2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
15 #include "utils/includes.h"
17 #ifndef CONFIG_NATIVE_WINDOWS
19 #include "utils/common.h"
20 #include "utils/eloop.h"
21 #include "utils/state_machine.h"
22 #include "crypto/aes_wrap.h"
23 #include "crypto/crypto.h"
24 #include "crypto/sha1.h"
25 #include "crypto/sha256.h"
26 #include "eapol_auth/eapol_auth_sm.h"
27 #include "ap_config.h"
28 #include "ieee802_11.h"
30 #include "pmksa_cache_auth.h"
31 #include "wpa_auth_i.h"
32 #include "wpa_auth_ie.h"
34 #define STATE_MACHINE_DATA struct wpa_state_machine
35 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
36 #define STATE_MACHINE_ADDR sm->addr
39 static void wpa_send_eapol_timeout(void *eloop_ctx
, void *timeout_ctx
);
40 static void wpa_sm_step(struct wpa_state_machine
*sm
);
41 static int wpa_verify_key_mic(struct wpa_ptk
*PTK
, u8
*data
, size_t data_len
);
42 static void wpa_sm_call_step(void *eloop_ctx
, void *timeout_ctx
);
43 static void wpa_group_sm_step(struct wpa_authenticator
*wpa_auth
,
44 struct wpa_group
*group
);
45 static void wpa_request_new_ptk(struct wpa_state_machine
*sm
);
46 static int wpa_gtk_update(struct wpa_authenticator
*wpa_auth
,
47 struct wpa_group
*group
);
49 static const u32 dot11RSNAConfigGroupUpdateCount
= 4;
50 static const u32 dot11RSNAConfigPairwiseUpdateCount
= 4;
51 static const u32 eapol_key_timeout_first
= 100; /* ms */
52 static const u32 eapol_key_timeout_subseq
= 1000; /* ms */
54 /* TODO: make these configurable */
55 static const int dot11RSNAConfigPMKLifetime
= 43200;
56 static const int dot11RSNAConfigPMKReauthThreshold
= 70;
57 static const int dot11RSNAConfigSATimeout
= 60;
60 static inline void wpa_auth_mic_failure_report(
61 struct wpa_authenticator
*wpa_auth
, const u8
*addr
)
63 if (wpa_auth
->cb
.mic_failure_report
)
64 wpa_auth
->cb
.mic_failure_report(wpa_auth
->cb
.ctx
, addr
);
68 static inline void wpa_auth_set_eapol(struct wpa_authenticator
*wpa_auth
,
69 const u8
*addr
, wpa_eapol_variable var
,
72 if (wpa_auth
->cb
.set_eapol
)
73 wpa_auth
->cb
.set_eapol(wpa_auth
->cb
.ctx
, addr
, var
, value
);
77 static inline int wpa_auth_get_eapol(struct wpa_authenticator
*wpa_auth
,
78 const u8
*addr
, wpa_eapol_variable var
)
80 if (wpa_auth
->cb
.get_eapol
== NULL
)
82 return wpa_auth
->cb
.get_eapol(wpa_auth
->cb
.ctx
, addr
, var
);
86 static inline const u8
* wpa_auth_get_psk(struct wpa_authenticator
*wpa_auth
,
87 const u8
*addr
, const u8
*prev_psk
)
89 if (wpa_auth
->cb
.get_psk
== NULL
)
91 return wpa_auth
->cb
.get_psk(wpa_auth
->cb
.ctx
, addr
, prev_psk
);
95 static inline int wpa_auth_get_msk(struct wpa_authenticator
*wpa_auth
,
96 const u8
*addr
, u8
*msk
, size_t *len
)
98 if (wpa_auth
->cb
.get_msk
== NULL
)
100 return wpa_auth
->cb
.get_msk(wpa_auth
->cb
.ctx
, addr
, msk
, len
);
104 static inline int wpa_auth_set_key(struct wpa_authenticator
*wpa_auth
,
106 wpa_alg alg
, const u8
*addr
, int idx
,
107 u8
*key
, size_t key_len
)
109 if (wpa_auth
->cb
.set_key
== NULL
)
111 return wpa_auth
->cb
.set_key(wpa_auth
->cb
.ctx
, vlan_id
, alg
, addr
, idx
,
116 static inline int wpa_auth_get_seqnum(struct wpa_authenticator
*wpa_auth
,
117 const u8
*addr
, int idx
, u8
*seq
)
119 if (wpa_auth
->cb
.get_seqnum
== NULL
)
121 return wpa_auth
->cb
.get_seqnum(wpa_auth
->cb
.ctx
, addr
, idx
, seq
);
126 wpa_auth_send_eapol(struct wpa_authenticator
*wpa_auth
, const u8
*addr
,
127 const u8
*data
, size_t data_len
, int encrypt
)
129 if (wpa_auth
->cb
.send_eapol
== NULL
)
131 return wpa_auth
->cb
.send_eapol(wpa_auth
->cb
.ctx
, addr
, data
, data_len
,
136 int wpa_auth_for_each_sta(struct wpa_authenticator
*wpa_auth
,
137 int (*cb
)(struct wpa_state_machine
*sm
, void *ctx
),
140 if (wpa_auth
->cb
.for_each_sta
== NULL
)
142 return wpa_auth
->cb
.for_each_sta(wpa_auth
->cb
.ctx
, cb
, cb_ctx
);
146 int wpa_auth_for_each_auth(struct wpa_authenticator
*wpa_auth
,
147 int (*cb
)(struct wpa_authenticator
*a
, void *ctx
),
150 if (wpa_auth
->cb
.for_each_auth
== NULL
)
152 return wpa_auth
->cb
.for_each_auth(wpa_auth
->cb
.ctx
, cb
, cb_ctx
);
156 void wpa_auth_logger(struct wpa_authenticator
*wpa_auth
, const u8
*addr
,
157 logger_level level
, const char *txt
)
159 if (wpa_auth
->cb
.logger
== NULL
)
161 wpa_auth
->cb
.logger(wpa_auth
->cb
.ctx
, addr
, level
, txt
);
165 void wpa_auth_vlogger(struct wpa_authenticator
*wpa_auth
, const u8
*addr
,
166 logger_level level
, const char *fmt
, ...)
172 if (wpa_auth
->cb
.logger
== NULL
)
175 maxlen
= os_strlen(fmt
) + 100;
176 format
= os_malloc(maxlen
);
181 vsnprintf(format
, maxlen
, fmt
, ap
);
184 wpa_auth_logger(wpa_auth
, addr
, level
, format
);
190 static void wpa_sta_disconnect(struct wpa_authenticator
*wpa_auth
,
193 if (wpa_auth
->cb
.disconnect
== NULL
)
195 wpa_auth
->cb
.disconnect(wpa_auth
->cb
.ctx
, addr
,
196 WLAN_REASON_PREV_AUTH_NOT_VALID
);
200 static int wpa_use_aes_cmac(struct wpa_state_machine
*sm
)
203 #ifdef CONFIG_IEEE80211R
204 if (wpa_key_mgmt_ft(sm
->wpa_key_mgmt
))
206 #endif /* CONFIG_IEEE80211R */
207 #ifdef CONFIG_IEEE80211W
208 if (wpa_key_mgmt_sha256(sm
->wpa_key_mgmt
))
210 #endif /* CONFIG_IEEE80211W */
215 static void wpa_rekey_gmk(void *eloop_ctx
, void *timeout_ctx
)
217 struct wpa_authenticator
*wpa_auth
= eloop_ctx
;
219 if (os_get_random(wpa_auth
->group
->GMK
, WPA_GMK_LEN
)) {
220 wpa_printf(MSG_ERROR
, "Failed to get random data for WPA "
223 wpa_auth_logger(wpa_auth
, NULL
, LOGGER_DEBUG
, "GMK rekeyd");
226 if (wpa_auth
->conf
.wpa_gmk_rekey
) {
227 eloop_register_timeout(wpa_auth
->conf
.wpa_gmk_rekey
, 0,
228 wpa_rekey_gmk
, wpa_auth
, NULL
);
233 static void wpa_rekey_gtk(void *eloop_ctx
, void *timeout_ctx
)
235 struct wpa_authenticator
*wpa_auth
= eloop_ctx
;
236 struct wpa_group
*group
;
238 wpa_auth_logger(wpa_auth
, NULL
, LOGGER_DEBUG
, "rekeying GTK");
239 for (group
= wpa_auth
->group
; group
; group
= group
->next
) {
240 group
->GTKReKey
= TRUE
;
242 group
->changed
= FALSE
;
243 wpa_group_sm_step(wpa_auth
, group
);
244 } while (group
->changed
);
247 if (wpa_auth
->conf
.wpa_group_rekey
) {
248 eloop_register_timeout(wpa_auth
->conf
.wpa_group_rekey
,
249 0, wpa_rekey_gtk
, wpa_auth
, NULL
);
254 static void wpa_rekey_ptk(void *eloop_ctx
, void *timeout_ctx
)
256 struct wpa_authenticator
*wpa_auth
= eloop_ctx
;
257 struct wpa_state_machine
*sm
= timeout_ctx
;
259 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
, "rekeying PTK");
260 wpa_request_new_ptk(sm
);
265 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine
*sm
, void *ctx
)
267 if (sm
->pmksa
== ctx
)
273 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry
*entry
,
276 struct wpa_authenticator
*wpa_auth
= ctx
;
277 wpa_auth_for_each_sta(wpa_auth
, wpa_auth_pmksa_clear_cb
, entry
);
281 static void wpa_group_set_key_len(struct wpa_group
*group
, int cipher
)
284 case WPA_CIPHER_CCMP
:
287 case WPA_CIPHER_TKIP
:
290 case WPA_CIPHER_WEP104
:
293 case WPA_CIPHER_WEP40
:
300 static struct wpa_group
* wpa_group_init(struct wpa_authenticator
*wpa_auth
,
303 struct wpa_group
*group
;
304 u8 buf
[ETH_ALEN
+ 8 + sizeof(group
)];
307 group
= os_zalloc(sizeof(struct wpa_group
));
311 group
->GTKAuthenticator
= TRUE
;
312 group
->vlan_id
= vlan_id
;
314 wpa_group_set_key_len(group
, wpa_auth
->conf
.wpa_group
);
316 /* Counter = PRF-256(Random number, "Init Counter",
317 * Local MAC Address || Time)
319 os_memcpy(buf
, wpa_auth
->addr
, ETH_ALEN
);
320 wpa_get_ntp_timestamp(buf
+ ETH_ALEN
);
321 os_memcpy(buf
+ ETH_ALEN
+ 8, &group
, sizeof(group
));
322 if (os_get_random(rkey
, sizeof(rkey
)) ||
323 os_get_random(group
->GMK
, WPA_GMK_LEN
)) {
324 wpa_printf(MSG_ERROR
, "Failed to get random data for WPA "
330 sha1_prf(rkey
, sizeof(rkey
), "Init Counter", buf
, sizeof(buf
),
331 group
->Counter
, WPA_NONCE_LEN
);
334 wpa_group_sm_step(wpa_auth
, group
);
335 group
->GInit
= FALSE
;
336 wpa_group_sm_step(wpa_auth
, group
);
343 * wpa_init - Initialize WPA authenticator
344 * @addr: Authenticator address
345 * @conf: Configuration for WPA authenticator
346 * @cb: Callback functions for WPA authenticator
347 * Returns: Pointer to WPA authenticator data or %NULL on failure
349 struct wpa_authenticator
* wpa_init(const u8
*addr
,
350 struct wpa_auth_config
*conf
,
351 struct wpa_auth_callbacks
*cb
)
353 struct wpa_authenticator
*wpa_auth
;
355 wpa_auth
= os_zalloc(sizeof(struct wpa_authenticator
));
356 if (wpa_auth
== NULL
)
358 os_memcpy(wpa_auth
->addr
, addr
, ETH_ALEN
);
359 os_memcpy(&wpa_auth
->conf
, conf
, sizeof(*conf
));
360 os_memcpy(&wpa_auth
->cb
, cb
, sizeof(*cb
));
362 if (wpa_auth_gen_wpa_ie(wpa_auth
)) {
363 wpa_printf(MSG_ERROR
, "Could not generate WPA IE.");
368 wpa_auth
->group
= wpa_group_init(wpa_auth
, 0);
369 if (wpa_auth
->group
== NULL
) {
370 os_free(wpa_auth
->wpa_ie
);
375 wpa_auth
->pmksa
= pmksa_cache_auth_init(wpa_auth_pmksa_free_cb
,
377 if (wpa_auth
->pmksa
== NULL
) {
378 wpa_printf(MSG_ERROR
, "PMKSA cache initialization failed.");
379 os_free(wpa_auth
->wpa_ie
);
384 #ifdef CONFIG_IEEE80211R
385 wpa_auth
->ft_pmk_cache
= wpa_ft_pmk_cache_init();
386 if (wpa_auth
->ft_pmk_cache
== NULL
) {
387 wpa_printf(MSG_ERROR
, "FT PMK cache initialization failed.");
388 os_free(wpa_auth
->wpa_ie
);
389 pmksa_cache_auth_deinit(wpa_auth
->pmksa
);
393 #endif /* CONFIG_IEEE80211R */
395 if (wpa_auth
->conf
.wpa_gmk_rekey
) {
396 eloop_register_timeout(wpa_auth
->conf
.wpa_gmk_rekey
, 0,
397 wpa_rekey_gmk
, wpa_auth
, NULL
);
400 if (wpa_auth
->conf
.wpa_group_rekey
) {
401 eloop_register_timeout(wpa_auth
->conf
.wpa_group_rekey
, 0,
402 wpa_rekey_gtk
, wpa_auth
, NULL
);
410 * wpa_deinit - Deinitialize WPA authenticator
411 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
413 void wpa_deinit(struct wpa_authenticator
*wpa_auth
)
415 struct wpa_group
*group
, *prev
;
417 eloop_cancel_timeout(wpa_rekey_gmk
, wpa_auth
, NULL
);
418 eloop_cancel_timeout(wpa_rekey_gtk
, wpa_auth
, NULL
);
420 #ifdef CONFIG_PEERKEY
421 while (wpa_auth
->stsl_negotiations
)
422 wpa_stsl_remove(wpa_auth
, wpa_auth
->stsl_negotiations
);
423 #endif /* CONFIG_PEERKEY */
425 pmksa_cache_auth_deinit(wpa_auth
->pmksa
);
427 #ifdef CONFIG_IEEE80211R
428 wpa_ft_pmk_cache_deinit(wpa_auth
->ft_pmk_cache
);
429 wpa_auth
->ft_pmk_cache
= NULL
;
430 #endif /* CONFIG_IEEE80211R */
432 os_free(wpa_auth
->wpa_ie
);
434 group
= wpa_auth
->group
;
446 * wpa_reconfig - Update WPA authenticator configuration
447 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
448 * @conf: Configuration for WPA authenticator
450 int wpa_reconfig(struct wpa_authenticator
*wpa_auth
,
451 struct wpa_auth_config
*conf
)
453 struct wpa_group
*group
;
454 if (wpa_auth
== NULL
)
457 os_memcpy(&wpa_auth
->conf
, conf
, sizeof(*conf
));
458 if (wpa_auth_gen_wpa_ie(wpa_auth
)) {
459 wpa_printf(MSG_ERROR
, "Could not generate WPA IE.");
464 * Reinitialize GTK to make sure it is suitable for the new
467 group
= wpa_auth
->group
;
468 wpa_group_set_key_len(group
, wpa_auth
->conf
.wpa_group
);
470 wpa_group_sm_step(wpa_auth
, group
);
471 group
->GInit
= FALSE
;
472 wpa_group_sm_step(wpa_auth
, group
);
478 struct wpa_state_machine
*
479 wpa_auth_sta_init(struct wpa_authenticator
*wpa_auth
, const u8
*addr
)
481 struct wpa_state_machine
*sm
;
483 sm
= os_zalloc(sizeof(struct wpa_state_machine
));
486 os_memcpy(sm
->addr
, addr
, ETH_ALEN
);
488 sm
->wpa_auth
= wpa_auth
;
489 sm
->group
= wpa_auth
->group
;
495 void wpa_auth_sta_associated(struct wpa_authenticator
*wpa_auth
,
496 struct wpa_state_machine
*sm
)
498 if (wpa_auth
== NULL
|| !wpa_auth
->conf
.wpa
|| sm
== NULL
)
501 #ifdef CONFIG_IEEE80211R
502 if (sm
->ft_completed
) {
503 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
504 "FT authentication already completed - do not "
505 "start 4-way handshake");
508 #endif /* CONFIG_IEEE80211R */
511 os_memset(&sm
->key_replay
, 0, sizeof(sm
->key_replay
));
512 sm
->ReAuthenticationRequest
= TRUE
;
517 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
518 "start authentication");
524 sm
->AuthenticationRequest
= TRUE
;
529 void wpa_auth_sta_no_wpa(struct wpa_state_machine
*sm
)
531 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
532 * reassociates back to the same AP while the previous entry for the
533 * STA has not yet been removed. */
537 sm
->wpa_key_mgmt
= 0;
541 static void wpa_free_sta_sm(struct wpa_state_machine
*sm
)
543 os_free(sm
->last_rx_eapol_key
);
549 void wpa_auth_sta_deinit(struct wpa_state_machine
*sm
)
554 if (sm
->wpa_auth
->conf
.wpa_strict_rekey
&& sm
->has_GTK
) {
555 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
556 "strict rekeying - force GTK rekey since STA "
558 eloop_cancel_timeout(wpa_rekey_gtk
, sm
->wpa_auth
, NULL
);
559 eloop_register_timeout(0, 500000, wpa_rekey_gtk
, sm
->wpa_auth
,
563 eloop_cancel_timeout(wpa_send_eapol_timeout
, sm
->wpa_auth
, sm
);
564 eloop_cancel_timeout(wpa_sm_call_step
, sm
, NULL
);
565 eloop_cancel_timeout(wpa_rekey_ptk
, sm
->wpa_auth
, sm
);
566 if (sm
->in_step_loop
) {
567 /* Must not free state machine while wpa_sm_step() is running.
568 * Freeing will be completed in the end of wpa_sm_step(). */
569 wpa_printf(MSG_DEBUG
, "WPA: Registering pending STA state "
570 "machine deinit for " MACSTR
, MAC2STR(sm
->addr
));
571 sm
->pending_deinit
= 1;
577 static void wpa_request_new_ptk(struct wpa_state_machine
*sm
)
582 sm
->PTKRequest
= TRUE
;
587 static int wpa_replay_counter_valid(struct wpa_state_machine
*sm
,
588 const u8
*replay_counter
)
591 for (i
= 0; i
< RSNA_MAX_EAPOL_RETRIES
; i
++) {
592 if (!sm
->key_replay
[i
].valid
)
594 if (os_memcmp(replay_counter
, sm
->key_replay
[i
].counter
,
595 WPA_REPLAY_COUNTER_LEN
) == 0)
602 void wpa_receive(struct wpa_authenticator
*wpa_auth
,
603 struct wpa_state_machine
*sm
,
604 u8
*data
, size_t data_len
)
606 struct ieee802_1x_hdr
*hdr
;
607 struct wpa_eapol_key
*key
;
608 u16 key_info
, key_data_length
;
609 enum { PAIRWISE_2
, PAIRWISE_4
, GROUP_2
, REQUEST
,
610 SMK_M1
, SMK_M3
, SMK_ERROR
} msg
;
612 struct wpa_eapol_ie_parse kde
;
614 if (wpa_auth
== NULL
|| !wpa_auth
->conf
.wpa
|| sm
== NULL
)
617 if (data_len
< sizeof(*hdr
) + sizeof(*key
))
620 hdr
= (struct ieee802_1x_hdr
*) data
;
621 key
= (struct wpa_eapol_key
*) (hdr
+ 1);
622 key_info
= WPA_GET_BE16(key
->key_info
);
623 key_data_length
= WPA_GET_BE16(key
->key_data_length
);
624 if (key_data_length
> data_len
- sizeof(*hdr
) - sizeof(*key
)) {
625 wpa_printf(MSG_INFO
, "WPA: Invalid EAPOL-Key frame - "
626 "key_data overflow (%d > %lu)",
628 (unsigned long) (data_len
- sizeof(*hdr
) -
633 if (sm
->wpa
== WPA_VERSION_WPA2
) {
634 if (key
->type
!= EAPOL_KEY_TYPE_RSN
) {
635 wpa_printf(MSG_DEBUG
, "Ignore EAPOL-Key with "
636 "unexpected type %d in RSN mode",
641 if (key
->type
!= EAPOL_KEY_TYPE_WPA
) {
642 wpa_printf(MSG_DEBUG
, "Ignore EAPOL-Key with "
643 "unexpected type %d in WPA mode",
649 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
652 if ((key_info
& (WPA_KEY_INFO_SMK_MESSAGE
| WPA_KEY_INFO_REQUEST
)) ==
653 (WPA_KEY_INFO_SMK_MESSAGE
| WPA_KEY_INFO_REQUEST
)) {
654 if (key_info
& WPA_KEY_INFO_ERROR
) {
656 msgtxt
= "SMK Error";
661 } else if (key_info
& WPA_KEY_INFO_SMK_MESSAGE
) {
664 } else if (key_info
& WPA_KEY_INFO_REQUEST
) {
667 } else if (!(key_info
& WPA_KEY_INFO_KEY_TYPE
)) {
669 msgtxt
= "2/2 Group";
670 } else if (key_data_length
== 0) {
672 msgtxt
= "4/4 Pairwise";
675 msgtxt
= "2/4 Pairwise";
678 /* TODO: key_info type validation for PeerKey */
679 if (msg
== REQUEST
|| msg
== PAIRWISE_2
|| msg
== PAIRWISE_4
||
681 u16 ver
= key_info
& WPA_KEY_INFO_TYPE_MASK
;
682 if (sm
->pairwise
== WPA_CIPHER_CCMP
) {
683 if (wpa_use_aes_cmac(sm
) &&
684 ver
!= WPA_KEY_INFO_TYPE_AES_128_CMAC
) {
685 wpa_auth_logger(wpa_auth
, sm
->addr
,
687 "advertised support for "
688 "AES-128-CMAC, but did not "
693 if (!wpa_use_aes_cmac(sm
) &&
694 ver
!= WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
) {
695 wpa_auth_logger(wpa_auth
, sm
->addr
,
697 "did not use HMAC-SHA1-AES "
704 if (key_info
& WPA_KEY_INFO_REQUEST
) {
705 if (sm
->req_replay_counter_used
&&
706 os_memcmp(key
->replay_counter
, sm
->req_replay_counter
,
707 WPA_REPLAY_COUNTER_LEN
) <= 0) {
708 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_WARNING
,
709 "received EAPOL-Key request with "
715 if (!(key_info
& WPA_KEY_INFO_REQUEST
) &&
716 !wpa_replay_counter_valid(sm
, key
->replay_counter
)) {
718 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
719 "received EAPOL-Key %s with unexpected "
720 "replay counter", msgtxt
);
721 for (i
= 0; i
< RSNA_MAX_EAPOL_RETRIES
; i
++) {
722 if (!sm
->key_replay
[i
].valid
)
724 wpa_hexdump(MSG_DEBUG
, "pending replay counter",
725 sm
->key_replay
[i
].counter
,
726 WPA_REPLAY_COUNTER_LEN
);
728 wpa_hexdump(MSG_DEBUG
, "received replay counter",
729 key
->replay_counter
, WPA_REPLAY_COUNTER_LEN
);
735 if (sm
->wpa_ptk_state
!= WPA_PTK_PTKSTART
&&
736 sm
->wpa_ptk_state
!= WPA_PTK_PTKCALCNEGOTIATING
) {
737 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
738 "received EAPOL-Key msg 2/4 in "
739 "invalid state (%d) - dropped",
743 if (sm
->wpa_ie
== NULL
||
744 sm
->wpa_ie_len
!= key_data_length
||
745 os_memcmp(sm
->wpa_ie
, key
+ 1, key_data_length
) != 0) {
746 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
747 "WPA IE from (Re)AssocReq did not "
748 "match with msg 2/4");
750 wpa_hexdump(MSG_DEBUG
, "WPA IE in AssocReq",
751 sm
->wpa_ie
, sm
->wpa_ie_len
);
753 wpa_hexdump(MSG_DEBUG
, "WPA IE in msg 2/4",
754 (u8
*) (key
+ 1), key_data_length
);
755 /* MLME-DEAUTHENTICATE.request */
756 wpa_sta_disconnect(wpa_auth
, sm
->addr
);
761 if (sm
->wpa_ptk_state
!= WPA_PTK_PTKINITNEGOTIATING
||
763 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
764 "received EAPOL-Key msg 4/4 in "
765 "invalid state (%d) - dropped",
771 if (sm
->wpa_ptk_group_state
!= WPA_PTK_GROUP_REKEYNEGOTIATING
773 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
774 "received EAPOL-Key msg 2/2 in "
775 "invalid state (%d) - dropped",
776 sm
->wpa_ptk_group_state
);
780 #ifdef CONFIG_PEERKEY
784 if (!wpa_auth
->conf
.peerkey
) {
785 wpa_printf(MSG_DEBUG
, "RSN: SMK M1/M3/Error, but "
786 "PeerKey use disabled - ignoring message");
789 if (!sm
->PTK_valid
) {
790 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
791 "received EAPOL-Key msg SMK in "
792 "invalid state - dropped");
796 #else /* CONFIG_PEERKEY */
800 return; /* STSL disabled - ignore SMK messages */
801 #endif /* CONFIG_PEERKEY */
806 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
807 "received EAPOL-Key frame (%s)", msgtxt
);
809 if (key_info
& WPA_KEY_INFO_ACK
) {
810 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
811 "received invalid EAPOL-Key: Key Ack set");
815 if (!(key_info
& WPA_KEY_INFO_MIC
)) {
816 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
817 "received invalid EAPOL-Key: Key MIC not set");
821 sm
->MICVerified
= FALSE
;
823 if (wpa_verify_key_mic(&sm
->PTK
, data
, data_len
)) {
824 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
825 "received EAPOL-Key with invalid MIC");
828 sm
->MICVerified
= TRUE
;
829 eloop_cancel_timeout(wpa_send_eapol_timeout
, wpa_auth
, sm
);
832 if (key_info
& WPA_KEY_INFO_REQUEST
) {
833 if (sm
->MICVerified
) {
834 sm
->req_replay_counter_used
= 1;
835 os_memcpy(sm
->req_replay_counter
, key
->replay_counter
,
836 WPA_REPLAY_COUNTER_LEN
);
838 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
839 "received EAPOL-Key request with "
845 * TODO: should decrypt key data field if encryption was used;
846 * even though MAC address KDE is not normally encrypted,
847 * supplicant is allowed to encrypt it.
849 if (msg
== SMK_ERROR
) {
850 #ifdef CONFIG_PEERKEY
851 wpa_smk_error(wpa_auth
, sm
, key
);
852 #endif /* CONFIG_PEERKEY */
854 } else if (key_info
& WPA_KEY_INFO_ERROR
) {
855 /* Supplicant reported a Michael MIC error */
856 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
857 "received EAPOL-Key Error Request "
858 "(STA detected Michael MIC failure)");
859 wpa_auth_mic_failure_report(wpa_auth
, sm
->addr
);
860 sm
->dot11RSNAStatsTKIPRemoteMICFailures
++;
861 wpa_auth
->dot11RSNAStatsTKIPRemoteMICFailures
++;
862 /* Error report is not a request for a new key
863 * handshake, but since Authenticator may do it, let's
864 * change the keys now anyway. */
865 wpa_request_new_ptk(sm
);
866 } else if (key_info
& WPA_KEY_INFO_KEY_TYPE
) {
867 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
868 "received EAPOL-Key Request for new "
870 wpa_request_new_ptk(sm
);
871 #ifdef CONFIG_PEERKEY
872 } else if (msg
== SMK_M1
) {
873 wpa_smk_m1(wpa_auth
, sm
, key
);
874 #endif /* CONFIG_PEERKEY */
875 } else if (key_data_length
> 0 &&
876 wpa_parse_kde_ies((const u8
*) (key
+ 1),
877 key_data_length
, &kde
) == 0 &&
880 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
881 "received EAPOL-Key Request for GTK "
883 /* FIX: why was this triggering PTK rekeying for the
884 * STA that requested Group Key rekeying?? */
885 /* wpa_request_new_ptk(sta->wpa_sm); */
886 eloop_cancel_timeout(wpa_rekey_gtk
, wpa_auth
, NULL
);
887 wpa_rekey_gtk(wpa_auth
, NULL
);
890 /* Do not allow the same key replay counter to be reused. This
891 * does also invalidate all other pending replay counters if
892 * retransmissions were used, i.e., we will only process one of
893 * the pending replies and ignore rest if more than one is
895 sm
->key_replay
[0].valid
= FALSE
;
898 #ifdef CONFIG_PEERKEY
900 wpa_smk_m3(wpa_auth
, sm
, key
);
903 #endif /* CONFIG_PEERKEY */
905 os_free(sm
->last_rx_eapol_key
);
906 sm
->last_rx_eapol_key
= os_malloc(data_len
);
907 if (sm
->last_rx_eapol_key
== NULL
)
909 os_memcpy(sm
->last_rx_eapol_key
, data
, data_len
);
910 sm
->last_rx_eapol_key_len
= data_len
;
912 sm
->EAPOLKeyReceived
= TRUE
;
913 sm
->EAPOLKeyPairwise
= !!(key_info
& WPA_KEY_INFO_KEY_TYPE
);
914 sm
->EAPOLKeyRequest
= !!(key_info
& WPA_KEY_INFO_REQUEST
);
915 os_memcpy(sm
->SNonce
, key
->key_nonce
, WPA_NONCE_LEN
);
920 static void wpa_gmk_to_gtk(const u8
*gmk
, const u8
*addr
, const u8
*gnonce
,
921 u8
*gtk
, size_t gtk_len
)
923 u8 data
[ETH_ALEN
+ WPA_NONCE_LEN
];
925 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
926 os_memcpy(data
, addr
, ETH_ALEN
);
927 os_memcpy(data
+ ETH_ALEN
, gnonce
, WPA_NONCE_LEN
);
929 #ifdef CONFIG_IEEE80211W
930 sha256_prf(gmk
, WPA_GMK_LEN
, "Group key expansion",
931 data
, sizeof(data
), gtk
, gtk_len
);
932 #else /* CONFIG_IEEE80211W */
933 sha1_prf(gmk
, WPA_GMK_LEN
, "Group key expansion",
934 data
, sizeof(data
), gtk
, gtk_len
);
935 #endif /* CONFIG_IEEE80211W */
937 wpa_hexdump_key(MSG_DEBUG
, "GMK", gmk
, WPA_GMK_LEN
);
938 wpa_hexdump_key(MSG_DEBUG
, "GTK", gtk
, gtk_len
);
942 static void wpa_send_eapol_timeout(void *eloop_ctx
, void *timeout_ctx
)
944 struct wpa_authenticator
*wpa_auth
= eloop_ctx
;
945 struct wpa_state_machine
*sm
= timeout_ctx
;
947 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
, "EAPOL-Key timeout");
948 sm
->TimeoutEvt
= TRUE
;
953 void __wpa_send_eapol(struct wpa_authenticator
*wpa_auth
,
954 struct wpa_state_machine
*sm
, int key_info
,
955 const u8
*key_rsc
, const u8
*nonce
,
956 const u8
*kde
, size_t kde_len
,
957 int keyidx
, int encr
, int force_version
)
959 struct ieee802_1x_hdr
*hdr
;
960 struct wpa_eapol_key
*key
;
963 int key_data_len
, pad_len
= 0;
965 int version
, pairwise
;
968 len
= sizeof(struct ieee802_1x_hdr
) + sizeof(struct wpa_eapol_key
);
971 version
= force_version
;
972 else if (wpa_use_aes_cmac(sm
))
973 version
= WPA_KEY_INFO_TYPE_AES_128_CMAC
;
974 else if (sm
->pairwise
== WPA_CIPHER_CCMP
)
975 version
= WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
;
977 version
= WPA_KEY_INFO_TYPE_HMAC_MD5_RC4
;
979 pairwise
= key_info
& WPA_KEY_INFO_KEY_TYPE
;
981 wpa_printf(MSG_DEBUG
, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
982 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
985 (key_info
& WPA_KEY_INFO_SECURE
) ? 1 : 0,
986 (key_info
& WPA_KEY_INFO_MIC
) ? 1 : 0,
987 (key_info
& WPA_KEY_INFO_ACK
) ? 1 : 0,
988 (key_info
& WPA_KEY_INFO_INSTALL
) ? 1 : 0,
989 pairwise
, (unsigned long) kde_len
, keyidx
, encr
);
991 key_data_len
= kde_len
;
993 if ((version
== WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
||
994 version
== WPA_KEY_INFO_TYPE_AES_128_CMAC
) && encr
) {
995 pad_len
= key_data_len
% 8;
997 pad_len
= 8 - pad_len
;
998 key_data_len
+= pad_len
+ 8;
1001 len
+= key_data_len
;
1003 hdr
= os_zalloc(len
);
1006 hdr
->version
= wpa_auth
->conf
.eapol_version
;
1007 hdr
->type
= IEEE802_1X_TYPE_EAPOL_KEY
;
1008 hdr
->length
= host_to_be16(len
- sizeof(*hdr
));
1009 key
= (struct wpa_eapol_key
*) (hdr
+ 1);
1011 key
->type
= sm
->wpa
== WPA_VERSION_WPA2
?
1012 EAPOL_KEY_TYPE_RSN
: EAPOL_KEY_TYPE_WPA
;
1013 key_info
|= version
;
1014 if (encr
&& sm
->wpa
== WPA_VERSION_WPA2
)
1015 key_info
|= WPA_KEY_INFO_ENCR_KEY_DATA
;
1016 if (sm
->wpa
!= WPA_VERSION_WPA2
)
1017 key_info
|= keyidx
<< WPA_KEY_INFO_KEY_INDEX_SHIFT
;
1018 WPA_PUT_BE16(key
->key_info
, key_info
);
1020 alg
= pairwise
? sm
->pairwise
: wpa_auth
->conf
.wpa_group
;
1022 case WPA_CIPHER_CCMP
:
1023 WPA_PUT_BE16(key
->key_length
, 16);
1025 case WPA_CIPHER_TKIP
:
1026 WPA_PUT_BE16(key
->key_length
, 32);
1028 case WPA_CIPHER_WEP40
:
1029 WPA_PUT_BE16(key
->key_length
, 5);
1031 case WPA_CIPHER_WEP104
:
1032 WPA_PUT_BE16(key
->key_length
, 13);
1035 if (key_info
& WPA_KEY_INFO_SMK_MESSAGE
)
1036 WPA_PUT_BE16(key
->key_length
, 0);
1038 /* FIX: STSL: what to use as key_replay_counter? */
1039 for (i
= RSNA_MAX_EAPOL_RETRIES
- 1; i
> 0; i
--) {
1040 sm
->key_replay
[i
].valid
= sm
->key_replay
[i
- 1].valid
;
1041 os_memcpy(sm
->key_replay
[i
].counter
,
1042 sm
->key_replay
[i
- 1].counter
,
1043 WPA_REPLAY_COUNTER_LEN
);
1045 inc_byte_array(sm
->key_replay
[0].counter
, WPA_REPLAY_COUNTER_LEN
);
1046 os_memcpy(key
->replay_counter
, sm
->key_replay
[0].counter
,
1047 WPA_REPLAY_COUNTER_LEN
);
1048 sm
->key_replay
[0].valid
= TRUE
;
1051 os_memcpy(key
->key_nonce
, nonce
, WPA_NONCE_LEN
);
1054 os_memcpy(key
->key_rsc
, key_rsc
, WPA_KEY_RSC_LEN
);
1057 os_memcpy(key
+ 1, kde
, kde_len
);
1058 WPA_PUT_BE16(key
->key_data_length
, kde_len
);
1059 } else if (encr
&& kde
) {
1060 buf
= os_zalloc(key_data_len
);
1066 os_memcpy(pos
, kde
, kde_len
);
1072 wpa_hexdump_key(MSG_DEBUG
, "Plaintext EAPOL-Key Key Data",
1074 if (version
== WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
||
1075 version
== WPA_KEY_INFO_TYPE_AES_128_CMAC
) {
1076 if (aes_wrap(sm
->PTK
.kek
, (key_data_len
- 8) / 8, buf
,
1077 (u8
*) (key
+ 1))) {
1082 WPA_PUT_BE16(key
->key_data_length
, key_data_len
);
1085 os_memcpy(key
->key_iv
,
1086 sm
->group
->Counter
+ WPA_NONCE_LEN
- 16, 16);
1087 inc_byte_array(sm
->group
->Counter
, WPA_NONCE_LEN
);
1088 os_memcpy(ek
, key
->key_iv
, 16);
1089 os_memcpy(ek
+ 16, sm
->PTK
.kek
, 16);
1090 os_memcpy(key
+ 1, buf
, key_data_len
);
1091 rc4_skip(ek
, 32, 256, (u8
*) (key
+ 1), key_data_len
);
1092 WPA_PUT_BE16(key
->key_data_length
, key_data_len
);
1097 if (key_info
& WPA_KEY_INFO_MIC
) {
1098 if (!sm
->PTK_valid
) {
1099 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1100 "PTK not valid when sending EAPOL-Key "
1105 wpa_eapol_key_mic(sm
->PTK
.kck
, version
, (u8
*) hdr
, len
,
1109 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_inc_EapolFramesTx
,
1111 wpa_auth_send_eapol(wpa_auth
, sm
->addr
, (u8
*) hdr
, len
,
1117 static void wpa_send_eapol(struct wpa_authenticator
*wpa_auth
,
1118 struct wpa_state_machine
*sm
, int key_info
,
1119 const u8
*key_rsc
, const u8
*nonce
,
1120 const u8
*kde
, size_t kde_len
,
1121 int keyidx
, int encr
)
1124 int pairwise
= key_info
& WPA_KEY_INFO_KEY_TYPE
;
1130 __wpa_send_eapol(wpa_auth
, sm
, key_info
, key_rsc
, nonce
, kde
, kde_len
,
1133 ctr
= pairwise
? sm
->TimeoutCtr
: sm
->GTimeoutCtr
;
1135 timeout_ms
= eapol_key_timeout_first
;
1137 timeout_ms
= eapol_key_timeout_subseq
;
1138 eloop_register_timeout(timeout_ms
/ 1000, (timeout_ms
% 1000) * 1000,
1139 wpa_send_eapol_timeout
, wpa_auth
, sm
);
1143 static int wpa_verify_key_mic(struct wpa_ptk
*PTK
, u8
*data
, size_t data_len
)
1145 struct ieee802_1x_hdr
*hdr
;
1146 struct wpa_eapol_key
*key
;
1151 if (data_len
< sizeof(*hdr
) + sizeof(*key
))
1154 hdr
= (struct ieee802_1x_hdr
*) data
;
1155 key
= (struct wpa_eapol_key
*) (hdr
+ 1);
1156 key_info
= WPA_GET_BE16(key
->key_info
);
1157 os_memcpy(mic
, key
->key_mic
, 16);
1158 os_memset(key
->key_mic
, 0, 16);
1159 if (wpa_eapol_key_mic(PTK
->kck
, key_info
& WPA_KEY_INFO_TYPE_MASK
,
1160 data
, data_len
, key
->key_mic
) ||
1161 os_memcmp(mic
, key
->key_mic
, 16) != 0)
1163 os_memcpy(key
->key_mic
, mic
, 16);
1168 void wpa_remove_ptk(struct wpa_state_machine
*sm
)
1170 sm
->PTK_valid
= FALSE
;
1171 os_memset(&sm
->PTK
, 0, sizeof(sm
->PTK
));
1172 wpa_auth_set_key(sm
->wpa_auth
, 0, WPA_ALG_NONE
, sm
->addr
, 0, (u8
*) "",
1174 sm
->pairwise_set
= FALSE
;
1175 eloop_cancel_timeout(wpa_rekey_ptk
, sm
->wpa_auth
, sm
);
1179 void wpa_auth_sm_event(struct wpa_state_machine
*sm
, wpa_event event
)
1186 wpa_auth_vlogger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1187 "event %d notification", event
);
1195 sm
->DeauthenticationRequest
= TRUE
;
1198 case WPA_REAUTH_EAPOL
:
1199 if (sm
->GUpdateStationKeys
) {
1201 * Reauthentication cancels the pending group key
1202 * update for this STA.
1204 sm
->group
->GKeyDoneStations
--;
1205 sm
->GUpdateStationKeys
= FALSE
;
1206 sm
->PtkGroupInit
= TRUE
;
1208 sm
->ReAuthenticationRequest
= TRUE
;
1211 #ifdef CONFIG_IEEE80211R
1212 /* Using FT protocol, not WPA auth state machine */
1213 sm
->ft_completed
= 1;
1215 #else /* CONFIG_IEEE80211R */
1217 #endif /* CONFIG_IEEE80211R */
1220 #ifdef CONFIG_IEEE80211R
1221 sm
->ft_completed
= 0;
1222 #endif /* CONFIG_IEEE80211R */
1224 #ifdef CONFIG_IEEE80211W
1225 if (sm
->mgmt_frame_prot
&& event
== WPA_AUTH
)
1227 #endif /* CONFIG_IEEE80211W */
1230 sm
->PTK_valid
= FALSE
;
1231 os_memset(&sm
->PTK
, 0, sizeof(sm
->PTK
));
1233 if (event
!= WPA_REAUTH_EAPOL
)
1241 static wpa_alg
wpa_alg_enum(int alg
)
1244 case WPA_CIPHER_CCMP
:
1245 return WPA_ALG_CCMP
;
1246 case WPA_CIPHER_TKIP
:
1247 return WPA_ALG_TKIP
;
1248 case WPA_CIPHER_WEP104
:
1249 case WPA_CIPHER_WEP40
:
1252 return WPA_ALG_NONE
;
1257 SM_STATE(WPA_PTK
, INITIALIZE
)
1259 SM_ENTRY_MA(WPA_PTK
, INITIALIZE
, wpa_ptk
);
1261 /* Init flag is not cleared here, so avoid busy
1262 * loop by claiming nothing changed. */
1263 sm
->changed
= FALSE
;
1267 if (sm
->GUpdateStationKeys
)
1268 sm
->group
->GKeyDoneStations
--;
1269 sm
->GUpdateStationKeys
= FALSE
;
1270 if (sm
->wpa
== WPA_VERSION_WPA
)
1271 sm
->PInitAKeys
= FALSE
;
1272 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1273 * Local AA > Remote AA)) */) {
1276 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_portEnabled
, 0);
1278 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_portValid
, 0);
1280 if (wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
)) {
1281 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
,
1282 WPA_EAPOL_authorized
, 0);
1287 SM_STATE(WPA_PTK
, DISCONNECT
)
1289 SM_ENTRY_MA(WPA_PTK
, DISCONNECT
, wpa_ptk
);
1290 sm
->Disconnect
= FALSE
;
1291 wpa_sta_disconnect(sm
->wpa_auth
, sm
->addr
);
1295 SM_STATE(WPA_PTK
, DISCONNECTED
)
1297 SM_ENTRY_MA(WPA_PTK
, DISCONNECTED
, wpa_ptk
);
1298 sm
->DeauthenticationRequest
= FALSE
;
1302 SM_STATE(WPA_PTK
, AUTHENTICATION
)
1304 SM_ENTRY_MA(WPA_PTK
, AUTHENTICATION
, wpa_ptk
);
1305 os_memset(&sm
->PTK
, 0, sizeof(sm
->PTK
));
1306 sm
->PTK_valid
= FALSE
;
1307 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_portControl_Auto
,
1309 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_portEnabled
, 1);
1310 sm
->AuthenticationRequest
= FALSE
;
1314 SM_STATE(WPA_PTK
, AUTHENTICATION2
)
1316 SM_ENTRY_MA(WPA_PTK
, AUTHENTICATION2
, wpa_ptk
);
1317 os_memcpy(sm
->ANonce
, sm
->group
->Counter
, WPA_NONCE_LEN
);
1318 inc_byte_array(sm
->group
->Counter
, WPA_NONCE_LEN
);
1319 sm
->ReAuthenticationRequest
= FALSE
;
1320 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1321 * logical place than INITIALIZE since AUTHENTICATION2 can be
1322 * re-entered on ReAuthenticationRequest without going through
1328 SM_STATE(WPA_PTK
, INITPMK
)
1330 u8 msk
[2 * PMK_LEN
];
1331 size_t len
= 2 * PMK_LEN
;
1333 SM_ENTRY_MA(WPA_PTK
, INITPMK
, wpa_ptk
);
1334 #ifdef CONFIG_IEEE80211R
1336 #endif /* CONFIG_IEEE80211R */
1338 wpa_printf(MSG_DEBUG
, "WPA: PMK from PMKSA cache");
1339 os_memcpy(sm
->PMK
, sm
->pmksa
->pmk
, PMK_LEN
);
1340 } else if (wpa_auth_get_msk(sm
->wpa_auth
, sm
->addr
, msk
, &len
) == 0) {
1341 wpa_printf(MSG_DEBUG
, "WPA: PMK from EAPOL state machine "
1342 "(len=%lu)", (unsigned long) len
);
1343 os_memcpy(sm
->PMK
, msk
, PMK_LEN
);
1344 #ifdef CONFIG_IEEE80211R
1345 if (len
>= 2 * PMK_LEN
) {
1346 os_memcpy(sm
->xxkey
, msk
+ PMK_LEN
, PMK_LEN
);
1347 sm
->xxkey_len
= PMK_LEN
;
1349 #endif /* CONFIG_IEEE80211R */
1351 wpa_printf(MSG_DEBUG
, "WPA: Could not get PMK");
1354 sm
->req_replay_counter_used
= 0;
1355 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1356 * will break reauthentication since EAPOL state machines may not be
1357 * get into AUTHENTICATING state that clears keyRun before WPA state
1358 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1359 * state and takes PMK from the previously used AAA Key. This will
1360 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1361 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1362 * be good workaround for this issue. */
1363 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_keyRun
, 0);
1367 SM_STATE(WPA_PTK
, INITPSK
)
1370 SM_ENTRY_MA(WPA_PTK
, INITPSK
, wpa_ptk
);
1371 psk
= wpa_auth_get_psk(sm
->wpa_auth
, sm
->addr
, NULL
);
1373 os_memcpy(sm
->PMK
, psk
, PMK_LEN
);
1374 #ifdef CONFIG_IEEE80211R
1375 os_memcpy(sm
->xxkey
, psk
, PMK_LEN
);
1376 sm
->xxkey_len
= PMK_LEN
;
1377 #endif /* CONFIG_IEEE80211R */
1379 sm
->req_replay_counter_used
= 0;
1383 SM_STATE(WPA_PTK
, PTKSTART
)
1385 u8 buf
[2 + RSN_SELECTOR_LEN
+ PMKID_LEN
], *pmkid
= NULL
;
1386 size_t pmkid_len
= 0;
1388 SM_ENTRY_MA(WPA_PTK
, PTKSTART
, wpa_ptk
);
1389 sm
->PTKRequest
= FALSE
;
1390 sm
->TimeoutEvt
= FALSE
;
1393 if (sm
->TimeoutCtr
> (int) dot11RSNAConfigPairwiseUpdateCount
) {
1394 /* No point in sending the EAPOL-Key - we will disconnect
1395 * immediately following this. */
1399 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1400 "sending 1/4 msg of 4-Way Handshake");
1402 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1403 * one possible PSK for this STA.
1405 if (sm
->wpa
== WPA_VERSION_WPA2
&&
1406 wpa_key_mgmt_wpa_ieee8021x(sm
->wpa_key_mgmt
)) {
1408 pmkid_len
= 2 + RSN_SELECTOR_LEN
+ PMKID_LEN
;
1409 pmkid
[0] = WLAN_EID_VENDOR_SPECIFIC
;
1410 pmkid
[1] = RSN_SELECTOR_LEN
+ PMKID_LEN
;
1411 RSN_SELECTOR_PUT(&pmkid
[2], RSN_KEY_DATA_PMKID
);
1413 os_memcpy(&pmkid
[2 + RSN_SELECTOR_LEN
],
1414 sm
->pmksa
->pmkid
, PMKID_LEN
);
1417 * Calculate PMKID since no PMKSA cache entry was
1418 * available with pre-calculated PMKID.
1420 rsn_pmkid(sm
->PMK
, PMK_LEN
, sm
->wpa_auth
->addr
,
1421 sm
->addr
, &pmkid
[2 + RSN_SELECTOR_LEN
],
1422 wpa_key_mgmt_sha256(sm
->wpa_key_mgmt
));
1425 wpa_send_eapol(sm
->wpa_auth
, sm
,
1426 WPA_KEY_INFO_ACK
| WPA_KEY_INFO_KEY_TYPE
, NULL
,
1427 sm
->ANonce
, pmkid
, pmkid_len
, 0, 0);
1431 static int wpa_derive_ptk(struct wpa_state_machine
*sm
, const u8
*pmk
,
1432 struct wpa_ptk
*ptk
)
1434 size_t ptk_len
= sm
->pairwise
== WPA_CIPHER_CCMP
? 48 : 64;
1435 #ifdef CONFIG_IEEE80211R
1436 if (wpa_key_mgmt_ft(sm
->wpa_key_mgmt
))
1437 return wpa_auth_derive_ptk_ft(sm
, pmk
, ptk
, ptk_len
);
1438 #endif /* CONFIG_IEEE80211R */
1440 wpa_pmk_to_ptk(pmk
, PMK_LEN
, "Pairwise key expansion",
1441 sm
->wpa_auth
->addr
, sm
->addr
, sm
->ANonce
, sm
->SNonce
,
1442 (u8
*) ptk
, ptk_len
,
1443 wpa_key_mgmt_sha256(sm
->wpa_key_mgmt
));
1449 SM_STATE(WPA_PTK
, PTKCALCNEGOTIATING
)
1453 const u8
*pmk
= NULL
;
1455 SM_ENTRY_MA(WPA_PTK
, PTKCALCNEGOTIATING
, wpa_ptk
);
1456 sm
->EAPOLKeyReceived
= FALSE
;
1458 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1459 * WPA-PSK: iterate through possible PSKs and select the one matching
1462 if (wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
)) {
1463 pmk
= wpa_auth_get_psk(sm
->wpa_auth
, sm
->addr
, pmk
);
1469 wpa_derive_ptk(sm
, pmk
, &PTK
);
1471 if (wpa_verify_key_mic(&PTK
, sm
->last_rx_eapol_key
,
1472 sm
->last_rx_eapol_key_len
) == 0) {
1477 if (!wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
))
1482 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1483 "invalid MIC in msg 2/4 of 4-Way Handshake");
1487 eloop_cancel_timeout(wpa_send_eapol_timeout
, sm
->wpa_auth
, sm
);
1489 if (wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
)) {
1490 /* PSK may have changed from the previous choice, so update
1491 * state machine data based on whatever PSK was selected here.
1493 os_memcpy(sm
->PMK
, pmk
, PMK_LEN
);
1496 sm
->MICVerified
= TRUE
;
1498 os_memcpy(&sm
->PTK
, &PTK
, sizeof(PTK
));
1499 sm
->PTK_valid
= TRUE
;
1503 SM_STATE(WPA_PTK
, PTKCALCNEGOTIATING2
)
1505 SM_ENTRY_MA(WPA_PTK
, PTKCALCNEGOTIATING2
, wpa_ptk
);
1510 #ifdef CONFIG_IEEE80211W
1512 static int ieee80211w_kde_len(struct wpa_state_machine
*sm
)
1514 if (sm
->mgmt_frame_prot
) {
1515 return 2 + RSN_SELECTOR_LEN
+ sizeof(struct wpa_igtk_kde
);
1522 static u8
* ieee80211w_kde_add(struct wpa_state_machine
*sm
, u8
*pos
)
1524 struct wpa_igtk_kde igtk
;
1525 struct wpa_group
*gsm
= sm
->group
;
1527 if (!sm
->mgmt_frame_prot
)
1530 igtk
.keyid
[0] = gsm
->GN_igtk
;
1532 if (wpa_auth_get_seqnum(sm
->wpa_auth
, NULL
, gsm
->GN_igtk
, igtk
.pn
) < 0)
1533 os_memset(igtk
.pn
, 0, sizeof(igtk
.pn
));
1534 os_memcpy(igtk
.igtk
, gsm
->IGTK
[gsm
->GN_igtk
- 4], WPA_IGTK_LEN
);
1535 pos
= wpa_add_kde(pos
, RSN_KEY_DATA_IGTK
,
1536 (const u8
*) &igtk
, sizeof(igtk
), NULL
, 0);
1541 #else /* CONFIG_IEEE80211W */
1543 static int ieee80211w_kde_len(struct wpa_state_machine
*sm
)
1549 static u8
* ieee80211w_kde_add(struct wpa_state_machine
*sm
, u8
*pos
)
1554 #endif /* CONFIG_IEEE80211W */
1557 SM_STATE(WPA_PTK
, PTKINITNEGOTIATING
)
1559 u8 rsc
[WPA_KEY_RSC_LEN
], *_rsc
, *gtk
, *kde
, *pos
;
1560 size_t gtk_len
, kde_len
;
1561 struct wpa_group
*gsm
= sm
->group
;
1563 int wpa_ie_len
, secure
, keyidx
, encr
= 0;
1565 SM_ENTRY_MA(WPA_PTK
, PTKINITNEGOTIATING
, wpa_ptk
);
1566 sm
->TimeoutEvt
= FALSE
;
1569 if (sm
->TimeoutCtr
> (int) dot11RSNAConfigPairwiseUpdateCount
) {
1570 /* No point in sending the EAPOL-Key - we will disconnect
1571 * immediately following this. */
1575 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, GTK[GN])
1577 os_memset(rsc
, 0, WPA_KEY_RSC_LEN
);
1578 wpa_auth_get_seqnum(sm
->wpa_auth
, NULL
, gsm
->GN
, rsc
);
1579 wpa_ie
= sm
->wpa_auth
->wpa_ie
;
1580 wpa_ie_len
= sm
->wpa_auth
->wpa_ie_len
;
1581 if (sm
->wpa
== WPA_VERSION_WPA
&&
1582 (sm
->wpa_auth
->conf
.wpa
& WPA_PROTO_RSN
) &&
1583 wpa_ie_len
> wpa_ie
[1] + 2 && wpa_ie
[0] == WLAN_EID_RSN
) {
1584 /* WPA-only STA, remove RSN IE */
1585 wpa_ie
= wpa_ie
+ wpa_ie
[1] + 2;
1586 wpa_ie_len
= wpa_ie
[1] + 2;
1588 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1589 "sending 3/4 msg of 4-Way Handshake");
1590 if (sm
->wpa
== WPA_VERSION_WPA2
) {
1591 /* WPA2 send GTK in the 4-way handshake */
1593 gtk
= gsm
->GTK
[gsm
->GN
- 1];
1594 gtk_len
= gsm
->GTK_len
;
1599 /* WPA does not include GTK in msg 3/4 */
1607 kde_len
= wpa_ie_len
+ ieee80211w_kde_len(sm
);
1609 kde_len
+= 2 + RSN_SELECTOR_LEN
+ 2 + gtk_len
;
1610 kde
= os_malloc(kde_len
);
1615 os_memcpy(pos
, wpa_ie
, wpa_ie_len
);
1619 hdr
[0] = keyidx
& 0x03;
1621 pos
= wpa_add_kde(pos
, RSN_KEY_DATA_GROUPKEY
, hdr
, 2,
1624 pos
= ieee80211w_kde_add(sm
, pos
);
1626 wpa_send_eapol(sm
->wpa_auth
, sm
,
1627 (secure
? WPA_KEY_INFO_SECURE
: 0) | WPA_KEY_INFO_MIC
|
1628 WPA_KEY_INFO_ACK
| WPA_KEY_INFO_INSTALL
|
1629 WPA_KEY_INFO_KEY_TYPE
,
1630 _rsc
, sm
->ANonce
, kde
, pos
- kde
, keyidx
, encr
);
1635 SM_STATE(WPA_PTK
, PTKINITDONE
)
1637 SM_ENTRY_MA(WPA_PTK
, PTKINITDONE
, wpa_ptk
);
1638 sm
->EAPOLKeyReceived
= FALSE
;
1642 if (sm
->pairwise
== WPA_CIPHER_TKIP
) {
1649 if (wpa_auth_set_key(sm
->wpa_auth
, 0, alg
, sm
->addr
, 0,
1650 sm
->PTK
.tk1
, klen
)) {
1651 wpa_sta_disconnect(sm
->wpa_auth
, sm
->addr
);
1654 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1655 sm
->pairwise_set
= TRUE
;
1657 if (sm
->wpa_auth
->conf
.wpa_ptk_rekey
) {
1658 eloop_cancel_timeout(wpa_rekey_ptk
, sm
->wpa_auth
, sm
);
1659 eloop_register_timeout(sm
->wpa_auth
->conf
.
1660 wpa_ptk_rekey
, 0, wpa_rekey_ptk
,
1664 if (wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
)) {
1665 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
,
1666 WPA_EAPOL_authorized
, 1);
1670 if (0 /* IBSS == TRUE */) {
1672 if (sm
->keycount
== 2) {
1673 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
,
1674 WPA_EAPOL_portValid
, 1);
1677 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_portValid
,
1680 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_keyAvailable
, 0);
1681 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_keyDone
, 1);
1682 if (sm
->wpa
== WPA_VERSION_WPA
)
1683 sm
->PInitAKeys
= TRUE
;
1686 wpa_auth_vlogger(sm
->wpa_auth
, sm
->addr
, LOGGER_INFO
,
1687 "pairwise key handshake completed (%s)",
1688 sm
->wpa
== WPA_VERSION_WPA
? "WPA" : "RSN");
1690 #ifdef CONFIG_IEEE80211R
1691 wpa_ft_push_pmk_r1(sm
->wpa_auth
, sm
->addr
);
1692 #endif /* CONFIG_IEEE80211R */
1698 struct wpa_authenticator
*wpa_auth
= sm
->wpa_auth
;
1701 SM_ENTER(WPA_PTK
, INITIALIZE
);
1702 else if (sm
->Disconnect
1703 /* || FIX: dot11RSNAConfigSALifetime timeout */)
1704 SM_ENTER(WPA_PTK
, DISCONNECT
);
1705 else if (sm
->DeauthenticationRequest
)
1706 SM_ENTER(WPA_PTK
, DISCONNECTED
);
1707 else if (sm
->AuthenticationRequest
)
1708 SM_ENTER(WPA_PTK
, AUTHENTICATION
);
1709 else if (sm
->ReAuthenticationRequest
)
1710 SM_ENTER(WPA_PTK
, AUTHENTICATION2
);
1711 else if (sm
->PTKRequest
)
1712 SM_ENTER(WPA_PTK
, PTKSTART
);
1713 else switch (sm
->wpa_ptk_state
) {
1714 case WPA_PTK_INITIALIZE
:
1716 case WPA_PTK_DISCONNECT
:
1717 SM_ENTER(WPA_PTK
, DISCONNECTED
);
1719 case WPA_PTK_DISCONNECTED
:
1720 SM_ENTER(WPA_PTK
, INITIALIZE
);
1722 case WPA_PTK_AUTHENTICATION
:
1723 SM_ENTER(WPA_PTK
, AUTHENTICATION2
);
1725 case WPA_PTK_AUTHENTICATION2
:
1726 if (wpa_key_mgmt_wpa_ieee8021x(sm
->wpa_key_mgmt
) &&
1727 wpa_auth_get_eapol(sm
->wpa_auth
, sm
->addr
,
1728 WPA_EAPOL_keyRun
) > 0)
1729 SM_ENTER(WPA_PTK
, INITPMK
);
1730 else if (wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
)
1731 /* FIX: && 802.1X::keyRun */)
1732 SM_ENTER(WPA_PTK
, INITPSK
);
1734 case WPA_PTK_INITPMK
:
1735 if (wpa_auth_get_eapol(sm
->wpa_auth
, sm
->addr
,
1736 WPA_EAPOL_keyAvailable
) > 0)
1737 SM_ENTER(WPA_PTK
, PTKSTART
);
1739 wpa_auth
->dot11RSNA4WayHandshakeFailures
++;
1740 SM_ENTER(WPA_PTK
, DISCONNECT
);
1743 case WPA_PTK_INITPSK
:
1744 if (wpa_auth_get_psk(sm
->wpa_auth
, sm
->addr
, NULL
))
1745 SM_ENTER(WPA_PTK
, PTKSTART
);
1747 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_INFO
,
1748 "no PSK configured for the STA");
1749 wpa_auth
->dot11RSNA4WayHandshakeFailures
++;
1750 SM_ENTER(WPA_PTK
, DISCONNECT
);
1753 case WPA_PTK_PTKSTART
:
1754 if (sm
->EAPOLKeyReceived
&& !sm
->EAPOLKeyRequest
&&
1755 sm
->EAPOLKeyPairwise
)
1756 SM_ENTER(WPA_PTK
, PTKCALCNEGOTIATING
);
1757 else if (sm
->TimeoutCtr
>
1758 (int) dot11RSNAConfigPairwiseUpdateCount
) {
1759 wpa_auth
->dot11RSNA4WayHandshakeFailures
++;
1760 SM_ENTER(WPA_PTK
, DISCONNECT
);
1761 } else if (sm
->TimeoutEvt
)
1762 SM_ENTER(WPA_PTK
, PTKSTART
);
1764 case WPA_PTK_PTKCALCNEGOTIATING
:
1765 if (sm
->MICVerified
)
1766 SM_ENTER(WPA_PTK
, PTKCALCNEGOTIATING2
);
1767 else if (sm
->EAPOLKeyReceived
&& !sm
->EAPOLKeyRequest
&&
1768 sm
->EAPOLKeyPairwise
)
1769 SM_ENTER(WPA_PTK
, PTKCALCNEGOTIATING
);
1770 else if (sm
->TimeoutEvt
)
1771 SM_ENTER(WPA_PTK
, PTKSTART
);
1773 case WPA_PTK_PTKCALCNEGOTIATING2
:
1774 SM_ENTER(WPA_PTK
, PTKINITNEGOTIATING
);
1776 case WPA_PTK_PTKINITNEGOTIATING
:
1777 if (sm
->EAPOLKeyReceived
&& !sm
->EAPOLKeyRequest
&&
1778 sm
->EAPOLKeyPairwise
&& sm
->MICVerified
)
1779 SM_ENTER(WPA_PTK
, PTKINITDONE
);
1780 else if (sm
->TimeoutCtr
>
1781 (int) dot11RSNAConfigPairwiseUpdateCount
) {
1782 wpa_auth
->dot11RSNA4WayHandshakeFailures
++;
1783 SM_ENTER(WPA_PTK
, DISCONNECT
);
1784 } else if (sm
->TimeoutEvt
)
1785 SM_ENTER(WPA_PTK
, PTKINITNEGOTIATING
);
1787 case WPA_PTK_PTKINITDONE
:
1793 SM_STATE(WPA_PTK_GROUP
, IDLE
)
1795 SM_ENTRY_MA(WPA_PTK_GROUP
, IDLE
, wpa_ptk_group
);
1797 /* Init flag is not cleared here, so avoid busy
1798 * loop by claiming nothing changed. */
1799 sm
->changed
= FALSE
;
1801 sm
->GTimeoutCtr
= 0;
1805 SM_STATE(WPA_PTK_GROUP
, REKEYNEGOTIATING
)
1807 u8 rsc
[WPA_KEY_RSC_LEN
];
1808 struct wpa_group
*gsm
= sm
->group
;
1809 u8
*kde
, *pos
, hdr
[2];
1812 SM_ENTRY_MA(WPA_PTK_GROUP
, REKEYNEGOTIATING
, wpa_ptk_group
);
1815 if (sm
->GTimeoutCtr
> (int) dot11RSNAConfigGroupUpdateCount
) {
1816 /* No point in sending the EAPOL-Key - we will disconnect
1817 * immediately following this. */
1821 if (sm
->wpa
== WPA_VERSION_WPA
)
1822 sm
->PInitAKeys
= FALSE
;
1823 sm
->TimeoutEvt
= FALSE
;
1824 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
1825 os_memset(rsc
, 0, WPA_KEY_RSC_LEN
);
1826 if (gsm
->wpa_group_state
== WPA_GROUP_SETKEYSDONE
)
1827 wpa_auth_get_seqnum(sm
->wpa_auth
, NULL
, gsm
->GN
, rsc
);
1828 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1829 "sending 1/2 msg of Group Key Handshake");
1831 if (sm
->wpa
== WPA_VERSION_WPA2
) {
1832 kde_len
= 2 + RSN_SELECTOR_LEN
+ 2 + gsm
->GTK_len
+
1833 ieee80211w_kde_len(sm
);
1834 kde
= os_malloc(kde_len
);
1839 hdr
[0] = gsm
->GN
& 0x03;
1841 pos
= wpa_add_kde(pos
, RSN_KEY_DATA_GROUPKEY
, hdr
, 2,
1842 gsm
->GTK
[gsm
->GN
- 1], gsm
->GTK_len
);
1843 pos
= ieee80211w_kde_add(sm
, pos
);
1845 kde
= gsm
->GTK
[gsm
->GN
- 1];
1846 pos
= kde
+ gsm
->GTK_len
;
1849 wpa_send_eapol(sm
->wpa_auth
, sm
,
1850 WPA_KEY_INFO_SECURE
| WPA_KEY_INFO_MIC
|
1852 (!sm
->Pair
? WPA_KEY_INFO_INSTALL
: 0),
1853 rsc
, gsm
->GNonce
, kde
, pos
- kde
, gsm
->GN
, 1);
1854 if (sm
->wpa
== WPA_VERSION_WPA2
)
1859 SM_STATE(WPA_PTK_GROUP
, REKEYESTABLISHED
)
1861 SM_ENTRY_MA(WPA_PTK_GROUP
, REKEYESTABLISHED
, wpa_ptk_group
);
1862 sm
->EAPOLKeyReceived
= FALSE
;
1863 if (sm
->GUpdateStationKeys
)
1864 sm
->group
->GKeyDoneStations
--;
1865 sm
->GUpdateStationKeys
= FALSE
;
1866 sm
->GTimeoutCtr
= 0;
1867 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
1868 wpa_auth_vlogger(sm
->wpa_auth
, sm
->addr
, LOGGER_INFO
,
1869 "group key handshake completed (%s)",
1870 sm
->wpa
== WPA_VERSION_WPA
? "WPA" : "RSN");
1875 SM_STATE(WPA_PTK_GROUP
, KEYERROR
)
1877 SM_ENTRY_MA(WPA_PTK_GROUP
, KEYERROR
, wpa_ptk_group
);
1878 if (sm
->GUpdateStationKeys
)
1879 sm
->group
->GKeyDoneStations
--;
1880 sm
->GUpdateStationKeys
= FALSE
;
1881 sm
->Disconnect
= TRUE
;
1885 SM_STEP(WPA_PTK_GROUP
)
1887 if (sm
->Init
|| sm
->PtkGroupInit
) {
1888 SM_ENTER(WPA_PTK_GROUP
, IDLE
);
1889 sm
->PtkGroupInit
= FALSE
;
1890 } else switch (sm
->wpa_ptk_group_state
) {
1891 case WPA_PTK_GROUP_IDLE
:
1892 if (sm
->GUpdateStationKeys
||
1893 (sm
->wpa
== WPA_VERSION_WPA
&& sm
->PInitAKeys
))
1894 SM_ENTER(WPA_PTK_GROUP
, REKEYNEGOTIATING
);
1896 case WPA_PTK_GROUP_REKEYNEGOTIATING
:
1897 if (sm
->EAPOLKeyReceived
&& !sm
->EAPOLKeyRequest
&&
1898 !sm
->EAPOLKeyPairwise
&& sm
->MICVerified
)
1899 SM_ENTER(WPA_PTK_GROUP
, REKEYESTABLISHED
);
1900 else if (sm
->GTimeoutCtr
>
1901 (int) dot11RSNAConfigGroupUpdateCount
)
1902 SM_ENTER(WPA_PTK_GROUP
, KEYERROR
);
1903 else if (sm
->TimeoutEvt
)
1904 SM_ENTER(WPA_PTK_GROUP
, REKEYNEGOTIATING
);
1906 case WPA_PTK_GROUP_KEYERROR
:
1907 SM_ENTER(WPA_PTK_GROUP
, IDLE
);
1909 case WPA_PTK_GROUP_REKEYESTABLISHED
:
1910 SM_ENTER(WPA_PTK_GROUP
, IDLE
);
1916 static int wpa_gtk_update(struct wpa_authenticator
*wpa_auth
,
1917 struct wpa_group
*group
)
1921 /* FIX: is this the correct way of getting GNonce? */
1922 os_memcpy(group
->GNonce
, group
->Counter
, WPA_NONCE_LEN
);
1923 inc_byte_array(group
->Counter
, WPA_NONCE_LEN
);
1924 wpa_gmk_to_gtk(group
->GMK
, wpa_auth
->addr
, group
->GNonce
,
1925 group
->GTK
[group
->GN
- 1], group
->GTK_len
);
1927 #ifdef CONFIG_IEEE80211W
1928 if (wpa_auth
->conf
.ieee80211w
!= WPA_NO_IEEE80211W
) {
1929 if (os_get_random(group
->IGTK
[group
->GN_igtk
- 4],
1930 WPA_IGTK_LEN
) < 0) {
1931 wpa_printf(MSG_INFO
, "RSN: Failed to get new random "
1935 wpa_hexdump_key(MSG_DEBUG
, "IGTK",
1936 group
->IGTK
[group
->GN_igtk
- 4], WPA_IGTK_LEN
);
1938 #endif /* CONFIG_IEEE80211W */
1944 static void wpa_group_gtk_init(struct wpa_authenticator
*wpa_auth
,
1945 struct wpa_group
*group
)
1947 wpa_printf(MSG_DEBUG
, "WPA: group state machine entering state "
1948 "GTK_INIT (VLAN-ID %d)", group
->vlan_id
);
1949 group
->changed
= FALSE
; /* GInit is not cleared here; avoid loop */
1950 group
->wpa_group_state
= WPA_GROUP_GTK_INIT
;
1953 os_memset(group
->GTK
, 0, sizeof(group
->GTK
));
1956 #ifdef CONFIG_IEEE80211W
1959 #endif /* CONFIG_IEEE80211W */
1960 /* GTK[GN] = CalcGTK() */
1961 wpa_gtk_update(wpa_auth
, group
);
1965 static int wpa_group_update_sta(struct wpa_state_machine
*sm
, void *ctx
)
1967 if (sm
->wpa_ptk_state
!= WPA_PTK_PTKINITDONE
) {
1968 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1969 "Not in PTKINITDONE; skip Group Key update");
1972 if (sm
->GUpdateStationKeys
) {
1974 * This should not really happen, but just in case, make sure
1975 * we do not count the same STA twice in GKeyDoneStations.
1977 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1978 "GUpdateStationKeys already set - do not "
1979 "increment GKeyDoneStations");
1981 sm
->group
->GKeyDoneStations
++;
1982 sm
->GUpdateStationKeys
= TRUE
;
1989 static void wpa_group_setkeys(struct wpa_authenticator
*wpa_auth
,
1990 struct wpa_group
*group
)
1994 wpa_printf(MSG_DEBUG
, "WPA: group state machine entering state "
1995 "SETKEYS (VLAN-ID %d)", group
->vlan_id
);
1996 group
->changed
= TRUE
;
1997 group
->wpa_group_state
= WPA_GROUP_SETKEYS
;
1998 group
->GTKReKey
= FALSE
;
2000 group
->GM
= group
->GN
;
2002 #ifdef CONFIG_IEEE80211W
2003 tmp
= group
->GM_igtk
;
2004 group
->GM_igtk
= group
->GN_igtk
;
2005 group
->GN_igtk
= tmp
;
2006 #endif /* CONFIG_IEEE80211W */
2007 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2008 * counting the STAs that are marked with GUpdateStationKeys instead of
2009 * including all STAs that could be in not-yet-completed state. */
2010 wpa_gtk_update(wpa_auth
, group
);
2012 wpa_auth_for_each_sta(wpa_auth
, wpa_group_update_sta
, NULL
);
2013 wpa_printf(MSG_DEBUG
, "wpa_group_setkeys: GKeyDoneStations=%d",
2014 group
->GKeyDoneStations
);
2018 static void wpa_group_setkeysdone(struct wpa_authenticator
*wpa_auth
,
2019 struct wpa_group
*group
)
2021 wpa_printf(MSG_DEBUG
, "WPA: group state machine entering state "
2022 "SETKEYSDONE (VLAN-ID %d)", group
->vlan_id
);
2023 group
->changed
= TRUE
;
2024 group
->wpa_group_state
= WPA_GROUP_SETKEYSDONE
;
2025 wpa_auth_set_key(wpa_auth
, group
->vlan_id
,
2026 wpa_alg_enum(wpa_auth
->conf
.wpa_group
),
2027 NULL
, group
->GN
, group
->GTK
[group
->GN
- 1],
2030 #ifdef CONFIG_IEEE80211W
2031 if (wpa_auth
->conf
.ieee80211w
!= WPA_NO_IEEE80211W
) {
2032 wpa_auth_set_key(wpa_auth
, group
->vlan_id
, WPA_ALG_IGTK
,
2033 NULL
, group
->GN_igtk
,
2034 group
->IGTK
[group
->GN_igtk
- 4],
2037 #endif /* CONFIG_IEEE80211W */
2041 static void wpa_group_sm_step(struct wpa_authenticator
*wpa_auth
,
2042 struct wpa_group
*group
)
2045 wpa_group_gtk_init(wpa_auth
, group
);
2046 } else if (group
->wpa_group_state
== WPA_GROUP_GTK_INIT
&&
2047 group
->GTKAuthenticator
) {
2048 wpa_group_setkeysdone(wpa_auth
, group
);
2049 } else if (group
->wpa_group_state
== WPA_GROUP_SETKEYSDONE
&&
2051 wpa_group_setkeys(wpa_auth
, group
);
2052 } else if (group
->wpa_group_state
== WPA_GROUP_SETKEYS
) {
2053 if (group
->GKeyDoneStations
== 0)
2054 wpa_group_setkeysdone(wpa_auth
, group
);
2055 else if (group
->GTKReKey
)
2056 wpa_group_setkeys(wpa_auth
, group
);
2061 static void wpa_sm_step(struct wpa_state_machine
*sm
)
2066 if (sm
->in_step_loop
) {
2067 /* This should not happen, but if it does, make sure we do not
2068 * end up freeing the state machine too early by exiting the
2069 * recursive call. */
2070 wpa_printf(MSG_ERROR
, "WPA: wpa_sm_step() called recursively");
2074 sm
->in_step_loop
= 1;
2076 if (sm
->pending_deinit
)
2079 sm
->changed
= FALSE
;
2080 sm
->wpa_auth
->group
->changed
= FALSE
;
2082 SM_STEP_RUN(WPA_PTK
);
2083 if (sm
->pending_deinit
)
2085 SM_STEP_RUN(WPA_PTK_GROUP
);
2086 if (sm
->pending_deinit
)
2088 wpa_group_sm_step(sm
->wpa_auth
, sm
->group
);
2089 } while (sm
->changed
|| sm
->wpa_auth
->group
->changed
);
2090 sm
->in_step_loop
= 0;
2092 if (sm
->pending_deinit
) {
2093 wpa_printf(MSG_DEBUG
, "WPA: Completing pending STA state "
2094 "machine deinit for " MACSTR
, MAC2STR(sm
->addr
));
2095 wpa_free_sta_sm(sm
);
2100 static void wpa_sm_call_step(void *eloop_ctx
, void *timeout_ctx
)
2102 struct wpa_state_machine
*sm
= eloop_ctx
;
2107 void wpa_auth_sm_notify(struct wpa_state_machine
*sm
)
2111 eloop_register_timeout(0, 0, wpa_sm_call_step
, sm
, NULL
);
2115 void wpa_gtk_rekey(struct wpa_authenticator
*wpa_auth
)
2118 struct wpa_group
*group
;
2120 if (wpa_auth
== NULL
)
2123 group
= wpa_auth
->group
;
2125 for (i
= 0; i
< 2; i
++) {
2127 group
->GM
= group
->GN
;
2129 #ifdef CONFIG_IEEE80211W
2130 tmp
= group
->GM_igtk
;
2131 group
->GM_igtk
= group
->GN_igtk
;
2132 group
->GN_igtk
= tmp
;
2133 #endif /* CONFIG_IEEE80211W */
2134 wpa_gtk_update(wpa_auth
, group
);
2139 static const char * wpa_bool_txt(int bool)
2141 return bool ? "TRUE" : "FALSE";
2145 static int wpa_cipher_bits(int cipher
)
2148 case WPA_CIPHER_CCMP
:
2150 case WPA_CIPHER_TKIP
:
2152 case WPA_CIPHER_WEP104
:
2154 case WPA_CIPHER_WEP40
:
2162 #define RSN_SUITE "%02x-%02x-%02x-%d"
2163 #define RSN_SUITE_ARG(s) \
2164 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2166 int wpa_get_mib(struct wpa_authenticator
*wpa_auth
, char *buf
, size_t buflen
)
2169 char pmkid_txt
[PMKID_LEN
* 2 + 1];
2171 if (wpa_auth
== NULL
)
2174 ret
= os_snprintf(buf
+ len
, buflen
- len
,
2175 "dot11RSNAOptionImplemented=TRUE\n"
2176 #ifdef CONFIG_RSN_PREAUTH
2177 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2178 #else /* CONFIG_RSN_PREAUTH */
2179 "dot11RSNAPreauthenticationImplemented=FALSE\n"
2180 #endif /* CONFIG_RSN_PREAUTH */
2181 "dot11RSNAEnabled=%s\n"
2182 "dot11RSNAPreauthenticationEnabled=%s\n",
2183 wpa_bool_txt(wpa_auth
->conf
.wpa
& WPA_PROTO_RSN
),
2184 wpa_bool_txt(wpa_auth
->conf
.rsn_preauth
));
2185 if (ret
< 0 || (size_t) ret
>= buflen
- len
)
2189 wpa_snprintf_hex(pmkid_txt
, sizeof(pmkid_txt
),
2190 wpa_auth
->dot11RSNAPMKIDUsed
, PMKID_LEN
);
2193 buf
+ len
, buflen
- len
,
2194 "dot11RSNAConfigVersion=%u\n"
2195 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2196 /* FIX: dot11RSNAConfigGroupCipher */
2197 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2198 /* FIX: dot11RSNAConfigGroupRekeyTime */
2199 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2200 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2201 "dot11RSNAConfigGroupUpdateCount=%u\n"
2202 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2203 "dot11RSNAConfigGroupCipherSize=%u\n"
2204 "dot11RSNAConfigPMKLifetime=%u\n"
2205 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2206 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2207 "dot11RSNAConfigSATimeout=%u\n"
2208 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE
"\n"
2209 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE
"\n"
2210 "dot11RSNAGroupCipherSelected=" RSN_SUITE
"\n"
2211 "dot11RSNAPMKIDUsed=%s\n"
2212 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE
"\n"
2213 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE
"\n"
2214 "dot11RSNAGroupCipherRequested=" RSN_SUITE
"\n"
2215 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2216 "dot11RSNA4WayHandshakeFailures=%u\n"
2217 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2219 !!wpa_auth
->conf
.wpa_strict_rekey
,
2220 dot11RSNAConfigGroupUpdateCount
,
2221 dot11RSNAConfigPairwiseUpdateCount
,
2222 wpa_cipher_bits(wpa_auth
->conf
.wpa_group
),
2223 dot11RSNAConfigPMKLifetime
,
2224 dot11RSNAConfigPMKReauthThreshold
,
2225 dot11RSNAConfigSATimeout
,
2226 RSN_SUITE_ARG(wpa_auth
->dot11RSNAAuthenticationSuiteSelected
),
2227 RSN_SUITE_ARG(wpa_auth
->dot11RSNAPairwiseCipherSelected
),
2228 RSN_SUITE_ARG(wpa_auth
->dot11RSNAGroupCipherSelected
),
2230 RSN_SUITE_ARG(wpa_auth
->dot11RSNAAuthenticationSuiteRequested
),
2231 RSN_SUITE_ARG(wpa_auth
->dot11RSNAPairwiseCipherRequested
),
2232 RSN_SUITE_ARG(wpa_auth
->dot11RSNAGroupCipherRequested
),
2233 wpa_auth
->dot11RSNATKIPCounterMeasuresInvoked
,
2234 wpa_auth
->dot11RSNA4WayHandshakeFailures
);
2235 if (ret
< 0 || (size_t) ret
>= buflen
- len
)
2239 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2240 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2243 ret
= os_snprintf(buf
+ len
, buflen
- len
, "hostapdWPAGroupState=%d\n",
2244 wpa_auth
->group
->wpa_group_state
);
2245 if (ret
< 0 || (size_t) ret
>= buflen
- len
)
2253 int wpa_get_mib_sta(struct wpa_state_machine
*sm
, char *buf
, size_t buflen
)
2261 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2263 /* dot11RSNAStatsEntry */
2265 if (sm
->wpa
== WPA_VERSION_WPA
) {
2266 if (sm
->pairwise
== WPA_CIPHER_CCMP
)
2267 pairwise
= WPA_CIPHER_SUITE_CCMP
;
2268 else if (sm
->pairwise
== WPA_CIPHER_TKIP
)
2269 pairwise
= WPA_CIPHER_SUITE_TKIP
;
2270 else if (sm
->pairwise
== WPA_CIPHER_WEP104
)
2271 pairwise
= WPA_CIPHER_SUITE_WEP104
;
2272 else if (sm
->pairwise
== WPA_CIPHER_WEP40
)
2273 pairwise
= WPA_CIPHER_SUITE_WEP40
;
2274 else if (sm
->pairwise
== WPA_CIPHER_NONE
)
2275 pairwise
= WPA_CIPHER_SUITE_NONE
;
2276 } else if (sm
->wpa
== WPA_VERSION_WPA2
) {
2277 if (sm
->pairwise
== WPA_CIPHER_CCMP
)
2278 pairwise
= RSN_CIPHER_SUITE_CCMP
;
2279 else if (sm
->pairwise
== WPA_CIPHER_TKIP
)
2280 pairwise
= RSN_CIPHER_SUITE_TKIP
;
2281 else if (sm
->pairwise
== WPA_CIPHER_WEP104
)
2282 pairwise
= RSN_CIPHER_SUITE_WEP104
;
2283 else if (sm
->pairwise
== WPA_CIPHER_WEP40
)
2284 pairwise
= RSN_CIPHER_SUITE_WEP40
;
2285 else if (sm
->pairwise
== WPA_CIPHER_NONE
)
2286 pairwise
= RSN_CIPHER_SUITE_NONE
;
2291 buf
+ len
, buflen
- len
,
2292 /* TODO: dot11RSNAStatsIndex */
2293 "dot11RSNAStatsSTAAddress=" MACSTR
"\n"
2294 "dot11RSNAStatsVersion=1\n"
2295 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE
"\n"
2296 /* TODO: dot11RSNAStatsTKIPICVErrors */
2297 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2298 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
2299 /* TODO: dot11RSNAStatsCCMPReplays */
2300 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2301 /* TODO: dot11RSNAStatsTKIPReplays */,
2303 RSN_SUITE_ARG(pairwise
),
2304 sm
->dot11RSNAStatsTKIPLocalMICFailures
,
2305 sm
->dot11RSNAStatsTKIPRemoteMICFailures
);
2306 if (ret
< 0 || (size_t) ret
>= buflen
- len
)
2311 ret
= os_snprintf(buf
+ len
, buflen
- len
,
2312 "hostapdWPAPTKState=%d\n"
2313 "hostapdWPAPTKGroupState=%d\n",
2315 sm
->wpa_ptk_group_state
);
2316 if (ret
< 0 || (size_t) ret
>= buflen
- len
)
2324 void wpa_auth_countermeasures_start(struct wpa_authenticator
*wpa_auth
)
2327 wpa_auth
->dot11RSNATKIPCounterMeasuresInvoked
++;
2331 int wpa_auth_pairwise_set(struct wpa_state_machine
*sm
)
2333 return sm
&& sm
->pairwise_set
;
2337 int wpa_auth_get_pairwise(struct wpa_state_machine
*sm
)
2339 return sm
->pairwise
;
2343 int wpa_auth_sta_key_mgmt(struct wpa_state_machine
*sm
)
2347 return sm
->wpa_key_mgmt
;
2351 int wpa_auth_sta_wpa_version(struct wpa_state_machine
*sm
)
2359 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine
*sm
,
2360 struct rsn_pmksa_cache_entry
*entry
)
2362 if (sm
== NULL
|| sm
->pmksa
!= entry
)
2369 struct rsn_pmksa_cache_entry
*
2370 wpa_auth_sta_get_pmksa(struct wpa_state_machine
*sm
)
2372 return sm
? sm
->pmksa
: NULL
;
2376 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine
*sm
)
2379 sm
->dot11RSNAStatsTKIPLocalMICFailures
++;
2383 const u8
* wpa_auth_get_wpa_ie(struct wpa_authenticator
*wpa_auth
, size_t *len
)
2385 if (wpa_auth
== NULL
)
2387 *len
= wpa_auth
->wpa_ie_len
;
2388 return wpa_auth
->wpa_ie
;
2392 int wpa_auth_pmksa_add(struct wpa_state_machine
*sm
, const u8
*pmk
,
2393 int session_timeout
, struct eapol_state_machine
*eapol
)
2395 if (sm
== NULL
|| sm
->wpa
!= WPA_VERSION_WPA2
)
2398 if (pmksa_cache_auth_add(sm
->wpa_auth
->pmksa
, pmk
, PMK_LEN
,
2399 sm
->wpa_auth
->addr
, sm
->addr
, session_timeout
,
2400 eapol
, sm
->wpa_key_mgmt
))
2407 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator
*wpa_auth
,
2408 const u8
*pmk
, size_t len
, const u8
*sta_addr
,
2409 int session_timeout
,
2410 struct eapol_state_machine
*eapol
)
2412 if (wpa_auth
== NULL
)
2415 if (pmksa_cache_auth_add(wpa_auth
->pmksa
, pmk
, len
, wpa_auth
->addr
,
2416 sta_addr
, session_timeout
, eapol
,
2417 WPA_KEY_MGMT_IEEE8021X
))
2424 static struct wpa_group
*
2425 wpa_auth_add_group(struct wpa_authenticator
*wpa_auth
, int vlan_id
)
2427 struct wpa_group
*group
;
2429 if (wpa_auth
== NULL
|| wpa_auth
->group
== NULL
)
2432 wpa_printf(MSG_DEBUG
, "WPA: Add group state machine for VLAN-ID %d",
2434 group
= wpa_group_init(wpa_auth
, vlan_id
);
2438 group
->next
= wpa_auth
->group
->next
;
2439 wpa_auth
->group
->next
= group
;
2445 int wpa_auth_sta_set_vlan(struct wpa_state_machine
*sm
, int vlan_id
)
2447 struct wpa_group
*group
;
2449 if (sm
== NULL
|| sm
->wpa_auth
== NULL
)
2452 group
= sm
->wpa_auth
->group
;
2454 if (group
->vlan_id
== vlan_id
)
2456 group
= group
->next
;
2459 if (group
== NULL
) {
2460 group
= wpa_auth_add_group(sm
->wpa_auth
, vlan_id
);
2465 if (sm
->group
== group
)
2468 wpa_printf(MSG_DEBUG
, "WPA: Moving STA " MACSTR
" to use group state "
2469 "machine for VLAN ID %d", MAC2STR(sm
->addr
), vlan_id
);
2475 #endif /* CONFIG_NATIVE_WINDOWS */