]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
FILS: Use AEAD cipher to check received EAPOL-Key frames (AP)
[thirdparty/hostap.git] / src / ap / wpa_auth.c
CommitLineData
6fc6879b 1/*
00338a4f 2 * IEEE 802.11 RSN / WPA Authenticator
98cd3d1c 3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
6fc6879b 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
6fc6879b
JM		 7 */
8
6226e38d 9#include "utils/includes.h"
6fc6879b 10
6226e38d
JM		 11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/state_machine.h"
25ef8529 14#include "utils/bitfield.h"
81f4f619 15#include "common/ieee802_11_defs.h"
3b5b7aa8 16#include "crypto/aes.h"
03da66bd 17#include "crypto/aes_wrap.h"
3b5b7aa8 18#include "crypto/aes_siv.h"
03da66bd
JM		 19#include "crypto/crypto.h"
20#include "crypto/sha1.h"
21#include "crypto/sha256.h"
3642c431 22#include "crypto/random.h"
281c950b 23#include "eapol_auth/eapol_auth_sm.h"
6226e38d 24#include "ap_config.h"
6fc6879b 25#include "ieee802_11.h"
6226e38d
JM		 26#include "wpa_auth.h"
27#include "pmksa_cache_auth.h"
6fc6879b
JM		 28#include "wpa_auth_i.h"
29#include "wpa_auth_ie.h"
30
31#define STATE_MACHINE_DATA struct wpa_state_machine
32#define STATE_MACHINE_DEBUG_PREFIX "WPA"
33#define STATE_MACHINE_ADDR sm->addr
34
35
36static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
e4a6ea1d 37static int wpa_sm_step(struct wpa_state_machine *sm);
929a2ea5
JM		 38static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
39 size_t data_len);
6fc6879b
JM		 40static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
41static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
42 struct wpa_group *group);
581a8cde 43static void wpa_request_new_ptk(struct wpa_state_machine *sm);
e6965d4e
JM		 44static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
45 struct wpa_group *group);
1bdb7ab3
JM		 46static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
47 struct wpa_group *group);
f23c5b17 48static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
207976f0
JM		 49 const u8 *pmk, unsigned int pmk_len,
50 struct wpa_ptk *ptk);
a0ad9e8c
MB		 51static void wpa_group_free(struct wpa_authenticator *wpa_auth,
52 struct wpa_group *group);
53static void wpa_group_get(struct wpa_authenticator *wpa_auth,
54 struct wpa_group *group);
55static void wpa_group_put(struct wpa_authenticator *wpa_auth,
56 struct wpa_group *group);
6fc6879b 57
bae61562
JM		 58static const u32 dot11RSNAConfigGroupUpdateCount = 4;
59static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
60static const u32 eapol_key_timeout_first = 100; /* ms */
61static const u32 eapol_key_timeout_subseq = 1000; /* ms */
00338a4f 62static const u32 eapol_key_timeout_first_group = 500; /* ms */
6fc6879b
JM		 63
64/* TODO: make these configurable */
65static const int dot11RSNAConfigPMKLifetime = 43200;
66static const int dot11RSNAConfigPMKReauthThreshold = 70;
67static const int dot11RSNAConfigSATimeout = 60;
68
69
c772d054 70static inline int wpa_auth_mic_failure_report(
6fc6879b
JM		 71 struct wpa_authenticator *wpa_auth, const u8 *addr)
72{
73 if (wpa_auth->cb.mic_failure_report)
c772d054
JM		 74 return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
75 return 0;
6fc6879b
JM		 76}
77
78
2c502460
JM		 79static inline void wpa_auth_psk_failure_report(
80 struct wpa_authenticator *wpa_auth, const u8 *addr)
81{
82 if (wpa_auth->cb.psk_failure_report)
83 wpa_auth->cb.psk_failure_report(wpa_auth->cb.ctx, addr);
84}
85
86
6fc6879b
JM		 87static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
88 const u8 *addr, wpa_eapol_variable var,
89 int value)
90{
91 if (wpa_auth->cb.set_eapol)
92 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
93}
94
95
96static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
97 const u8 *addr, wpa_eapol_variable var)
98{
99 if (wpa_auth->cb.get_eapol == NULL)
100 return -1;
101 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
102}
103
104
105static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
759fd76b
JM		 106 const u8 *addr,
107 const u8 *p2p_dev_addr,
108 const u8 *prev_psk)
6fc6879b
JM		 109{
110 if (wpa_auth->cb.get_psk == NULL)
111 return NULL;
759fd76b
JM		 112 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr,
113 prev_psk);
6fc6879b
JM		 114}
115
116
117static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
118 const u8 *addr, u8 *msk, size_t *len)
119{
120 if (wpa_auth->cb.get_msk == NULL)
121 return -1;
122 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
123}
124
125
126static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
127 int vlan_id,
71934751 128 enum wpa_alg alg, const u8 *addr, int idx,
6fc6879b
JM		 129 u8 *key, size_t key_len)
130{
131 if (wpa_auth->cb.set_key == NULL)
132 return -1;
133 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
134 key, key_len);
135}
136
137
138static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
139 const u8 *addr, int idx, u8 *seq)
140{
141 if (wpa_auth->cb.get_seqnum == NULL)
142 return -1;
143 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
144}
145
146
6fc6879b
JM		 147static inline int
148wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
149 const u8 *data, size_t data_len, int encrypt)
150{
151 if (wpa_auth->cb.send_eapol == NULL)
152 return -1;
153 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
154 encrypt);
155}
156
157
c50d94f1
BC		 158#ifdef CONFIG_MESH
159static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
160 const u8 *addr)
161{
162 if (wpa_auth->cb.start_ampe == NULL)
163 return -1;
164 return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr);
165}
166#endif /* CONFIG_MESH */
167
168
6fc6879b
JM		 169int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
170 int (*cb)(struct wpa_state_machine *sm, void *ctx),
171 void *cb_ctx)
172{
173 if (wpa_auth->cb.for_each_sta == NULL)
174 return 0;
175 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
176}
177
178
bf98f7f3
JM		 179int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
180 int (*cb)(struct wpa_authenticator *a, void *ctx),
181 void *cb_ctx)
182{
183 if (wpa_auth->cb.for_each_auth == NULL)
184 return 0;
185 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
186}
187
188
6fc6879b
JM		 189void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
190 logger_level level, const char *txt)
191{
192 if (wpa_auth->cb.logger == NULL)
193 return;
194 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
195}
196
197
198void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
199 logger_level level, const char *fmt, ...)
200{
201 char *format;
202 int maxlen;
203 va_list ap;
204
205 if (wpa_auth->cb.logger == NULL)
206 return;
207
208 maxlen = os_strlen(fmt) + 100;
209 format = os_malloc(maxlen);
210 if (!format)
211 return;
212
213 va_start(ap, fmt);
214 vsnprintf(format, maxlen, fmt, ap);
215 va_end(ap);
216
217 wpa_auth_logger(wpa_auth, addr, level, format);
218
219 os_free(format);
220}
221
222
223static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
224 const u8 *addr)
225{
226 if (wpa_auth->cb.disconnect == NULL)
227 return;
afcc9ea1 228 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
6fc6879b
JM		 229 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
230 WLAN_REASON_PREV_AUTH_NOT_VALID);
231}
232
233
234static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
235{
56586197 236 int ret = 0;
6fc6879b 237#ifdef CONFIG_IEEE80211R
56586197
JM		 238 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
239 ret = 1;
6fc6879b 240#endif /* CONFIG_IEEE80211R */
56586197
JM		 241#ifdef CONFIG_IEEE80211W
242 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
243 ret = 1;
244#endif /* CONFIG_IEEE80211W */
a14896e8
JM		 245 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN)
246 ret = 1;
56586197 247 return ret;
6fc6879b
JM		 248}
249
250
251static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
252{
253 struct wpa_authenticator *wpa_auth = eloop_ctx;
254
3642c431 255 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
6fc6879b
JM		 256 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
257 "initialization.");
258 } else {
259 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
5cb9d5c3
JM		 260 wpa_hexdump_key(MSG_DEBUG, "GMK",
261 wpa_auth->group->GMK, WPA_GMK_LEN);
6fc6879b
JM		 262 }
263
264 if (wpa_auth->conf.wpa_gmk_rekey) {
265 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
266 wpa_rekey_gmk, wpa_auth, NULL);
267 }
268}
269
270
271static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
272{
273 struct wpa_authenticator *wpa_auth = eloop_ctx;
a0ad9e8c 274 struct wpa_group *group, *next;
6fc6879b
JM		 275
276 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
a0ad9e8c
MB		 277 group = wpa_auth->group;
278 while (group) {
279 wpa_group_get(wpa_auth, group);
280
6fc6879b
JM		 281 group->GTKReKey = TRUE;
282 do {
283 group->changed = FALSE;
284 wpa_group_sm_step(wpa_auth, group);
285 } while (group->changed);
a0ad9e8c
MB		 286
287 next = group->next;
288 wpa_group_put(wpa_auth, group);
289 group = next;
6fc6879b
JM		 290 }
291
292 if (wpa_auth->conf.wpa_group_rekey) {
293 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
294 0, wpa_rekey_gtk, wpa_auth, NULL);
295 }
296}
297
298
581a8cde
JM		 299static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
300{
301 struct wpa_authenticator *wpa_auth = eloop_ctx;
302 struct wpa_state_machine *sm = timeout_ctx;
303
304 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
305 wpa_request_new_ptk(sm);
306 wpa_sm_step(sm);
307}
308
309
6fc6879b
JM		 310static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
311{
312 if (sm->pmksa == ctx)
313 sm->pmksa = NULL;
314 return 0;
315}
316
317
318static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
319 void *ctx)
320{
321 struct wpa_authenticator *wpa_auth = ctx;
322 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
323}
324
325
1bdb7ab3
JM		 326static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
327 struct wpa_group *group)
328{
559cdabb 329 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
1bdb7ab3 330 u8 rkey[32];
559cdabb 331 unsigned long ptr;
1bdb7ab3 332
3642c431 333 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
1bdb7ab3
JM		 334 return -1;
335 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
336
337 /*
338 * Counter = PRF-256(Random number, "Init Counter",
339 * Local MAC Address || Time)
340 */
341 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
342 wpa_get_ntp_timestamp(buf + ETH_ALEN);
559cdabb
JM		 343 ptr = (unsigned long) group;
344 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
3642c431 345 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
1bdb7ab3
JM		 346 return -1;
347
348 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
349 group->Counter, WPA_NONCE_LEN) < 0)
350 return -1;
351 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
352 group->Counter, WPA_NONCE_LEN);
353
354 return 0;
355}
356
357
e6965d4e 358static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
bdffdc5d 359 int vlan_id, int delay_init)
e6965d4e
JM		 360{
361 struct wpa_group *group;
e6965d4e
JM		 362
363 group = os_zalloc(sizeof(struct wpa_group));
364 if (group == NULL)
365 return NULL;
366
367 group->GTKAuthenticator = TRUE;
368 group->vlan_id = vlan_id;
c3550295 369 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
6fc6879b 370
08704cd8
JM		 371 if (random_pool_ready() != 1) {
372 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
373 "for secure operations - update keys later when "
374 "the first station connects");
375 }
376
1bdb7ab3
JM		 377 /*
378 * Set initial GMK/Counter value here. The actual values that will be
379 * used in negotiations will be set once the first station tries to
380 * connect. This allows more time for collecting additional randomness
381 * on embedded devices.
6fc6879b 382 */
1bdb7ab3 383 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
6fc6879b
JM		 384 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
385 "initialization.");
386 os_free(group);
387 return NULL;
388 }
6fc6879b
JM		 389
390 group->GInit = TRUE;
bdffdc5d
JM		 391 if (delay_init) {
392 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
393 "until Beacon frames have been configured");
394 /* Initialization is completed in wpa_init_keys(). */
395 } else {
396 wpa_group_sm_step(wpa_auth, group);
397 group->GInit = FALSE;
398 wpa_group_sm_step(wpa_auth, group);
399 }
6fc6879b
JM		 400
401 return group;
402}
403
404
405/**
406 * wpa_init - Initialize WPA authenticator
407 * @addr: Authenticator address
408 * @conf: Configuration for WPA authenticator
a17df5fb 409 * @cb: Callback functions for WPA authenticator
6fc6879b
JM		 410 * Returns: Pointer to WPA authenticator data or %NULL on failure
411 */
412struct wpa_authenticator * wpa_init(const u8 *addr,
413 struct wpa_auth_config *conf,
414 struct wpa_auth_callbacks *cb)
415{
416 struct wpa_authenticator *wpa_auth;
417
418 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
419 if (wpa_auth == NULL)
420 return NULL;
421 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
422 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
423 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
424
425 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
426 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
427 os_free(wpa_auth);
428 return NULL;
429 }
430
bdffdc5d 431 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
6fc6879b
JM		 432 if (wpa_auth->group == NULL) {
433 os_free(wpa_auth->wpa_ie);
434 os_free(wpa_auth);
435 return NULL;
436 }
437
4bb081f1
JM		 438 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
439 wpa_auth);
6fc6879b
JM		 440 if (wpa_auth->pmksa == NULL) {
441 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
27d9701d 442 os_free(wpa_auth->group);
6fc6879b
JM		 443 os_free(wpa_auth->wpa_ie);
444 os_free(wpa_auth);
445 return NULL;
446 }
447
448#ifdef CONFIG_IEEE80211R
449 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
450 if (wpa_auth->ft_pmk_cache == NULL) {
451 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
27d9701d 452 os_free(wpa_auth->group);
6fc6879b 453 os_free(wpa_auth->wpa_ie);
4bb081f1 454 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 455 os_free(wpa_auth);
456 return NULL;
457 }
458#endif /* CONFIG_IEEE80211R */
459
460 if (wpa_auth->conf.wpa_gmk_rekey) {
461 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
462 wpa_rekey_gmk, wpa_auth, NULL);
463 }
464
465 if (wpa_auth->conf.wpa_group_rekey) {
466 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
467 wpa_rekey_gtk, wpa_auth, NULL);
468 }
469
25ef8529
JM		 470#ifdef CONFIG_P2P
471 if (WPA_GET_BE32(conf->ip_addr_start)) {
472 int count = WPA_GET_BE32(conf->ip_addr_end) -
473 WPA_GET_BE32(conf->ip_addr_start) + 1;
474 if (count > 1000)
475 count = 1000;
476 if (count > 0)
477 wpa_auth->ip_pool = bitfield_alloc(count);
478 }
479#endif /* CONFIG_P2P */
480
6fc6879b
JM		 481 return wpa_auth;
482}
483
484
bdffdc5d
JM		 485int wpa_init_keys(struct wpa_authenticator *wpa_auth)
486{
487 struct wpa_group *group = wpa_auth->group;
488
489 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
490 "keys");
491 wpa_group_sm_step(wpa_auth, group);
492 group->GInit = FALSE;
493 wpa_group_sm_step(wpa_auth, group);
7d7f7be2
JM		 494 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
495 return -1;
bdffdc5d
JM		 496 return 0;
497}
498
499
6fc6879b
JM		 500/**
501 * wpa_deinit - Deinitialize WPA authenticator
502 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
503 */
504void wpa_deinit(struct wpa_authenticator *wpa_auth)
505{
506 struct wpa_group *group, *prev;
507
508 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
509 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
510
511#ifdef CONFIG_PEERKEY
512 while (wpa_auth->stsl_negotiations)
513 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
514#endif /* CONFIG_PEERKEY */
515
4bb081f1 516 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 517
518#ifdef CONFIG_IEEE80211R
519 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
520 wpa_auth->ft_pmk_cache = NULL;
521#endif /* CONFIG_IEEE80211R */
522
25ef8529
JM		 523#ifdef CONFIG_P2P
524 bitfield_free(wpa_auth->ip_pool);
525#endif /* CONFIG_P2P */
526
527
6fc6879b
JM		 528 os_free(wpa_auth->wpa_ie);
529
530 group = wpa_auth->group;
531 while (group) {
532 prev = group;
533 group = group->next;
534 os_free(prev);
535 }
536
537 os_free(wpa_auth);
538}
539
540
541/**
542 * wpa_reconfig - Update WPA authenticator configuration
543 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
544 * @conf: Configuration for WPA authenticator
545 */
546int wpa_reconfig(struct wpa_authenticator *wpa_auth,
547 struct wpa_auth_config *conf)
548{
e6965d4e 549 struct wpa_group *group;
6fc6879b
JM		 550 if (wpa_auth == NULL)
551 return 0;
552
553 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
ad08c363
JM		 554 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
555 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
556 return -1;
557 }
558
e6965d4e
JM		 559 /*
560 * Reinitialize GTK to make sure it is suitable for the new
561 * configuration.
562 */
563 group = wpa_auth->group;
c3550295 564 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
e6965d4e
JM		 565 group->GInit = TRUE;
566 wpa_group_sm_step(wpa_auth, group);
567 group->GInit = FALSE;
568 wpa_group_sm_step(wpa_auth, group);
569
6fc6879b
JM		 570 return 0;
571}
572
573
574struct wpa_state_machine *
94ddef3e
JM		 575wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
576 const u8 *p2p_dev_addr)
6fc6879b
JM		 577{
578 struct wpa_state_machine *sm;
579
7d7f7be2
JM		 580 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
581 return NULL;
582
6fc6879b
JM		 583 sm = os_zalloc(sizeof(struct wpa_state_machine));
584 if (sm == NULL)
585 return NULL;
586 os_memcpy(sm->addr, addr, ETH_ALEN);
94ddef3e
JM		 587 if (p2p_dev_addr)
588 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
6fc6879b
JM		 589
590 sm->wpa_auth = wpa_auth;
591 sm->group = wpa_auth->group;
a0ad9e8c 592 wpa_group_get(sm->wpa_auth, sm->group);
6fc6879b
JM		 593
594 return sm;
595}
596
597
6f9b5d16
JM		 598int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
599 struct wpa_state_machine *sm)
6fc6879b
JM		 600{
601 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
6f9b5d16 602 return -1;
6fc6879b
JM		 603
604#ifdef CONFIG_IEEE80211R
605 if (sm->ft_completed) {
606 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
607 "FT authentication already completed - do not "
608 "start 4-way handshake");
3d4d2348
JM		 609 /* Go to PTKINITDONE state to allow GTK rekeying */
610 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
6f9b5d16 611 return 0;
6fc6879b
JM		 612 }
613#endif /* CONFIG_IEEE80211R */
614
615 if (sm->started) {
22a299ee 616 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
6fc6879b 617 sm->ReAuthenticationRequest = TRUE;
6f9b5d16 618 return wpa_sm_step(sm);
6fc6879b
JM		 619 }
620
621 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
622 "start authentication");
623 sm->started = 1;
624
625 sm->Init = TRUE;
e4a6ea1d 626 if (wpa_sm_step(sm) == 1)
6f9b5d16 627 return 1; /* should not really happen */
6fc6879b
JM		 628 sm->Init = FALSE;
629 sm->AuthenticationRequest = TRUE;
6f9b5d16 630 return wpa_sm_step(sm);
6fc6879b
JM		 631}
632
633
a8d05fca
JM		 634void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
635{
636 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
637 * reassociates back to the same AP while the previous entry for the
638 * STA has not yet been removed. */
639 if (sm == NULL)
640 return;
641
642 sm->wpa_key_mgmt = 0;
643}
644
645
6fc6879b
JM		 646static void wpa_free_sta_sm(struct wpa_state_machine *sm)
647{
25ef8529
JM		 648#ifdef CONFIG_P2P
649 if (WPA_GET_BE32(sm->ip_addr)) {
650 u32 start;
651 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
652 "address %u.%u.%u.%u from " MACSTR,
653 sm->ip_addr[0], sm->ip_addr[1],
654 sm->ip_addr[2], sm->ip_addr[3],
655 MAC2STR(sm->addr));
656 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
657 bitfield_clear(sm->wpa_auth->ip_pool,
658 WPA_GET_BE32(sm->ip_addr) - start);
659 }
660#endif /* CONFIG_P2P */
2ade8ef2
JM		 661 if (sm->GUpdateStationKeys) {
662 sm->group->GKeyDoneStations--;
663 sm->GUpdateStationKeys = FALSE;
664 }
0f857f43
JM		 665#ifdef CONFIG_IEEE80211R
666 os_free(sm->assoc_resp_ftie);
692ec305 667 wpabuf_free(sm->ft_pending_req_ies);
0f857f43 668#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 669 os_free(sm->last_rx_eapol_key);
670 os_free(sm->wpa_ie);
a0ad9e8c 671 wpa_group_put(sm->wpa_auth, sm->group);
6fc6879b
JM		 672 os_free(sm);
673}
674
675
676void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
677{
678 if (sm == NULL)
679 return;
680
681 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
682 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
683 "strict rekeying - force GTK rekey since STA "
684 "is leaving");
685 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
686 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
687 NULL);
688 }
689
690 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
e4bf4db9 691 sm->pending_1_of_4_timeout = 0;
6fc6879b 692 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
581a8cde 693 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 694 if (sm->in_step_loop) {
695 /* Must not free state machine while wpa_sm_step() is running.
696 * Freeing will be completed in the end of wpa_sm_step(). */
697 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
698 "machine deinit for " MACSTR, MAC2STR(sm->addr));
699 sm->pending_deinit = 1;
700 } else
701 wpa_free_sta_sm(sm);
702}
703
704
705static void wpa_request_new_ptk(struct wpa_state_machine *sm)
706{
707 if (sm == NULL)
708 return;
709
710 sm->PTKRequest = TRUE;
711 sm->PTK_valid = 0;
712}
713
714
68921e24 715static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
22a299ee
JM		 716 const u8 *replay_counter)
717{
718 int i;
719 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
68921e24 720 if (!ctr[i].valid)
22a299ee 721 break;
68921e24 722 if (os_memcmp(replay_counter, ctr[i].counter,
22a299ee
JM		 723 WPA_REPLAY_COUNTER_LEN) == 0)
724 return 1;
725 }
726 return 0;
727}
728
729
68921e24
JM		 730static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
731 const u8 *replay_counter)
732{
733 int i;
734 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
735 if (ctr[i].valid &&
736 (replay_counter == NULL ||
737 os_memcmp(replay_counter, ctr[i].counter,
738 WPA_REPLAY_COUNTER_LEN) == 0))
739 ctr[i].valid = FALSE;
740 }
741}
742
743
0f857f43
JM		 744#ifdef CONFIG_IEEE80211R
745static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
746 struct wpa_state_machine *sm,
747 struct wpa_eapol_ie_parse *kde)
748{
749 struct wpa_ie_data ie;
750 struct rsn_mdie *mdie;
751
752 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
753 ie.num_pmkid != 1 || ie.pmkid == NULL) {
754 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
755 "FT 4-way handshake message 2/4");
756 return -1;
757 }
758
759 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
760 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
761 sm->sup_pmk_r1_name, PMKID_LEN);
762
763 if (!kde->mdie || !kde->ftie) {
764 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
765 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
766 return -1;
767 }
768
769 mdie = (struct rsn_mdie *) (kde->mdie + 2);
770 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
771 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
772 MOBILITY_DOMAIN_ID_LEN) != 0) {
773 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
774 return -1;
775 }
776
777 if (sm->assoc_resp_ftie &&
778 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
779 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
780 2 + sm->assoc_resp_ftie[1]) != 0)) {
781 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
782 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
783 kde->ftie, kde->ftie_len);
784 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
785 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
786 return -1;
787 }
788
789 return 0;
790}
791#endif /* CONFIG_IEEE80211R */
792
793
c772d054
JM		 794static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
795 struct wpa_state_machine *sm, int group)
ec027805
JM		 796{
797 /* Supplicant reported a Michael MIC error */
798 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
799 "received EAPOL-Key Error Request "
800 "(STA detected Michael MIC failure (group=%d))",
801 group);
fbc72d32
JM		 802
803 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
804 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
805 "ignore Michael MIC failure report since "
806 "group cipher is not TKIP");
807 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
808 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
809 "ignore Michael MIC failure report since "
810 "pairwise cipher is not TKIP");
811 } else {
c772d054
JM		 812 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
813 return 1; /* STA entry was removed */
fbc72d32
JM		 814 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
815 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
816 }
ec027805
JM		 817
818 /*
819 * Error report is not a request for a new key handshake, but since
820 * Authenticator may do it, let's change the keys now anyway.
821 */
822 wpa_request_new_ptk(sm);
c772d054 823 return 0;
ec027805
JM		 824}
825
826
f23c5b17
JM		 827static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
828 size_t data_len)
829{
830 struct wpa_ptk PTK;
831 int ok = 0;
832 const u8 *pmk = NULL;
207976f0 833 unsigned int pmk_len;
f23c5b17
JM		 834
835 for (;;) {
836 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
837 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
838 sm->p2p_dev_addr, pmk);
839 if (pmk == NULL)
840 break;
207976f0
JM		 841 pmk_len = PMK_LEN;
842 } else {
f23c5b17 843 pmk = sm->PMK;
207976f0
JM		 844 pmk_len = sm->pmk_len;
845 }
f23c5b17 846
207976f0 847 wpa_derive_ptk(sm, sm->alt_SNonce, pmk, pmk_len, &PTK);
f23c5b17
JM		 848
849 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len)
850 == 0) {
851 ok = 1;
852 break;
853 }
854
855 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
856 break;
857 }
858
859 if (!ok) {
860 wpa_printf(MSG_DEBUG,
861 "WPA: Earlier SNonce did not result in matching MIC");
862 return -1;
863 }
864
865 wpa_printf(MSG_DEBUG,
866 "WPA: Earlier SNonce resulted in matching MIC");
867 sm->alt_snonce_valid = 0;
868 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
869 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
870 sm->PTK_valid = TRUE;
871
872 return 0;
873}
874
875
6fc6879b
JM		 876void wpa_receive(struct wpa_authenticator *wpa_auth,
877 struct wpa_state_machine *sm,
878 u8 *data, size_t data_len)
879{
880 struct ieee802_1x_hdr *hdr;
881 struct wpa_eapol_key *key;
882 u16 key_info, key_data_length;
883 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
884 SMK_M1, SMK_M3, SMK_ERROR } msg;
885 char *msgtxt;
886 struct wpa_eapol_ie_parse kde;
3b5b7aa8
JM		 887 const u8 *key_data;
888 size_t keyhdrlen, mic_len;
6d014ffc 889 u8 *mic;
6fc6879b
JM		 890
891 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
892 return;
dc5bad48 893 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL data", data, data_len);
6fc6879b 894
5e3b5197 895 mic_len = wpa_mic_len(sm->wpa_key_mgmt);
6d014ffc 896 keyhdrlen = sizeof(*key) + mic_len + 2;
5e3b5197 897
dc5bad48
JM		 898 if (data_len < sizeof(*hdr) + keyhdrlen) {
899 wpa_printf(MSG_DEBUG, "WPA: Ignore too short EAPOL-Key frame");
6fc6879b 900 return;
dc5bad48 901 }
6fc6879b
JM		 902
903 hdr = (struct ieee802_1x_hdr *) data;
904 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 905 mic = (u8 *) (key + 1);
6fc6879b 906 key_info = WPA_GET_BE16(key->key_info);
6d014ffc
JM		 907 key_data = mic + mic_len + 2;
908 key_data_length = WPA_GET_BE16(mic + mic_len);
0d442aff 909 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
dc5bad48
JM		 910 " key_info=0x%x type=%u mic_len=%u key_data_length=%u",
911 MAC2STR(sm->addr), key_info, key->type,
912 (unsigned int) mic_len, key_data_length);
913 wpa_hexdump(MSG_MSGDUMP,
914 "WPA: EAPOL-Key header (ending before Key MIC)",
915 key, sizeof(*key));
916 wpa_hexdump(MSG_MSGDUMP, "WPA: EAPOL-Key Key MIC",
917 mic, mic_len);
5e3b5197 918 if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
6fc6879b
JM		 919 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
920 "key_data overflow (%d > %lu)",
921 key_data_length,
922 (unsigned long) (data_len - sizeof(*hdr) -
5e3b5197 923 keyhdrlen));
6fc6879b
JM		 924 return;
925 }
926
f8e96eb6 927 if (sm->wpa == WPA_VERSION_WPA2) {
74590e71
JM		 928 if (key->type == EAPOL_KEY_TYPE_WPA) {
929 /*
930 * Some deployed station implementations seem to send
931 * msg 4/4 with incorrect type value in WPA2 mode.
932 */
933 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
934 "with unexpected WPA type in RSN mode");
935 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
f8e96eb6
JM		 936 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
937 "unexpected type %d in RSN mode",
938 key->type);
939 return;
940 }
941 } else {
942 if (key->type != EAPOL_KEY_TYPE_WPA) {
943 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
944 "unexpected type %d in WPA mode",
945 key->type);
946 return;
947 }
948 }
949
bc8318ac
JM		 950 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
951 WPA_NONCE_LEN);
952 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
953 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
954
6fc6879b
JM		 955 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
956 * are set */
957
958 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
959 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
960 if (key_info & WPA_KEY_INFO_ERROR) {
961 msg = SMK_ERROR;
962 msgtxt = "SMK Error";
963 } else {
964 msg = SMK_M1;
965 msgtxt = "SMK M1";
966 }
967 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
968 msg = SMK_M3;
969 msgtxt = "SMK M3";
970 } else if (key_info & WPA_KEY_INFO_REQUEST) {
971 msg = REQUEST;
972 msgtxt = "Request";
973 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
974 msg = GROUP_2;
975 msgtxt = "2/2 Group";
3b5b7aa8
JM		 976 } else if (key_data_length == 0 ||
977 (mic_len == 0 && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) &&
978 key_data_length == AES_BLOCK_SIZE)) {
6fc6879b
JM		 979 msg = PAIRWISE_4;
980 msgtxt = "4/4 Pairwise";
981 } else {
982 msg = PAIRWISE_2;
983 msgtxt = "2/4 Pairwise";
984 }
985
986 /* TODO: key_info type validation for PeerKey */
987 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
988 msg == GROUP_2) {
989 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
eb7719ff
JM		 990 if (sm->pairwise == WPA_CIPHER_CCMP ||
991 sm->pairwise == WPA_CIPHER_GCMP) {
6fc6879b 992 if (wpa_use_aes_cmac(sm) &&
a14896e8 993 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
929a2ea5 994 !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
b9866483 995 !wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
6fc6879b
JM		 996 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
997 wpa_auth_logger(wpa_auth, sm->addr,
998 LOGGER_WARNING,
999 "advertised support for "
1000 "AES-128-CMAC, but did not "
1001 "use it");
1002 return;
1003 }
1004
1005 if (!wpa_use_aes_cmac(sm) &&
1006 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1007 wpa_auth_logger(wpa_auth, sm->addr,
1008 LOGGER_WARNING,
1009 "did not use HMAC-SHA1-AES "
eb7719ff 1010 "with CCMP/GCMP");
6fc6879b
JM		 1011 return;
1012 }
1013 }
929a2ea5
JM		 1014
1015 if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
1016 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1017 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1018 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
1019 return;
1020 }
6fc6879b
JM		 1021 }
1022
1023 if (key_info & WPA_KEY_INFO_REQUEST) {
1024 if (sm->req_replay_counter_used &&
1025 os_memcmp(key->replay_counter, sm->req_replay_counter,
1026 WPA_REPLAY_COUNTER_LEN) <= 0) {
1027 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1028 "received EAPOL-Key request with "
1029 "replayed counter");
1030 return;
1031 }
1032 }
1033
1034 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
68921e24 1035 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
22a299ee 1036 int i;
68921e24
JM		 1037
1038 if (msg == PAIRWISE_2 &&
1039 wpa_replay_counter_valid(sm->prev_key_replay,
1040 key->replay_counter) &&
1041 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1042 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
1043 {
1044 /*
1045 * Some supplicant implementations (e.g., Windows XP
1046 * WZC) update SNonce for each EAPOL-Key 2/4. This
1047 * breaks the workaround on accepting any of the
1048 * pending requests, so allow the SNonce to be updated
1049 * even if we have already sent out EAPOL-Key 3/4.
1050 */
1051 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1052 "Process SNonce update from STA "
1053 "based on retransmitted EAPOL-Key "
1054 "1/4");
1055 sm->update_snonce = 1;
f23c5b17
JM		 1056 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1057 sm->alt_snonce_valid = TRUE;
1058 os_memcpy(sm->alt_replay_counter,
1059 sm->key_replay[0].counter,
1060 WPA_REPLAY_COUNTER_LEN);
1061 goto continue_processing;
1062 }
1063
1064 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1065 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1066 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1067 WPA_REPLAY_COUNTER_LEN) == 0) {
1068 /*
1069 * Supplicant may still be using the old SNonce since
1070 * there was two EAPOL-Key 2/4 messages and they had
1071 * different SNonce values.
1072 */
1073 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1074 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
68921e24
JM		 1075 goto continue_processing;
1076 }
1077
1078 if (msg == PAIRWISE_2 &&
1079 wpa_replay_counter_valid(sm->prev_key_replay,
1080 key->replay_counter) &&
1081 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1082 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1083 "ignore retransmitted EAPOL-Key %s - "
1084 "SNonce did not change", msgtxt);
1085 } else {
1086 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1087 "received EAPOL-Key %s with "
1088 "unexpected replay counter", msgtxt);
1089 }
22a299ee
JM		 1090 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
1091 if (!sm->key_replay[i].valid)
1092 break;
1093 wpa_hexdump(MSG_DEBUG, "pending replay counter",
1094 sm->key_replay[i].counter,
1095 WPA_REPLAY_COUNTER_LEN);
1096 }
6fc6879b
JM		 1097 wpa_hexdump(MSG_DEBUG, "received replay counter",
1098 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1099 return;
1100 }
1101
68921e24 1102continue_processing:
3b5b7aa8
JM		 1103#ifdef CONFIG_FILS
1104 if (sm->wpa == WPA_VERSION_WPA2 && mic_len == 0 &&
1105 !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1106 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1107 "WPA: Encr Key Data bit not set even though AEAD cipher is supposed to be used - drop frame");
1108 return;
1109 }
1110#endif /* CONFIG_FILS */
1111
6fc6879b
JM		 1112 switch (msg) {
1113 case PAIRWISE_2:
1114 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
68921e24
JM		 1115 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1116 (!sm->update_snonce ||
1117 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
6fc6879b
JM		 1118 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1119 "received EAPOL-Key msg 2/4 in "
1120 "invalid state (%d) - dropped",
1121 sm->wpa_ptk_state);
1122 return;
1123 }
bbb921da 1124 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
08704cd8
JM		 1125 if (sm->group->reject_4way_hs_for_entropy) {
1126 /*
1127 * The system did not have enough entropy to generate
1128 * strong random numbers. Reject the first 4-way
1129 * handshake(s) and collect some entropy based on the
1130 * information from it. Once enough entropy is
1131 * available, the next atempt will trigger GMK/Key
1132 * Counter update and the station will be allowed to
1133 * continue.
1134 */
1135 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
1136 "collect more entropy for random number "
1137 "generation");
08704cd8 1138 random_mark_pool_ready();
08704cd8
JM		 1139 wpa_sta_disconnect(wpa_auth, sm->addr);
1140 return;
1141 }
6fc6879b
JM		 1142 break;
1143 case PAIRWISE_4:
1144 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1145 !sm->PTK_valid) {
1146 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1147 "received EAPOL-Key msg 4/4 in "
1148 "invalid state (%d) - dropped",
1149 sm->wpa_ptk_state);
1150 return;
1151 }
1152 break;
1153 case GROUP_2:
1154 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1155 || !sm->PTK_valid) {
1156 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1157 "received EAPOL-Key msg 2/2 in "
1158 "invalid state (%d) - dropped",
1159 sm->wpa_ptk_group_state);
1160 return;
1161 }
1162 break;
1163#ifdef CONFIG_PEERKEY
1164 case SMK_M1:
1165 case SMK_M3:
1166 case SMK_ERROR:
1167 if (!wpa_auth->conf.peerkey) {
1168 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
1169 "PeerKey use disabled - ignoring message");
1170 return;
1171 }
1172 if (!sm->PTK_valid) {
1173 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1174 "received EAPOL-Key msg SMK in "
1175 "invalid state - dropped");
1176 return;
1177 }
1178 break;
1179#else /* CONFIG_PEERKEY */
1180 case SMK_M1:
1181 case SMK_M3:
1182 case SMK_ERROR:
1183 return; /* STSL disabled - ignore SMK messages */
1184#endif /* CONFIG_PEERKEY */
1185 case REQUEST:
1186 break;
1187 }
1188
1189 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1190 "received EAPOL-Key frame (%s)", msgtxt);
1191
1192 if (key_info & WPA_KEY_INFO_ACK) {
1193 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1194 "received invalid EAPOL-Key: Key Ack set");
1195 return;
1196 }
1197
b9866483
JM		 1198 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1199 !(key_info & WPA_KEY_INFO_MIC)) {
6fc6879b
JM		 1200 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1201 "received invalid EAPOL-Key: Key MIC not set");
1202 return;
1203 }
1204
b9866483
JM		 1205#ifdef CONFIG_FILS
1206 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1207 (key_info & WPA_KEY_INFO_MIC)) {
1208 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1209 "received invalid EAPOL-Key: Key MIC set");
1210 return;
1211 }
1212#endif /* CONFIG_FILS */
1213
6fc6879b 1214 sm->MICVerified = FALSE;
68921e24 1215 if (sm->PTK_valid && !sm->update_snonce) {
3b5b7aa8
JM		 1216 if (mic_len &&
1217 wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,
f23c5b17
JM		 1218 data_len) &&
1219 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1220 wpa_try_alt_snonce(sm, data, data_len))) {
6fc6879b
JM		 1221 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1222 "received EAPOL-Key with invalid MIC");
1223 return;
1224 }
1225 sm->MICVerified = TRUE;
1226 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
e4bf4db9 1227 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1228 }
1229
1230 if (key_info & WPA_KEY_INFO_REQUEST) {
1231 if (sm->MICVerified) {
1232 sm->req_replay_counter_used = 1;
1233 os_memcpy(sm->req_replay_counter, key->replay_counter,
1234 WPA_REPLAY_COUNTER_LEN);
1235 } else {
1236 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1237 "received EAPOL-Key request with "
1238 "invalid MIC");
1239 return;
1240 }
1241
1242 /*
1243 * TODO: should decrypt key data field if encryption was used;
1244 * even though MAC address KDE is not normally encrypted,
1245 * supplicant is allowed to encrypt it.
1246 */
1247 if (msg == SMK_ERROR) {
1248#ifdef CONFIG_PEERKEY
5e3b5197 1249 wpa_smk_error(wpa_auth, sm, key_data, key_data_length);
6fc6879b
JM		 1250#endif /* CONFIG_PEERKEY */
1251 return;
1252 } else if (key_info & WPA_KEY_INFO_ERROR) {
c772d054
JM		 1253 if (wpa_receive_error_report(
1254 wpa_auth, sm,
1255 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1256 return; /* STA entry was removed */
6fc6879b
JM		 1257 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1258 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1259 "received EAPOL-Key Request for new "
1260 "4-Way Handshake");
1261 wpa_request_new_ptk(sm);
1262#ifdef CONFIG_PEERKEY
1263 } else if (msg == SMK_M1) {
5e3b5197 1264 wpa_smk_m1(wpa_auth, sm, key, key_data,
5c6787a6 1265 key_data_length);
6fc6879b
JM		 1266#endif /* CONFIG_PEERKEY */
1267 } else if (key_data_length > 0 &&
5e3b5197
JM		 1268 wpa_parse_kde_ies(key_data, key_data_length,
1269 &kde) == 0 &&
6fc6879b
JM		 1270 kde.mac_addr) {
1271 } else {
1272 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1273 "received EAPOL-Key Request for GTK "
1274 "rekeying");
6fc6879b
JM		 1275 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1276 wpa_rekey_gtk(wpa_auth, NULL);
1277 }
1278 } else {
68921e24
JM		 1279 /* Do not allow the same key replay counter to be reused. */
1280 wpa_replay_counter_mark_invalid(sm->key_replay,
1281 key->replay_counter);
1282
1283 if (msg == PAIRWISE_2) {
1284 /*
1285 * Maintain a copy of the pending EAPOL-Key frames in
1286 * case the EAPOL-Key frame was retransmitted. This is
1287 * needed to allow EAPOL-Key msg 2/4 reply to another
1288 * pending msg 1/4 to update the SNonce to work around
1289 * unexpected supplicant behavior.
1290 */
1291 os_memcpy(sm->prev_key_replay, sm->key_replay,
1292 sizeof(sm->key_replay));
1293 } else {
1294 os_memset(sm->prev_key_replay, 0,
1295 sizeof(sm->prev_key_replay));
1296 }
1297
1298 /*
1299 * Make sure old valid counters are not accepted anymore and
1300 * do not get copied again.
1301 */
1302 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
6fc6879b
JM		 1303 }
1304
1305#ifdef CONFIG_PEERKEY
1306 if (msg == SMK_M3) {
5e3b5197 1307 wpa_smk_m3(wpa_auth, sm, key, key_data, key_data_length);
6fc6879b
JM		 1308 return;
1309 }
1310#endif /* CONFIG_PEERKEY */
1311
1312 os_free(sm->last_rx_eapol_key);
1313 sm->last_rx_eapol_key = os_malloc(data_len);
1314 if (sm->last_rx_eapol_key == NULL)
1315 return;
1316 os_memcpy(sm->last_rx_eapol_key, data, data_len);
1317 sm->last_rx_eapol_key_len = data_len;
1318
0d442aff 1319 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
6fc6879b
JM		 1320 sm->EAPOLKeyReceived = TRUE;
1321 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1322 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1323 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1324 wpa_sm_step(sm);
1325}
1326
1327
3c7302c2
JM		 1328static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1329 const u8 *gnonce, u8 *gtk, size_t gtk_len)
6fc6879b 1330{
5cb9d5c3
JM		 1331 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1332 u8 *pos;
3c7302c2 1333 int ret = 0;
6fc6879b 1334
5cb9d5c3
JM		 1335 /* GTK = PRF-X(GMK, "Group key expansion",
1336 * AA || GNonce || Time || random data)
1337 * The example described in the IEEE 802.11 standard uses only AA and
1338 * GNonce as inputs here. Add some more entropy since this derivation
1339 * is done only at the Authenticator and as such, does not need to be
1340 * exactly same.
1341 */
6fc6879b
JM		 1342 os_memcpy(data, addr, ETH_ALEN);
1343 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
5cb9d5c3
JM		 1344 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1345 wpa_get_ntp_timestamp(pos);
1346 pos += 8;
3642c431 1347 if (random_get_bytes(pos, 16) < 0)
3c7302c2 1348 ret = -1;
6fc6879b 1349
56586197 1350#ifdef CONFIG_IEEE80211W
5cb9d5c3 1351 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
56586197 1352#else /* CONFIG_IEEE80211W */
3c7302c2
JM		 1353 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1354 < 0)
1355 ret = -1;
56586197 1356#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 1357
1358 return ret;
6fc6879b
JM		 1359}
1360
1361
1362static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1363{
1364 struct wpa_authenticator *wpa_auth = eloop_ctx;
1365 struct wpa_state_machine *sm = timeout_ctx;
1366
e4bf4db9 1367 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1368 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1369 sm->TimeoutEvt = TRUE;
1370 wpa_sm_step(sm);
1371}
1372
1373
1374void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1375 struct wpa_state_machine *sm, int key_info,
1376 const u8 *key_rsc, const u8 *nonce,
1377 const u8 *kde, size_t kde_len,
1378 int keyidx, int encr, int force_version)
1379{
1380 struct ieee802_1x_hdr *hdr;
1381 struct wpa_eapol_key *key;
5e3b5197 1382 size_t len, mic_len, keyhdrlen;
6fc6879b
JM		 1383 int alg;
1384 int key_data_len, pad_len = 0;
1385 u8 *buf, *pos;
1386 int version, pairwise;
22a299ee 1387 int i;
6d014ffc 1388 u8 *key_mic, *key_data;
6fc6879b 1389
5e3b5197 1390 mic_len = wpa_mic_len(sm->wpa_key_mgmt);
6d014ffc 1391 keyhdrlen = sizeof(*key) + mic_len + 2;
5e3b5197
JM		 1392
1393 len = sizeof(struct ieee802_1x_hdr) + keyhdrlen;
6fc6879b
JM		 1394
1395 if (force_version)
1396 version = force_version;
929a2ea5 1397 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
36a50fd4
JM		 1398 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
1399 wpa_key_mgmt_fils(sm->wpa_key_mgmt))
a14896e8 1400 version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
6fc6879b
JM		 1401 else if (wpa_use_aes_cmac(sm))
1402 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
eb7719ff 1403 else if (sm->pairwise != WPA_CIPHER_TKIP)
6fc6879b
JM		 1404 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1405 else
1406 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1407
8543ed8a 1408 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
6fc6879b
JM		 1409
1410 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1411 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1412 "encr=%d)",
1413 version,
1414 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1415 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1416 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1417 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1418 pairwise, (unsigned long) kde_len, keyidx, encr);
1419
1420 key_data_len = kde_len;
1421
1422 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
a14896e8 1423 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
929a2ea5 1424 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
6fc6879b
JM		 1425 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1426 pad_len = key_data_len % 8;
1427 if (pad_len)
1428 pad_len = 8 - pad_len;
1429 key_data_len += pad_len + 8;
1430 }
1431
1432 len += key_data_len;
1433
1434 hdr = os_zalloc(len);
1435 if (hdr == NULL)
1436 return;
1437 hdr->version = wpa_auth->conf.eapol_version;
1438 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1439 hdr->length = host_to_be16(len - sizeof(*hdr));
1440 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 1441 key_mic = (u8 *) (key + 1);
5e3b5197 1442 key_data = ((u8 *) (hdr + 1)) + keyhdrlen;
6fc6879b
JM		 1443
1444 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1445 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1446 key_info |= version;
1447 if (encr && sm->wpa == WPA_VERSION_WPA2)
1448 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1449 if (sm->wpa != WPA_VERSION_WPA2)
1450 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1451 WPA_PUT_BE16(key->key_info, key_info);
1452
1453 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
c3550295 1454 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
6fc6879b
JM		 1455 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1456 WPA_PUT_BE16(key->key_length, 0);
1457
1458 /* FIX: STSL: what to use as key_replay_counter? */
22a299ee
JM		 1459 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1460 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1461 os_memcpy(sm->key_replay[i].counter,
1462 sm->key_replay[i - 1].counter,
1463 WPA_REPLAY_COUNTER_LEN);
1464 }
1465 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1466 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
6fc6879b 1467 WPA_REPLAY_COUNTER_LEN);
db099951
JM		 1468 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
1469 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
22a299ee 1470 sm->key_replay[0].valid = TRUE;
6fc6879b
JM		 1471
1472 if (nonce)
1473 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1474
1475 if (key_rsc)
1476 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1477
1478 if (kde && !encr) {
5e3b5197 1479 os_memcpy(key_data, kde, kde_len);
6d014ffc 1480 WPA_PUT_BE16(key_mic + mic_len, kde_len);
6fc6879b
JM		 1481 } else if (encr && kde) {
1482 buf = os_zalloc(key_data_len);
1483 if (buf == NULL) {
1484 os_free(hdr);
1485 return;
1486 }
1487 pos = buf;
1488 os_memcpy(pos, kde, kde_len);
1489 pos += kde_len;
1490
1491 if (pad_len)
1492 *pos++ = 0xdd;
1493
1494 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1495 buf, key_data_len);
1496 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
a14896e8 1497 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
929a2ea5 1498 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
6fc6879b 1499 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
98cd3d1c 1500 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
5e3b5197 1501 (key_data_len - 8) / 8, buf, key_data)) {
6fc6879b
JM		 1502 os_free(hdr);
1503 os_free(buf);
1504 return;
1505 }
6d014ffc 1506 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
7cb53ded 1507#ifndef CONFIG_NO_RC4
98cd3d1c 1508 } else if (sm->PTK.kek_len == 16) {
6fc6879b
JM		 1509 u8 ek[32];
1510 os_memcpy(key->key_iv,
1511 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1512 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1513 os_memcpy(ek, key->key_iv, 16);
98cd3d1c 1514 os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len);
5e3b5197
JM		 1515 os_memcpy(key_data, buf, key_data_len);
1516 rc4_skip(ek, 32, 256, key_data, key_data_len);
6d014ffc 1517 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
7cb53ded 1518#endif /* CONFIG_NO_RC4 */
98cd3d1c
JM		 1519 } else {
1520 os_free(hdr);
1521 os_free(buf);
1522 return;
6fc6879b
JM		 1523 }
1524 os_free(buf);
1525 }
1526
1527 if (key_info & WPA_KEY_INFO_MIC) {
1528 if (!sm->PTK_valid) {
1529 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1530 "PTK not valid when sending EAPOL-Key "
1531 "frame");
1532 os_free(hdr);
1533 return;
1534 }
5e3b5197 1535
98cd3d1c
JM		 1536 wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len,
1537 sm->wpa_key_mgmt, version,
5e3b5197 1538 (u8 *) hdr, len, key_mic);
7af092a0
JB		 1539#ifdef CONFIG_TESTING_OPTIONS
1540 if (!pairwise &&
06df2aa6 1541 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
7af092a0
JB		 1542 drand48() <
1543 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1544 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1545 "Corrupting group EAPOL-Key Key MIC");
5e3b5197 1546 key_mic[0]++;
7af092a0
JB		 1547 }
1548#endif /* CONFIG_TESTING_OPTIONS */
6fc6879b
JM		 1549 }
1550
1551 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1552 1);
1553 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1554 sm->pairwise_set);
1555 os_free(hdr);
1556}
1557
1558
1559static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1560 struct wpa_state_machine *sm, int key_info,
1561 const u8 *key_rsc, const u8 *nonce,
1562 const u8 *kde, size_t kde_len,
1563 int keyidx, int encr)
1564{
1565 int timeout_ms;
1566 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
bae61562 1567 int ctr;
6fc6879b
JM		 1568
1569 if (sm == NULL)
1570 return;
1571
1572 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1573 keyidx, encr, 0);
1574
bae61562 1575 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
e4bf4db9 1576 if (ctr == 1 && wpa_auth->conf.tx_status)
00338a4f
JM		 1577 timeout_ms = pairwise ? eapol_key_timeout_first :
1578 eapol_key_timeout_first_group;
bae61562
JM		 1579 else
1580 timeout_ms = eapol_key_timeout_subseq;
e4bf4db9
JM		 1581 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1582 sm->pending_1_of_4_timeout = 1;
1583 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1584 "counter %d)", timeout_ms, ctr);
6fc6879b
JM		 1585 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1586 wpa_send_eapol_timeout, wpa_auth, sm);
1587}
1588
1589
929a2ea5
JM		 1590static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
1591 size_t data_len)
6fc6879b
JM		 1592{
1593 struct ieee802_1x_hdr *hdr;
1594 struct wpa_eapol_key *key;
1595 u16 key_info;
1596 int ret = 0;
6d014ffc 1597 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN], *mic_pos;
5e3b5197 1598 size_t mic_len = wpa_mic_len(akmp);
6fc6879b
JM		 1599
1600 if (data_len < sizeof(*hdr) + sizeof(*key))
1601 return -1;
1602
1603 hdr = (struct ieee802_1x_hdr *) data;
1604 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 1605 mic_pos = (u8 *) (key + 1);
6fc6879b 1606 key_info = WPA_GET_BE16(key->key_info);
6d014ffc
JM		 1607 os_memcpy(mic, mic_pos, mic_len);
1608 os_memset(mic_pos, 0, mic_len);
98cd3d1c
JM		 1609 if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp,
1610 key_info & WPA_KEY_INFO_TYPE_MASK,
6d014ffc
JM		 1611 data, data_len, mic_pos) ||
1612 os_memcmp_const(mic, mic_pos, mic_len) != 0)
6fc6879b 1613 ret = -1;
6d014ffc 1614 os_memcpy(mic_pos, mic, mic_len);
6fc6879b
JM		 1615 return ret;
1616}
1617
1618
1619void wpa_remove_ptk(struct wpa_state_machine *sm)
1620{
1621 sm->PTK_valid = FALSE;
1622 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
26083221 1623 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
6fc6879b 1624 sm->pairwise_set = FALSE;
581a8cde 1625 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 1626}
1627
1628
bb119228 1629int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
6fc6879b 1630{
5d22a1d5
JM		 1631 int remove_ptk = 1;
1632
6fc6879b 1633 if (sm == NULL)
6f9b5d16 1634 return -1;
6fc6879b
JM		 1635
1636 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1637 "event %d notification", event);
1638
1639 switch (event) {
1640 case WPA_AUTH:
c50d94f1
BC		 1641#ifdef CONFIG_MESH
1642 /* PTKs are derived through AMPE */
1643 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1644 /* not mesh */
1645 break;
1646 }
1647 return 0;
1648#endif /* CONFIG_MESH */
6fc6879b
JM		 1649 case WPA_ASSOC:
1650 break;
1651 case WPA_DEAUTH:
1652 case WPA_DISASSOC:
1653 sm->DeauthenticationRequest = TRUE;
1654 break;
1655 case WPA_REAUTH:
1656 case WPA_REAUTH_EAPOL:
3ab72b62
JM		 1657 if (!sm->started) {
1658 /*
1659 * When using WPS, we may end up here if the STA
1660 * manages to re-associate without the previous STA
1661 * entry getting removed. Consequently, we need to make
1662 * sure that the WPA state machines gets initialized
1663 * properly at this point.
1664 */
1665 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1666 "started - initialize now");
1667 sm->started = 1;
1668 sm->Init = TRUE;
1669 if (wpa_sm_step(sm) == 1)
1670 return 1; /* should not really happen */
1671 sm->Init = FALSE;
1672 sm->AuthenticationRequest = TRUE;
1673 break;
1674 }
9663596f
JM		 1675 if (sm->GUpdateStationKeys) {
1676 /*
1677 * Reauthentication cancels the pending group key
1678 * update for this STA.
1679 */
1680 sm->group->GKeyDoneStations--;
1681 sm->GUpdateStationKeys = FALSE;
1682 sm->PtkGroupInit = TRUE;
1683 }
6fc6879b
JM		 1684 sm->ReAuthenticationRequest = TRUE;
1685 break;
1686 case WPA_ASSOC_FT:
1687#ifdef CONFIG_IEEE80211R
81a658d7
JM		 1688 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1689 "after association");
1690 wpa_ft_install_ptk(sm);
1691
6fc6879b
JM		 1692 /* Using FT protocol, not WPA auth state machine */
1693 sm->ft_completed = 1;
6f9b5d16 1694 return 0;
6fc6879b
JM		 1695#else /* CONFIG_IEEE80211R */
1696 break;
1697#endif /* CONFIG_IEEE80211R */
1698 }
1699
1700#ifdef CONFIG_IEEE80211R
1701 sm->ft_completed = 0;
1702#endif /* CONFIG_IEEE80211R */
1703
5d22a1d5
JM		 1704#ifdef CONFIG_IEEE80211W
1705 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1706 remove_ptk = 0;
1707#endif /* CONFIG_IEEE80211W */
6fc6879b 1708
5d22a1d5
JM		 1709 if (remove_ptk) {
1710 sm->PTK_valid = FALSE;
1711 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1712
1713 if (event != WPA_REAUTH_EAPOL)
1714 wpa_remove_ptk(sm);
1715 }
6fc6879b 1716
43f49c37
JM		 1717 if (sm->in_step_loop) {
1718 /*
1719 * wpa_sm_step() is already running - avoid recursive call to
1720 * it by making the existing loop process the new update.
1721 */
1722 sm->changed = TRUE;
1723 return 0;
1724 }
6f9b5d16 1725 return wpa_sm_step(sm);
6fc6879b
JM		 1726}
1727
1728
6fc6879b
JM		 1729SM_STATE(WPA_PTK, INITIALIZE)
1730{
1731 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1732 if (sm->Init) {
1733 /* Init flag is not cleared here, so avoid busy
1734 * loop by claiming nothing changed. */
1735 sm->changed = FALSE;
1736 }
1737
1738 sm->keycount = 0;
1739 if (sm->GUpdateStationKeys)
1740 sm->group->GKeyDoneStations--;
1741 sm->GUpdateStationKeys = FALSE;
1742 if (sm->wpa == WPA_VERSION_WPA)
1743 sm->PInitAKeys = FALSE;
1744 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1745 * Local AA > Remote AA)) */) {
1746 sm->Pair = TRUE;
1747 }
1748 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1749 wpa_remove_ptk(sm);
1750 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1751 sm->TimeoutCtr = 0;
56586197 1752 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1753 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1754 WPA_EAPOL_authorized, 0);
1755 }
1756}
1757
1758
1759SM_STATE(WPA_PTK, DISCONNECT)
1760{
1761 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1762 sm->Disconnect = FALSE;
1763 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1764}
1765
1766
1767SM_STATE(WPA_PTK, DISCONNECTED)
1768{
1769 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1770 sm->DeauthenticationRequest = FALSE;
1771}
1772
1773
1774SM_STATE(WPA_PTK, AUTHENTICATION)
1775{
1776 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1777 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1778 sm->PTK_valid = FALSE;
1779 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1780 1);
1781 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1782 sm->AuthenticationRequest = FALSE;
1783}
1784
1785
40d00d2b
NC		 1786static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1787 struct wpa_group *group)
1bdb7ab3 1788{
40d00d2b
NC		 1789 if (group->first_sta_seen)
1790 return;
1bdb7ab3
JM		 1791 /*
1792 * System has run bit further than at the time hostapd was started
1793 * potentially very early during boot up. This provides better chances
1794 * of collecting more randomness on embedded systems. Re-initialize the
1795 * GMK and Counter here to improve their strength if there was not
1796 * enough entropy available immediately after system startup.
1797 */
1798 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1799 "station");
08704cd8
JM		 1800 if (random_pool_ready() != 1) {
1801 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1802 "to proceed - reject first 4-way handshake");
1803 group->reject_4way_hs_for_entropy = TRUE;
40d00d2b
NC		 1804 } else {
1805 group->first_sta_seen = TRUE;
1806 group->reject_4way_hs_for_entropy = FALSE;
08704cd8 1807 }
40d00d2b 1808
aac1efec
JM		 1809 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
1810 wpa_gtk_update(wpa_auth, group) < 0 ||
1811 wpa_group_config_group_keys(wpa_auth, group) < 0) {
1812 wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed");
1813 group->first_sta_seen = FALSE;
1814 group->reject_4way_hs_for_entropy = TRUE;
1815 }
1bdb7ab3
JM		 1816}
1817
1818
6fc6879b
JM		 1819SM_STATE(WPA_PTK, AUTHENTICATION2)
1820{
1821 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1bdb7ab3 1822
40d00d2b 1823 wpa_group_ensure_init(sm->wpa_auth, sm->group);
65a32cdb 1824 sm->ReAuthenticationRequest = FALSE;
1bdb7ab3 1825
3825a19b
JM		 1826 /*
1827 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
1828 * ambiguous. The Authenticator state machine uses a counter that is
1829 * incremented by one for each 4-way handshake. However, the security
1830 * analysis of 4-way handshake points out that unpredictable nonces
1831 * help in preventing precomputation attacks. Instead of the state
1832 * machine definition, use an unpredictable nonce value here to provide
1833 * stronger protection against potential precomputation attacks.
1834 */
1835 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1836 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
1837 "ANonce.");
65a32cdb 1838 sm->Disconnect = TRUE;
3825a19b
JM		 1839 return;
1840 }
bc8318ac
JM		 1841 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1842 WPA_NONCE_LEN);
6fc6879b
JM		 1843 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1844 * logical place than INITIALIZE since AUTHENTICATION2 can be
1845 * re-entered on ReAuthenticationRequest without going through
1846 * INITIALIZE. */
1847 sm->TimeoutCtr = 0;
1848}
1849
1850
1851SM_STATE(WPA_PTK, INITPMK)
1852{
1853 u8 msk[2 * PMK_LEN];
1854 size_t len = 2 * PMK_LEN;
1855
1856 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1857#ifdef CONFIG_IEEE80211R
1858 sm->xxkey_len = 0;
1859#endif /* CONFIG_IEEE80211R */
1860 if (sm->pmksa) {
1861 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
207976f0
JM		 1862 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
1863 sm->pmk_len = sm->pmksa->pmk_len;
6fc6879b 1864 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
207976f0
JM		 1865 unsigned int pmk_len;
1866
1867 if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
1868 pmk_len = PMK_LEN_SUITE_B_192;
1869 else
1870 pmk_len = PMK_LEN;
6fc6879b 1871 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
207976f0
JM		 1872 "(MSK len=%lu PMK len=%u)", (unsigned long) len,
1873 pmk_len);
1874 if (len < pmk_len) {
1875 wpa_printf(MSG_DEBUG,
1876 "WPA: MSK not long enough (%u) to create PMK (%u)",
1877 (unsigned int) len, (unsigned int) pmk_len);
1878 sm->Disconnect = TRUE;
1879 return;
1880 }
1881 os_memcpy(sm->PMK, msk, pmk_len);
1882 sm->pmk_len = pmk_len;
6fc6879b
JM		 1883#ifdef CONFIG_IEEE80211R
1884 if (len >= 2 * PMK_LEN) {
1885 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1886 sm->xxkey_len = PMK_LEN;
1887 }
1888#endif /* CONFIG_IEEE80211R */
1889 } else {
400de9b1
BG		 1890 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
1891 sm->wpa_auth->cb.get_msk);
1180dd66
JM		 1892 sm->Disconnect = TRUE;
1893 return;
6fc6879b 1894 }
40aaa64f 1895 os_memset(msk, 0, sizeof(msk));
6fc6879b
JM		 1896
1897 sm->req_replay_counter_used = 0;
1898 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1899 * will break reauthentication since EAPOL state machines may not be
1900 * get into AUTHENTICATING state that clears keyRun before WPA state
1901 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1902 * state and takes PMK from the previously used AAA Key. This will
1903 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1904 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1905 * be good workaround for this issue. */
1906 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1907}
1908
1909
1910SM_STATE(WPA_PTK, INITPSK)
1911{
1912 const u8 *psk;
1913 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
759fd76b 1914 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL);
6fc6879b
JM		 1915 if (psk) {
1916 os_memcpy(sm->PMK, psk, PMK_LEN);
207976f0 1917 sm->pmk_len = PMK_LEN;
6fc6879b
JM		 1918#ifdef CONFIG_IEEE80211R
1919 os_memcpy(sm->xxkey, psk, PMK_LEN);
1920 sm->xxkey_len = PMK_LEN;
1921#endif /* CONFIG_IEEE80211R */
1922 }
1923 sm->req_replay_counter_used = 0;
1924}
1925
1926
1927SM_STATE(WPA_PTK, PTKSTART)
1928{
1929 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1930 size_t pmkid_len = 0;
1931
1932 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1933 sm->PTKRequest = FALSE;
1934 sm->TimeoutEvt = FALSE;
f23c5b17 1935 sm->alt_snonce_valid = FALSE;
bae61562
JM		 1936
1937 sm->TimeoutCtr++;
1938 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1939 /* No point in sending the EAPOL-Key - we will disconnect
1940 * immediately following this. */
1941 return;
1942 }
1943
6fc6879b
JM		 1944 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1945 "sending 1/4 msg of 4-Way Handshake");
1946 /*
1947 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1948 * one possible PSK for this STA.
1949 */
1950 if (sm->wpa == WPA_VERSION_WPA2 &&
a14896e8
JM		 1951 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1952 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
6fc6879b
JM		 1953 pmkid = buf;
1954 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1955 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1956 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1957 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
929a2ea5 1958 if (sm->pmksa) {
6fc6879b
JM		 1959 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1960 sm->pmksa->pmkid, PMKID_LEN);
929a2ea5
JM		 1961 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
1962 /* No KCK available to derive PMKID */
1963 pmkid = NULL;
1964 } else {
6fc6879b
JM		 1965 /*
1966 * Calculate PMKID since no PMKSA cache entry was
1967 * available with pre-calculated PMKID.
1968 */
207976f0 1969 rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr,
56586197
JM		 1970 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1971 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 1972 }
1973 }
1974 wpa_send_eapol(sm->wpa_auth, sm,
1975 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1976 sm->ANonce, pmkid, pmkid_len, 0, 0);
6fc6879b
JM		 1977}
1978
1979
f23c5b17 1980static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
207976f0
JM		 1981 const u8 *pmk, unsigned int pmk_len,
1982 struct wpa_ptk *ptk)
6fc6879b
JM		 1983{
1984#ifdef CONFIG_IEEE80211R
56586197 1985 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
98cd3d1c 1986 return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
6fc6879b
JM		 1987#endif /* CONFIG_IEEE80211R */
1988
207976f0 1989 return wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
98cd3d1c
JM		 1990 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
1991 ptk, sm->wpa_key_mgmt, sm->pairwise);
6fc6879b
JM		 1992}
1993
1994
3b5b7aa8
JM		 1995#ifdef CONFIG_FILS
1996static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
1997 u16 *_key_data_len)
1998{
1999 struct ieee802_1x_hdr *hdr;
2000 struct wpa_eapol_key *key;
2001 u8 *pos;
2002 u16 key_data_len;
2003 u8 *tmp;
2004 const u8 *aad[1];
2005 size_t aad_len[1];
2006
2007 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
2008 key = (struct wpa_eapol_key *) (hdr + 1);
2009 pos = (u8 *) (key + 1);
2010 key_data_len = WPA_GET_BE16(pos);
2011 if (key_data_len < AES_BLOCK_SIZE ||
2012 key_data_len > buf_len - sizeof(*hdr) - sizeof(*key) - 2) {
2013 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2014 "No room for AES-SIV data in the frame");
2015 return -1;
2016 }
2017 pos += 2; /* Pointing at the Encrypted Key Data field */
2018
2019 tmp = os_malloc(key_data_len);
2020 if (!tmp)
2021 return -1;
2022
2023 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
2024 * to Key Data (exclusive). */
2025 aad[0] = sm->last_rx_eapol_key;
2026 aad_len[0] = pos - sm->last_rx_eapol_key;
2027 if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, key_data_len,
2028 1, aad, aad_len, tmp) < 0) {
2029 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2030 "Invalid AES-SIV data in the frame");
2031 bin_clear_free(tmp, key_data_len);
2032 return -1;
2033 }
2034
2035 /* AEAD decryption and validation completed successfully */
2036 key_data_len -= AES_BLOCK_SIZE;
2037 wpa_hexdump_key(MSG_DEBUG, "WPA: Decrypted Key Data",
2038 tmp, key_data_len);
2039
2040 /* Replace Key Data field with the decrypted version */
2041 os_memcpy(pos, tmp, key_data_len);
2042 pos -= 2; /* Key Data Length field */
2043 WPA_PUT_BE16(pos, key_data_len);
2044 bin_clear_free(tmp, key_data_len);
2045 if (_key_data_len)
2046 *_key_data_len = key_data_len;
2047 return 0;
2048}
2049#endif /* CONFIG_FILS */
2050
2051
6fc6879b
JM		 2052SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
2053{
3b5b7aa8 2054 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
6fc6879b 2055 struct wpa_ptk PTK;
2c502460 2056 int ok = 0, psk_found = 0;
6fc6879b 2057 const u8 *pmk = NULL;
207976f0 2058 unsigned int pmk_len;
3b5b7aa8
JM		 2059 int ft;
2060 const u8 *eapol_key_ie, *key_data, *mic;
2061 u16 key_data_length;
2062 size_t mic_len, eapol_key_ie_len;
2063 struct ieee802_1x_hdr *hdr;
2064 struct wpa_eapol_key *key;
2065 struct wpa_eapol_ie_parse kde;
6fc6879b
JM		 2066
2067 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
2068 sm->EAPOLKeyReceived = FALSE;
68921e24 2069 sm->update_snonce = FALSE;
6fc6879b 2070
3b5b7aa8
JM		 2071 mic_len = wpa_mic_len(sm->wpa_key_mgmt);
2072
6fc6879b
JM		 2073 /* WPA with IEEE 802.1X: use the derived PMK from EAP
2074 * WPA-PSK: iterate through possible PSKs and select the one matching
2075 * the packet */
2076 for (;;) {
56586197 2077 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
759fd76b
JM		 2078 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
2079 sm->p2p_dev_addr, pmk);
6fc6879b
JM		 2080 if (pmk == NULL)
2081 break;
2c502460 2082 psk_found = 1;
207976f0
JM		 2083 pmk_len = PMK_LEN;
2084 } else {
6fc6879b 2085 pmk = sm->PMK;
207976f0
JM		 2086 pmk_len = sm->pmk_len;
2087 }
6fc6879b 2088
207976f0 2089 wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK);
6fc6879b 2090
3b5b7aa8
JM		 2091 if (mic_len &&
2092 wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
929a2ea5 2093 sm->last_rx_eapol_key,
6fc6879b
JM		 2094 sm->last_rx_eapol_key_len) == 0) {
2095 ok = 1;
2096 break;
2097 }
2098
3b5b7aa8
JM		 2099#ifdef CONFIG_FILS
2100 if (!mic_len && wpa_aead_decrypt(sm, &PTK, NULL) == 0) {
2101 ok = 1;
2102 break;
2103 }
2104#endif /* CONFIG_FILS */
2105
56586197 2106 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
6fc6879b
JM		 2107 break;
2108 }
2109
2110 if (!ok) {
2111 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2112 "invalid MIC in msg 2/4 of 4-Way Handshake");
2c502460
JM		 2113 if (psk_found)
2114 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
6fc6879b
JM		 2115 return;
2116 }
2117
3b5b7aa8
JM		 2118 /*
2119 * Note: last_rx_eapol_key length fields have already been validated in
2120 * wpa_receive().
2121 */
2122 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
2123 key = (struct wpa_eapol_key *) (hdr + 1);
2124 mic = (u8 *) (key + 1);
2125 key_data = mic + mic_len + 2;
2126 key_data_length = WPA_GET_BE16(mic + mic_len);
2127 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
2128 sizeof(*key) - mic_len - 2)
2129 return;
2130
2131 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
2132 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2133 "received EAPOL-Key msg 2/4 with invalid Key Data contents");
2134 return;
2135 }
2136 if (kde.rsn_ie) {
2137 eapol_key_ie = kde.rsn_ie;
2138 eapol_key_ie_len = kde.rsn_ie_len;
2139 } else if (kde.osen) {
2140 eapol_key_ie = kde.osen;
2141 eapol_key_ie_len = kde.osen_len;
2142 } else {
2143 eapol_key_ie = kde.wpa_ie;
2144 eapol_key_ie_len = kde.wpa_ie_len;
2145 }
2146 ft = sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt);
2147 if (sm->wpa_ie == NULL ||
2148 wpa_compare_rsn_ie(ft, sm->wpa_ie, sm->wpa_ie_len,
2149 eapol_key_ie, eapol_key_ie_len)) {
2150 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2151 "WPA IE from (Re)AssocReq did not match with msg 2/4");
2152 if (sm->wpa_ie) {
2153 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
2154 sm->wpa_ie, sm->wpa_ie_len);
2155 }
2156 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
2157 eapol_key_ie, eapol_key_ie_len);
2158 /* MLME-DEAUTHENTICATE.request */
2159 wpa_sta_disconnect(wpa_auth, sm->addr);
2160 return;
2161 }
2162#ifdef CONFIG_IEEE80211R
2163 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
2164 wpa_sta_disconnect(wpa_auth, sm->addr);
2165 return;
2166 }
2167#endif /* CONFIG_IEEE80211R */
2168#ifdef CONFIG_P2P
2169 if (kde.ip_addr_req && kde.ip_addr_req[0] &&
2170 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
2171 int idx;
2172 wpa_printf(MSG_DEBUG,
2173 "P2P: IP address requested in EAPOL-Key exchange");
2174 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
2175 if (idx >= 0) {
2176 u32 start = WPA_GET_BE32(wpa_auth->conf.ip_addr_start);
2177 bitfield_set(wpa_auth->ip_pool, idx);
2178 WPA_PUT_BE32(sm->ip_addr, start + idx);
2179 wpa_printf(MSG_DEBUG,
2180 "P2P: Assigned IP address %u.%u.%u.%u to "
2181 MACSTR, sm->ip_addr[0], sm->ip_addr[1],
2182 sm->ip_addr[2], sm->ip_addr[3],
2183 MAC2STR(sm->addr));
2184 }
2185 }
2186#endif /* CONFIG_P2P */
2187
26e23750
JM		 2188#ifdef CONFIG_IEEE80211R
2189 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2190 /*
2191 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
2192 * with the value we derived.
2193 */
870834a1
JM		 2194 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
2195 WPA_PMK_NAME_LEN) != 0) {
26e23750
JM		 2196 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2197 "PMKR1Name mismatch in FT 4-way "
2198 "handshake");
2199 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
2200 "Supplicant",
2201 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
2202 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
2203 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2204 return;
2205 }
2206 }
2207#endif /* CONFIG_IEEE80211R */
2208
e4bf4db9 2209 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 2210 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2211
56586197 2212 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2213 /* PSK may have changed from the previous choice, so update
2214 * state machine data based on whatever PSK was selected here.
2215 */
2216 os_memcpy(sm->PMK, pmk, PMK_LEN);
207976f0 2217 sm->pmk_len = PMK_LEN;
6fc6879b
JM		 2218 }
2219
2220 sm->MICVerified = TRUE;
2221
2222 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
2223 sm->PTK_valid = TRUE;
2224}
2225
2226
2227SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2228{
2229 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2230 sm->TimeoutCtr = 0;
2231}
2232
2233
2234#ifdef CONFIG_IEEE80211W
2235
2236static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2237{
2238 if (sm->mgmt_frame_prot) {
8dd9f9cd
JM		 2239 size_t len;
2240 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2241 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
6fc6879b
JM		 2242 }
2243
2244 return 0;
2245}
2246
2247
2248static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2249{
2250 struct wpa_igtk_kde igtk;
2251 struct wpa_group *gsm = sm->group;
03610ad2 2252 u8 rsc[WPA_KEY_RSC_LEN];
8dd9f9cd 2253 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
6fc6879b
JM		 2254
2255 if (!sm->mgmt_frame_prot)
2256 return pos;
2257
2258 igtk.keyid[0] = gsm->GN_igtk;
2259 igtk.keyid[1] = 0;
7b1080da 2260 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
03610ad2 2261 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
6fc6879b 2262 os_memset(igtk.pn, 0, sizeof(igtk.pn));
03610ad2
JM		 2263 else
2264 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
8dd9f9cd 2265 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
83421850
JM		 2266 if (sm->wpa_auth->conf.disable_gtk) {
2267 /*
2268 * Provide unique random IGTK to each STA to prevent use of
2269 * IGTK in the BSS.
2270 */
8dd9f9cd 2271 if (random_get_bytes(igtk.igtk, len) < 0)
83421850
JM		 2272 return pos;
2273 }
6fc6879b 2274 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
8dd9f9cd
JM		 2275 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
2276 NULL, 0);
6fc6879b
JM		 2277
2278 return pos;
2279}
2280
2281#else /* CONFIG_IEEE80211W */
2282
2283static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2284{
2285 return 0;
2286}
2287
2288
2289static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2290{
2291 return pos;
2292}
2293
2294#endif /* CONFIG_IEEE80211W */
2295
2296
2297SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
2298{
83421850 2299 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
6fc6879b
JM		 2300 size_t gtk_len, kde_len;
2301 struct wpa_group *gsm = sm->group;
2302 u8 *wpa_ie;
2303 int wpa_ie_len, secure, keyidx, encr = 0;
2304
2305 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
2306 sm->TimeoutEvt = FALSE;
bae61562
JM		 2307
2308 sm->TimeoutCtr++;
2309 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
2310 /* No point in sending the EAPOL-Key - we will disconnect
2311 * immediately following this. */
2312 return;
2313 }
2314
86dfabb8
JM		 2315 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
2316 GTK[GN], IGTK, [FTIE], [TIE * 2])
6fc6879b
JM		 2317 */
2318 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2319 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
86dfabb8 2320 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6fc6879b
JM		 2321 wpa_ie = sm->wpa_auth->wpa_ie;
2322 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
2323 if (sm->wpa == WPA_VERSION_WPA &&
2324 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
2325 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
774d4145 2326 /* WPA-only STA, remove RSN IE and possible MDIE */
6fc6879b 2327 wpa_ie = wpa_ie + wpa_ie[1] + 2;
774d4145
JM		 2328 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
2329 wpa_ie = wpa_ie + wpa_ie[1] + 2;
6fc6879b
JM		 2330 wpa_ie_len = wpa_ie[1] + 2;
2331 }
2332 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2333 "sending 3/4 msg of 4-Way Handshake");
2334 if (sm->wpa == WPA_VERSION_WPA2) {
2335 /* WPA2 send GTK in the 4-way handshake */
2336 secure = 1;
2337 gtk = gsm->GTK[gsm->GN - 1];
2338 gtk_len = gsm->GTK_len;
83421850
JM		 2339 if (sm->wpa_auth->conf.disable_gtk) {
2340 /*
2341 * Provide unique random GTK to each STA to prevent use
2342 * of GTK in the BSS.
2343 */
2344 if (random_get_bytes(dummy_gtk, gtk_len) < 0)
2345 return;
2346 gtk = dummy_gtk;
2347 }
6fc6879b
JM		 2348 keyidx = gsm->GN;
2349 _rsc = rsc;
2350 encr = 1;
2351 } else {
2352 /* WPA does not include GTK in msg 3/4 */
2353 secure = 0;
2354 gtk = NULL;
2355 gtk_len = 0;
2356 keyidx = 0;
2357 _rsc = NULL;
0d442aff
JM		 2358 if (sm->rx_eapol_key_secure) {
2359 /*
2360 * It looks like Windows 7 supplicant tries to use
2361 * Secure bit in msg 2/4 after having reported Michael
2362 * MIC failure and it then rejects the 4-way handshake
2363 * if msg 3/4 does not set Secure bit. Work around this
2364 * by setting the Secure bit here even in the case of
2365 * WPA if the supplicant used it first.
2366 */
2367 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4740d5b9
JM		 2368 "STA used Secure bit in WPA msg 2/4 - "
2369 "set Secure for 3/4 as workaround");
0d442aff
JM		 2370 secure = 1;
2371 }
6fc6879b
JM		 2372 }
2373
2374 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
2375 if (gtk)
2376 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
26e23750 2377#ifdef CONFIG_IEEE80211R
86dfabb8
JM		 2378 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2379 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
2380 kde_len += 300; /* FTIE + 2 * TIE */
2381 }
26e23750 2382#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 2383#ifdef CONFIG_P2P
2384 if (WPA_GET_BE32(sm->ip_addr) > 0)
2385 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
2386#endif /* CONFIG_P2P */
6fc6879b
JM		 2387 kde = os_malloc(kde_len);
2388 if (kde == NULL)
2389 return;
2390
2391 pos = kde;
2392 os_memcpy(pos, wpa_ie, wpa_ie_len);
2393 pos += wpa_ie_len;
26e23750
JM		 2394#ifdef CONFIG_IEEE80211R
2395 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
59e78c24
JM		 2396 int res;
2397 size_t elen;
2398
2399 elen = pos - kde;
2400 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
26e23750
JM		 2401 if (res < 0) {
2402 wpa_printf(MSG_ERROR, "FT: Failed to insert "
2403 "PMKR1Name into RSN IE in EAPOL-Key data");
2404 os_free(kde);
2405 return;
2406 }
59e78c24
JM		 2407 pos -= wpa_ie_len;
2408 pos += elen;
26e23750
JM		 2409 }
2410#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 2411 if (gtk) {
2412 u8 hdr[2];
2413 hdr[0] = keyidx & 0x03;
2414 hdr[1] = 0;
2415 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2416 gtk, gtk_len);
2417 }
2418 pos = ieee80211w_kde_add(sm, pos);
2419
86dfabb8
JM		 2420#ifdef CONFIG_IEEE80211R
2421 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2422 int res;
2423 struct wpa_auth_config *conf;
2424
2425 conf = &sm->wpa_auth->conf;
9257610a
JM		 2426 if (sm->assoc_resp_ftie &&
2427 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
2428 os_memcpy(pos, sm->assoc_resp_ftie,
2429 2 + sm->assoc_resp_ftie[1]);
2430 res = 2 + sm->assoc_resp_ftie[1];
2431 } else {
2432 res = wpa_write_ftie(conf, conf->r0_key_holder,
2433 conf->r0_key_holder_len,
2434 NULL, NULL, pos,
2435 kde + kde_len - pos,
2436 NULL, 0);
2437 }
86dfabb8
JM		 2438 if (res < 0) {
2439 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
2440 "into EAPOL-Key Key Data");
2441 os_free(kde);
2442 return;
2443 }
2444 pos += res;
2445
2446 /* TIE[ReassociationDeadline] (TU) */
2447 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2448 *pos++ = 5;
2449 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
2450 WPA_PUT_LE32(pos, conf->reassociation_deadline);
2451 pos += 4;
2452
2453 /* TIE[KeyLifetime] (seconds) */
2454 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2455 *pos++ = 5;
2456 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
2457 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
2458 pos += 4;
2459 }
2460#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 2461#ifdef CONFIG_P2P
2462 if (WPA_GET_BE32(sm->ip_addr) > 0) {
2463 u8 addr[3 * 4];
2464 os_memcpy(addr, sm->ip_addr, 4);
2465 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
2466 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
2467 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
2468 addr, sizeof(addr), NULL, 0);
2469 }
2470#endif /* CONFIG_P2P */
86dfabb8 2471
6fc6879b
JM		 2472 wpa_send_eapol(sm->wpa_auth, sm,
2473 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
2474 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
2475 WPA_KEY_INFO_KEY_TYPE,
2476 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
2477 os_free(kde);
6fc6879b
JM		 2478}
2479
2480
2481SM_STATE(WPA_PTK, PTKINITDONE)
2482{
2483 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
2484 sm->EAPOLKeyReceived = FALSE;
2485 if (sm->Pair) {
c3550295
JM		 2486 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
2487 int klen = wpa_cipher_key_len(sm->pairwise);
6fc6879b 2488 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
98cd3d1c 2489 sm->PTK.tk, klen)) {
6fc6879b
JM		 2490 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2491 return;
2492 }
2493 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2494 sm->pairwise_set = TRUE;
2495
581a8cde
JM		 2496 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
2497 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2498 eloop_register_timeout(sm->wpa_auth->conf.
2499 wpa_ptk_rekey, 0, wpa_rekey_ptk,
2500 sm->wpa_auth, sm);
2501 }
2502
56586197 2503 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2504 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2505 WPA_EAPOL_authorized, 1);
2506 }
2507 }
2508
2509 if (0 /* IBSS == TRUE */) {
2510 sm->keycount++;
2511 if (sm->keycount == 2) {
2512 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2513 WPA_EAPOL_portValid, 1);
2514 }
2515 } else {
2516 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
2517 1);
2518 }
2519 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
2520 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
2521 if (sm->wpa == WPA_VERSION_WPA)
2522 sm->PInitAKeys = TRUE;
2523 else
2524 sm->has_GTK = TRUE;
2525 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2526 "pairwise key handshake completed (%s)",
2527 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2528
2529#ifdef CONFIG_IEEE80211R
2530 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
2531#endif /* CONFIG_IEEE80211R */
2532}
2533
2534
2535SM_STEP(WPA_PTK)
2536{
2537 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2538
2539 if (sm->Init)
2540 SM_ENTER(WPA_PTK, INITIALIZE);
2541 else if (sm->Disconnect
1aae01fc
BG		 2542 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
2543 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2544 "WPA_PTK: sm->Disconnect");
6fc6879b 2545 SM_ENTER(WPA_PTK, DISCONNECT);
1aae01fc 2546 }
6fc6879b
JM		 2547 else if (sm->DeauthenticationRequest)
2548 SM_ENTER(WPA_PTK, DISCONNECTED);
2549 else if (sm->AuthenticationRequest)
2550 SM_ENTER(WPA_PTK, AUTHENTICATION);
2551 else if (sm->ReAuthenticationRequest)
2552 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2553 else if (sm->PTKRequest)
2554 SM_ENTER(WPA_PTK, PTKSTART);
2555 else switch (sm->wpa_ptk_state) {
2556 case WPA_PTK_INITIALIZE:
2557 break;
2558 case WPA_PTK_DISCONNECT:
2559 SM_ENTER(WPA_PTK, DISCONNECTED);
2560 break;
2561 case WPA_PTK_DISCONNECTED:
2562 SM_ENTER(WPA_PTK, INITIALIZE);
2563 break;
2564 case WPA_PTK_AUTHENTICATION:
2565 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2566 break;
2567 case WPA_PTK_AUTHENTICATION2:
56586197 2568 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6fc6879b
JM		 2569 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2570 WPA_EAPOL_keyRun) > 0)
2571 SM_ENTER(WPA_PTK, INITPMK);
56586197 2572 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
6fc6879b
JM		 2573 /* FIX: && 802.1X::keyRun */)
2574 SM_ENTER(WPA_PTK, INITPSK);
2575 break;
2576 case WPA_PTK_INITPMK:
2577 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2578 WPA_EAPOL_keyAvailable) > 0)
2579 SM_ENTER(WPA_PTK, PTKSTART);
2580 else {
2581 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2582 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2583 "INITPMK - keyAvailable = false");
6fc6879b
JM		 2584 SM_ENTER(WPA_PTK, DISCONNECT);
2585 }
2586 break;
2587 case WPA_PTK_INITPSK:
759fd76b
JM		 2588 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
2589 NULL))
6fc6879b
JM		 2590 SM_ENTER(WPA_PTK, PTKSTART);
2591 else {
2592 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2593 "no PSK configured for the STA");
2594 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2595 SM_ENTER(WPA_PTK, DISCONNECT);
2596 }
2597 break;
2598 case WPA_PTK_PTKSTART:
2599 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2600 sm->EAPOLKeyPairwise)
2601 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2602 else if (sm->TimeoutCtr >
2603 (int) dot11RSNAConfigPairwiseUpdateCount) {
2604 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2605 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2606 "PTKSTART: Retry limit %d reached",
2607 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2608 SM_ENTER(WPA_PTK, DISCONNECT);
2609 } else if (sm->TimeoutEvt)
2610 SM_ENTER(WPA_PTK, PTKSTART);
2611 break;
2612 case WPA_PTK_PTKCALCNEGOTIATING:
2613 if (sm->MICVerified)
2614 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2615 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2616 sm->EAPOLKeyPairwise)
2617 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2618 else if (sm->TimeoutEvt)
2619 SM_ENTER(WPA_PTK, PTKSTART);
2620 break;
2621 case WPA_PTK_PTKCALCNEGOTIATING2:
2622 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2623 break;
2624 case WPA_PTK_PTKINITNEGOTIATING:
68921e24
JM		 2625 if (sm->update_snonce)
2626 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2627 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2628 sm->EAPOLKeyPairwise && sm->MICVerified)
6fc6879b
JM		 2629 SM_ENTER(WPA_PTK, PTKINITDONE);
2630 else if (sm->TimeoutCtr >
2631 (int) dot11RSNAConfigPairwiseUpdateCount) {
2632 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2633 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2634 "PTKINITNEGOTIATING: Retry limit %d "
2635 "reached",
2636 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2637 SM_ENTER(WPA_PTK, DISCONNECT);
2638 } else if (sm->TimeoutEvt)
2639 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2640 break;
2641 case WPA_PTK_PTKINITDONE:
2642 break;
2643 }
2644}
2645
2646
2647SM_STATE(WPA_PTK_GROUP, IDLE)
2648{
2649 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2650 if (sm->Init) {
2651 /* Init flag is not cleared here, so avoid busy
2652 * loop by claiming nothing changed. */
2653 sm->changed = FALSE;
2654 }
2655 sm->GTimeoutCtr = 0;
2656}
2657
2658
2659SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2660{
2661 u8 rsc[WPA_KEY_RSC_LEN];
2662 struct wpa_group *gsm = sm->group;
e41e4f9e
JM		 2663 const u8 *kde;
2664 u8 *kde_buf = NULL, *pos, hdr[2];
6fc6879b 2665 size_t kde_len;
83421850 2666 u8 *gtk, dummy_gtk[32];
6fc6879b
JM		 2667
2668 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
bae61562
JM		 2669
2670 sm->GTimeoutCtr++;
2671 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2672 /* No point in sending the EAPOL-Key - we will disconnect
2673 * immediately following this. */
2674 return;
2675 }
2676
6fc6879b
JM		 2677 if (sm->wpa == WPA_VERSION_WPA)
2678 sm->PInitAKeys = FALSE;
2679 sm->TimeoutEvt = FALSE;
2680 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2681 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2682 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2683 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2684 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2685 "sending 1/2 msg of Group Key Handshake");
2686
83421850
JM		 2687 gtk = gsm->GTK[gsm->GN - 1];
2688 if (sm->wpa_auth->conf.disable_gtk) {
2689 /*
2690 * Provide unique random GTK to each STA to prevent use
2691 * of GTK in the BSS.
2692 */
2693 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
2694 return;
2695 gtk = dummy_gtk;
2696 }
6fc6879b
JM		 2697 if (sm->wpa == WPA_VERSION_WPA2) {
2698 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2699 ieee80211w_kde_len(sm);
e41e4f9e
JM		 2700 kde_buf = os_malloc(kde_len);
2701 if (kde_buf == NULL)
6fc6879b
JM		 2702 return;
2703
e41e4f9e 2704 kde = pos = kde_buf;
6fc6879b
JM		 2705 hdr[0] = gsm->GN & 0x03;
2706 hdr[1] = 0;
2707 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
83421850 2708 gtk, gsm->GTK_len);
6fc6879b 2709 pos = ieee80211w_kde_add(sm, pos);
e41e4f9e 2710 kde_len = pos - kde;
6fc6879b 2711 } else {
83421850 2712 kde = gtk;
e41e4f9e 2713 kde_len = gsm->GTK_len;
6fc6879b
JM		 2714 }
2715
2716 wpa_send_eapol(sm->wpa_auth, sm,
2717 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
2718 WPA_KEY_INFO_ACK |
2719 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
e41e4f9e
JM		 2720 rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1);
2721
2722 os_free(kde_buf);
6fc6879b
JM		 2723}
2724
2725
2726SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2727{
2728 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2729 sm->EAPOLKeyReceived = FALSE;
2730 if (sm->GUpdateStationKeys)
2731 sm->group->GKeyDoneStations--;
2732 sm->GUpdateStationKeys = FALSE;
2733 sm->GTimeoutCtr = 0;
2734 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2735 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2736 "group key handshake completed (%s)",
2737 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2738 sm->has_GTK = TRUE;
2739}
2740
2741
2742SM_STATE(WPA_PTK_GROUP, KEYERROR)
2743{
2744 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2745 if (sm->GUpdateStationKeys)
2746 sm->group->GKeyDoneStations--;
2747 sm->GUpdateStationKeys = FALSE;
2748 sm->Disconnect = TRUE;
2749}
2750
2751
2752SM_STEP(WPA_PTK_GROUP)
2753{
9663596f 2754 if (sm->Init || sm->PtkGroupInit) {
6fc6879b 2755 SM_ENTER(WPA_PTK_GROUP, IDLE);
9663596f
JM		 2756 sm->PtkGroupInit = FALSE;
2757 } else switch (sm->wpa_ptk_group_state) {
6fc6879b
JM		 2758 case WPA_PTK_GROUP_IDLE:
2759 if (sm->GUpdateStationKeys ||
2760 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2761 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2762 break;
2763 case WPA_PTK_GROUP_REKEYNEGOTIATING:
2764 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2765 !sm->EAPOLKeyPairwise && sm->MICVerified)
2766 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2767 else if (sm->GTimeoutCtr >
2768 (int) dot11RSNAConfigGroupUpdateCount)
2769 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2770 else if (sm->TimeoutEvt)
2771 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2772 break;
2773 case WPA_PTK_GROUP_KEYERROR:
2774 SM_ENTER(WPA_PTK_GROUP, IDLE);
2775 break;
2776 case WPA_PTK_GROUP_REKEYESTABLISHED:
2777 SM_ENTER(WPA_PTK_GROUP, IDLE);
2778 break;
2779 }
2780}
2781
2782
2783static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2784 struct wpa_group *group)
2785{
2786 int ret = 0;
2787
6fc6879b
JM		 2788 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2789 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2790 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2791 wpa_auth->addr, group->GNonce,
2792 group->GTK[group->GN - 1], group->GTK_len) < 0)
2793 ret = -1;
5cb9d5c3
JM		 2794 wpa_hexdump_key(MSG_DEBUG, "GTK",
2795 group->GTK[group->GN - 1], group->GTK_len);
6fc6879b
JM		 2796
2797#ifdef CONFIG_IEEE80211W
70f8cc8e 2798 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
8dd9f9cd
JM		 2799 size_t len;
2800 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
5cb9d5c3
JM		 2801 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2802 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2803 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2804 wpa_auth->addr, group->GNonce,
8dd9f9cd 2805 group->IGTK[group->GN_igtk - 4], len) < 0)
3c7302c2 2806 ret = -1;
6fc6879b 2807 wpa_hexdump_key(MSG_DEBUG, "IGTK",
8dd9f9cd 2808 group->IGTK[group->GN_igtk - 4], len);
6fc6879b
JM		 2809 }
2810#endif /* CONFIG_IEEE80211W */
2811
2812 return ret;
2813}
2814
2815
2816static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2817 struct wpa_group *group)
2818{
2819 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2820 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2821 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2822 group->wpa_group_state = WPA_GROUP_GTK_INIT;
2823
2824 /* GTK[0..N] = 0 */
2825 os_memset(group->GTK, 0, sizeof(group->GTK));
2826 group->GN = 1;
2827 group->GM = 2;
2828#ifdef CONFIG_IEEE80211W
2829 group->GN_igtk = 4;
2830 group->GM_igtk = 5;
2831#endif /* CONFIG_IEEE80211W */
2832 /* GTK[GN] = CalcGTK() */
2833 wpa_gtk_update(wpa_auth, group);
2834}
2835
2836
2837static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2838{
473b6f22
MB		 2839 if (ctx != NULL && ctx != sm->group)
2840 return 0;
2841
6fc6879b
JM		 2842 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2843 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2844 "Not in PTKINITDONE; skip Group Key update");
3c183894 2845 sm->GUpdateStationKeys = FALSE;
6fc6879b
JM		 2846 return 0;
2847 }
9663596f
JM		 2848 if (sm->GUpdateStationKeys) {
2849 /*
3c183894
JM		 2850 * This should not really happen, so add a debug log entry.
2851 * Since we clear the GKeyDoneStations before the loop, the
2852 * station needs to be counted here anyway.
9663596f
JM		 2853 */
2854 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3c183894
JM		 2855 "GUpdateStationKeys was already set when "
2856 "marking station for GTK rekeying");
9663596f 2857 }
3c183894 2858
ad3872a3 2859 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
d32d94db
XC		 2860 if (sm->is_wnmsleep)
2861 return 0;
d32d94db 2862
3c183894
JM		 2863 sm->group->GKeyDoneStations++;
2864 sm->GUpdateStationKeys = TRUE;
2865
6fc6879b
JM		 2866 wpa_sm_step(sm);
2867 return 0;
2868}
2869
2870
ad3872a3
JM		 2871#ifdef CONFIG_WNM
2872/* update GTK when exiting WNM-Sleep Mode */
d32d94db
XC		 2873void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
2874{
629edfef 2875 if (sm == NULL || sm->is_wnmsleep)
d32d94db
XC		 2876 return;
2877
2878 wpa_group_update_sta(sm, NULL);
2879}
2880
2881
2882void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
2883{
629edfef
JM		 2884 if (sm)
2885 sm->is_wnmsleep = !!flag;
d32d94db
XC		 2886}
2887
2888
2889int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2890{
d32d94db 2891 struct wpa_group *gsm = sm->group;
835822d4 2892 u8 *start = pos;
d32d94db
XC		 2893
2894 /*
835822d4 2895 * GTK subelement:
d32d94db 2896 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
835822d4 2897 * Key[5..32]
d32d94db 2898 */
835822d4
JM		 2899 *pos++ = WNM_SLEEP_SUBELEM_GTK;
2900 *pos++ = 11 + gsm->GTK_len;
d32d94db 2901 /* Key ID in B0-B1 of Key Info */
835822d4
JM		 2902 WPA_PUT_LE16(pos, gsm->GN & 0x03);
2903 pos += 2;
2904 *pos++ = gsm->GTK_len;
2905 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
d32d94db 2906 return 0;
835822d4
JM		 2907 pos += 8;
2908 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2909 pos += gsm->GTK_len;
d32d94db 2910
835822d4
JM		 2911 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
2912 gsm->GN);
2913 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
d32d94db 2914 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
d32d94db 2915
835822d4 2916 return pos - start;
d32d94db
XC		 2917}
2918
2919
2920#ifdef CONFIG_IEEE80211W
2921int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2922{
d32d94db 2923 struct wpa_group *gsm = sm->group;
835822d4 2924 u8 *start = pos;
8dd9f9cd 2925 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
d32d94db 2926
835822d4
JM		 2927 /*
2928 * IGTK subelement:
2929 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
2930 */
2931 *pos++ = WNM_SLEEP_SUBELEM_IGTK;
8dd9f9cd 2932 *pos++ = 2 + 6 + len;
835822d4
JM		 2933 WPA_PUT_LE16(pos, gsm->GN_igtk);
2934 pos += 2;
2935 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
d32d94db 2936 return 0;
835822d4 2937 pos += 6;
d32d94db 2938
8dd9f9cd
JM		 2939 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
2940 pos += len;
d32d94db 2941
835822d4
JM		 2942 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
2943 gsm->GN_igtk);
2944 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
8dd9f9cd 2945 gsm->IGTK[gsm->GN_igtk - 4], len);
d32d94db 2946
835822d4 2947 return pos - start;
d32d94db
XC		 2948}
2949#endif /* CONFIG_IEEE80211W */
ad3872a3 2950#endif /* CONFIG_WNM */
d32d94db
XC		 2951
2952
6fc6879b
JM		 2953static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2954 struct wpa_group *group)
2955{
2956 int tmp;
2957
2958 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2959 "SETKEYS (VLAN-ID %d)", group->vlan_id);
2960 group->changed = TRUE;
2961 group->wpa_group_state = WPA_GROUP_SETKEYS;
2962 group->GTKReKey = FALSE;
2963 tmp = group->GM;
2964 group->GM = group->GN;
2965 group->GN = tmp;
2966#ifdef CONFIG_IEEE80211W
2967 tmp = group->GM_igtk;
2968 group->GM_igtk = group->GN_igtk;
2969 group->GN_igtk = tmp;
2970#endif /* CONFIG_IEEE80211W */
2971 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2972 * counting the STAs that are marked with GUpdateStationKeys instead of
2973 * including all STAs that could be in not-yet-completed state. */
2974 wpa_gtk_update(wpa_auth, group);
2975
3c183894
JM		 2976 if (group->GKeyDoneStations) {
2977 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
2978 "GKeyDoneStations=%d when starting new GTK rekey",
2979 group->GKeyDoneStations);
2980 group->GKeyDoneStations = 0;
2981 }
473b6f22 2982 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
6fc6879b
JM		 2983 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2984 group->GKeyDoneStations);
2985}
2986
2987
1bdb7ab3
JM		 2988static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
2989 struct wpa_group *group)
6fc6879b 2990{
3c7302c2
JM		 2991 int ret = 0;
2992
3c7302c2 2993 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
c3550295 2994 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
0382097e
JM		 2995 broadcast_ether_addr, group->GN,
2996 group->GTK[group->GN - 1], group->GTK_len) < 0)
3c7302c2 2997 ret = -1;
6fc6879b
JM		 2998
2999#ifdef CONFIG_IEEE80211W
8dd9f9cd
JM		 3000 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
3001 enum wpa_alg alg;
3002 size_t len;
3003
3004 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
3005 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
3006
3007 if (ret == 0 &&
3008 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
3009 broadcast_ether_addr, group->GN_igtk,
3010 group->IGTK[group->GN_igtk - 4], len) < 0)
3011 ret = -1;
3012 }
6fc6879b 3013#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 3014
3015 return ret;
6fc6879b
JM		 3016}
3017
3018
7d7f7be2
JM		 3019static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
3020{
3021 if (sm->group == ctx) {
3022 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
3023 " for discconnection due to fatal failure",
3024 MAC2STR(sm->addr));
3025 sm->Disconnect = TRUE;
3026 }
3027
3028 return 0;
3029}
3030
3031
3032static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
3033 struct wpa_group *group)
3034{
3035 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
3036 group->changed = TRUE;
3037 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
3038 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
3039}
3040
3041
1bdb7ab3
JM		 3042static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
3043 struct wpa_group *group)
3044{
3045 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3046 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
3047 group->changed = TRUE;
3048 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
3049
7d7f7be2
JM		 3050 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
3051 wpa_group_fatal_failure(wpa_auth, group);
1bdb7ab3 3052 return -1;
7d7f7be2 3053 }
1bdb7ab3
JM		 3054
3055 return 0;
3056}
3057
3058
6fc6879b
JM		 3059static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
3060 struct wpa_group *group)
3061{
3062 if (group->GInit) {
3063 wpa_group_gtk_init(wpa_auth, group);
7d7f7be2
JM		 3064 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
3065 /* Do not allow group operations */
6fc6879b
JM		 3066 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
3067 group->GTKAuthenticator) {
3068 wpa_group_setkeysdone(wpa_auth, group);
3069 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
3070 group->GTKReKey) {
3071 wpa_group_setkeys(wpa_auth, group);
3072 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
3073 if (group->GKeyDoneStations == 0)
3074 wpa_group_setkeysdone(wpa_auth, group);
3075 else if (group->GTKReKey)
3076 wpa_group_setkeys(wpa_auth, group);
3077 }
3078}
3079
3080
e4a6ea1d 3081static int wpa_sm_step(struct wpa_state_machine *sm)
6fc6879b
JM		 3082{
3083 if (sm == NULL)
e4a6ea1d 3084 return 0;
6fc6879b
JM		 3085
3086 if (sm->in_step_loop) {
3087 /* This should not happen, but if it does, make sure we do not
3088 * end up freeing the state machine too early by exiting the
3089 * recursive call. */
3090 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
e4a6ea1d 3091 return 0;
6fc6879b
JM		 3092 }
3093
3094 sm->in_step_loop = 1;
3095 do {
3096 if (sm->pending_deinit)
3097 break;
3098
3099 sm->changed = FALSE;
3100 sm->wpa_auth->group->changed = FALSE;
3101
3102 SM_STEP_RUN(WPA_PTK);
3103 if (sm->pending_deinit)
3104 break;
3105 SM_STEP_RUN(WPA_PTK_GROUP);
3106 if (sm->pending_deinit)
3107 break;
3108 wpa_group_sm_step(sm->wpa_auth, sm->group);
3109 } while (sm->changed || sm->wpa_auth->group->changed);
3110 sm->in_step_loop = 0;
3111
3112 if (sm->pending_deinit) {
3113 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
3114 "machine deinit for " MACSTR, MAC2STR(sm->addr));
3115 wpa_free_sta_sm(sm);
e4a6ea1d 3116 return 1;
6fc6879b 3117 }
e4a6ea1d 3118 return 0;
6fc6879b
JM		 3119}
3120
3121
3122static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
3123{
3124 struct wpa_state_machine *sm = eloop_ctx;
3125 wpa_sm_step(sm);
3126}
3127
3128
3129void wpa_auth_sm_notify(struct wpa_state_machine *sm)
3130{
3131 if (sm == NULL)
3132 return;
3133 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
3134}
3135
3136
3137void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
3138{
3139 int tmp, i;
3140 struct wpa_group *group;
3141
3142 if (wpa_auth == NULL)
3143 return;
3144
3145 group = wpa_auth->group;
3146
3147 for (i = 0; i < 2; i++) {
3148 tmp = group->GM;
3149 group->GM = group->GN;
3150 group->GN = tmp;
3151#ifdef CONFIG_IEEE80211W
3152 tmp = group->GM_igtk;
3153 group->GM_igtk = group->GN_igtk;
3154 group->GN_igtk = tmp;
3155#endif /* CONFIG_IEEE80211W */
3156 wpa_gtk_update(wpa_auth, group);
9354e594 3157 wpa_group_config_group_keys(wpa_auth, group);
6fc6879b
JM		 3158 }
3159}
3160
3161
a6da824b 3162static const char * wpa_bool_txt(int val)
6fc6879b 3163{
a6da824b 3164 return val ? "TRUE" : "FALSE";
6fc6879b
JM		 3165}
3166
3167
6fc6879b
JM		 3168#define RSN_SUITE "%02x-%02x-%02x-%d"
3169#define RSN_SUITE_ARG(s) \
3170((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
3171
3172int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
3173{
3174 int len = 0, ret;
3175 char pmkid_txt[PMKID_LEN * 2 + 1];
8ce58ceb
IH		 3176#ifdef CONFIG_RSN_PREAUTH
3177 const int preauth = 1;
3178#else /* CONFIG_RSN_PREAUTH */
3179 const int preauth = 0;
3180#endif /* CONFIG_RSN_PREAUTH */
6fc6879b
JM		 3181
3182 if (wpa_auth == NULL)
3183 return len;
3184
3185 ret = os_snprintf(buf + len, buflen - len,
3186 "dot11RSNAOptionImplemented=TRUE\n"
8ce58ceb 3187 "dot11RSNAPreauthenticationImplemented=%s\n"
6fc6879b
JM		 3188 "dot11RSNAEnabled=%s\n"
3189 "dot11RSNAPreauthenticationEnabled=%s\n",
8ce58ceb 3190 wpa_bool_txt(preauth),
6fc6879b
JM		 3191 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
3192 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
d85e1fc8 3193 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3194 return len;
3195 len += ret;
3196
3197 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
3198 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
3199
3200 ret = os_snprintf(
3201 buf + len, buflen - len,
3202 "dot11RSNAConfigVersion=%u\n"
3203 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
3204 /* FIX: dot11RSNAConfigGroupCipher */
3205 /* FIX: dot11RSNAConfigGroupRekeyMethod */
3206 /* FIX: dot11RSNAConfigGroupRekeyTime */
3207 /* FIX: dot11RSNAConfigGroupRekeyPackets */
3208 "dot11RSNAConfigGroupRekeyStrict=%u\n"
3209 "dot11RSNAConfigGroupUpdateCount=%u\n"
3210 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
3211 "dot11RSNAConfigGroupCipherSize=%u\n"
3212 "dot11RSNAConfigPMKLifetime=%u\n"
3213 "dot11RSNAConfigPMKReauthThreshold=%u\n"
3214 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
3215 "dot11RSNAConfigSATimeout=%u\n"
3216 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3217 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3218 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3219 "dot11RSNAPMKIDUsed=%s\n"
3220 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3221 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3222 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3223 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
3224 "dot11RSNA4WayHandshakeFailures=%u\n"
3225 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
3226 RSN_VERSION,
3227 !!wpa_auth->conf.wpa_strict_rekey,
3228 dot11RSNAConfigGroupUpdateCount,
3229 dot11RSNAConfigPairwiseUpdateCount,
c3550295 3230 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
6fc6879b
JM		 3231 dot11RSNAConfigPMKLifetime,
3232 dot11RSNAConfigPMKReauthThreshold,
3233 dot11RSNAConfigSATimeout,
3234 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
3235 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
3236 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
3237 pmkid_txt,
3238 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
3239 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
3240 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
3241 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
3242 wpa_auth->dot11RSNA4WayHandshakeFailures);
d85e1fc8 3243 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3244 return len;
3245 len += ret;
3246
3247 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
3248 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
3249
3250 /* Private MIB */
3251 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
3252 wpa_auth->group->wpa_group_state);
d85e1fc8 3253 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3254 return len;
3255 len += ret;
3256
3257 return len;
3258}
3259
3260
3261int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
3262{
3263 int len = 0, ret;
3264 u32 pairwise = 0;
3265
3266 if (sm == NULL)
3267 return 0;
3268
3269 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
3270
3271 /* dot11RSNAStatsEntry */
3272
c3550295
JM		 3273 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
3274 WPA_PROTO_RSN : WPA_PROTO_WPA,
3275 sm->pairwise);
3276 if (pairwise == 0)
6fc6879b
JM		 3277 return 0;
3278
3279 ret = os_snprintf(
3280 buf + len, buflen - len,
3281 /* TODO: dot11RSNAStatsIndex */
3282 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
3283 "dot11RSNAStatsVersion=1\n"
3284 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
3285 /* TODO: dot11RSNAStatsTKIPICVErrors */
3286 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
d9040cdb 3287 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
6fc6879b
JM		 3288 /* TODO: dot11RSNAStatsCCMPReplays */
3289 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
3290 /* TODO: dot11RSNAStatsTKIPReplays */,
3291 MAC2STR(sm->addr),
3292 RSN_SUITE_ARG(pairwise),
3293 sm->dot11RSNAStatsTKIPLocalMICFailures,
3294 sm->dot11RSNAStatsTKIPRemoteMICFailures);
d85e1fc8 3295 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3296 return len;
3297 len += ret;
3298
3299 /* Private MIB */
3300 ret = os_snprintf(buf + len, buflen - len,
3301 "hostapdWPAPTKState=%d\n"
3302 "hostapdWPAPTKGroupState=%d\n",
3303 sm->wpa_ptk_state,
3304 sm->wpa_ptk_group_state);
d85e1fc8 3305 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3306 return len;
3307 len += ret;
3308
3309 return len;
3310}
3311
3312
3313void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
3314{
3315 if (wpa_auth)
3316 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
3317}
3318
3319
3320int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
3321{
3322 return sm && sm->pairwise_set;
3323}
3324
3325
ff36ff00
JM		 3326int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
3327{
3328 return sm->pairwise;
3329}
3330
3331
6fc6879b
JM		 3332int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
3333{
3334 if (sm == NULL)
3335 return -1;
3336 return sm->wpa_key_mgmt;
3337}
3338
3339
3340int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3341{
3342 if (sm == NULL)
3343 return 0;
3344 return sm->wpa;
3345}
3346
3347
3348int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3349 struct rsn_pmksa_cache_entry *entry)
3350{
3351 if (sm == NULL || sm->pmksa != entry)
3352 return -1;
3353 sm->pmksa = NULL;
3354 return 0;
3355}
3356
3357
3358struct rsn_pmksa_cache_entry *
3359wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3360{
3361 return sm ? sm->pmksa : NULL;
3362}
3363
3364
3365void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
3366{
3367 if (sm)
3368 sm->dot11RSNAStatsTKIPLocalMICFailures++;
3369}
3370
3371
3372const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
3373{
3374 if (wpa_auth == NULL)
3375 return NULL;
3376 *len = wpa_auth->wpa_ie_len;
3377 return wpa_auth->wpa_ie;
3378}
3379
3380
3381int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
207976f0 3382 unsigned int pmk_len,
6fc6879b
JM		 3383 int session_timeout, struct eapol_state_machine *eapol)
3384{
cb465555
JM		 3385 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
3386 sm->wpa_auth->conf.disable_pmksa_caching)
6fc6879b
JM		 3387 return -1;
3388
207976f0
JM		 3389 if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
3390 if (pmk_len > PMK_LEN_SUITE_B_192)
3391 pmk_len = PMK_LEN_SUITE_B_192;
3392 } else if (pmk_len > PMK_LEN) {
3393 pmk_len = PMK_LEN;
3394 }
3395
70c93963 3396 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
98cd3d1c 3397 sm->PTK.kck, sm->PTK.kck_len,
4bb081f1
JM		 3398 sm->wpa_auth->addr, sm->addr, session_timeout,
3399 eapol, sm->wpa_key_mgmt))
6fc6879b
JM		 3400 return 0;
3401
3402 return -1;
3403}
3404
3405
3406int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
3407 const u8 *pmk, size_t len, const u8 *sta_addr,
3408 int session_timeout,
3409 struct eapol_state_machine *eapol)
3410{
3411 if (wpa_auth == NULL)
3412 return -1;
3413
70c93963 3414 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, NULL,
087a1f4e
JM		 3415 NULL, 0,
3416 wpa_auth->addr,
4bb081f1
JM		 3417 sta_addr, session_timeout, eapol,
3418 WPA_KEY_MGMT_IEEE8021X))
6fc6879b
JM		 3419 return 0;
3420
3421 return -1;
3422}
3423
3424
f2991170 3425int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
70c93963 3426 const u8 *pmk, const u8 *pmkid)
f2991170
JM		 3427{
3428 if (wpa_auth->conf.disable_pmksa_caching)
3429 return -1;
3430
70c93963 3431 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, pmkid,
087a1f4e 3432 NULL, 0,
f2991170
JM		 3433 wpa_auth->addr, addr, 0, NULL,
3434 WPA_KEY_MGMT_SAE))
3435 return 0;
3436
3437 return -1;
3438}
3439
3440
901d1fe1
JM		 3441void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
3442 const u8 *sta_addr)
3443{
3444 struct rsn_pmksa_cache_entry *pmksa;
3445
3446 if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
3447 return;
3448 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3449 if (pmksa) {
3450 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
3451 MACSTR " based on request", MAC2STR(sta_addr));
3452 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
3453 }
3454}
3455
3456
b8daac18
MH		 3457int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
3458 size_t len)
3459{
3460 if (!wpa_auth || !wpa_auth->pmksa)
3461 return 0;
3462 return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
3463}
3464
3465
4c522c77
MH		 3466void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
3467{
3468 if (wpa_auth && wpa_auth->pmksa)
3469 pmksa_cache_auth_flush(wpa_auth->pmksa);
3470}
3471
3472
9f2cf23e
MH		 3473struct rsn_pmksa_cache_entry *
3474wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
3475{
3476 if (!wpa_auth || !wpa_auth->pmksa)
3477 return NULL;
3478 return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3479}
3480
3481
3482void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
3483 struct wpa_state_machine *sm,
3484 struct wpa_authenticator *wpa_auth,
3485 u8 *pmkid, u8 *pmk)
3486{
3487 if (!sm)
3488 return;
3489
3490 sm->pmksa = pmksa;
8854f90b
JM		 3491 os_memcpy(pmk, pmksa->pmk, PMK_LEN);
3492 os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN);
3493 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
9f2cf23e
MH		 3494}
3495
3496
a0ad9e8c
MB		 3497/*
3498 * Remove and free the group from wpa_authenticator. This is triggered by a
3499 * callback to make sure nobody is currently iterating the group list while it
3500 * gets modified.
3501 */
3502static void wpa_group_free(struct wpa_authenticator *wpa_auth,
3503 struct wpa_group *group)
3504{
3505 struct wpa_group *prev = wpa_auth->group;
3506
3507 wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
3508 group->vlan_id);
3509
3510 while (prev) {
3511 if (prev->next == group) {
3512 /* This never frees the special first group as needed */
3513 prev->next = group->next;
3514 os_free(group);
3515 break;
3516 }
3517 prev = prev->next;
3518 }
3519
3520}
3521
3522
3523/* Increase the reference counter for group */
3524static void wpa_group_get(struct wpa_authenticator *wpa_auth,
3525 struct wpa_group *group)
3526{
3527 /* Skip the special first group */
3528 if (wpa_auth->group == group)
3529 return;
3530
3531 group->references++;
3532}
3533
3534
3535/* Decrease the reference counter and maybe free the group */
3536static void wpa_group_put(struct wpa_authenticator *wpa_auth,
3537 struct wpa_group *group)
3538{
3539 /* Skip the special first group */
3540 if (wpa_auth->group == group)
3541 return;
3542
3543 group->references--;
3544 if (group->references)
3545 return;
3546 wpa_group_free(wpa_auth, group);
3547}
3548
3549
3550/*
3551 * Add a group that has its references counter set to zero. Caller needs to
3552 * call wpa_group_get() on the return value to mark the entry in use.
3553 */
6fc6879b
JM		 3554static struct wpa_group *
3555wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3556{
3557 struct wpa_group *group;
3558
3559 if (wpa_auth == NULL || wpa_auth->group == NULL)
3560 return NULL;
3561
3562 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
3563 vlan_id);
bdffdc5d 3564 group = wpa_group_init(wpa_auth, vlan_id, 0);
6fc6879b
JM		 3565 if (group == NULL)
3566 return NULL;
3567
3568 group->next = wpa_auth->group->next;
3569 wpa_auth->group->next = group;
3570
3571 return group;
3572}
3573
3574
7cebc8e2
MB		 3575/*
3576 * Enforce that the group state machine for the VLAN is running, increase
3577 * reference counter as interface is up. References might have been increased
3578 * even if a negative value is returned.
3579 * Returns: -1 on error (group missing, group already failed); otherwise, 0
3580 */
3581int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3582{
3583 struct wpa_group *group;
3584
3585 if (wpa_auth == NULL)
3586 return 0;
3587
3588 group = wpa_auth->group;
3589 while (group) {
3590 if (group->vlan_id == vlan_id)
3591 break;
3592 group = group->next;
3593 }
3594
3595 if (group == NULL) {
3596 group = wpa_auth_add_group(wpa_auth, vlan_id);
3597 if (group == NULL)
3598 return -1;
3599 }
3600
3601 wpa_printf(MSG_DEBUG,
3602 "WPA: Ensure group state machine running for VLAN ID %d",
3603 vlan_id);
3604
3605 wpa_group_get(wpa_auth, group);
3606 group->num_setup_iface++;
3607
3608 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3609 return -1;
3610
3611 return 0;
3612}
3613
3614
3615/*
3616 * Decrease reference counter, expected to be zero afterwards.
3617 * returns: -1 on error (group not found, group in fail state)
3618 * -2 if wpa_group is still referenced
3619 * 0 else
3620 */
3621int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3622{
3623 struct wpa_group *group;
3624 int ret = 0;
3625
3626 if (wpa_auth == NULL)
3627 return 0;
3628
3629 group = wpa_auth->group;
3630 while (group) {
3631 if (group->vlan_id == vlan_id)
3632 break;
3633 group = group->next;
3634 }
3635
3636 if (group == NULL)
3637 return -1;
3638
3639 wpa_printf(MSG_DEBUG,
3640 "WPA: Try stopping group state machine for VLAN ID %d",
3641 vlan_id);
3642
3643 if (group->num_setup_iface <= 0) {
3644 wpa_printf(MSG_ERROR,
3645 "WPA: wpa_auth_release_group called more often than wpa_auth_ensure_group for VLAN ID %d, skipping.",
3646 vlan_id);
3647 return -1;
3648 }
3649 group->num_setup_iface--;
3650
3651 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3652 ret = -1;
3653
3654 if (group->references > 1) {
3655 wpa_printf(MSG_DEBUG,
3656 "WPA: Cannot stop group state machine for VLAN ID %d as references are still hold",
3657 vlan_id);
3658 ret = -2;
3659 }
3660
3661 wpa_group_put(wpa_auth, group);
3662
3663 return ret;
3664}
3665
3666
6fc6879b
JM		 3667int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
3668{
3669 struct wpa_group *group;
3670
3671 if (sm == NULL || sm->wpa_auth == NULL)
3672 return 0;
3673
3674 group = sm->wpa_auth->group;
3675 while (group) {
3676 if (group->vlan_id == vlan_id)
3677 break;
3678 group = group->next;
3679 }
3680
3681 if (group == NULL) {
3682 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
3683 if (group == NULL)
3684 return -1;
3685 }
3686
3687 if (sm->group == group)
3688 return 0;
3689
7d7f7be2
JM		 3690 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3691 return -1;
3692
6fc6879b
JM		 3693 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
3694 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
3695
a0ad9e8c
MB		 3696 wpa_group_get(sm->wpa_auth, group);
3697 wpa_group_put(sm->wpa_auth, sm->group);
6fc6879b 3698 sm->group = group;
a0ad9e8c 3699
6fc6879b
JM		 3700 return 0;
3701}
e4bf4db9
JM		 3702
3703
3704void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
3705 struct wpa_state_machine *sm, int ack)
3706{
3707 if (wpa_auth == NULL || sm == NULL)
3708 return;
3709 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
3710 " ack=%d", MAC2STR(sm->addr), ack);
3711 if (sm->pending_1_of_4_timeout && ack) {
3712 /*
3713 * Some deployed supplicant implementations update their SNonce
3714 * for each EAPOL-Key 2/4 message even within the same 4-way
3715 * handshake and then fail to use the first SNonce when
3716 * deriving the PTK. This results in unsuccessful 4-way
3717 * handshake whenever the relatively short initial timeout is
3718 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
3719 * around this by increasing the timeout now that we know that
3720 * the station has received the frame.
3721 */
3722 int timeout_ms = eapol_key_timeout_subseq;
3723 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
3724 "timeout by %u ms because of acknowledged frame",
3725 timeout_ms);
3726 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
3727 eloop_register_timeout(timeout_ms / 1000,
3728 (timeout_ms % 1000) * 1000,
3729 wpa_send_eapol_timeout, wpa_auth, sm);
3730 }
3731}
c10347f2
JM		 3732
3733
3734int wpa_auth_uses_sae(struct wpa_state_machine *sm)
3735{
3736 if (sm == NULL)
3737 return 0;
3738 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
3739}
aa189ac9
JM		 3740
3741
3742int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
3743{
3744 if (sm == NULL)
3745 return 0;
3746 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
3747}
25ef8529
JM		 3748
3749
3750#ifdef CONFIG_P2P
3751int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
3752{
3753 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
3754 return -1;
3755 os_memcpy(addr, sm->ip_addr, 4);
3756 return 0;
3757}
3758#endif /* CONFIG_P2P */
cbc210de
JM		 3759
3760
3761int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
3762 struct radius_das_attrs *attr)
3763{
3764 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
3765}
34782730
JM		 3766
3767
3768void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth)
3769{
3770 struct wpa_group *group;
3771
3772 if (!wpa_auth)
3773 return;
3774 for (group = wpa_auth->group; group; group = group->next)
3775 wpa_group_config_group_keys(wpa_auth, group);
3776}
Unnamed repository; edit this file 'description' to name the repository.