_auth && wpa_auth->pmksa)
4732 pmksa_cache_auth_flush(wpa_auth->pmksa);
4733}
4734
4735
4d77d80e
MH		 4736#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
4737#ifdef CONFIG_MESH
4738
4739int wpa_auth_pmksa_list_mesh(struct wpa_authenticator *wpa_auth, const u8 *addr,
4740 char *buf, size_t len)
4741{
4742 if (!wpa_auth || !wpa_auth->pmksa)
4743 return 0;
4744
4745 return pmksa_cache_auth_list_mesh(wpa_auth->pmksa, addr, buf, len);
4746}
4747
4748
4749struct rsn_pmksa_cache_entry *
4750wpa_auth_pmksa_create_entry(const u8 *aa, const u8 *spa, const u8 *pmk,
4751 const u8 *pmkid, int expiration)
4752{
4753 struct rsn_pmksa_cache_entry *entry;
4754 struct os_reltime now;
4755
4756 entry = pmksa_cache_auth_create_entry(pmk, PMK_LEN, pmkid, NULL, 0, aa,
4757 spa, 0, NULL, WPA_KEY_MGMT_SAE);
4758 if (!entry)
4759 return NULL;
4760
4761 os_get_reltime(&now);
4762 entry->expiration = now.sec + expiration;
4763 return entry;
4764}
4765
4766
4767int wpa_auth_pmksa_add_entry(struct wpa_authenticator *wpa_auth,
4768 struct rsn_pmksa_cache_entry *entry)
4769{
4770 int ret;
4771
4772 if (!wpa_auth || !wpa_auth->pmksa)
4773 return -1;
4774
4775 ret = pmksa_cache_auth_add_entry(wpa_auth->pmksa, entry);
4776 if (ret < 0)
4777 wpa_printf(MSG_DEBUG,
4778 "RSN: Failed to store external PMKSA cache for "
4779 MACSTR, MAC2STR(entry->spa));
4780
4781 return ret;
4782}
4783
4784#endif /* CONFIG_MESH */
4785#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
4786
4787
9f2cf23e 4788struct rsn_pmksa_cache_entry *
c1bd4bac
JM		 4789wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
4790 const u8 *pmkid)
9f2cf23e
MH		 4791{
4792 if (!wpa_auth || !wpa_auth->pmksa)
4793 return NULL;
c1bd4bac 4794 return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, pmkid);
9f2cf23e
MH		 4795}
4796
4797
4798void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
4799 struct wpa_state_machine *sm,
4800 struct wpa_authenticator *wpa_auth,
4801 u8 *pmkid, u8 *pmk)
4802{
4803 if (!sm)
4804 return;
4805
4806 sm->pmksa = pmksa;
8854f90b
JM		 4807 os_memcpy(pmk, pmksa->pmk, PMK_LEN);
4808 os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN);
4809 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
9f2cf23e
MH		 4810}
4811
4812
a0ad9e8c
MB		 4813/*
4814 * Remove and free the group from wpa_authenticator. This is triggered by a
4815 * callback to make sure nobody is currently iterating the group list while it
4816 * gets modified.
4817 */
4818static void wpa_group_free(struct wpa_authenticator *wpa_auth,
4819 struct wpa_group *group)
4820{
4821 struct wpa_group *prev = wpa_auth->group;
4822
4823 wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
4824 group->vlan_id);
4825
4826 while (prev) {
4827 if (prev->next == group) {
4828 /* This never frees the special first group as needed */
4829 prev->next = group->next;
4830 os_free(group);
4831 break;
4832 }
4833 prev = prev->next;
4834 }
4835
4836}
4837
4838
4839/* Increase the reference counter for group */
4840static void wpa_group_get(struct wpa_authenticator *wpa_auth,
4841 struct wpa_group *group)
4842{
4843 /* Skip the special first group */
4844 if (wpa_auth->group == group)
4845 return;
4846
4847 group->references++;
4848}
4849
4850
4851/* Decrease the reference counter and maybe free the group */
4852static void wpa_group_put(struct wpa_authenticator *wpa_auth,
4853 struct wpa_group *group)
4854{
4855 /* Skip the special first group */
4856 if (wpa_auth->group == group)
4857 return;
4858
4859 group->references--;
4860 if (group->references)
4861 return;
4862 wpa_group_free(wpa_auth, group);
4863}
4864
4865
4866/*
4867 * Add a group that has its references counter set to zero. Caller needs to
4868 * call wpa_group_get() on the return value to mark the entry in use.
4869 */
6fc6879b
JM		 4870static struct wpa_group *
4871wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4872{
4873 struct wpa_group *group;
4874
4875 if (wpa_auth == NULL || wpa_auth->group == NULL)
4876 return NULL;
4877
4878 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
4879 vlan_id);
bdffdc5d 4880 group = wpa_group_init(wpa_auth, vlan_id, 0);
6fc6879b
JM		 4881 if (group == NULL)
4882 return NULL;
4883
4884 group->next = wpa_auth->group->next;
4885 wpa_auth->group->next = group;
4886
4887 return group;
4888}
4889
4890
7cebc8e2
MB		 4891/*
4892 * Enforce that the group state machine for the VLAN is running, increase
4893 * reference counter as interface is up. References might have been increased
4894 * even if a negative value is returned.
4895 * Returns: -1 on error (group missing, group already failed); otherwise, 0
4896 */
4897int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4898{
4899 struct wpa_group *group;
4900
4901 if (wpa_auth == NULL)
4902 return 0;
4903
4904 group = wpa_auth->group;
4905 while (group) {
4906 if (group->vlan_id == vlan_id)
4907 break;
4908 group = group->next;
4909 }
4910
4911 if (group == NULL) {
4912 group = wpa_auth_add_group(wpa_auth, vlan_id);
4913 if (group == NULL)
4914 return -1;
4915 }
4916
4917 wpa_printf(MSG_DEBUG,
4918 "WPA: Ensure group state machine running for VLAN ID %d",
4919 vlan_id);
4920
4921 wpa_group_get(wpa_auth, group);
4922 group->num_setup_iface++;
4923
4924 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
4925 return -1;
4926
4927 return 0;
4928}
4929
4930
4931/*
4932 * Decrease reference counter, expected to be zero afterwards.
4933 * returns: -1 on error (group not found, group in fail state)
4934 * -2 if wpa_group is still referenced
4935 * 0 else
4936 */
4937int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4938{
4939 struct wpa_group *group;
4940 int ret = 0;
4941
4942 if (wpa_auth == NULL)
4943 return 0;
4944
4945 group = wpa_auth->group;
4946 while (group) {
4947 if (group->vlan_id == vlan_id)
4948 break;
4949 group = group->next;
4950 }
4951
4952 if (group == NULL)
4953 return -1;
4954
4955 wpa_printf(MSG_DEBUG,
4956 "WPA: Try stopping group state machine for VLAN ID %d",
4957 vlan_id);
4958
4959 if (group->num_setup_iface <= 0) {
4960 wpa_printf(MSG_ERROR,
4961 "WPA: wpa_auth_release_group called more often than wpa_auth_ensure_group for VLAN ID %d, skipping.",
4962 vlan_id);
4963 return -1;
4964 }
4965 group->num_setup_iface--;
4966
4967 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
4968 ret = -1;
4969
4970 if (group->references > 1) {
4971 wpa_printf(MSG_DEBUG,
4972 "WPA: Cannot stop group state machine for VLAN ID %d as references are still hold",
4973 vlan_id);
4974 ret = -2;
4975 }
4976
4977 wpa_group_put(wpa_auth, group);
4978
4979 return ret;
4980}
4981
4982
6fc6879b
JM		 4983int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
4984{
4985 struct wpa_group *group;
4986
4987 if (sm == NULL || sm->wpa_auth == NULL)
4988 return 0;
4989
4990 group = sm->wpa_auth->group;
4991 while (group) {
4992 if (group->vlan_id == vlan_id)
4993 break;
4994 group = group->next;
4995 }
4996
4997 if (group == NULL) {
4998 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
4999 if (group == NULL)
5000 return -1;
5001 }
5002
5003 if (sm->group == group)
5004 return 0;
5005
7d7f7be2
JM		 5006 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
5007 return -1;
5008
6fc6879b
JM		 5009 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
5010 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
5011
a0ad9e8c
MB		 5012 wpa_group_get(sm->wpa_auth, group);
5013 wpa_group_put(sm->wpa_auth, sm->group);
6fc6879b 5014 sm->group = group;
a0ad9e8c 5015
6fc6879b
JM		 5016 return 0;
5017}
e4bf4db9
JM		 5018
5019
5020void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
5021 struct wpa_state_machine *sm, int ack)
5022{
5023 if (wpa_auth == NULL || sm == NULL)
5024 return;
5025 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
5026 " ack=%d", MAC2STR(sm->addr), ack);
5027 if (sm->pending_1_of_4_timeout && ack) {
5028 /*
5029 * Some deployed supplicant implementations update their SNonce
5030 * for each EAPOL-Key 2/4 message even within the same 4-way
5031 * handshake and then fail to use the first SNonce when
5032 * deriving the PTK. This results in unsuccessful 4-way
5033 * handshake whenever the relatively short initial timeout is
5034 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
5035 * around this by increasing the timeout now that we know that
5036 * the station has received the frame.
5037 */
5038 int timeout_ms = eapol_key_timeout_subseq;
5039 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
5040 "timeout by %u ms because of acknowledged frame",
5041 timeout_ms);
5042 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
5043 eloop_register_timeout(timeout_ms / 1000,
5044 (timeout_ms % 1000) * 1000,
5045 wpa_send_eapol_timeout, wpa_auth, sm);
5046 }
3d695328
JM		 5047
5048#ifdef CONFIG_TESTING_OPTIONS
5049 if (sm->eapol_status_cb) {
5050 sm->eapol_status_cb(sm->eapol_status_cb_ctx1,
5051 sm->eapol_status_cb_ctx2);
5052 sm->eapol_status_cb = NULL;
5053 }
5054#endif /* CONFIG_TESTING_OPTIONS */
e4bf4db9 5055}
c10347f2
JM		 5056
5057
5058int wpa_auth_uses_sae(struct wpa_state_machine *sm)
5059{
5060 if (sm == NULL)
5061 return 0;
5062 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
5063}
aa189ac9
JM		 5064
5065
5066int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
5067{
5068 if (sm == NULL)
5069 return 0;
5070 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
5071}
25ef8529
JM		 5072
5073
5074#ifdef CONFIG_P2P
5075int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
5076{
5077 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
5078 return -1;
5079 os_memcpy(addr, sm->ip_addr, 4);
5080 return 0;
5081}
5082#endif /* CONFIG_P2P */
cbc210de
JM		 5083
5084
5085int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
5086 struct radius_das_attrs *attr)
5087{
5088 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
5089}
34782730
JM		 5090
5091
5092void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth)
5093{
5094 struct wpa_group *group;
5095
5096 if (!wpa_auth)
5097 return;
5098 for (group = wpa_auth->group; group; group = group->next)
5099 wpa_group_config_group_keys(wpa_auth, group);
5100}
7eace378
JM		 5101
5102
5103#ifdef CONFIG_FILS
5104
5105struct wpa_auth_fils_iter_data {
5106 struct wpa_authenticator *auth;
5107 const u8 *cache_id;
5108 struct rsn_pmksa_cache_entry *pmksa;
5109 const u8 *spa;
5110 const u8 *pmkid;
5111};
5112
5113
5114static int wpa_auth_fils_iter(struct wpa_authenticator *a, void *ctx)
5115{
5116 struct wpa_auth_fils_iter_data *data = ctx;
5117
4cc6574d 5118 if (a == data->auth || !a->conf.fils_cache_id_set ||
7eace378
JM		 5119 os_memcmp(a->conf.fils_cache_id, data->cache_id,
5120 FILS_CACHE_ID_LEN) != 0)
5121 return 0;
5122 data->pmksa = pmksa_cache_auth_get(a->pmksa, data->spa, data->pmkid);
5123 return data->pmksa != NULL;
5124}
5125
5126
5127struct rsn_pmksa_cache_entry *
5128wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
5129 const u8 *sta_addr, const u8 *pmkid)
5130{
5131 struct wpa_auth_fils_iter_data idata;
5132
5133 if (!wpa_auth->conf.fils_cache_id_set)
5134 return NULL;
5135 idata.auth = wpa_auth;
5136 idata.cache_id = wpa_auth->conf.fils_cache_id;
5137 idata.pmksa = NULL;
5138 idata.spa = sta_addr;
5139 idata.pmkid = pmkid;
5140 wpa_auth_for_each_auth(wpa_auth, wpa_auth_fils_iter, &idata);
5141 return idata.pmksa;
5142}
5143
5db997e3
JM		 5144
5145#ifdef CONFIG_IEEE80211R_AP
a7968ea5
JM		 5146int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, int use_sha384,
5147 u8 *buf, size_t len)
5db997e3
JM		 5148{
5149 struct wpa_auth_config *conf = &wpa_auth->conf;
5150
a7968ea5 5151 return wpa_write_ftie(conf, use_sha384, conf->r0_key_holder,
5db997e3 5152 conf->r0_key_holder_len,
51d1924b 5153 NULL, NULL, buf, len, NULL, 0, 0);
5db997e3
JM		 5154}
5155#endif /* CONFIG_IEEE80211R_AP */
5156
8acbf85f
JM		 5157
5158void wpa_auth_get_fils_aead_params(struct wpa_state_machine *sm,
5159 u8 *fils_anonce, u8 *fils_snonce,
5160 u8 *fils_kek, size_t *fils_kek_len)
5161{
5162 os_memcpy(fils_anonce, sm->ANonce, WPA_NONCE_LEN);
5163 os_memcpy(fils_snonce, sm->SNonce, WPA_NONCE_LEN);
5164 os_memcpy(fils_kek, sm->PTK.kek, WPA_KEK_MAX_LEN);
5165 *fils_kek_len = sm->PTK.kek_len;
5166}
5167
a40bd06e
JM		 5168
5169void wpa_auth_add_fils_pmk_pmkid(struct wpa_state_machine *sm, const u8 *pmk,
5170 size_t pmk_len, const u8 *pmkid)
5171{
5172 os_memcpy(sm->PMK, pmk, pmk_len);
5173 sm->pmk_len = pmk_len;
5174 os_memcpy(sm->pmkid, pmkid, PMKID_LEN);
5175 sm->pmkid_set = 1;
5176}
5177
7eace378 5178#endif /* CONFIG_FILS */
6bc2f00f
JM		 5179
5180
36536639
JM		 5181void wpa_auth_set_auth_alg(struct wpa_state_machine *sm, u16 auth_alg)
5182{
5183 if (sm)
5184 sm->auth_alg = auth_alg;
5185}
5186
5187
10ec6a5f
JM		 5188#ifdef CONFIG_DPP2
5189void wpa_auth_set_dpp_z(struct wpa_state_machine *sm, const struct wpabuf *z)
5190{
5191 if (sm) {
5192 wpabuf_clear_free(sm->dpp_z);
5193 sm->dpp_z = z ? wpabuf_dup(z) : NULL;
5194 }
5195}
5196#endif /* CONFIG_DPP2 */
5197
5198
82424732 5199#ifdef CONFIG_TESTING_OPTIONS
d8afdb21 5200
3d695328
JM		 5201int wpa_auth_resend_m1(struct wpa_state_machine *sm, int change_anonce,
5202 void (*cb)(void *ctx1, void *ctx2),
5203 void *ctx1, void *ctx2)
d8afdb21
JM		 5204{
5205 const u8 *anonce = sm->ANonce;
5206 u8 anonce_buf[WPA_NONCE_LEN];
5207
5208 if (change_anonce) {
5209 if (random_get_bytes(anonce_buf, WPA_NONCE_LEN))
5210 return -1;
5211 anonce = anonce_buf;
5212 }
5213
5214 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
5215 "sending 1/4 msg of 4-Way Handshake (TESTING)");
5216 wpa_send_eapol(sm->wpa_auth, sm,
5217 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
5218 anonce, NULL, 0, 0, 0);
5219 return 0;
5220}
5221
5222
3d695328
JM		 5223int wpa_auth_resend_m3(struct wpa_state_machine *sm,
5224 void (*cb)(void *ctx1, void *ctx2),
5225 void *ctx1, void *ctx2)
d8afdb21 5226{
0c3bc1be 5227 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
0c3bc1be 5228 u8 *opos;
d8afdb21
JM		 5229 size_t gtk_len, kde_len;
5230 struct wpa_group *gsm = sm->group;
5231 u8 *wpa_ie;
7a4b01c8 5232 int wpa_ie_len, secure, gtkidx, encr = 0;
862aac1f 5233 u8 hdr[2];
d8afdb21
JM		 5234
5235 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
16889aff 5236 GTK[GN], IGTK, [BIGTK], [FTIE], [TIE * 2])
d8afdb21
JM		 5237 */
5238
5239 /* Use 0 RSC */
5240 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
5241 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
5242 wpa_ie = sm->wpa_auth->wpa_ie;
5243 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
5244 if (sm->wpa == WPA_VERSION_WPA &&
5245 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
5246 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
5247 /* WPA-only STA, remove RSN IE and possible MDIE */
5248 wpa_ie = wpa_ie + wpa_ie[1] + 2;
5249 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
5250 wpa_ie = wpa_ie + wpa_ie[1] + 2;
5251 wpa_ie_len = wpa_ie[1] + 2;
5252 }
5253 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
5254 "sending 3/4 msg of 4-Way Handshake (TESTING)");
5255 if (sm->wpa == WPA_VERSION_WPA2) {
5256 /* WPA2 send GTK in the 4-way handshake */
5257 secure = 1;
5258 gtk = gsm->GTK[gsm->GN - 1];
5259 gtk_len = gsm->GTK_len;
7a4b01c8 5260 gtkidx = gsm->GN;
d8afdb21
JM		 5261 _rsc = rsc;
5262 encr = 1;
5263 } else {
5264 /* WPA does not include GTK in msg 3/4 */
5265 secure = 0;
5266 gtk = NULL;
5267 gtk_len = 0;
d8afdb21
JM		 5268 _rsc = NULL;
5269 if (sm->rx_eapol_key_secure) {
5270 /*
5271 * It looks like Windows 7 supplicant tries to use
5272 * Secure bit in msg 2/4 after having reported Michael
5273 * MIC failure and it then rejects the 4-way handshake
5274 * if msg 3/4 does not set Secure bit. Work around this
5275 * by setting the Secure bit here even in the case of
5276 * WPA if the supplicant used it first.
5277 */
5278 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
5279 "STA used Secure bit in WPA msg 2/4 - "
5280 "set Secure for 3/4 as workaround");
5281 secure = 1;
5282 }
5283 }
5284
17c2559c 5285 kde_len = wpa_ie_len + ieee80211w_kde_len(sm) + ocv_oci_len(sm);
862aac1f
AW		 5286
5287 if (sm->use_ext_key_id)
5288 kde_len += 2 + RSN_SELECTOR_LEN + 2;
5289
d8afdb21
JM		 5290 if (gtk)
5291 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
5292#ifdef CONFIG_IEEE80211R_AP
5293 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
5294 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
5295 kde_len += 300; /* FTIE + 2 * TIE */
5296 }
5297#endif /* CONFIG_IEEE80211R_AP */
5298 kde = os_malloc(kde_len);
5299 if (kde == NULL)
5300 return -1;
5301
5302 pos = kde;
5303 os_memcpy(pos, wpa_ie, wpa_ie_len);
5304 pos += wpa_ie_len;
5305#ifdef CONFIG_IEEE80211R_AP
5306 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
5307 int res;
5308 size_t elen;
5309
5310 elen = pos - kde;
5311 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
5312 if (res < 0) {
5313 wpa_printf(MSG_ERROR, "FT: Failed to insert "
5314 "PMKR1Name into RSN IE in EAPOL-Key data");
5315 os_free(kde);
5316 return -1;
5317 }
5318 pos -= wpa_ie_len;
5319 pos += elen;
5320 }
5321#endif /* CONFIG_IEEE80211R_AP */
862aac1f
AW		 5322 hdr[1] = 0;
5323
5324 if (sm->use_ext_key_id) {
5325 hdr[0] = sm->keyidx_active & 0x01;
5326 pos = wpa_add_kde(pos, RSN_KEY_DATA_KEYID, hdr, 2, NULL, 0);
5327 }
5328
d8afdb21 5329 if (gtk) {
7a4b01c8 5330 hdr[0] = gtkidx & 0x03;
d8afdb21
JM		 5331 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
5332 gtk, gtk_len);
5333 }
5334 opos = pos;
5335 pos = ieee80211w_kde_add(sm, pos);
9f917339
MV		 5336 if (pos - opos >= 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) {
5337 /* skip KDE header and keyid */
5338 opos += 2 + RSN_SELECTOR_LEN + 2;
d8afdb21
JM		 5339 os_memset(opos, 0, 6); /* clear PN */
5340 }
17c2559c
MV		 5341 if (ocv_oci_add(sm, &pos) < 0) {
5342 os_free(kde);
5343 return -1;
5344 }
d8afdb21
JM		 5345
5346#ifdef CONFIG_IEEE80211R_AP
5347 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
5348 int res;
5349 struct wpa_auth_config *conf;
5350
5351 conf = &sm->wpa_auth->conf;
5352 if (sm->assoc_resp_ftie &&
5353 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
5354 os_memcpy(pos, sm->assoc_resp_ftie,
5355 2 + sm->assoc_resp_ftie[1]);
5356 res = 2 + sm->assoc_resp_ftie[1];
5357 } else {
a7968ea5
JM		 5358 int use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
5359
5360 res = wpa_write_ftie(conf, use_sha384,
5361 conf->r0_key_holder,
d8afdb21
JM		 5362 conf->r0_key_holder_len,
5363 NULL, NULL, pos,
5364 kde + kde_len - pos,
51d1924b 5365 NULL, 0, 0);
d8afdb21
JM		 5366 }
5367 if (res < 0) {
5368 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
5369 "into EAPOL-Key Key Data");
5370 os_free(kde);
5371 return -1;
5372 }
5373 pos += res;
5374
5375 /* TIE[ReassociationDeadline] (TU) */
5376 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
5377 *pos++ = 5;
5378 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
5379 WPA_PUT_LE32(pos, conf->reassociation_deadline);
5380 pos += 4;
5381
5382 /* TIE[KeyLifetime] (seconds) */
5383 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
5384 *pos++ = 5;
5385 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
83fe4bd3 5386 WPA_PUT_LE32(pos, conf->r0_key_lifetime);
d8afdb21
JM		 5387 pos += 4;
5388 }
5389#endif /* CONFIG_IEEE80211R_AP */
5390
5391 wpa_send_eapol(sm->wpa_auth, sm,
5392 (secure ? WPA_KEY_INFO_SECURE : 0) |
5393 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
5394 WPA_KEY_INFO_MIC : 0) |
5395 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
5396 WPA_KEY_INFO_KEY_TYPE,
7a4b01c8 5397 _rsc, sm->ANonce, kde, pos - kde, 0, encr);
d8afdb21
JM		 5398 os_free(kde);
5399 return 0;
5400}
5401
5402
3d695328
JM		 5403int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
5404 void (*cb)(void *ctx1, void *ctx2),
5405 void *ctx1, void *ctx2)
6bc2f00f
JM		 5406{
5407 u8 rsc[WPA_KEY_RSC_LEN];
5408 struct wpa_group *gsm = sm->group;
5409 const u8 *kde;
0c3bc1be 5410 u8 *kde_buf = NULL, *pos, hdr[2];
0c3bc1be 5411 u8 *opos;
6bc2f00f
JM		 5412 size_t kde_len;
5413 u8 *gtk;
5414
5415 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
5416 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
5417 /* Use 0 RSC */
5418 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
5419 "sending 1/2 msg of Group Key Handshake (TESTING)");
5420
5421 gtk = gsm->GTK[gsm->GN - 1];
5422 if (sm->wpa == WPA_VERSION_WPA2) {
5423 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
17c2559c 5424 ieee80211w_kde_len(sm) + ocv_oci_len(sm);
6bc2f00f
JM		 5425 kde_buf = os_malloc(kde_len);
5426 if (kde_buf == NULL)
5427 return -1;
5428
5429 kde = pos = kde_buf;
5430 hdr[0] = gsm->GN & 0x03;
5431 hdr[1] = 0;
5432 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
5433 gtk, gsm->GTK_len);
5434 opos = pos;
5435 pos = ieee80211w_kde_add(sm, pos);
9f917339
MV		 5436 if (pos - opos >=
5437 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) {
5438 /* skip KDE header and keyid */
5439 opos += 2 + RSN_SELECTOR_LEN + 2;
6bc2f00f
JM		 5440 os_memset(opos, 0, 6); /* clear PN */
5441 }
17c2559c
MV		 5442 if (ocv_oci_add(sm, &pos) < 0) {
5443 os_free(kde_buf);
5444 return -1;
5445 }
6bc2f00f
JM		 5446 kde_len = pos - kde;
5447 } else {
5448 kde = gtk;
5449 kde_len = gsm->GTK_len;
5450 }
5451
3d695328
JM		 5452 sm->eapol_status_cb = cb;
5453 sm->eapol_status_cb_ctx1 = ctx1;
5454 sm->eapol_status_cb_ctx2 = ctx2;
5455
6bc2f00f
JM		 5456 wpa_send_eapol(sm->wpa_auth, sm,
5457 WPA_KEY_INFO_SECURE |
5458 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
5459 WPA_KEY_INFO_MIC : 0) |
5460 WPA_KEY_INFO_ACK |
5461 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
5462 rsc, NULL, kde, kde_len, gsm->GN, 1);
5463
5464 os_free(kde_buf);
5465 return 0;
5466}
d8afdb21 5467
92662fb2
JB		 5468
5469int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth)
5470{
5471 if (!wpa_auth)
5472 return -1;
5473 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
5474 return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL);
5475}
5476
6bc2f00f 5477#endif /* CONFIG_TESTING_OPTIONS */
Unnamed repository; edit this file 'description' to name the repository.