]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix a regression from VLAN assignment using WPA/WPA2 passphrase/PSK
[thirdparty/hostap.git] / src / ap / wpa_auth.c
1 /*
2 * IEEE 802.11 RSN / WPA Authenticator
3 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "utils/state_machine.h"
14 #include "utils/bitfield.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ocv.h"
17 #include "crypto/aes.h"
18 #include "crypto/aes_wrap.h"
19 #include "crypto/aes_siv.h"
20 #include "crypto/crypto.h"
21 #include "crypto/sha1.h"
22 #include "crypto/sha256.h"
23 #include "crypto/sha384.h"
24 #include "crypto/random.h"
25 #include "eapol_auth/eapol_auth_sm.h"
26 #include "drivers/driver.h"
27 #include "ap_config.h"
28 #include "ieee802_11.h"
29 #include "wpa_auth.h"
30 #include "pmksa_cache_auth.h"
31 #include "wpa_auth_i.h"
32 #include "wpa_auth_ie.h"
33
34 #define STATE_MACHINE_DATA struct wpa_state_machine
35 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
36 #define STATE_MACHINE_ADDR sm->addr
37
38
39 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
40 static int wpa_sm_step(struct wpa_state_machine *sm);
41 static int wpa_verify_key_mic(int akmp, size_t pmk_len, struct wpa_ptk *PTK,
42 u8 *data, size_t data_len);
43 #ifdef CONFIG_FILS
44 static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
45 u8 *buf, size_t buf_len, u16 *_key_data_len);
46 static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm,
47 const struct wpabuf *hlp);
48 #endif /* CONFIG_FILS */
49 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
50 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
51 struct wpa_group *group);
52 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
53 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
54 struct wpa_group *group);
55 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
56 struct wpa_group *group);
57 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
58 const u8 *pmk, unsigned int pmk_len,
59 struct wpa_ptk *ptk);
60 static void wpa_group_free(struct wpa_authenticator *wpa_auth,
61 struct wpa_group *group);
62 static void wpa_group_get(struct wpa_authenticator *wpa_auth,
63 struct wpa_group *group);
64 static void wpa_group_put(struct wpa_authenticator *wpa_auth,
65 struct wpa_group *group);
66 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos);
67
68 static const u32 eapol_key_timeout_first = 100; /* ms */
69 static const u32 eapol_key_timeout_subseq = 1000; /* ms */
70 static const u32 eapol_key_timeout_first_group = 500; /* ms */
71 static const u32 eapol_key_timeout_no_retrans = 4000; /* ms */
72
73 /* TODO: make these configurable */
74 static const int dot11RSNAConfigPMKLifetime = 43200;
75 static const int dot11RSNAConfigPMKReauthThreshold = 70;
76 static const int dot11RSNAConfigSATimeout = 60;
77
78
79 static inline int wpa_auth_mic_failure_report(
80 struct wpa_authenticator *wpa_auth, const u8 *addr)
81 {
82 if (wpa_auth->cb->mic_failure_report)
83 return wpa_auth->cb->mic_failure_report(wpa_auth->cb_ctx, addr);
84 return 0;
85 }
86
87
88 static inline void wpa_auth_psk_failure_report(
89 struct wpa_authenticator *wpa_auth, const u8 *addr)
90 {
91 if (wpa_auth->cb->psk_failure_report)
92 wpa_auth->cb->psk_failure_report(wpa_auth->cb_ctx, addr);
93 }
94
95
96 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
97 const u8 *addr, wpa_eapol_variable var,
98 int value)
99 {
100 if (wpa_auth->cb->set_eapol)
101 wpa_auth->cb->set_eapol(wpa_auth->cb_ctx, addr, var, value);
102 }
103
104
105 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
106 const u8 *addr, wpa_eapol_variable var)
107 {
108 if (wpa_auth->cb->get_eapol == NULL)
109 return -1;
110 return wpa_auth->cb->get_eapol(wpa_auth->cb_ctx, addr, var);
111 }
112
113
114 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
115 const u8 *addr,
116 const u8 *p2p_dev_addr,
117 const u8 *prev_psk, size_t *psk_len,
118 int *vlan_id)
119 {
120 if (wpa_auth->cb->get_psk == NULL)
121 return NULL;
122 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
123 prev_psk, psk_len, vlan_id);
124 }
125
126
127 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
128 const u8 *addr, u8 *msk, size_t *len)
129 {
130 if (wpa_auth->cb->get_msk == NULL)
131 return -1;
132 return wpa_auth->cb->get_msk(wpa_auth->cb_ctx, addr, msk, len);
133 }
134
135
136 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
137 int vlan_id,
138 enum wpa_alg alg, const u8 *addr, int idx,
139 u8 *key, size_t key_len)
140 {
141 if (wpa_auth->cb->set_key == NULL)
142 return -1;
143 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
144 key, key_len);
145 }
146
147
148 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
149 const u8 *addr, int idx, u8 *seq)
150 {
151 if (wpa_auth->cb->get_seqnum == NULL)
152 return -1;
153 return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
154 }
155
156
157 static inline int
158 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
159 const u8 *data, size_t data_len, int encrypt)
160 {
161 if (wpa_auth->cb->send_eapol == NULL)
162 return -1;
163 return wpa_auth->cb->send_eapol(wpa_auth->cb_ctx, addr, data, data_len,
164 encrypt);
165 }
166
167
168 #ifdef CONFIG_MESH
169 static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
170 const u8 *addr)
171 {
172 if (wpa_auth->cb->start_ampe == NULL)
173 return -1;
174 return wpa_auth->cb->start_ampe(wpa_auth->cb_ctx, addr);
175 }
176 #endif /* CONFIG_MESH */
177
178
179 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
180 int (*cb)(struct wpa_state_machine *sm, void *ctx),
181 void *cb_ctx)
182 {
183 if (wpa_auth->cb->for_each_sta == NULL)
184 return 0;
185 return wpa_auth->cb->for_each_sta(wpa_auth->cb_ctx, cb, cb_ctx);
186 }
187
188
189 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
190 int (*cb)(struct wpa_authenticator *a, void *ctx),
191 void *cb_ctx)
192 {
193 if (wpa_auth->cb->for_each_auth == NULL)
194 return 0;
195 return wpa_auth->cb->for_each_auth(wpa_auth->cb_ctx, cb, cb_ctx);
196 }
197
198
199 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
200 logger_level level, const char *txt)
201 {
202 if (wpa_auth->cb->logger == NULL)
203 return;
204 wpa_auth->cb->logger(wpa_auth->cb_ctx, addr, level, txt);
205 }
206
207
208 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
209 logger_level level, const char *fmt, ...)
210 {
211 char *format;
212 int maxlen;
213 va_list ap;
214
215 if (wpa_auth->cb->logger == NULL)
216 return;
217
218 maxlen = os_strlen(fmt) + 100;
219 format = os_malloc(maxlen);
220 if (!format)
221 return;
222
223 va_start(ap, fmt);
224 vsnprintf(format, maxlen, fmt, ap);
225 va_end(ap);
226
227 wpa_auth_logger(wpa_auth, addr, level, format);
228
229 os_free(format);
230 }
231
232
233 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
234 const u8 *addr, u16 reason)
235 {
236 if (wpa_auth->cb->disconnect == NULL)
237 return;
238 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR " (reason %u)",
239 MAC2STR(addr), reason);
240 wpa_auth->cb->disconnect(wpa_auth->cb_ctx, addr, reason);
241 }
242
243
244 #ifdef CONFIG_OCV
245 static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
246 struct wpa_channel_info *ci)
247 {
248 if (!wpa_auth->cb->channel_info)
249 return -1;
250 return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
251 }
252 #endif /* CONFIG_OCV */
253
254
255 static int wpa_auth_update_vlan(struct wpa_authenticator *wpa_auth,
256 const u8 *addr, int vlan_id)
257 {
258 if (!wpa_auth->cb->update_vlan)
259 return -1;
260 return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_id);
261 }
262
263
264 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
265 {
266 struct wpa_authenticator *wpa_auth = eloop_ctx;
267
268 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
269 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
270 "initialization.");
271 } else {
272 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
273 wpa_hexdump_key(MSG_DEBUG, "GMK",
274 wpa_auth->group->GMK, WPA_GMK_LEN);
275 }
276
277 if (wpa_auth->conf.wpa_gmk_rekey) {
278 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
279 wpa_rekey_gmk, wpa_auth, NULL);
280 }
281 }
282
283
284 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
285 {
286 struct wpa_authenticator *wpa_auth = eloop_ctx;
287 struct wpa_group *group, *next;
288
289 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
290 group = wpa_auth->group;
291 while (group) {
292 wpa_group_get(wpa_auth, group);
293
294 group->GTKReKey = TRUE;
295 do {
296 group->changed = FALSE;
297 wpa_group_sm_step(wpa_auth, group);
298 } while (group->changed);
299
300 next = group->next;
301 wpa_group_put(wpa_auth, group);
302 group = next;
303 }
304
305 if (wpa_auth->conf.wpa_group_rekey) {
306 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
307 0, wpa_rekey_gtk, wpa_auth, NULL);
308 }
309 }
310
311
312 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
313 {
314 struct wpa_authenticator *wpa_auth = eloop_ctx;
315 struct wpa_state_machine *sm = timeout_ctx;
316
317 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
318 wpa_request_new_ptk(sm);
319 wpa_sm_step(sm);
320 }
321
322
323 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
324 {
325 if (sm->pmksa == ctx)
326 sm->pmksa = NULL;
327 return 0;
328 }
329
330
331 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
332 void *ctx)
333 {
334 struct wpa_authenticator *wpa_auth = ctx;
335 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
336 }
337
338
339 static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
340 struct wpa_group *group)
341 {
342 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
343 u8 rkey[32];
344 unsigned long ptr;
345
346 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
347 return -1;
348 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
349
350 /*
351 * Counter = PRF-256(Random number, "Init Counter",
352 * Local MAC Address || Time)
353 */
354 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
355 wpa_get_ntp_timestamp(buf + ETH_ALEN);
356 ptr = (unsigned long) group;
357 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
358 #ifdef TEST_FUZZ
359 os_memset(buf + ETH_ALEN, 0xab, 8);
360 os_memset(buf + ETH_ALEN + 8, 0xcd, sizeof(ptr));
361 #endif /* TEST_FUZZ */
362 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
363 return -1;
364
365 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
366 group->Counter, WPA_NONCE_LEN) < 0)
367 return -1;
368 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
369 group->Counter, WPA_NONCE_LEN);
370
371 return 0;
372 }
373
374
375 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
376 int vlan_id, int delay_init)
377 {
378 struct wpa_group *group;
379
380 group = os_zalloc(sizeof(struct wpa_group));
381 if (group == NULL)
382 return NULL;
383
384 group->GTKAuthenticator = TRUE;
385 group->vlan_id = vlan_id;
386 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
387
388 if (random_pool_ready() != 1) {
389 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
390 "for secure operations - update keys later when "
391 "the first station connects");
392 }
393
394 /*
395 * Set initial GMK/Counter value here. The actual values that will be
396 * used in negotiations will be set once the first station tries to
397 * connect. This allows more time for collecting additional randomness
398 * on embedded devices.
399 */
400 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
401 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
402 "initialization.");
403 os_free(group);
404 return NULL;
405 }
406
407 group->GInit = TRUE;
408 if (delay_init) {
409 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
410 "until Beacon frames have been configured");
411 /* Initialization is completed in wpa_init_keys(). */
412 } else {
413 wpa_group_sm_step(wpa_auth, group);
414 group->GInit = FALSE;
415 wpa_group_sm_step(wpa_auth, group);
416 }
417
418 return group;
419 }
420
421
422 /**
423 * wpa_init - Initialize WPA authenticator
424 * @addr: Authenticator address
425 * @conf: Configuration for WPA authenticator
426 * @cb: Callback functions for WPA authenticator
427 * Returns: Pointer to WPA authenticator data or %NULL on failure
428 */
429 struct wpa_authenticator * wpa_init(const u8 *addr,
430 struct wpa_auth_config *conf,
431 const struct wpa_auth_callbacks *cb,
432 void *cb_ctx)
433 {
434 struct wpa_authenticator *wpa_auth;
435
436 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
437 if (wpa_auth == NULL)
438 return NULL;
439 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
440 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
441 wpa_auth->cb = cb;
442 wpa_auth->cb_ctx = cb_ctx;
443
444 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
445 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
446 os_free(wpa_auth);
447 return NULL;
448 }
449
450 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
451 if (wpa_auth->group == NULL) {
452 os_free(wpa_auth->wpa_ie);
453 os_free(wpa_auth);
454 return NULL;
455 }
456
457 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
458 wpa_auth);
459 if (wpa_auth->pmksa == NULL) {
460 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
461 os_free(wpa_auth->group);
462 os_free(wpa_auth->wpa_ie);
463 os_free(wpa_auth);
464 return NULL;
465 }
466
467 #ifdef CONFIG_IEEE80211R_AP
468 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
469 if (wpa_auth->ft_pmk_cache == NULL) {
470 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
471 os_free(wpa_auth->group);
472 os_free(wpa_auth->wpa_ie);
473 pmksa_cache_auth_deinit(wpa_auth->pmksa);
474 os_free(wpa_auth);
475 return NULL;
476 }
477 #endif /* CONFIG_IEEE80211R_AP */
478
479 if (wpa_auth->conf.wpa_gmk_rekey) {
480 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
481 wpa_rekey_gmk, wpa_auth, NULL);
482 }
483
484 if (wpa_auth->conf.wpa_group_rekey) {
485 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
486 wpa_rekey_gtk, wpa_auth, NULL);
487 }
488
489 #ifdef CONFIG_P2P
490 if (WPA_GET_BE32(conf->ip_addr_start)) {
491 int count = WPA_GET_BE32(conf->ip_addr_end) -
492 WPA_GET_BE32(conf->ip_addr_start) + 1;
493 if (count > 1000)
494 count = 1000;
495 if (count > 0)
496 wpa_auth->ip_pool = bitfield_alloc(count);
497 }
498 #endif /* CONFIG_P2P */
499
500 return wpa_auth;
501 }
502
503
504 int wpa_init_keys(struct wpa_authenticator *wpa_auth)
505 {
506 struct wpa_group *group = wpa_auth->group;
507
508 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
509 "keys");
510 wpa_group_sm_step(wpa_auth, group);
511 group->GInit = FALSE;
512 wpa_group_sm_step(wpa_auth, group);
513 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
514 return -1;
515 return 0;
516 }
517
518
519 /**
520 * wpa_deinit - Deinitialize WPA authenticator
521 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
522 */
523 void wpa_deinit(struct wpa_authenticator *wpa_auth)
524 {
525 struct wpa_group *group, *prev;
526
527 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
528 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
529
530 pmksa_cache_auth_deinit(wpa_auth->pmksa);
531
532 #ifdef CONFIG_IEEE80211R_AP
533 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
534 wpa_auth->ft_pmk_cache = NULL;
535 wpa_ft_deinit(wpa_auth);
536 #endif /* CONFIG_IEEE80211R_AP */
537
538 #ifdef CONFIG_P2P
539 bitfield_free(wpa_auth->ip_pool);
540 #endif /* CONFIG_P2P */
541
542
543 os_free(wpa_auth->wpa_ie);
544
545 group = wpa_auth->group;
546 while (group) {
547 prev = group;
548 group = group->next;
549 os_free(prev);
550 }
551
552 os_free(wpa_auth);
553 }
554
555
556 /**
557 * wpa_reconfig - Update WPA authenticator configuration
558 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
559 * @conf: Configuration for WPA authenticator
560 */
561 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
562 struct wpa_auth_config *conf)
563 {
564 struct wpa_group *group;
565 if (wpa_auth == NULL)
566 return 0;
567
568 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
569 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
570 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
571 return -1;
572 }
573
574 /*
575 * Reinitialize GTK to make sure it is suitable for the new
576 * configuration.
577 */
578 group = wpa_auth->group;
579 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
580 group->GInit = TRUE;
581 wpa_group_sm_step(wpa_auth, group);
582 group->GInit = FALSE;
583 wpa_group_sm_step(wpa_auth, group);
584
585 return 0;
586 }
587
588
589 struct wpa_state_machine *
590 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
591 const u8 *p2p_dev_addr)
592 {
593 struct wpa_state_machine *sm;
594
595 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
596 return NULL;
597
598 sm = os_zalloc(sizeof(struct wpa_state_machine));
599 if (sm == NULL)
600 return NULL;
601 os_memcpy(sm->addr, addr, ETH_ALEN);
602 if (p2p_dev_addr)
603 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
604
605 sm->wpa_auth = wpa_auth;
606 sm->group = wpa_auth->group;
607 wpa_group_get(sm->wpa_auth, sm->group);
608
609 return sm;
610 }
611
612
613 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
614 struct wpa_state_machine *sm)
615 {
616 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
617 return -1;
618
619 #ifdef CONFIG_IEEE80211R_AP
620 if (sm->ft_completed) {
621 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
622 "FT authentication already completed - do not "
623 "start 4-way handshake");
624 /* Go to PTKINITDONE state to allow GTK rekeying */
625 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
626 sm->Pair = TRUE;
627 return 0;
628 }
629 #endif /* CONFIG_IEEE80211R_AP */
630
631 #ifdef CONFIG_FILS
632 if (sm->fils_completed) {
633 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
634 "FILS authentication already completed - do not start 4-way handshake");
635 /* Go to PTKINITDONE state to allow GTK rekeying */
636 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
637 sm->Pair = TRUE;
638 return 0;
639 }
640 #endif /* CONFIG_FILS */
641
642 if (sm->started) {
643 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
644 sm->ReAuthenticationRequest = TRUE;
645 return wpa_sm_step(sm);
646 }
647
648 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
649 "start authentication");
650 sm->started = 1;
651
652 sm->Init = TRUE;
653 if (wpa_sm_step(sm) == 1)
654 return 1; /* should not really happen */
655 sm->Init = FALSE;
656 sm->AuthenticationRequest = TRUE;
657 return wpa_sm_step(sm);
658 }
659
660
661 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
662 {
663 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
664 * reassociates back to the same AP while the previous entry for the
665 * STA has not yet been removed. */
666 if (sm == NULL)
667 return;
668
669 sm->wpa_key_mgmt = 0;
670 }
671
672
673 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
674 {
675 #ifdef CONFIG_P2P
676 if (WPA_GET_BE32(sm->ip_addr)) {
677 u32 start;
678 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
679 "address %u.%u.%u.%u from " MACSTR,
680 sm->ip_addr[0], sm->ip_addr[1],
681 sm->ip_addr[2], sm->ip_addr[3],
682 MAC2STR(sm->addr));
683 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
684 bitfield_clear(sm->wpa_auth->ip_pool,
685 WPA_GET_BE32(sm->ip_addr) - start);
686 }
687 #endif /* CONFIG_P2P */
688 if (sm->GUpdateStationKeys) {
689 sm->group->GKeyDoneStations--;
690 sm->GUpdateStationKeys = FALSE;
691 }
692 #ifdef CONFIG_IEEE80211R_AP
693 os_free(sm->assoc_resp_ftie);
694 wpabuf_free(sm->ft_pending_req_ies);
695 #endif /* CONFIG_IEEE80211R_AP */
696 os_free(sm->last_rx_eapol_key);
697 os_free(sm->wpa_ie);
698 wpa_group_put(sm->wpa_auth, sm->group);
699 os_free(sm);
700 }
701
702
703 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
704 {
705 if (sm == NULL)
706 return;
707
708 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
709 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
710 "strict rekeying - force GTK rekey since STA "
711 "is leaving");
712 if (eloop_deplete_timeout(0, 500000, wpa_rekey_gtk,
713 sm->wpa_auth, NULL) == -1)
714 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
715 NULL);
716 }
717
718 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
719 sm->pending_1_of_4_timeout = 0;
720 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
721 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
722 #ifdef CONFIG_IEEE80211R_AP
723 wpa_ft_sta_deinit(sm);
724 #endif /* CONFIG_IEEE80211R_AP */
725 if (sm->in_step_loop) {
726 /* Must not free state machine while wpa_sm_step() is running.
727 * Freeing will be completed in the end of wpa_sm_step(). */
728 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
729 "machine deinit for " MACSTR, MAC2STR(sm->addr));
730 sm->pending_deinit = 1;
731 } else
732 wpa_free_sta_sm(sm);
733 }
734
735
736 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
737 {
738 if (sm == NULL)
739 return;
740
741 sm->PTKRequest = TRUE;
742 sm->PTK_valid = 0;
743 }
744
745
746 static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
747 const u8 *replay_counter)
748 {
749 int i;
750 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
751 if (!ctr[i].valid)
752 break;
753 if (os_memcmp(replay_counter, ctr[i].counter,
754 WPA_REPLAY_COUNTER_LEN) == 0)
755 return 1;
756 }
757 return 0;
758 }
759
760
761 static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
762 const u8 *replay_counter)
763 {
764 int i;
765 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
766 if (ctr[i].valid &&
767 (replay_counter == NULL ||
768 os_memcmp(replay_counter, ctr[i].counter,
769 WPA_REPLAY_COUNTER_LEN) == 0))
770 ctr[i].valid = FALSE;
771 }
772 }
773
774
775 #ifdef CONFIG_IEEE80211R_AP
776 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
777 struct wpa_state_machine *sm,
778 struct wpa_eapol_ie_parse *kde)
779 {
780 struct wpa_ie_data ie;
781 struct rsn_mdie *mdie;
782
783 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
784 ie.num_pmkid != 1 || ie.pmkid == NULL) {
785 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
786 "FT 4-way handshake message 2/4");
787 return -1;
788 }
789
790 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
791 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
792 sm->sup_pmk_r1_name, PMKID_LEN);
793
794 if (!kde->mdie || !kde->ftie) {
795 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
796 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
797 return -1;
798 }
799
800 mdie = (struct rsn_mdie *) (kde->mdie + 2);
801 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
802 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
803 MOBILITY_DOMAIN_ID_LEN) != 0) {
804 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
805 return -1;
806 }
807
808 if (sm->assoc_resp_ftie &&
809 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
810 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
811 2 + sm->assoc_resp_ftie[1]) != 0)) {
812 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
813 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
814 kde->ftie, kde->ftie_len);
815 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
816 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
817 return -1;
818 }
819
820 return 0;
821 }
822 #endif /* CONFIG_IEEE80211R_AP */
823
824
825 static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
826 struct wpa_state_machine *sm, int group)
827 {
828 /* Supplicant reported a Michael MIC error */
829 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
830 "received EAPOL-Key Error Request "
831 "(STA detected Michael MIC failure (group=%d))",
832 group);
833
834 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
835 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
836 "ignore Michael MIC failure report since "
837 "group cipher is not TKIP");
838 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
839 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
840 "ignore Michael MIC failure report since "
841 "pairwise cipher is not TKIP");
842 } else {
843 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
844 return 1; /* STA entry was removed */
845 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
846 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
847 }
848
849 /*
850 * Error report is not a request for a new key handshake, but since
851 * Authenticator may do it, let's change the keys now anyway.
852 */
853 wpa_request_new_ptk(sm);
854 return 0;
855 }
856
857
858 static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
859 size_t data_len)
860 {
861 struct wpa_ptk PTK;
862 int ok = 0;
863 const u8 *pmk = NULL;
864 size_t pmk_len;
865 int vlan_id = 0;
866
867 os_memset(&PTK, 0, sizeof(PTK));
868 for (;;) {
869 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
870 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
871 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
872 sm->p2p_dev_addr, pmk, &pmk_len,
873 &vlan_id);
874 if (pmk == NULL)
875 break;
876 #ifdef CONFIG_IEEE80211R_AP
877 if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
878 os_memcpy(sm->xxkey, pmk, pmk_len);
879 sm->xxkey_len = pmk_len;
880 }
881 #endif /* CONFIG_IEEE80211R_AP */
882 } else {
883 pmk = sm->PMK;
884 pmk_len = sm->pmk_len;
885 }
886
887 if (wpa_derive_ptk(sm, sm->alt_SNonce, pmk, pmk_len, &PTK) < 0)
888 break;
889
890 if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
891 data, data_len) == 0) {
892 os_memcpy(sm->PMK, pmk, pmk_len);
893 sm->pmk_len = pmk_len;
894 ok = 1;
895 break;
896 }
897
898 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
899 wpa_key_mgmt_sae(sm->wpa_key_mgmt))
900 break;
901 }
902
903 if (!ok) {
904 wpa_printf(MSG_DEBUG,
905 "WPA: Earlier SNonce did not result in matching MIC");
906 return -1;
907 }
908
909 wpa_printf(MSG_DEBUG,
910 "WPA: Earlier SNonce resulted in matching MIC");
911 sm->alt_snonce_valid = 0;
912
913 if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
914 wpa_auth_update_vlan(sm->wpa_auth, sm->addr, vlan_id) < 0)
915 return -1;
916
917 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
918 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
919 sm->PTK_valid = TRUE;
920
921 return 0;
922 }
923
924
925 void wpa_receive(struct wpa_authenticator *wpa_auth,
926 struct wpa_state_machine *sm,
927 u8 *data, size_t data_len)
928 {
929 struct ieee802_1x_hdr *hdr;
930 struct wpa_eapol_key *key;
931 u16 key_info, key_data_length;
932 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST } msg;
933 char *msgtxt;
934 struct wpa_eapol_ie_parse kde;
935 const u8 *key_data;
936 size_t keyhdrlen, mic_len;
937 u8 *mic;
938
939 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
940 return;
941 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL data", data, data_len);
942
943 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
944 keyhdrlen = sizeof(*key) + mic_len + 2;
945
946 if (data_len < sizeof(*hdr) + keyhdrlen) {
947 wpa_printf(MSG_DEBUG, "WPA: Ignore too short EAPOL-Key frame");
948 return;
949 }
950
951 hdr = (struct ieee802_1x_hdr *) data;
952 key = (struct wpa_eapol_key *) (hdr + 1);
953 mic = (u8 *) (key + 1);
954 key_info = WPA_GET_BE16(key->key_info);
955 key_data = mic + mic_len + 2;
956 key_data_length = WPA_GET_BE16(mic + mic_len);
957 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
958 " key_info=0x%x type=%u mic_len=%u key_data_length=%u",
959 MAC2STR(sm->addr), key_info, key->type,
960 (unsigned int) mic_len, key_data_length);
961 wpa_hexdump(MSG_MSGDUMP,
962 "WPA: EAPOL-Key header (ending before Key MIC)",
963 key, sizeof(*key));
964 wpa_hexdump(MSG_MSGDUMP, "WPA: EAPOL-Key Key MIC",
965 mic, mic_len);
966 if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
967 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
968 "key_data overflow (%d > %lu)",
969 key_data_length,
970 (unsigned long) (data_len - sizeof(*hdr) -
971 keyhdrlen));
972 return;
973 }
974
975 if (sm->wpa == WPA_VERSION_WPA2) {
976 if (key->type == EAPOL_KEY_TYPE_WPA) {
977 /*
978 * Some deployed station implementations seem to send
979 * msg 4/4 with incorrect type value in WPA2 mode.
980 */
981 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
982 "with unexpected WPA type in RSN mode");
983 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
984 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
985 "unexpected type %d in RSN mode",
986 key->type);
987 return;
988 }
989 } else {
990 if (key->type != EAPOL_KEY_TYPE_WPA) {
991 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
992 "unexpected type %d in WPA mode",
993 key->type);
994 return;
995 }
996 }
997
998 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
999 WPA_NONCE_LEN);
1000 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
1001 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1002
1003 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
1004 * are set */
1005
1006 if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
1007 wpa_printf(MSG_DEBUG, "WPA: Ignore SMK message");
1008 return;
1009 }
1010
1011 if (key_info & WPA_KEY_INFO_REQUEST) {
1012 msg = REQUEST;
1013 msgtxt = "Request";
1014 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1015 msg = GROUP_2;
1016 msgtxt = "2/2 Group";
1017 } else if (key_data_length == 0 ||
1018 (mic_len == 0 && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) &&
1019 key_data_length == AES_BLOCK_SIZE)) {
1020 msg = PAIRWISE_4;
1021 msgtxt = "4/4 Pairwise";
1022 } else {
1023 msg = PAIRWISE_2;
1024 msgtxt = "2/4 Pairwise";
1025 }
1026
1027 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
1028 msg == GROUP_2) {
1029 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1030 if (sm->pairwise == WPA_CIPHER_CCMP ||
1031 sm->pairwise == WPA_CIPHER_GCMP) {
1032 if (wpa_use_cmac(sm->wpa_key_mgmt) &&
1033 !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
1034 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1035 wpa_auth_logger(wpa_auth, sm->addr,
1036 LOGGER_WARNING,
1037 "advertised support for "
1038 "AES-128-CMAC, but did not "
1039 "use it");
1040 return;
1041 }
1042
1043 if (!wpa_use_cmac(sm->wpa_key_mgmt) &&
1044 !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
1045 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1046 wpa_auth_logger(wpa_auth, sm->addr,
1047 LOGGER_WARNING,
1048 "did not use HMAC-SHA1-AES "
1049 "with CCMP/GCMP");
1050 return;
1051 }
1052 }
1053
1054 if (wpa_use_akm_defined(sm->wpa_key_mgmt) &&
1055 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1056 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1057 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
1058 return;
1059 }
1060 }
1061
1062 if (key_info & WPA_KEY_INFO_REQUEST) {
1063 if (sm->req_replay_counter_used &&
1064 os_memcmp(key->replay_counter, sm->req_replay_counter,
1065 WPA_REPLAY_COUNTER_LEN) <= 0) {
1066 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1067 "received EAPOL-Key request with "
1068 "replayed counter");
1069 return;
1070 }
1071 }
1072
1073 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
1074 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
1075 int i;
1076
1077 if (msg == PAIRWISE_2 &&
1078 wpa_replay_counter_valid(sm->prev_key_replay,
1079 key->replay_counter) &&
1080 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1081 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
1082 {
1083 /*
1084 * Some supplicant implementations (e.g., Windows XP
1085 * WZC) update SNonce for each EAPOL-Key 2/4. This
1086 * breaks the workaround on accepting any of the
1087 * pending requests, so allow the SNonce to be updated
1088 * even if we have already sent out EAPOL-Key 3/4.
1089 */
1090 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1091 "Process SNonce update from STA "
1092 "based on retransmitted EAPOL-Key "
1093 "1/4");
1094 sm->update_snonce = 1;
1095 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1096 sm->alt_snonce_valid = TRUE;
1097 os_memcpy(sm->alt_replay_counter,
1098 sm->key_replay[0].counter,
1099 WPA_REPLAY_COUNTER_LEN);
1100 goto continue_processing;
1101 }
1102
1103 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1104 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1105 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1106 WPA_REPLAY_COUNTER_LEN) == 0) {
1107 /*
1108 * Supplicant may still be using the old SNonce since
1109 * there was two EAPOL-Key 2/4 messages and they had
1110 * different SNonce values.
1111 */
1112 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1113 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
1114 goto continue_processing;
1115 }
1116
1117 if (msg == PAIRWISE_2 &&
1118 wpa_replay_counter_valid(sm->prev_key_replay,
1119 key->replay_counter) &&
1120 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1121 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1122 "ignore retransmitted EAPOL-Key %s - "
1123 "SNonce did not change", msgtxt);
1124 } else {
1125 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1126 "received EAPOL-Key %s with "
1127 "unexpected replay counter", msgtxt);
1128 }
1129 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
1130 if (!sm->key_replay[i].valid)
1131 break;
1132 wpa_hexdump(MSG_DEBUG, "pending replay counter",
1133 sm->key_replay[i].counter,
1134 WPA_REPLAY_COUNTER_LEN);
1135 }
1136 wpa_hexdump(MSG_DEBUG, "received replay counter",
1137 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1138 return;
1139 }
1140
1141 continue_processing:
1142 #ifdef CONFIG_FILS
1143 if (sm->wpa == WPA_VERSION_WPA2 && mic_len == 0 &&
1144 !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1145 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1146 "WPA: Encr Key Data bit not set even though AEAD cipher is supposed to be used - drop frame");
1147 return;
1148 }
1149 #endif /* CONFIG_FILS */
1150
1151 switch (msg) {
1152 case PAIRWISE_2:
1153 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
1154 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1155 (!sm->update_snonce ||
1156 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
1157 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1158 "received EAPOL-Key msg 2/4 in "
1159 "invalid state (%d) - dropped",
1160 sm->wpa_ptk_state);
1161 return;
1162 }
1163 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
1164 if (sm->group->reject_4way_hs_for_entropy) {
1165 /*
1166 * The system did not have enough entropy to generate
1167 * strong random numbers. Reject the first 4-way
1168 * handshake(s) and collect some entropy based on the
1169 * information from it. Once enough entropy is
1170 * available, the next atempt will trigger GMK/Key
1171 * Counter update and the station will be allowed to
1172 * continue.
1173 */
1174 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
1175 "collect more entropy for random number "
1176 "generation");
1177 random_mark_pool_ready();
1178 wpa_sta_disconnect(wpa_auth, sm->addr,
1179 WLAN_REASON_PREV_AUTH_NOT_VALID);
1180 return;
1181 }
1182 break;
1183 case PAIRWISE_4:
1184 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1185 !sm->PTK_valid) {
1186 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1187 "received EAPOL-Key msg 4/4 in "
1188 "invalid state (%d) - dropped",
1189 sm->wpa_ptk_state);
1190 return;
1191 }
1192 break;
1193 case GROUP_2:
1194 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1195 || !sm->PTK_valid) {
1196 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1197 "received EAPOL-Key msg 2/2 in "
1198 "invalid state (%d) - dropped",
1199 sm->wpa_ptk_group_state);
1200 return;
1201 }
1202 break;
1203 case REQUEST:
1204 break;
1205 }
1206
1207 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1208 "received EAPOL-Key frame (%s)", msgtxt);
1209
1210 if (key_info & WPA_KEY_INFO_ACK) {
1211 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1212 "received invalid EAPOL-Key: Key Ack set");
1213 return;
1214 }
1215
1216 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1217 !(key_info & WPA_KEY_INFO_MIC)) {
1218 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1219 "received invalid EAPOL-Key: Key MIC not set");
1220 return;
1221 }
1222
1223 #ifdef CONFIG_FILS
1224 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1225 (key_info & WPA_KEY_INFO_MIC)) {
1226 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1227 "received invalid EAPOL-Key: Key MIC set");
1228 return;
1229 }
1230 #endif /* CONFIG_FILS */
1231
1232 sm->MICVerified = FALSE;
1233 if (sm->PTK_valid && !sm->update_snonce) {
1234 if (mic_len &&
1235 wpa_verify_key_mic(sm->wpa_key_mgmt, sm->pmk_len, &sm->PTK,
1236 data, data_len) &&
1237 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1238 wpa_try_alt_snonce(sm, data, data_len))) {
1239 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1240 "received EAPOL-Key with invalid MIC");
1241 #ifdef TEST_FUZZ
1242 wpa_printf(MSG_INFO,
1243 "TEST: Ignore Key MIC failure for fuzz testing");
1244 goto continue_fuzz;
1245 #endif /* TEST_FUZZ */
1246 return;
1247 }
1248 #ifdef CONFIG_FILS
1249 if (!mic_len &&
1250 wpa_aead_decrypt(sm, &sm->PTK, data, data_len,
1251 &key_data_length) < 0) {
1252 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1253 "received EAPOL-Key with invalid MIC");
1254 #ifdef TEST_FUZZ
1255 wpa_printf(MSG_INFO,
1256 "TEST: Ignore Key MIC failure for fuzz testing");
1257 goto continue_fuzz;
1258 #endif /* TEST_FUZZ */
1259 return;
1260 }
1261 #endif /* CONFIG_FILS */
1262 #ifdef TEST_FUZZ
1263 continue_fuzz:
1264 #endif /* TEST_FUZZ */
1265 sm->MICVerified = TRUE;
1266 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
1267 sm->pending_1_of_4_timeout = 0;
1268 }
1269
1270 if (key_info & WPA_KEY_INFO_REQUEST) {
1271 if (sm->MICVerified) {
1272 sm->req_replay_counter_used = 1;
1273 os_memcpy(sm->req_replay_counter, key->replay_counter,
1274 WPA_REPLAY_COUNTER_LEN);
1275 } else {
1276 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1277 "received EAPOL-Key request with "
1278 "invalid MIC");
1279 return;
1280 }
1281
1282 /*
1283 * TODO: should decrypt key data field if encryption was used;
1284 * even though MAC address KDE is not normally encrypted,
1285 * supplicant is allowed to encrypt it.
1286 */
1287 if (key_info & WPA_KEY_INFO_ERROR) {
1288 if (wpa_receive_error_report(
1289 wpa_auth, sm,
1290 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1291 return; /* STA entry was removed */
1292 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1293 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1294 "received EAPOL-Key Request for new "
1295 "4-Way Handshake");
1296 wpa_request_new_ptk(sm);
1297 } else if (key_data_length > 0 &&
1298 wpa_parse_kde_ies(key_data, key_data_length,
1299 &kde) == 0 &&
1300 kde.mac_addr) {
1301 } else {
1302 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1303 "received EAPOL-Key Request for GTK "
1304 "rekeying");
1305 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1306 wpa_rekey_gtk(wpa_auth, NULL);
1307 }
1308 } else {
1309 /* Do not allow the same key replay counter to be reused. */
1310 wpa_replay_counter_mark_invalid(sm->key_replay,
1311 key->replay_counter);
1312
1313 if (msg == PAIRWISE_2) {
1314 /*
1315 * Maintain a copy of the pending EAPOL-Key frames in
1316 * case the EAPOL-Key frame was retransmitted. This is
1317 * needed to allow EAPOL-Key msg 2/4 reply to another
1318 * pending msg 1/4 to update the SNonce to work around
1319 * unexpected supplicant behavior.
1320 */
1321 os_memcpy(sm->prev_key_replay, sm->key_replay,
1322 sizeof(sm->key_replay));
1323 } else {
1324 os_memset(sm->prev_key_replay, 0,
1325 sizeof(sm->prev_key_replay));
1326 }
1327
1328 /*
1329 * Make sure old valid counters are not accepted anymore and
1330 * do not get copied again.
1331 */
1332 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
1333 }
1334
1335 os_free(sm->last_rx_eapol_key);
1336 sm->last_rx_eapol_key = os_memdup(data, data_len);
1337 if (sm->last_rx_eapol_key == NULL)
1338 return;
1339 sm->last_rx_eapol_key_len = data_len;
1340
1341 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
1342 sm->EAPOLKeyReceived = TRUE;
1343 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1344 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1345 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1346 wpa_sm_step(sm);
1347 }
1348
1349
1350 static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1351 const u8 *gnonce, u8 *gtk, size_t gtk_len)
1352 {
1353 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + WPA_GTK_MAX_LEN];
1354 u8 *pos;
1355 int ret = 0;
1356
1357 /* GTK = PRF-X(GMK, "Group key expansion",
1358 * AA || GNonce || Time || random data)
1359 * The example described in the IEEE 802.11 standard uses only AA and
1360 * GNonce as inputs here. Add some more entropy since this derivation
1361 * is done only at the Authenticator and as such, does not need to be
1362 * exactly same.
1363 */
1364 os_memset(data, 0, sizeof(data));
1365 os_memcpy(data, addr, ETH_ALEN);
1366 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
1367 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1368 wpa_get_ntp_timestamp(pos);
1369 #ifdef TEST_FUZZ
1370 os_memset(pos, 0xef, 8);
1371 #endif /* TEST_FUZZ */
1372 pos += 8;
1373 if (random_get_bytes(pos, gtk_len) < 0)
1374 ret = -1;
1375
1376 #ifdef CONFIG_SHA384
1377 if (sha384_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data),
1378 gtk, gtk_len) < 0)
1379 ret = -1;
1380 #else /* CONFIG_SHA384 */
1381 #ifdef CONFIG_SHA256
1382 if (sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data),
1383 gtk, gtk_len) < 0)
1384 ret = -1;
1385 #else /* CONFIG_SHA256 */
1386 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data),
1387 gtk, gtk_len) < 0)
1388 ret = -1;
1389 #endif /* CONFIG_SHA256 */
1390 #endif /* CONFIG_SHA384 */
1391
1392 return ret;
1393 }
1394
1395
1396 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1397 {
1398 struct wpa_authenticator *wpa_auth = eloop_ctx;
1399 struct wpa_state_machine *sm = timeout_ctx;
1400
1401 sm->pending_1_of_4_timeout = 0;
1402 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1403 sm->TimeoutEvt = TRUE;
1404 wpa_sm_step(sm);
1405 }
1406
1407
1408 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1409 struct wpa_state_machine *sm, int key_info,
1410 const u8 *key_rsc, const u8 *nonce,
1411 const u8 *kde, size_t kde_len,
1412 int keyidx, int encr, int force_version)
1413 {
1414 struct ieee802_1x_hdr *hdr;
1415 struct wpa_eapol_key *key;
1416 size_t len, mic_len, keyhdrlen;
1417 int alg;
1418 int key_data_len, pad_len = 0;
1419 u8 *buf, *pos;
1420 int version, pairwise;
1421 int i;
1422 u8 *key_mic, *key_data;
1423
1424 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
1425 keyhdrlen = sizeof(*key) + mic_len + 2;
1426
1427 len = sizeof(struct ieee802_1x_hdr) + keyhdrlen;
1428
1429 if (force_version)
1430 version = force_version;
1431 else if (wpa_use_akm_defined(sm->wpa_key_mgmt))
1432 version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
1433 else if (wpa_use_cmac(sm->wpa_key_mgmt))
1434 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
1435 else if (sm->pairwise != WPA_CIPHER_TKIP)
1436 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1437 else
1438 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1439
1440 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1441
1442 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1443 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1444 "encr=%d)",
1445 version,
1446 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1447 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1448 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1449 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1450 pairwise, (unsigned long) kde_len, keyidx, encr);
1451
1452 key_data_len = kde_len;
1453
1454 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1455 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) ||
1456 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1457 pad_len = key_data_len % 8;
1458 if (pad_len)
1459 pad_len = 8 - pad_len;
1460 key_data_len += pad_len + 8;
1461 }
1462
1463 len += key_data_len;
1464 if (!mic_len && encr)
1465 len += AES_BLOCK_SIZE;
1466
1467 hdr = os_zalloc(len);
1468 if (hdr == NULL)
1469 return;
1470 hdr->version = wpa_auth->conf.eapol_version;
1471 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1472 hdr->length = host_to_be16(len - sizeof(*hdr));
1473 key = (struct wpa_eapol_key *) (hdr + 1);
1474 key_mic = (u8 *) (key + 1);
1475 key_data = ((u8 *) (hdr + 1)) + keyhdrlen;
1476
1477 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1478 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1479 key_info |= version;
1480 if (encr && sm->wpa == WPA_VERSION_WPA2)
1481 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1482 if (sm->wpa != WPA_VERSION_WPA2)
1483 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1484 WPA_PUT_BE16(key->key_info, key_info);
1485
1486 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1487 if (sm->wpa == WPA_VERSION_WPA2 && !pairwise)
1488 WPA_PUT_BE16(key->key_length, 0);
1489 else
1490 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
1491
1492 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1493 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1494 os_memcpy(sm->key_replay[i].counter,
1495 sm->key_replay[i - 1].counter,
1496 WPA_REPLAY_COUNTER_LEN);
1497 }
1498 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1499 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
1500 WPA_REPLAY_COUNTER_LEN);
1501 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
1502 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1503 sm->key_replay[0].valid = TRUE;
1504
1505 if (nonce)
1506 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1507
1508 if (key_rsc)
1509 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1510
1511 if (kde && !encr) {
1512 os_memcpy(key_data, kde, kde_len);
1513 WPA_PUT_BE16(key_mic + mic_len, kde_len);
1514 #ifdef CONFIG_FILS
1515 } else if (!mic_len && kde) {
1516 const u8 *aad[1];
1517 size_t aad_len[1];
1518
1519 WPA_PUT_BE16(key_mic, AES_BLOCK_SIZE + kde_len);
1520 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1521 kde, kde_len);
1522
1523 wpa_hexdump_key(MSG_DEBUG, "WPA: KEK",
1524 sm->PTK.kek, sm->PTK.kek_len);
1525 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
1526 * to Key Data (exclusive). */
1527 aad[0] = (u8 *) hdr;
1528 aad_len[0] = key_mic + 2 - (u8 *) hdr;
1529 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len, kde, kde_len,
1530 1, aad, aad_len, key_mic + 2) < 0) {
1531 wpa_printf(MSG_DEBUG, "WPA: AES-SIV encryption failed");
1532 return;
1533 }
1534
1535 wpa_hexdump(MSG_DEBUG, "WPA: Encrypted Key Data from SIV",
1536 key_mic + 2, AES_BLOCK_SIZE + kde_len);
1537 #endif /* CONFIG_FILS */
1538 } else if (encr && kde) {
1539 buf = os_zalloc(key_data_len);
1540 if (buf == NULL) {
1541 os_free(hdr);
1542 return;
1543 }
1544 pos = buf;
1545 os_memcpy(pos, kde, kde_len);
1546 pos += kde_len;
1547
1548 if (pad_len)
1549 *pos++ = 0xdd;
1550
1551 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1552 buf, key_data_len);
1553 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1554 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) ||
1555 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1556 wpa_printf(MSG_DEBUG,
1557 "WPA: Encrypt Key Data using AES-WRAP (KEK length %u)",
1558 (unsigned int) sm->PTK.kek_len);
1559 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
1560 (key_data_len - 8) / 8, buf, key_data)) {
1561 os_free(hdr);
1562 os_free(buf);
1563 return;
1564 }
1565 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
1566 #ifndef CONFIG_NO_RC4
1567 } else if (sm->PTK.kek_len == 16) {
1568 u8 ek[32];
1569
1570 wpa_printf(MSG_DEBUG,
1571 "WPA: Encrypt Key Data using RC4");
1572 os_memcpy(key->key_iv,
1573 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1574 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1575 os_memcpy(ek, key->key_iv, 16);
1576 os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len);
1577 os_memcpy(key_data, buf, key_data_len);
1578 rc4_skip(ek, 32, 256, key_data, key_data_len);
1579 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
1580 #endif /* CONFIG_NO_RC4 */
1581 } else {
1582 os_free(hdr);
1583 os_free(buf);
1584 return;
1585 }
1586 os_free(buf);
1587 }
1588
1589 if (key_info & WPA_KEY_INFO_MIC) {
1590 if (!sm->PTK_valid || !mic_len) {
1591 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1592 "PTK not valid when sending EAPOL-Key "
1593 "frame");
1594 os_free(hdr);
1595 return;
1596 }
1597
1598 if (wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len,
1599 sm->wpa_key_mgmt, version,
1600 (u8 *) hdr, len, key_mic) < 0) {
1601 os_free(hdr);
1602 return;
1603 }
1604 #ifdef CONFIG_TESTING_OPTIONS
1605 if (!pairwise &&
1606 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
1607 drand48() <
1608 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1609 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1610 "Corrupting group EAPOL-Key Key MIC");
1611 key_mic[0]++;
1612 }
1613 #endif /* CONFIG_TESTING_OPTIONS */
1614 }
1615
1616 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1617 1);
1618 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1619 sm->pairwise_set);
1620 os_free(hdr);
1621 }
1622
1623
1624 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1625 struct wpa_state_machine *sm, int key_info,
1626 const u8 *key_rsc, const u8 *nonce,
1627 const u8 *kde, size_t kde_len,
1628 int keyidx, int encr)
1629 {
1630 int timeout_ms;
1631 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1632 u32 ctr;
1633
1634 if (sm == NULL)
1635 return;
1636
1637 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1638 keyidx, encr, 0);
1639
1640 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1641 if (ctr == 1 && wpa_auth->conf.tx_status)
1642 timeout_ms = pairwise ? eapol_key_timeout_first :
1643 eapol_key_timeout_first_group;
1644 else
1645 timeout_ms = eapol_key_timeout_subseq;
1646 if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
1647 (!pairwise || (key_info & WPA_KEY_INFO_MIC)))
1648 timeout_ms = eapol_key_timeout_no_retrans;
1649 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1650 sm->pending_1_of_4_timeout = 1;
1651 #ifdef TEST_FUZZ
1652 timeout_ms = 1;
1653 #endif /* TEST_FUZZ */
1654 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1655 "counter %u)", timeout_ms, ctr);
1656 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1657 wpa_send_eapol_timeout, wpa_auth, sm);
1658 }
1659
1660
1661 static int wpa_verify_key_mic(int akmp, size_t pmk_len, struct wpa_ptk *PTK,
1662 u8 *data, size_t data_len)
1663 {
1664 struct ieee802_1x_hdr *hdr;
1665 struct wpa_eapol_key *key;
1666 u16 key_info;
1667 int ret = 0;
1668 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN], *mic_pos;
1669 size_t mic_len = wpa_mic_len(akmp, pmk_len);
1670
1671 if (data_len < sizeof(*hdr) + sizeof(*key))
1672 return -1;
1673
1674 hdr = (struct ieee802_1x_hdr *) data;
1675 key = (struct wpa_eapol_key *) (hdr + 1);
1676 mic_pos = (u8 *) (key + 1);
1677 key_info = WPA_GET_BE16(key->key_info);
1678 os_memcpy(mic, mic_pos, mic_len);
1679 os_memset(mic_pos, 0, mic_len);
1680 if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp,
1681 key_info & WPA_KEY_INFO_TYPE_MASK,
1682 data, data_len, mic_pos) ||
1683 os_memcmp_const(mic, mic_pos, mic_len) != 0)
1684 ret = -1;
1685 os_memcpy(mic_pos, mic, mic_len);
1686 return ret;
1687 }
1688
1689
1690 void wpa_remove_ptk(struct wpa_state_machine *sm)
1691 {
1692 sm->PTK_valid = FALSE;
1693 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1694 if (wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL,
1695 0))
1696 wpa_printf(MSG_DEBUG,
1697 "RSN: PTK removal from the driver failed");
1698 sm->pairwise_set = FALSE;
1699 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1700 }
1701
1702
1703 int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
1704 {
1705 int remove_ptk = 1;
1706
1707 if (sm == NULL)
1708 return -1;
1709
1710 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1711 "event %d notification", event);
1712
1713 switch (event) {
1714 case WPA_AUTH:
1715 #ifdef CONFIG_MESH
1716 /* PTKs are derived through AMPE */
1717 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1718 /* not mesh */
1719 break;
1720 }
1721 return 0;
1722 #endif /* CONFIG_MESH */
1723 case WPA_ASSOC:
1724 break;
1725 case WPA_DEAUTH:
1726 case WPA_DISASSOC:
1727 sm->DeauthenticationRequest = TRUE;
1728 break;
1729 case WPA_REAUTH:
1730 case WPA_REAUTH_EAPOL:
1731 if (!sm->started) {
1732 /*
1733 * When using WPS, we may end up here if the STA
1734 * manages to re-associate without the previous STA
1735 * entry getting removed. Consequently, we need to make
1736 * sure that the WPA state machines gets initialized
1737 * properly at this point.
1738 */
1739 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1740 "started - initialize now");
1741 sm->started = 1;
1742 sm->Init = TRUE;
1743 if (wpa_sm_step(sm) == 1)
1744 return 1; /* should not really happen */
1745 sm->Init = FALSE;
1746 sm->AuthenticationRequest = TRUE;
1747 break;
1748 }
1749 if (sm->GUpdateStationKeys) {
1750 /*
1751 * Reauthentication cancels the pending group key
1752 * update for this STA.
1753 */
1754 sm->group->GKeyDoneStations--;
1755 sm->GUpdateStationKeys = FALSE;
1756 sm->PtkGroupInit = TRUE;
1757 }
1758 sm->ReAuthenticationRequest = TRUE;
1759 break;
1760 case WPA_ASSOC_FT:
1761 #ifdef CONFIG_IEEE80211R_AP
1762 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1763 "after association");
1764 wpa_ft_install_ptk(sm);
1765
1766 /* Using FT protocol, not WPA auth state machine */
1767 sm->ft_completed = 1;
1768 return 0;
1769 #else /* CONFIG_IEEE80211R_AP */
1770 break;
1771 #endif /* CONFIG_IEEE80211R_AP */
1772 case WPA_ASSOC_FILS:
1773 #ifdef CONFIG_FILS
1774 wpa_printf(MSG_DEBUG,
1775 "FILS: TK configuration after association");
1776 fils_set_tk(sm);
1777 sm->fils_completed = 1;
1778 return 0;
1779 #else /* CONFIG_FILS */
1780 break;
1781 #endif /* CONFIG_FILS */
1782 case WPA_DRV_STA_REMOVED:
1783 sm->tk_already_set = FALSE;
1784 return 0;
1785 }
1786
1787 #ifdef CONFIG_IEEE80211R_AP
1788 sm->ft_completed = 0;
1789 #endif /* CONFIG_IEEE80211R_AP */
1790
1791 #ifdef CONFIG_IEEE80211W
1792 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1793 remove_ptk = 0;
1794 #endif /* CONFIG_IEEE80211W */
1795 #ifdef CONFIG_FILS
1796 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1797 (event == WPA_AUTH || event == WPA_ASSOC))
1798 remove_ptk = 0;
1799 #endif /* CONFIG_FILS */
1800
1801 if (remove_ptk) {
1802 sm->PTK_valid = FALSE;
1803 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1804
1805 if (event != WPA_REAUTH_EAPOL)
1806 wpa_remove_ptk(sm);
1807 }
1808
1809 if (sm->in_step_loop) {
1810 /*
1811 * wpa_sm_step() is already running - avoid recursive call to
1812 * it by making the existing loop process the new update.
1813 */
1814 sm->changed = TRUE;
1815 return 0;
1816 }
1817 return wpa_sm_step(sm);
1818 }
1819
1820
1821 SM_STATE(WPA_PTK, INITIALIZE)
1822 {
1823 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1824 if (sm->Init) {
1825 /* Init flag is not cleared here, so avoid busy
1826 * loop by claiming nothing changed. */
1827 sm->changed = FALSE;
1828 }
1829
1830 sm->keycount = 0;
1831 if (sm->GUpdateStationKeys)
1832 sm->group->GKeyDoneStations--;
1833 sm->GUpdateStationKeys = FALSE;
1834 if (sm->wpa == WPA_VERSION_WPA)
1835 sm->PInitAKeys = FALSE;
1836 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1837 * Local AA > Remote AA)) */) {
1838 sm->Pair = TRUE;
1839 }
1840 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1841 wpa_remove_ptk(sm);
1842 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1843 sm->TimeoutCtr = 0;
1844 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
1845 sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP ||
1846 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) {
1847 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1848 WPA_EAPOL_authorized, 0);
1849 }
1850 }
1851
1852
1853 SM_STATE(WPA_PTK, DISCONNECT)
1854 {
1855 u16 reason = sm->disconnect_reason;
1856
1857 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1858 sm->Disconnect = FALSE;
1859 sm->disconnect_reason = 0;
1860 if (!reason)
1861 reason = WLAN_REASON_PREV_AUTH_NOT_VALID;
1862 wpa_sta_disconnect(sm->wpa_auth, sm->addr, reason);
1863 }
1864
1865
1866 SM_STATE(WPA_PTK, DISCONNECTED)
1867 {
1868 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1869 sm->DeauthenticationRequest = FALSE;
1870 }
1871
1872
1873 SM_STATE(WPA_PTK, AUTHENTICATION)
1874 {
1875 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1876 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1877 sm->PTK_valid = FALSE;
1878 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1879 1);
1880 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1881 sm->AuthenticationRequest = FALSE;
1882 }
1883
1884
1885 static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1886 struct wpa_group *group)
1887 {
1888 if (group->first_sta_seen)
1889 return;
1890 /*
1891 * System has run bit further than at the time hostapd was started
1892 * potentially very early during boot up. This provides better chances
1893 * of collecting more randomness on embedded systems. Re-initialize the
1894 * GMK and Counter here to improve their strength if there was not
1895 * enough entropy available immediately after system startup.
1896 */
1897 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1898 "station");
1899 if (random_pool_ready() != 1) {
1900 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1901 "to proceed - reject first 4-way handshake");
1902 group->reject_4way_hs_for_entropy = TRUE;
1903 } else {
1904 group->first_sta_seen = TRUE;
1905 group->reject_4way_hs_for_entropy = FALSE;
1906 }
1907
1908 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
1909 wpa_gtk_update(wpa_auth, group) < 0 ||
1910 wpa_group_config_group_keys(wpa_auth, group) < 0) {
1911 wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed");
1912 group->first_sta_seen = FALSE;
1913 group->reject_4way_hs_for_entropy = TRUE;
1914 }
1915 }
1916
1917
1918 SM_STATE(WPA_PTK, AUTHENTICATION2)
1919 {
1920 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1921
1922 wpa_group_ensure_init(sm->wpa_auth, sm->group);
1923 sm->ReAuthenticationRequest = FALSE;
1924
1925 /*
1926 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
1927 * ambiguous. The Authenticator state machine uses a counter that is
1928 * incremented by one for each 4-way handshake. However, the security
1929 * analysis of 4-way handshake points out that unpredictable nonces
1930 * help in preventing precomputation attacks. Instead of the state
1931 * machine definition, use an unpredictable nonce value here to provide
1932 * stronger protection against potential precomputation attacks.
1933 */
1934 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1935 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
1936 "ANonce.");
1937 sm->Disconnect = TRUE;
1938 return;
1939 }
1940 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1941 WPA_NONCE_LEN);
1942 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1943 * logical place than INITIALIZE since AUTHENTICATION2 can be
1944 * re-entered on ReAuthenticationRequest without going through
1945 * INITIALIZE. */
1946 sm->TimeoutCtr = 0;
1947 }
1948
1949
1950 static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
1951 {
1952 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1953 wpa_printf(MSG_ERROR,
1954 "WPA: Failed to get random data for ANonce");
1955 sm->Disconnect = TRUE;
1956 return -1;
1957 }
1958 wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
1959 WPA_NONCE_LEN);
1960 sm->TimeoutCtr = 0;
1961 return 0;
1962 }
1963
1964
1965 SM_STATE(WPA_PTK, INITPMK)
1966 {
1967 u8 msk[2 * PMK_LEN];
1968 size_t len = 2 * PMK_LEN;
1969
1970 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1971 #ifdef CONFIG_IEEE80211R_AP
1972 sm->xxkey_len = 0;
1973 #endif /* CONFIG_IEEE80211R_AP */
1974 if (sm->pmksa) {
1975 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1976 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
1977 sm->pmk_len = sm->pmksa->pmk_len;
1978 #ifdef CONFIG_DPP
1979 } else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP) {
1980 wpa_printf(MSG_DEBUG,
1981 "DPP: No PMKSA cache entry for STA - reject connection");
1982 sm->Disconnect = TRUE;
1983 sm->disconnect_reason = WLAN_REASON_INVALID_PMKID;
1984 return;
1985 #endif /* CONFIG_DPP */
1986 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1987 unsigned int pmk_len;
1988
1989 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
1990 pmk_len = PMK_LEN_SUITE_B_192;
1991 else
1992 pmk_len = PMK_LEN;
1993 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1994 "(MSK len=%lu PMK len=%u)", (unsigned long) len,
1995 pmk_len);
1996 if (len < pmk_len) {
1997 wpa_printf(MSG_DEBUG,
1998 "WPA: MSK not long enough (%u) to create PMK (%u)",
1999 (unsigned int) len, (unsigned int) pmk_len);
2000 sm->Disconnect = TRUE;
2001 return;
2002 }
2003 os_memcpy(sm->PMK, msk, pmk_len);
2004 sm->pmk_len = pmk_len;
2005 #ifdef CONFIG_IEEE80211R_AP
2006 if (len >= 2 * PMK_LEN) {
2007 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
2008 os_memcpy(sm->xxkey, msk, SHA384_MAC_LEN);
2009 sm->xxkey_len = SHA384_MAC_LEN;
2010 } else {
2011 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
2012 sm->xxkey_len = PMK_LEN;
2013 }
2014 }
2015 #endif /* CONFIG_IEEE80211R_AP */
2016 } else {
2017 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
2018 sm->wpa_auth->cb->get_msk);
2019 sm->Disconnect = TRUE;
2020 return;
2021 }
2022 os_memset(msk, 0, sizeof(msk));
2023
2024 sm->req_replay_counter_used = 0;
2025 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
2026 * will break reauthentication since EAPOL state machines may not be
2027 * get into AUTHENTICATING state that clears keyRun before WPA state
2028 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
2029 * state and takes PMK from the previously used AAA Key. This will
2030 * eventually fail in 4-Way Handshake because Supplicant uses PMK
2031 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
2032 * be good workaround for this issue. */
2033 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
2034 }
2035
2036
2037 SM_STATE(WPA_PTK, INITPSK)
2038 {
2039 const u8 *psk;
2040 size_t psk_len;
2041
2042 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
2043 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL,
2044 &psk_len, NULL);
2045 if (psk) {
2046 os_memcpy(sm->PMK, psk, psk_len);
2047 sm->pmk_len = psk_len;
2048 #ifdef CONFIG_IEEE80211R_AP
2049 os_memcpy(sm->xxkey, psk, PMK_LEN);
2050 sm->xxkey_len = PMK_LEN;
2051 #endif /* CONFIG_IEEE80211R_AP */
2052 }
2053 #ifdef CONFIG_SAE
2054 if (wpa_auth_uses_sae(sm) && sm->pmksa) {
2055 wpa_printf(MSG_DEBUG, "SAE: PMK from PMKSA cache");
2056 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
2057 sm->pmk_len = sm->pmksa->pmk_len;
2058 }
2059 #endif /* CONFIG_SAE */
2060 sm->req_replay_counter_used = 0;
2061 }
2062
2063
2064 SM_STATE(WPA_PTK, PTKSTART)
2065 {
2066 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
2067 size_t pmkid_len = 0;
2068
2069 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
2070 sm->PTKRequest = FALSE;
2071 sm->TimeoutEvt = FALSE;
2072 sm->alt_snonce_valid = FALSE;
2073
2074 sm->TimeoutCtr++;
2075 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
2076 /* No point in sending the EAPOL-Key - we will disconnect
2077 * immediately following this. */
2078 return;
2079 }
2080
2081 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2082 "sending 1/4 msg of 4-Way Handshake");
2083 /*
2084 * For infrastructure BSS cases, it is better for the AP not to include
2085 * the PMKID KDE in EAPOL-Key msg 1/4 since it could be used to initiate
2086 * offline search for the passphrase/PSK without having to be able to
2087 * capture a 4-way handshake from a STA that has access to the network.
2088 *
2089 * For IBSS cases, addition of PMKID KDE could be considered even with
2090 * WPA2-PSK cases that use multiple PSKs, but only if there is a single
2091 * possible PSK for this STA. However, this should not be done unless
2092 * there is support for using that information on the supplicant side.
2093 * The concern about exposing PMKID unnecessarily in infrastructure BSS
2094 * cases would also apply here, but at least in the IBSS case, this
2095 * would cover a potential real use case.
2096 */
2097 if (sm->wpa == WPA_VERSION_WPA2 &&
2098 (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) ||
2099 (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && sm->pmksa) ||
2100 wpa_key_mgmt_sae(sm->wpa_key_mgmt)) &&
2101 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
2102 pmkid = buf;
2103 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
2104 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
2105 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
2106 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
2107 if (sm->pmksa) {
2108 wpa_hexdump(MSG_DEBUG,
2109 "RSN: Message 1/4 PMKID from PMKSA entry",
2110 sm->pmksa->pmkid, PMKID_LEN);
2111 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
2112 sm->pmksa->pmkid, PMKID_LEN);
2113 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
2114 /* No KCK available to derive PMKID */
2115 wpa_printf(MSG_DEBUG,
2116 "RSN: No KCK available to derive PMKID for message 1/4");
2117 pmkid = NULL;
2118 #ifdef CONFIG_SAE
2119 } else if (wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
2120 if (sm->pmkid_set) {
2121 wpa_hexdump(MSG_DEBUG,
2122 "RSN: Message 1/4 PMKID from SAE",
2123 sm->pmkid, PMKID_LEN);
2124 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
2125 sm->pmkid, PMKID_LEN);
2126 } else {
2127 /* No PMKID available */
2128 wpa_printf(MSG_DEBUG,
2129 "RSN: No SAE PMKID available for message 1/4");
2130 pmkid = NULL;
2131 }
2132 #endif /* CONFIG_SAE */
2133 } else {
2134 /*
2135 * Calculate PMKID since no PMKSA cache entry was
2136 * available with pre-calculated PMKID.
2137 */
2138 rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr,
2139 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
2140 sm->wpa_key_mgmt);
2141 wpa_hexdump(MSG_DEBUG,
2142 "RSN: Message 1/4 PMKID derived from PMK",
2143 &pmkid[2 + RSN_SELECTOR_LEN], PMKID_LEN);
2144 }
2145 }
2146 wpa_send_eapol(sm->wpa_auth, sm,
2147 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
2148 sm->ANonce, pmkid, pmkid_len, 0, 0);
2149 }
2150
2151
2152 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
2153 const u8 *pmk, unsigned int pmk_len,
2154 struct wpa_ptk *ptk)
2155 {
2156 #ifdef CONFIG_IEEE80211R_AP
2157 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
2158 return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
2159 #endif /* CONFIG_IEEE80211R_AP */
2160
2161 return wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
2162 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
2163 ptk, sm->wpa_key_mgmt, sm->pairwise);
2164 }
2165
2166
2167 #ifdef CONFIG_FILS
2168
2169 int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
2170 size_t pmk_len, const u8 *snonce, const u8 *anonce,
2171 const u8 *dhss, size_t dhss_len,
2172 struct wpabuf *g_sta, struct wpabuf *g_ap)
2173 {
2174 u8 ick[FILS_ICK_MAX_LEN];
2175 size_t ick_len;
2176 int res;
2177 u8 fils_ft[FILS_FT_MAX_LEN];
2178 size_t fils_ft_len = 0;
2179
2180 res = fils_pmk_to_ptk(pmk, pmk_len, sm->addr, sm->wpa_auth->addr,
2181 snonce, anonce, dhss, dhss_len,
2182 &sm->PTK, ick, &ick_len,
2183 sm->wpa_key_mgmt, sm->pairwise,
2184 fils_ft, &fils_ft_len);
2185 if (res < 0)
2186 return res;
2187 sm->PTK_valid = TRUE;
2188 sm->tk_already_set = FALSE;
2189
2190 #ifdef CONFIG_IEEE80211R_AP
2191 if (fils_ft_len) {
2192 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2193 struct wpa_auth_config *conf = &wpa_auth->conf;
2194 u8 pmk_r0[PMK_LEN_MAX], pmk_r0_name[WPA_PMK_NAME_LEN];
2195 int use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
2196 size_t pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
2197
2198 if (wpa_derive_pmk_r0(fils_ft, fils_ft_len,
2199 conf->ssid, conf->ssid_len,
2200 conf->mobility_domain,
2201 conf->r0_key_holder,
2202 conf->r0_key_holder_len,
2203 sm->addr, pmk_r0, pmk_r0_name,
2204 use_sha384) < 0)
2205 return -1;
2206
2207 wpa_hexdump_key(MSG_DEBUG, "FILS+FT: PMK-R0",
2208 pmk_r0, pmk_r0_len);
2209 wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR0Name",
2210 pmk_r0_name, WPA_PMK_NAME_LEN);
2211 wpa_ft_store_pmk_fils(sm, pmk_r0, pmk_r0_name);
2212 os_memset(fils_ft, 0, sizeof(fils_ft));
2213 }
2214 #endif /* CONFIG_IEEE80211R_AP */
2215
2216 res = fils_key_auth_sk(ick, ick_len, snonce, anonce,
2217 sm->addr, sm->wpa_auth->addr,
2218 g_sta ? wpabuf_head(g_sta) : NULL,
2219 g_sta ? wpabuf_len(g_sta) : 0,
2220 g_ap ? wpabuf_head(g_ap) : NULL,
2221 g_ap ? wpabuf_len(g_ap) : 0,
2222 sm->wpa_key_mgmt, sm->fils_key_auth_sta,
2223 sm->fils_key_auth_ap,
2224 &sm->fils_key_auth_len);
2225 os_memset(ick, 0, sizeof(ick));
2226
2227 /* Store nonces for (Re)Association Request/Response frame processing */
2228 os_memcpy(sm->SNonce, snonce, FILS_NONCE_LEN);
2229 os_memcpy(sm->ANonce, anonce, FILS_NONCE_LEN);
2230
2231 return res;
2232 }
2233
2234
2235 static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
2236 u8 *buf, size_t buf_len, u16 *_key_data_len)
2237 {
2238 struct ieee802_1x_hdr *hdr;
2239 struct wpa_eapol_key *key;
2240 u8 *pos;
2241 u16 key_data_len;
2242 u8 *tmp;
2243 const u8 *aad[1];
2244 size_t aad_len[1];
2245
2246 hdr = (struct ieee802_1x_hdr *) buf;
2247 key = (struct wpa_eapol_key *) (hdr + 1);
2248 pos = (u8 *) (key + 1);
2249 key_data_len = WPA_GET_BE16(pos);
2250 if (key_data_len < AES_BLOCK_SIZE ||
2251 key_data_len > buf_len - sizeof(*hdr) - sizeof(*key) - 2) {
2252 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2253 "No room for AES-SIV data in the frame");
2254 return -1;
2255 }
2256 pos += 2; /* Pointing at the Encrypted Key Data field */
2257
2258 tmp = os_malloc(key_data_len);
2259 if (!tmp)
2260 return -1;
2261
2262 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
2263 * to Key Data (exclusive). */
2264 aad[0] = buf;
2265 aad_len[0] = pos - buf;
2266 if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, key_data_len,
2267 1, aad, aad_len, tmp) < 0) {
2268 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2269 "Invalid AES-SIV data in the frame");
2270 bin_clear_free(tmp, key_data_len);
2271 return -1;
2272 }
2273
2274 /* AEAD decryption and validation completed successfully */
2275 key_data_len -= AES_BLOCK_SIZE;
2276 wpa_hexdump_key(MSG_DEBUG, "WPA: Decrypted Key Data",
2277 tmp, key_data_len);
2278
2279 /* Replace Key Data field with the decrypted version */
2280 os_memcpy(pos, tmp, key_data_len);
2281 pos -= 2; /* Key Data Length field */
2282 WPA_PUT_BE16(pos, key_data_len);
2283 bin_clear_free(tmp, key_data_len);
2284 if (_key_data_len)
2285 *_key_data_len = key_data_len;
2286 return 0;
2287 }
2288
2289
2290 const u8 * wpa_fils_validate_fils_session(struct wpa_state_machine *sm,
2291 const u8 *ies, size_t ies_len,
2292 const u8 *fils_session)
2293 {
2294 const u8 *ie, *end;
2295 const u8 *session = NULL;
2296
2297 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2298 wpa_printf(MSG_DEBUG,
2299 "FILS: Not a FILS AKM - reject association");
2300 return NULL;
2301 }
2302
2303 /* Verify Session element */
2304 ie = ies;
2305 end = ((const u8 *) ie) + ies_len;
2306 while (ie + 1 < end) {
2307 if (ie + 2 + ie[1] > end)
2308 break;
2309 if (ie[0] == WLAN_EID_EXTENSION &&
2310 ie[1] >= 1 + FILS_SESSION_LEN &&
2311 ie[2] == WLAN_EID_EXT_FILS_SESSION) {
2312 session = ie;
2313 break;
2314 }
2315 ie += 2 + ie[1];
2316 }
2317
2318 if (!session) {
2319 wpa_printf(MSG_DEBUG,
2320 "FILS: %s: Could not find FILS Session element in Assoc Req - reject",
2321 __func__);
2322 return NULL;
2323 }
2324
2325 if (!fils_session) {
2326 wpa_printf(MSG_DEBUG,
2327 "FILS: %s: Could not find FILS Session element in STA entry - reject",
2328 __func__);
2329 return NULL;
2330 }
2331
2332 if (os_memcmp(fils_session, session + 3, FILS_SESSION_LEN) != 0) {
2333 wpa_printf(MSG_DEBUG, "FILS: Session mismatch");
2334 wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session",
2335 fils_session, FILS_SESSION_LEN);
2336 wpa_hexdump(MSG_DEBUG, "FILS: Received FILS Session",
2337 session + 3, FILS_SESSION_LEN);
2338 return NULL;
2339 }
2340 return session;
2341 }
2342
2343
2344 int wpa_fils_validate_key_confirm(struct wpa_state_machine *sm, const u8 *ies,
2345 size_t ies_len)
2346 {
2347 struct ieee802_11_elems elems;
2348
2349 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
2350 wpa_printf(MSG_DEBUG,
2351 "FILS: Failed to parse decrypted elements");
2352 return -1;
2353 }
2354
2355 if (!elems.fils_session) {
2356 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
2357 return -1;
2358 }
2359
2360 if (!elems.fils_key_confirm) {
2361 wpa_printf(MSG_DEBUG, "FILS: No FILS Key Confirm element");
2362 return -1;
2363 }
2364
2365 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) {
2366 wpa_printf(MSG_DEBUG,
2367 "FILS: Unexpected Key-Auth length %d (expected %d)",
2368 elems.fils_key_confirm_len,
2369 (int) sm->fils_key_auth_len);
2370 return -1;
2371 }
2372
2373 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_sta,
2374 sm->fils_key_auth_len) != 0) {
2375 wpa_printf(MSG_DEBUG, "FILS: Key-Auth mismatch");
2376 wpa_hexdump(MSG_DEBUG, "FILS: Received Key-Auth",
2377 elems.fils_key_confirm, elems.fils_key_confirm_len);
2378 wpa_hexdump(MSG_DEBUG, "FILS: Expected Key-Auth",
2379 sm->fils_key_auth_sta, sm->fils_key_auth_len);
2380 return -1;
2381 }
2382
2383 return 0;
2384 }
2385
2386
2387 int fils_decrypt_assoc(struct wpa_state_machine *sm, const u8 *fils_session,
2388 const struct ieee80211_mgmt *mgmt, size_t frame_len,
2389 u8 *pos, size_t left)
2390 {
2391 u16 fc, stype;
2392 const u8 *end, *ie_start, *ie, *session, *crypt;
2393 const u8 *aad[5];
2394 size_t aad_len[5];
2395
2396 if (!sm || !sm->PTK_valid) {
2397 wpa_printf(MSG_DEBUG,
2398 "FILS: No KEK to decrypt Assocication Request frame");
2399 return -1;
2400 }
2401
2402 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2403 wpa_printf(MSG_DEBUG,
2404 "FILS: Not a FILS AKM - reject association");
2405 return -1;
2406 }
2407
2408 end = ((const u8 *) mgmt) + frame_len;
2409 fc = le_to_host16(mgmt->frame_control);
2410 stype = WLAN_FC_GET_STYPE(fc);
2411 if (stype == WLAN_FC_STYPE_REASSOC_REQ)
2412 ie_start = mgmt->u.reassoc_req.variable;
2413 else
2414 ie_start = mgmt->u.assoc_req.variable;
2415 ie = ie_start;
2416
2417 /*
2418 * Find FILS Session element which is the last unencrypted element in
2419 * the frame.
2420 */
2421 session = wpa_fils_validate_fils_session(sm, ie, end - ie,
2422 fils_session);
2423 if (!session) {
2424 wpa_printf(MSG_DEBUG, "FILS: Session validation failed");
2425 return -1;
2426 }
2427
2428 crypt = session + 2 + session[1];
2429
2430 if (end - crypt < AES_BLOCK_SIZE) {
2431 wpa_printf(MSG_DEBUG,
2432 "FILS: Too short frame to include AES-SIV data");
2433 return -1;
2434 }
2435
2436 /* AES-SIV AAD vectors */
2437
2438 /* The STA's MAC address */
2439 aad[0] = mgmt->sa;
2440 aad_len[0] = ETH_ALEN;
2441 /* The AP's BSSID */
2442 aad[1] = mgmt->da;
2443 aad_len[1] = ETH_ALEN;
2444 /* The STA's nonce */
2445 aad[2] = sm->SNonce;
2446 aad_len[2] = FILS_NONCE_LEN;
2447 /* The AP's nonce */
2448 aad[3] = sm->ANonce;
2449 aad_len[3] = FILS_NONCE_LEN;
2450 /*
2451 * The (Re)Association Request frame from the Capability Information
2452 * field to the FILS Session element (both inclusive).
2453 */
2454 aad[4] = (const u8 *) &mgmt->u.assoc_req.capab_info;
2455 aad_len[4] = crypt - aad[4];
2456
2457 if (aes_siv_decrypt(sm->PTK.kek, sm->PTK.kek_len, crypt, end - crypt,
2458 5, aad, aad_len, pos + (crypt - ie_start)) < 0) {
2459 wpa_printf(MSG_DEBUG,
2460 "FILS: Invalid AES-SIV data in the frame");
2461 return -1;
2462 }
2463 wpa_hexdump(MSG_DEBUG, "FILS: Decrypted Association Request elements",
2464 pos, left - AES_BLOCK_SIZE);
2465
2466 if (wpa_fils_validate_key_confirm(sm, pos, left - AES_BLOCK_SIZE) < 0) {
2467 wpa_printf(MSG_DEBUG, "FILS: Key Confirm validation failed");
2468 return -1;
2469 }
2470
2471 return left - AES_BLOCK_SIZE;
2472 }
2473
2474
2475 int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf,
2476 size_t current_len, size_t max_len,
2477 const struct wpabuf *hlp)
2478 {
2479 u8 *end = buf + max_len;
2480 u8 *pos = buf + current_len;
2481 struct ieee80211_mgmt *mgmt;
2482 struct wpabuf *plain;
2483 const u8 *aad[5];
2484 size_t aad_len[5];
2485
2486 if (!sm || !sm->PTK_valid)
2487 return -1;
2488
2489 wpa_hexdump(MSG_DEBUG,
2490 "FILS: Association Response frame before FILS processing",
2491 buf, current_len);
2492
2493 mgmt = (struct ieee80211_mgmt *) buf;
2494
2495 /* AES-SIV AAD vectors */
2496
2497 /* The AP's BSSID */
2498 aad[0] = mgmt->sa;
2499 aad_len[0] = ETH_ALEN;
2500 /* The STA's MAC address */
2501 aad[1] = mgmt->da;
2502 aad_len[1] = ETH_ALEN;
2503 /* The AP's nonce */
2504 aad[2] = sm->ANonce;
2505 aad_len[2] = FILS_NONCE_LEN;
2506 /* The STA's nonce */
2507 aad[3] = sm->SNonce;
2508 aad_len[3] = FILS_NONCE_LEN;
2509 /*
2510 * The (Re)Association Response frame from the Capability Information
2511 * field (the same offset in both Association and Reassociation
2512 * Response frames) to the FILS Session element (both inclusive).
2513 */
2514 aad[4] = (const u8 *) &mgmt->u.assoc_resp.capab_info;
2515 aad_len[4] = pos - aad[4];
2516
2517 /* The following elements will be encrypted with AES-SIV */
2518 plain = fils_prepare_plainbuf(sm, hlp);
2519 if (!plain) {
2520 wpa_printf(MSG_DEBUG, "FILS: Plain buffer prep failed");
2521 return -1;
2522 }
2523
2524 if (pos + wpabuf_len(plain) + AES_BLOCK_SIZE > end) {
2525 wpa_printf(MSG_DEBUG,
2526 "FILS: Not enough room for FILS elements");
2527 wpabuf_free(plain);
2528 return -1;
2529 }
2530
2531 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: Association Response plaintext",
2532 plain);
2533
2534 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len,
2535 wpabuf_head(plain), wpabuf_len(plain),
2536 5, aad, aad_len, pos) < 0) {
2537 wpabuf_free(plain);
2538 return -1;
2539 }
2540
2541 wpa_hexdump(MSG_DEBUG,
2542 "FILS: Encrypted Association Response elements",
2543 pos, AES_BLOCK_SIZE + wpabuf_len(plain));
2544 current_len += wpabuf_len(plain) + AES_BLOCK_SIZE;
2545 wpabuf_free(plain);
2546
2547 sm->fils_completed = 1;
2548
2549 return current_len;
2550 }
2551
2552
2553 static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm,
2554 const struct wpabuf *hlp)
2555 {
2556 struct wpabuf *plain;
2557 u8 *len, *tmp, *tmp2;
2558 u8 hdr[2];
2559 u8 *gtk, dummy_gtk[32];
2560 size_t gtk_len;
2561 struct wpa_group *gsm;
2562
2563 plain = wpabuf_alloc(1000);
2564 if (!plain)
2565 return NULL;
2566
2567 /* TODO: FILS Public Key */
2568
2569 /* FILS Key Confirmation */
2570 wpabuf_put_u8(plain, WLAN_EID_EXTENSION); /* Element ID */
2571 wpabuf_put_u8(plain, 1 + sm->fils_key_auth_len); /* Length */
2572 /* Element ID Extension */
2573 wpabuf_put_u8(plain, WLAN_EID_EXT_FILS_KEY_CONFIRM);
2574 wpabuf_put_data(plain, sm->fils_key_auth_ap, sm->fils_key_auth_len);
2575
2576 /* FILS HLP Container */
2577 if (hlp)
2578 wpabuf_put_buf(plain, hlp);
2579
2580 /* TODO: FILS IP Address Assignment */
2581
2582 /* Key Delivery */
2583 gsm = sm->group;
2584 wpabuf_put_u8(plain, WLAN_EID_EXTENSION); /* Element ID */
2585 len = wpabuf_put(plain, 1);
2586 wpabuf_put_u8(plain, WLAN_EID_EXT_KEY_DELIVERY);
2587 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN,
2588 wpabuf_put(plain, WPA_KEY_RSC_LEN));
2589 /* GTK KDE */
2590 gtk = gsm->GTK[gsm->GN - 1];
2591 gtk_len = gsm->GTK_len;
2592 if (sm->wpa_auth->conf.disable_gtk ||
2593 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
2594 /*
2595 * Provide unique random GTK to each STA to prevent use
2596 * of GTK in the BSS.
2597 */
2598 if (random_get_bytes(dummy_gtk, gtk_len) < 0) {
2599 wpabuf_free(plain);
2600 return NULL;
2601 }
2602 gtk = dummy_gtk;
2603 }
2604 hdr[0] = gsm->GN & 0x03;
2605 hdr[1] = 0;
2606 tmp = wpabuf_put(plain, 0);
2607 tmp2 = wpa_add_kde(tmp, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2608 gtk, gtk_len);
2609 wpabuf_put(plain, tmp2 - tmp);
2610
2611 /* IGTK KDE */
2612 tmp = wpabuf_put(plain, 0);
2613 tmp2 = ieee80211w_kde_add(sm, tmp);
2614 wpabuf_put(plain, tmp2 - tmp);
2615
2616 *len = (u8 *) wpabuf_put(plain, 0) - len - 1;
2617
2618 #ifdef CONFIG_OCV
2619 if (wpa_auth_uses_ocv(sm)) {
2620 struct wpa_channel_info ci;
2621 u8 *pos;
2622
2623 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
2624 wpa_printf(MSG_WARNING,
2625 "FILS: Failed to get channel info for OCI element");
2626 wpabuf_free(plain);
2627 return NULL;
2628 }
2629
2630 pos = wpabuf_put(plain, OCV_OCI_EXTENDED_LEN);
2631 if (ocv_insert_extended_oci(&ci, pos) < 0) {
2632 wpabuf_free(plain);
2633 return NULL;
2634 }
2635 }
2636 #endif /* CONFIG_OCV */
2637
2638 return plain;
2639 }
2640
2641
2642 int fils_set_tk(struct wpa_state_machine *sm)
2643 {
2644 enum wpa_alg alg;
2645 int klen;
2646
2647 if (!sm || !sm->PTK_valid) {
2648 wpa_printf(MSG_DEBUG, "FILS: No valid PTK available to set TK");
2649 return -1;
2650 }
2651 if (sm->tk_already_set) {
2652 wpa_printf(MSG_DEBUG, "FILS: TK already set to the driver");
2653 return -1;
2654 }
2655
2656 alg = wpa_cipher_to_alg(sm->pairwise);
2657 klen = wpa_cipher_key_len(sm->pairwise);
2658
2659 wpa_printf(MSG_DEBUG, "FILS: Configure TK to the driver");
2660 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2661 sm->PTK.tk, klen)) {
2662 wpa_printf(MSG_DEBUG, "FILS: Failed to set TK to the driver");
2663 return -1;
2664 }
2665 sm->tk_already_set = TRUE;
2666
2667 return 0;
2668 }
2669
2670
2671 u8 * hostapd_eid_assoc_fils_session(struct wpa_state_machine *sm, u8 *buf,
2672 const u8 *fils_session, struct wpabuf *hlp)
2673 {
2674 struct wpabuf *plain;
2675 u8 *pos = buf;
2676
2677 /* FILS Session */
2678 *pos++ = WLAN_EID_EXTENSION; /* Element ID */
2679 *pos++ = 1 + FILS_SESSION_LEN; /* Length */
2680 *pos++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
2681 os_memcpy(pos, fils_session, FILS_SESSION_LEN);
2682 pos += FILS_SESSION_LEN;
2683
2684 plain = fils_prepare_plainbuf(sm, hlp);
2685 if (!plain) {
2686 wpa_printf(MSG_DEBUG, "FILS: Plain buffer prep failed");
2687 return NULL;
2688 }
2689
2690 os_memcpy(pos, wpabuf_head(plain), wpabuf_len(plain));
2691 pos += wpabuf_len(plain);
2692
2693 wpa_printf(MSG_DEBUG, "%s: plain buf_len: %u", __func__,
2694 (unsigned int) wpabuf_len(plain));
2695 wpabuf_free(plain);
2696 sm->fils_completed = 1;
2697 return pos;
2698 }
2699
2700 #endif /* CONFIG_FILS */
2701
2702
2703 #ifdef CONFIG_OCV
2704 int get_sta_tx_parameters(struct wpa_state_machine *sm, int ap_max_chanwidth,
2705 int ap_seg1_idx, int *bandwidth, int *seg1_idx)
2706 {
2707 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2708
2709 if (!wpa_auth->cb->get_sta_tx_params)
2710 return -1;
2711 return wpa_auth->cb->get_sta_tx_params(wpa_auth->cb_ctx, sm->addr,
2712 ap_max_chanwidth, ap_seg1_idx,
2713 bandwidth, seg1_idx);
2714 }
2715 #endif /* CONFIG_OCV */
2716
2717
2718 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
2719 {
2720 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2721 struct wpa_ptk PTK;
2722 int ok = 0, psk_found = 0;
2723 const u8 *pmk = NULL;
2724 size_t pmk_len;
2725 int ft;
2726 const u8 *eapol_key_ie, *key_data, *mic;
2727 u16 key_data_length;
2728 size_t mic_len, eapol_key_ie_len;
2729 struct ieee802_1x_hdr *hdr;
2730 struct wpa_eapol_key *key;
2731 struct wpa_eapol_ie_parse kde;
2732 int vlan_id = 0;
2733
2734 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
2735 sm->EAPOLKeyReceived = FALSE;
2736 sm->update_snonce = FALSE;
2737 os_memset(&PTK, 0, sizeof(PTK));
2738
2739 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
2740
2741 /* WPA with IEEE 802.1X: use the derived PMK from EAP
2742 * WPA-PSK: iterate through possible PSKs and select the one matching
2743 * the packet */
2744 for (;;) {
2745 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
2746 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
2747 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
2748 sm->p2p_dev_addr, pmk, &pmk_len,
2749 &vlan_id);
2750 if (pmk == NULL)
2751 break;
2752 psk_found = 1;
2753 #ifdef CONFIG_IEEE80211R_AP
2754 if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
2755 os_memcpy(sm->xxkey, pmk, pmk_len);
2756 sm->xxkey_len = pmk_len;
2757 }
2758 #endif /* CONFIG_IEEE80211R_AP */
2759 } else {
2760 pmk = sm->PMK;
2761 pmk_len = sm->pmk_len;
2762 }
2763
2764 if (wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK) < 0)
2765 break;
2766
2767 if (mic_len &&
2768 wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
2769 sm->last_rx_eapol_key,
2770 sm->last_rx_eapol_key_len) == 0) {
2771 os_memcpy(sm->PMK, pmk, pmk_len);
2772 sm->pmk_len = pmk_len;
2773 ok = 1;
2774 break;
2775 }
2776
2777 #ifdef CONFIG_FILS
2778 if (!mic_len &&
2779 wpa_aead_decrypt(sm, &PTK, sm->last_rx_eapol_key,
2780 sm->last_rx_eapol_key_len, NULL) == 0) {
2781 ok = 1;
2782 break;
2783 }
2784 #endif /* CONFIG_FILS */
2785
2786 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
2787 wpa_key_mgmt_sae(sm->wpa_key_mgmt))
2788 break;
2789 }
2790
2791 if (!ok) {
2792 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2793 "invalid MIC in msg 2/4 of 4-Way Handshake");
2794 if (psk_found)
2795 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
2796 return;
2797 }
2798
2799 /*
2800 * Note: last_rx_eapol_key length fields have already been validated in
2801 * wpa_receive().
2802 */
2803 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
2804 key = (struct wpa_eapol_key *) (hdr + 1);
2805 mic = (u8 *) (key + 1);
2806 key_data = mic + mic_len + 2;
2807 key_data_length = WPA_GET_BE16(mic + mic_len);
2808 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
2809 sizeof(*key) - mic_len - 2)
2810 return;
2811
2812 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
2813 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2814 "received EAPOL-Key msg 2/4 with invalid Key Data contents");
2815 return;
2816 }
2817 if (kde.rsn_ie) {
2818 eapol_key_ie = kde.rsn_ie;
2819 eapol_key_ie_len = kde.rsn_ie_len;
2820 } else if (kde.osen) {
2821 eapol_key_ie = kde.osen;
2822 eapol_key_ie_len = kde.osen_len;
2823 } else {
2824 eapol_key_ie = kde.wpa_ie;
2825 eapol_key_ie_len = kde.wpa_ie_len;
2826 }
2827 ft = sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt);
2828 if (sm->wpa_ie == NULL ||
2829 wpa_compare_rsn_ie(ft, sm->wpa_ie, sm->wpa_ie_len,
2830 eapol_key_ie, eapol_key_ie_len)) {
2831 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2832 "WPA IE from (Re)AssocReq did not match with msg 2/4");
2833 if (sm->wpa_ie) {
2834 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
2835 sm->wpa_ie, sm->wpa_ie_len);
2836 }
2837 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
2838 eapol_key_ie, eapol_key_ie_len);
2839 /* MLME-DEAUTHENTICATE.request */
2840 wpa_sta_disconnect(wpa_auth, sm->addr,
2841 WLAN_REASON_PREV_AUTH_NOT_VALID);
2842 return;
2843 }
2844 #ifdef CONFIG_OCV
2845 if (wpa_auth_uses_ocv(sm)) {
2846 struct wpa_channel_info ci;
2847 int tx_chanwidth;
2848 int tx_seg1_idx;
2849
2850 if (wpa_channel_info(wpa_auth, &ci) != 0) {
2851 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2852 "Failed to get channel info to validate received OCI in EAPOL-Key 2/4");
2853 return;
2854 }
2855
2856 if (get_sta_tx_parameters(sm,
2857 channel_width_to_int(ci.chanwidth),
2858 ci.seg1_idx, &tx_chanwidth,
2859 &tx_seg1_idx) < 0)
2860 return;
2861
2862 if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci,
2863 tx_chanwidth, tx_seg1_idx) != 0) {
2864 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2865 ocv_errorstr);
2866 return;
2867 }
2868 }
2869 #endif /* CONFIG_OCV */
2870 #ifdef CONFIG_IEEE80211R_AP
2871 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
2872 wpa_sta_disconnect(wpa_auth, sm->addr,
2873 WLAN_REASON_PREV_AUTH_NOT_VALID);
2874 return;
2875 }
2876 #endif /* CONFIG_IEEE80211R_AP */
2877 #ifdef CONFIG_P2P
2878 if (kde.ip_addr_req && kde.ip_addr_req[0] &&
2879 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
2880 int idx;
2881 wpa_printf(MSG_DEBUG,
2882 "P2P: IP address requested in EAPOL-Key exchange");
2883 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
2884 if (idx >= 0) {
2885 u32 start = WPA_GET_BE32(wpa_auth->conf.ip_addr_start);
2886 bitfield_set(wpa_auth->ip_pool, idx);
2887 WPA_PUT_BE32(sm->ip_addr, start + idx);
2888 wpa_printf(MSG_DEBUG,
2889 "P2P: Assigned IP address %u.%u.%u.%u to "
2890 MACSTR, sm->ip_addr[0], sm->ip_addr[1],
2891 sm->ip_addr[2], sm->ip_addr[3],
2892 MAC2STR(sm->addr));
2893 }
2894 }
2895 #endif /* CONFIG_P2P */
2896
2897 #ifdef CONFIG_IEEE80211R_AP
2898 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2899 /*
2900 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
2901 * with the value we derived.
2902 */
2903 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
2904 WPA_PMK_NAME_LEN) != 0) {
2905 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2906 "PMKR1Name mismatch in FT 4-way "
2907 "handshake");
2908 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
2909 "Supplicant",
2910 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
2911 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
2912 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2913 return;
2914 }
2915 }
2916 #endif /* CONFIG_IEEE80211R_AP */
2917
2918 if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
2919 wpa_auth_update_vlan(wpa_auth, sm->addr, vlan_id) < 0) {
2920 wpa_sta_disconnect(wpa_auth, sm->addr,
2921 WLAN_REASON_PREV_AUTH_NOT_VALID);
2922 return;
2923 }
2924
2925 sm->pending_1_of_4_timeout = 0;
2926 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2927
2928 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
2929 /* PSK may have changed from the previous choice, so update
2930 * state machine data based on whatever PSK was selected here.
2931 */
2932 os_memcpy(sm->PMK, pmk, PMK_LEN);
2933 sm->pmk_len = PMK_LEN;
2934 }
2935
2936 sm->MICVerified = TRUE;
2937
2938 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
2939 sm->PTK_valid = TRUE;
2940 }
2941
2942
2943 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2944 {
2945 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2946 sm->TimeoutCtr = 0;
2947 }
2948
2949
2950 #ifdef CONFIG_IEEE80211W
2951
2952 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2953 {
2954 if (sm->mgmt_frame_prot) {
2955 size_t len;
2956 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2957 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
2958 }
2959
2960 return 0;
2961 }
2962
2963
2964 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2965 {
2966 struct wpa_igtk_kde igtk;
2967 struct wpa_group *gsm = sm->group;
2968 u8 rsc[WPA_KEY_RSC_LEN];
2969 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2970
2971 if (!sm->mgmt_frame_prot)
2972 return pos;
2973
2974 igtk.keyid[0] = gsm->GN_igtk;
2975 igtk.keyid[1] = 0;
2976 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
2977 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
2978 os_memset(igtk.pn, 0, sizeof(igtk.pn));
2979 else
2980 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
2981 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
2982 if (sm->wpa_auth->conf.disable_gtk ||
2983 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
2984 /*
2985 * Provide unique random IGTK to each STA to prevent use of
2986 * IGTK in the BSS.
2987 */
2988 if (random_get_bytes(igtk.igtk, len) < 0)
2989 return pos;
2990 }
2991 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
2992 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
2993 NULL, 0);
2994
2995 return pos;
2996 }
2997
2998 #else /* CONFIG_IEEE80211W */
2999
3000 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
3001 {
3002 return 0;
3003 }
3004
3005
3006 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
3007 {
3008 return pos;
3009 }
3010
3011 #endif /* CONFIG_IEEE80211W */
3012
3013
3014 static int ocv_oci_len(struct wpa_state_machine *sm)
3015 {
3016 #ifdef CONFIG_OCV
3017 if (wpa_auth_uses_ocv(sm))
3018 return OCV_OCI_KDE_LEN;
3019 #endif /* CONFIG_OCV */
3020 return 0;
3021 }
3022
3023 static int ocv_oci_add(struct wpa_state_machine *sm, u8 **argpos)
3024 {
3025 #ifdef CONFIG_OCV
3026 struct wpa_channel_info ci;
3027
3028 if (!wpa_auth_uses_ocv(sm))
3029 return 0;
3030
3031 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3032 wpa_printf(MSG_WARNING,
3033 "Failed to get channel info for OCI element");
3034 return -1;
3035 }
3036
3037 return ocv_insert_oci_kde(&ci, argpos);
3038 #else /* CONFIG_OCV */
3039 return 0;
3040 #endif /* CONFIG_OCV */
3041 }
3042
3043
3044 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
3045 {
3046 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
3047 size_t gtk_len, kde_len;
3048 struct wpa_group *gsm = sm->group;
3049 u8 *wpa_ie;
3050 int wpa_ie_len, secure, keyidx, encr = 0;
3051
3052 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
3053 sm->TimeoutEvt = FALSE;
3054
3055 sm->TimeoutCtr++;
3056 if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3057 sm->TimeoutCtr > 1) {
3058 /* Do not allow retransmission of EAPOL-Key msg 3/4 */
3059 return;
3060 }
3061 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
3062 /* No point in sending the EAPOL-Key - we will disconnect
3063 * immediately following this. */
3064 return;
3065 }
3066
3067 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
3068 GTK[GN], IGTK, [FTIE], [TIE * 2])
3069 */
3070 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
3071 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
3072 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
3073 wpa_ie = sm->wpa_auth->wpa_ie;
3074 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
3075 if (sm->wpa == WPA_VERSION_WPA &&
3076 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
3077 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
3078 /* WPA-only STA, remove RSN IE and possible MDIE */
3079 wpa_ie = wpa_ie + wpa_ie[1] + 2;
3080 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
3081 wpa_ie = wpa_ie + wpa_ie[1] + 2;
3082 wpa_ie_len = wpa_ie[1] + 2;
3083 }
3084 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3085 "sending 3/4 msg of 4-Way Handshake");
3086 if (sm->wpa == WPA_VERSION_WPA2) {
3087 /* WPA2 send GTK in the 4-way handshake */
3088 secure = 1;
3089 gtk = gsm->GTK[gsm->GN - 1];
3090 gtk_len = gsm->GTK_len;
3091 if (sm->wpa_auth->conf.disable_gtk ||
3092 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
3093 /*
3094 * Provide unique random GTK to each STA to prevent use
3095 * of GTK in the BSS.
3096 */
3097 if (random_get_bytes(dummy_gtk, gtk_len) < 0)
3098 return;
3099 gtk = dummy_gtk;
3100 }
3101 keyidx = gsm->GN;
3102 _rsc = rsc;
3103 encr = 1;
3104 } else {
3105 /* WPA does not include GTK in msg 3/4 */
3106 secure = 0;
3107 gtk = NULL;
3108 gtk_len = 0;
3109 keyidx = 0;
3110 _rsc = NULL;
3111 if (sm->rx_eapol_key_secure) {
3112 /*
3113 * It looks like Windows 7 supplicant tries to use
3114 * Secure bit in msg 2/4 after having reported Michael
3115 * MIC failure and it then rejects the 4-way handshake
3116 * if msg 3/4 does not set Secure bit. Work around this
3117 * by setting the Secure bit here even in the case of
3118 * WPA if the supplicant used it first.
3119 */
3120 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3121 "STA used Secure bit in WPA msg 2/4 - "
3122 "set Secure for 3/4 as workaround");
3123 secure = 1;
3124 }
3125 }
3126
3127 kde_len = wpa_ie_len + ieee80211w_kde_len(sm) + ocv_oci_len(sm);
3128 if (gtk)
3129 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
3130 #ifdef CONFIG_IEEE80211R_AP
3131 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
3132 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
3133 kde_len += 300; /* FTIE + 2 * TIE */
3134 }
3135 #endif /* CONFIG_IEEE80211R_AP */
3136 #ifdef CONFIG_P2P
3137 if (WPA_GET_BE32(sm->ip_addr) > 0)
3138 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
3139 #endif /* CONFIG_P2P */
3140 kde = os_malloc(kde_len);
3141 if (kde == NULL)
3142 return;
3143
3144 pos = kde;
3145 os_memcpy(pos, wpa_ie, wpa_ie_len);
3146 pos += wpa_ie_len;
3147 #ifdef CONFIG_IEEE80211R_AP
3148 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
3149 int res;
3150 size_t elen;
3151
3152 elen = pos - kde;
3153 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
3154 if (res < 0) {
3155 wpa_printf(MSG_ERROR, "FT: Failed to insert "
3156 "PMKR1Name into RSN IE in EAPOL-Key data");
3157 os_free(kde);
3158 return;
3159 }
3160 pos -= wpa_ie_len;
3161 pos += elen;
3162 }
3163 #endif /* CONFIG_IEEE80211R_AP */
3164 if (gtk) {
3165 u8 hdr[2];
3166 hdr[0] = keyidx & 0x03;
3167 hdr[1] = 0;
3168 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
3169 gtk, gtk_len);
3170 }
3171 pos = ieee80211w_kde_add(sm, pos);
3172 if (ocv_oci_add(sm, &pos) < 0) {
3173 os_free(kde);
3174 return;
3175 }
3176
3177 #ifdef CONFIG_IEEE80211R_AP
3178 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
3179 int res;
3180 struct wpa_auth_config *conf;
3181
3182 conf = &sm->wpa_auth->conf;
3183 if (sm->assoc_resp_ftie &&
3184 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
3185 os_memcpy(pos, sm->assoc_resp_ftie,
3186 2 + sm->assoc_resp_ftie[1]);
3187 res = 2 + sm->assoc_resp_ftie[1];
3188 } else {
3189 int use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
3190
3191 res = wpa_write_ftie(conf, use_sha384,
3192 conf->r0_key_holder,
3193 conf->r0_key_holder_len,
3194 NULL, NULL, pos,
3195 kde + kde_len - pos,
3196 NULL, 0);
3197 }
3198 if (res < 0) {
3199 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
3200 "into EAPOL-Key Key Data");
3201 os_free(kde);
3202 return;
3203 }
3204 pos += res;
3205
3206 /* TIE[ReassociationDeadline] (TU) */
3207 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
3208 *pos++ = 5;
3209 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
3210 WPA_PUT_LE32(pos, conf->reassociation_deadline);
3211 pos += 4;
3212
3213 /* TIE[KeyLifetime] (seconds) */
3214 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
3215 *pos++ = 5;
3216 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
3217 WPA_PUT_LE32(pos, conf->r0_key_lifetime);
3218 pos += 4;
3219 }
3220 #endif /* CONFIG_IEEE80211R_AP */
3221 #ifdef CONFIG_P2P
3222 if (WPA_GET_BE32(sm->ip_addr) > 0) {
3223 u8 addr[3 * 4];
3224 os_memcpy(addr, sm->ip_addr, 4);
3225 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
3226 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
3227 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
3228 addr, sizeof(addr), NULL, 0);
3229 }
3230 #endif /* CONFIG_P2P */
3231
3232 wpa_send_eapol(sm->wpa_auth, sm,
3233 (secure ? WPA_KEY_INFO_SECURE : 0) |
3234 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
3235 WPA_KEY_INFO_MIC : 0) |
3236 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
3237 WPA_KEY_INFO_KEY_TYPE,
3238 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
3239 os_free(kde);
3240 }
3241
3242
3243 SM_STATE(WPA_PTK, PTKINITDONE)
3244 {
3245 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
3246 sm->EAPOLKeyReceived = FALSE;
3247 if (sm->Pair) {
3248 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
3249 int klen = wpa_cipher_key_len(sm->pairwise);
3250 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
3251 sm->PTK.tk, klen)) {
3252 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
3253 WLAN_REASON_PREV_AUTH_NOT_VALID);
3254 return;
3255 }
3256 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
3257 sm->pairwise_set = TRUE;
3258
3259 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
3260 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
3261 eloop_register_timeout(sm->wpa_auth->conf.
3262 wpa_ptk_rekey, 0, wpa_rekey_ptk,
3263 sm->wpa_auth, sm);
3264 }
3265
3266 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
3267 sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP ||
3268 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) {
3269 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3270 WPA_EAPOL_authorized, 1);
3271 }
3272 }
3273
3274 if (0 /* IBSS == TRUE */) {
3275 sm->keycount++;
3276 if (sm->keycount == 2) {
3277 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3278 WPA_EAPOL_portValid, 1);
3279 }
3280 } else {
3281 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
3282 1);
3283 }
3284 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
3285 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
3286 if (sm->wpa == WPA_VERSION_WPA)
3287 sm->PInitAKeys = TRUE;
3288 else
3289 sm->has_GTK = TRUE;
3290 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3291 "pairwise key handshake completed (%s)",
3292 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
3293
3294 #ifdef CONFIG_IEEE80211R_AP
3295 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
3296 #endif /* CONFIG_IEEE80211R_AP */
3297 }
3298
3299
3300 SM_STEP(WPA_PTK)
3301 {
3302 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3303
3304 if (sm->Init)
3305 SM_ENTER(WPA_PTK, INITIALIZE);
3306 else if (sm->Disconnect
3307 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
3308 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
3309 "WPA_PTK: sm->Disconnect");
3310 SM_ENTER(WPA_PTK, DISCONNECT);
3311 }
3312 else if (sm->DeauthenticationRequest)
3313 SM_ENTER(WPA_PTK, DISCONNECTED);
3314 else if (sm->AuthenticationRequest)
3315 SM_ENTER(WPA_PTK, AUTHENTICATION);
3316 else if (sm->ReAuthenticationRequest)
3317 SM_ENTER(WPA_PTK, AUTHENTICATION2);
3318 else if (sm->PTKRequest) {
3319 if (wpa_auth_sm_ptk_update(sm) < 0)
3320 SM_ENTER(WPA_PTK, DISCONNECTED);
3321 else
3322 SM_ENTER(WPA_PTK, PTKSTART);
3323 } else switch (sm->wpa_ptk_state) {
3324 case WPA_PTK_INITIALIZE:
3325 break;
3326 case WPA_PTK_DISCONNECT:
3327 SM_ENTER(WPA_PTK, DISCONNECTED);
3328 break;
3329 case WPA_PTK_DISCONNECTED:
3330 SM_ENTER(WPA_PTK, INITIALIZE);
3331 break;
3332 case WPA_PTK_AUTHENTICATION:
3333 SM_ENTER(WPA_PTK, AUTHENTICATION2);
3334 break;
3335 case WPA_PTK_AUTHENTICATION2:
3336 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
3337 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
3338 WPA_EAPOL_keyRun) > 0)
3339 SM_ENTER(WPA_PTK, INITPMK);
3340 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
3341 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE
3342 /* FIX: && 802.1X::keyRun */)
3343 SM_ENTER(WPA_PTK, INITPSK);
3344 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP)
3345 SM_ENTER(WPA_PTK, INITPMK);
3346 break;
3347 case WPA_PTK_INITPMK:
3348 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
3349 WPA_EAPOL_keyAvailable) > 0) {
3350 SM_ENTER(WPA_PTK, PTKSTART);
3351 #ifdef CONFIG_DPP
3352 } else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && sm->pmksa) {
3353 SM_ENTER(WPA_PTK, PTKSTART);
3354 #endif /* CONFIG_DPP */
3355 } else {
3356 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3357 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3358 "INITPMK - keyAvailable = false");
3359 SM_ENTER(WPA_PTK, DISCONNECT);
3360 }
3361 break;
3362 case WPA_PTK_INITPSK:
3363 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
3364 NULL, NULL, NULL)) {
3365 SM_ENTER(WPA_PTK, PTKSTART);
3366 #ifdef CONFIG_SAE
3367 } else if (wpa_auth_uses_sae(sm) && sm->pmksa) {
3368 SM_ENTER(WPA_PTK, PTKSTART);
3369 #endif /* CONFIG_SAE */
3370 } else {
3371 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3372 "no PSK configured for the STA");
3373 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3374 SM_ENTER(WPA_PTK, DISCONNECT);
3375 }
3376 break;
3377 case WPA_PTK_PTKSTART:
3378 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3379 sm->EAPOLKeyPairwise)
3380 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3381 else if (sm->TimeoutCtr >
3382 sm->wpa_auth->conf.wpa_pairwise_update_count) {
3383 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3384 wpa_auth_vlogger(
3385 sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3386 "PTKSTART: Retry limit %u reached",
3387 sm->wpa_auth->conf.wpa_pairwise_update_count);
3388 SM_ENTER(WPA_PTK, DISCONNECT);
3389 } else if (sm->TimeoutEvt)
3390 SM_ENTER(WPA_PTK, PTKSTART);
3391 break;
3392 case WPA_PTK_PTKCALCNEGOTIATING:
3393 if (sm->MICVerified)
3394 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
3395 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3396 sm->EAPOLKeyPairwise)
3397 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3398 else if (sm->TimeoutEvt)
3399 SM_ENTER(WPA_PTK, PTKSTART);
3400 break;
3401 case WPA_PTK_PTKCALCNEGOTIATING2:
3402 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
3403 break;
3404 case WPA_PTK_PTKINITNEGOTIATING:
3405 if (sm->update_snonce)
3406 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3407 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3408 sm->EAPOLKeyPairwise && sm->MICVerified)
3409 SM_ENTER(WPA_PTK, PTKINITDONE);
3410 else if (sm->TimeoutCtr >
3411 sm->wpa_auth->conf.wpa_pairwise_update_count ||
3412 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3413 sm->TimeoutCtr > 1)) {
3414 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3415 wpa_auth_vlogger(
3416 sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3417 "PTKINITNEGOTIATING: Retry limit %u reached",
3418 sm->wpa_auth->conf.wpa_pairwise_update_count);
3419 SM_ENTER(WPA_PTK, DISCONNECT);
3420 } else if (sm->TimeoutEvt)
3421 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
3422 break;
3423 case WPA_PTK_PTKINITDONE:
3424 break;
3425 }
3426 }
3427
3428
3429 SM_STATE(WPA_PTK_GROUP, IDLE)
3430 {
3431 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
3432 if (sm->Init) {
3433 /* Init flag is not cleared here, so avoid busy
3434 * loop by claiming nothing changed. */
3435 sm->changed = FALSE;
3436 }
3437 sm->GTimeoutCtr = 0;
3438 }
3439
3440
3441 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
3442 {
3443 u8 rsc[WPA_KEY_RSC_LEN];
3444 struct wpa_group *gsm = sm->group;
3445 const u8 *kde;
3446 u8 *kde_buf = NULL, *pos, hdr[2];
3447 size_t kde_len;
3448 u8 *gtk, dummy_gtk[32];
3449
3450 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
3451
3452 sm->GTimeoutCtr++;
3453 if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3454 sm->GTimeoutCtr > 1) {
3455 /* Do not allow retransmission of EAPOL-Key group msg 1/2 */
3456 return;
3457 }
3458 if (sm->GTimeoutCtr > sm->wpa_auth->conf.wpa_group_update_count) {
3459 /* No point in sending the EAPOL-Key - we will disconnect
3460 * immediately following this. */
3461 return;
3462 }
3463
3464 if (sm->wpa == WPA_VERSION_WPA)
3465 sm->PInitAKeys = FALSE;
3466 sm->TimeoutEvt = FALSE;
3467 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
3468 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
3469 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
3470 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
3471 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3472 "sending 1/2 msg of Group Key Handshake");
3473
3474 gtk = gsm->GTK[gsm->GN - 1];
3475 if (sm->wpa_auth->conf.disable_gtk ||
3476 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
3477 /*
3478 * Provide unique random GTK to each STA to prevent use
3479 * of GTK in the BSS.
3480 */
3481 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
3482 return;
3483 gtk = dummy_gtk;
3484 }
3485 if (sm->wpa == WPA_VERSION_WPA2) {
3486 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
3487 ieee80211w_kde_len(sm) + ocv_oci_len(sm);
3488 kde_buf = os_malloc(kde_len);
3489 if (kde_buf == NULL)
3490 return;
3491
3492 kde = pos = kde_buf;
3493 hdr[0] = gsm->GN & 0x03;
3494 hdr[1] = 0;
3495 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
3496 gtk, gsm->GTK_len);
3497 pos = ieee80211w_kde_add(sm, pos);
3498 if (ocv_oci_add(sm, &pos) < 0) {
3499 os_free(kde_buf);
3500 return;
3501 }
3502 kde_len = pos - kde;
3503 } else {
3504 kde = gtk;
3505 kde_len = gsm->GTK_len;
3506 }
3507
3508 wpa_send_eapol(sm->wpa_auth, sm,
3509 WPA_KEY_INFO_SECURE |
3510 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
3511 WPA_KEY_INFO_MIC : 0) |
3512 WPA_KEY_INFO_ACK |
3513 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
3514 rsc, NULL, kde, kde_len, gsm->GN, 1);
3515
3516 os_free(kde_buf);
3517 }
3518
3519
3520 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
3521 {
3522 #ifdef CONFIG_OCV
3523 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3524 const u8 *key_data, *mic;
3525 struct ieee802_1x_hdr *hdr;
3526 struct wpa_eapol_key *key;
3527 struct wpa_eapol_ie_parse kde;
3528 size_t mic_len;
3529 u16 key_data_length;
3530 #endif /* CONFIG_OCV */
3531
3532 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
3533 sm->EAPOLKeyReceived = FALSE;
3534
3535 #ifdef CONFIG_OCV
3536 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
3537
3538 /*
3539 * Note: last_rx_eapol_key length fields have already been validated in
3540 * wpa_receive().
3541 */
3542 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
3543 key = (struct wpa_eapol_key *) (hdr + 1);
3544 mic = (u8 *) (key + 1);
3545 key_data = mic + mic_len + 2;
3546 key_data_length = WPA_GET_BE16(mic + mic_len);
3547 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
3548 sizeof(*key) - mic_len - 2)
3549 return;
3550
3551 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
3552 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
3553 "received EAPOL-Key group msg 2/2 with invalid Key Data contents");
3554 return;
3555 }
3556
3557 if (wpa_auth_uses_ocv(sm)) {
3558 struct wpa_channel_info ci;
3559 int tx_chanwidth;
3560 int tx_seg1_idx;
3561
3562 if (wpa_channel_info(wpa_auth, &ci) != 0) {
3563 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3564 "Failed to get channel info to validate received OCI in EAPOL-Key group 1/2");
3565 return;
3566 }
3567
3568 if (get_sta_tx_parameters(sm,
3569 channel_width_to_int(ci.chanwidth),
3570 ci.seg1_idx, &tx_chanwidth,
3571 &tx_seg1_idx) < 0)
3572 return;
3573
3574 if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci,
3575 tx_chanwidth, tx_seg1_idx) != 0) {
3576 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3577 ocv_errorstr);
3578 return;
3579 }
3580 }
3581 #endif /* CONFIG_OCV */
3582
3583 if (sm->GUpdateStationKeys)
3584 sm->group->GKeyDoneStations--;
3585 sm->GUpdateStationKeys = FALSE;
3586 sm->GTimeoutCtr = 0;
3587 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
3588 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3589 "group key handshake completed (%s)",
3590 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
3591 sm->has_GTK = TRUE;
3592 }
3593
3594
3595 SM_STATE(WPA_PTK_GROUP, KEYERROR)
3596 {
3597 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
3598 if (sm->GUpdateStationKeys)
3599 sm->group->GKeyDoneStations--;
3600 sm->GUpdateStationKeys = FALSE;
3601 sm->Disconnect = TRUE;
3602 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3603 "group key handshake failed (%s) after %u tries",
3604 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN",
3605 sm->wpa_auth->conf.wpa_group_update_count);
3606 }
3607
3608
3609 SM_STEP(WPA_PTK_GROUP)
3610 {
3611 if (sm->Init || sm->PtkGroupInit) {
3612 SM_ENTER(WPA_PTK_GROUP, IDLE);
3613 sm->PtkGroupInit = FALSE;
3614 } else switch (sm->wpa_ptk_group_state) {
3615 case WPA_PTK_GROUP_IDLE:
3616 if (sm->GUpdateStationKeys ||
3617 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
3618 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
3619 break;
3620 case WPA_PTK_GROUP_REKEYNEGOTIATING:
3621 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3622 !sm->EAPOLKeyPairwise && sm->MICVerified)
3623 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
3624 else if (sm->GTimeoutCtr >
3625 sm->wpa_auth->conf.wpa_group_update_count ||
3626 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3627 sm->GTimeoutCtr > 1))
3628 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
3629 else if (sm->TimeoutEvt)
3630 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
3631 break;
3632 case WPA_PTK_GROUP_KEYERROR:
3633 SM_ENTER(WPA_PTK_GROUP, IDLE);
3634 break;
3635 case WPA_PTK_GROUP_REKEYESTABLISHED:
3636 SM_ENTER(WPA_PTK_GROUP, IDLE);
3637 break;
3638 }
3639 }
3640
3641
3642 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
3643 struct wpa_group *group)
3644 {
3645 int ret = 0;
3646
3647 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
3648 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3649 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
3650 wpa_auth->addr, group->GNonce,
3651 group->GTK[group->GN - 1], group->GTK_len) < 0)
3652 ret = -1;
3653 wpa_hexdump_key(MSG_DEBUG, "GTK",
3654 group->GTK[group->GN - 1], group->GTK_len);
3655
3656 #ifdef CONFIG_IEEE80211W
3657 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
3658 size_t len;
3659 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
3660 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
3661 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3662 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
3663 wpa_auth->addr, group->GNonce,
3664 group->IGTK[group->GN_igtk - 4], len) < 0)
3665 ret = -1;
3666 wpa_hexdump_key(MSG_DEBUG, "IGTK",
3667 group->IGTK[group->GN_igtk - 4], len);
3668 }
3669 #endif /* CONFIG_IEEE80211W */
3670
3671 return ret;
3672 }
3673
3674
3675 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
3676 struct wpa_group *group)
3677 {
3678 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3679 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
3680 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
3681 group->wpa_group_state = WPA_GROUP_GTK_INIT;
3682
3683 /* GTK[0..N] = 0 */
3684 os_memset(group->GTK, 0, sizeof(group->GTK));
3685 group->GN = 1;
3686 group->GM = 2;
3687 #ifdef CONFIG_IEEE80211W
3688 group->GN_igtk = 4;
3689 group->GM_igtk = 5;
3690 #endif /* CONFIG_IEEE80211W */
3691 /* GTK[GN] = CalcGTK() */
3692 wpa_gtk_update(wpa_auth, group);
3693 }
3694
3695
3696 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
3697 {
3698 if (ctx != NULL && ctx != sm->group)
3699 return 0;
3700
3701 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
3702 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3703 "Not in PTKINITDONE; skip Group Key update");
3704 sm->GUpdateStationKeys = FALSE;
3705 return 0;
3706 }
3707 if (sm->GUpdateStationKeys) {
3708 /*
3709 * This should not really happen, so add a debug log entry.
3710 * Since we clear the GKeyDoneStations before the loop, the
3711 * station needs to be counted here anyway.
3712 */
3713 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3714 "GUpdateStationKeys was already set when "
3715 "marking station for GTK rekeying");
3716 }
3717
3718 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
3719 if (sm->is_wnmsleep)
3720 return 0;
3721
3722 sm->group->GKeyDoneStations++;
3723 sm->GUpdateStationKeys = TRUE;
3724
3725 wpa_sm_step(sm);
3726 return 0;
3727 }
3728
3729
3730 #ifdef CONFIG_WNM_AP
3731 /* update GTK when exiting WNM-Sleep Mode */
3732 void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
3733 {
3734 if (sm == NULL || sm->is_wnmsleep)
3735 return;
3736
3737 wpa_group_update_sta(sm, NULL);
3738 }
3739
3740
3741 void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
3742 {
3743 if (sm)
3744 sm->is_wnmsleep = !!flag;
3745 }
3746
3747
3748 int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
3749 {
3750 struct wpa_group *gsm = sm->group;
3751 u8 *start = pos;
3752
3753 /*
3754 * GTK subelement:
3755 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
3756 * Key[5..32]
3757 */
3758 *pos++ = WNM_SLEEP_SUBELEM_GTK;
3759 *pos++ = 11 + gsm->GTK_len;
3760 /* Key ID in B0-B1 of Key Info */
3761 WPA_PUT_LE16(pos, gsm->GN & 0x03);
3762 pos += 2;
3763 *pos++ = gsm->GTK_len;
3764 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
3765 return 0;
3766 pos += 8;
3767 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
3768 pos += gsm->GTK_len;
3769
3770 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
3771 gsm->GN);
3772 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
3773 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
3774
3775 return pos - start;
3776 }
3777
3778
3779 #ifdef CONFIG_IEEE80211W
3780 int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
3781 {
3782 struct wpa_group *gsm = sm->group;
3783 u8 *start = pos;
3784 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
3785
3786 /*
3787 * IGTK subelement:
3788 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
3789 */
3790 *pos++ = WNM_SLEEP_SUBELEM_IGTK;
3791 *pos++ = 2 + 6 + len;
3792 WPA_PUT_LE16(pos, gsm->GN_igtk);
3793 pos += 2;
3794 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
3795 return 0;
3796 pos += 6;
3797
3798 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
3799 pos += len;
3800
3801 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
3802 gsm->GN_igtk);
3803 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
3804 gsm->IGTK[gsm->GN_igtk - 4], len);
3805
3806 return pos - start;
3807 }
3808 #endif /* CONFIG_IEEE80211W */
3809 #endif /* CONFIG_WNM_AP */
3810
3811
3812 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
3813 struct wpa_group *group)
3814 {
3815 int tmp;
3816
3817 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3818 "SETKEYS (VLAN-ID %d)", group->vlan_id);
3819 group->changed = TRUE;
3820 group->wpa_group_state = WPA_GROUP_SETKEYS;
3821 group->GTKReKey = FALSE;
3822 tmp = group->GM;
3823 group->GM = group->GN;
3824 group->GN = tmp;
3825 #ifdef CONFIG_IEEE80211W
3826 tmp = group->GM_igtk;
3827 group->GM_igtk = group->GN_igtk;
3828 group->GN_igtk = tmp;
3829 #endif /* CONFIG_IEEE80211W */
3830 /* "GKeyDoneStations = GNoStations" is done in more robust way by
3831 * counting the STAs that are marked with GUpdateStationKeys instead of
3832 * including all STAs that could be in not-yet-completed state. */
3833 wpa_gtk_update(wpa_auth, group);
3834
3835 if (group->GKeyDoneStations) {
3836 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
3837 "GKeyDoneStations=%d when starting new GTK rekey",
3838 group->GKeyDoneStations);
3839 group->GKeyDoneStations = 0;
3840 }
3841 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
3842 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
3843 group->GKeyDoneStations);
3844 }
3845
3846
3847 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
3848 struct wpa_group *group)
3849 {
3850 int ret = 0;
3851
3852 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
3853 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
3854 broadcast_ether_addr, group->GN,
3855 group->GTK[group->GN - 1], group->GTK_len) < 0)
3856 ret = -1;
3857
3858 #ifdef CONFIG_IEEE80211W
3859 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
3860 enum wpa_alg alg;
3861 size_t len;
3862
3863 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
3864 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
3865
3866 if (ret == 0 &&
3867 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
3868 broadcast_ether_addr, group->GN_igtk,
3869 group->IGTK[group->GN_igtk - 4], len) < 0)
3870 ret = -1;
3871 }
3872 #endif /* CONFIG_IEEE80211W */
3873
3874 return ret;
3875 }
3876
3877
3878 static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
3879 {
3880 if (sm->group == ctx) {
3881 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
3882 " for discconnection due to fatal failure",
3883 MAC2STR(sm->addr));
3884 sm->Disconnect = TRUE;
3885 }
3886
3887 return 0;
3888 }
3889
3890
3891 static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
3892 struct wpa_group *group)
3893 {
3894 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
3895 group->changed = TRUE;
3896 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
3897 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
3898 }
3899
3900
3901 static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
3902 struct wpa_group *group)
3903 {
3904 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3905 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
3906 group->changed = TRUE;
3907 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
3908
3909 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
3910 wpa_group_fatal_failure(wpa_auth, group);
3911 return -1;
3912 }
3913
3914 return 0;
3915 }
3916
3917
3918 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
3919 struct wpa_group *group)
3920 {
3921 if (group->GInit) {
3922 wpa_group_gtk_init(wpa_auth, group);
3923 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
3924 /* Do not allow group operations */
3925 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
3926 group->GTKAuthenticator) {
3927 wpa_group_setkeysdone(wpa_auth, group);
3928 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
3929 group->GTKReKey) {
3930 wpa_group_setkeys(wpa_auth, group);
3931 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
3932 if (group->GKeyDoneStations == 0)
3933 wpa_group_setkeysdone(wpa_auth, group);
3934 else if (group->GTKReKey)
3935 wpa_group_setkeys(wpa_auth, group);
3936 }
3937 }
3938
3939
3940 static int wpa_sm_step(struct wpa_state_machine *sm)
3941 {
3942 if (sm == NULL)
3943 return 0;
3944
3945 if (sm->in_step_loop) {
3946 /* This should not happen, but if it does, make sure we do not
3947 * end up freeing the state machine too early by exiting the
3948 * recursive call. */
3949 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
3950 return 0;
3951 }
3952
3953 sm->in_step_loop = 1;
3954 do {
3955 if (sm->pending_deinit)
3956 break;
3957
3958 sm->changed = FALSE;
3959 sm->wpa_auth->group->changed = FALSE;
3960
3961 SM_STEP_RUN(WPA_PTK);
3962 if (sm->pending_deinit)
3963 break;
3964 SM_STEP_RUN(WPA_PTK_GROUP);
3965 if (sm->pending_deinit)
3966 break;
3967 wpa_group_sm_step(sm->wpa_auth, sm->group);
3968 } while (sm->changed || sm->wpa_auth->group->changed);
3969 sm->in_step_loop = 0;
3970
3971 if (sm->pending_deinit) {
3972 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
3973 "machine deinit for " MACSTR, MAC2STR(sm->addr));
3974 wpa_free_sta_sm(sm);
3975 return 1;
3976 }
3977 return 0;
3978 }
3979
3980
3981 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
3982 {
3983 struct wpa_state_machine *sm = eloop_ctx;
3984 wpa_sm_step(sm);
3985 }
3986
3987
3988 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
3989 {
3990 if (sm == NULL)
3991 return;
3992 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
3993 }
3994
3995
3996 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
3997 {
3998 int tmp, i;
3999 struct wpa_group *group;
4000
4001 if (wpa_auth == NULL)
4002 return;
4003
4004 group = wpa_auth->group;
4005
4006 for (i = 0; i < 2; i++) {
4007 tmp = group->GM;
4008 group->GM = group->GN;
4009 group->GN = tmp;
4010 #ifdef CONFIG_IEEE80211W
4011 tmp = group->GM_igtk;
4012 group->GM_igtk = group->GN_igtk;
4013 group->GN_igtk = tmp;
4014 #endif /* CONFIG_IEEE80211W */
4015 wpa_gtk_update(wpa_auth, group);
4016 wpa_group_config_group_keys(wpa_auth, group);
4017 }
4018 }
4019
4020
4021 static const char * wpa_bool_txt(int val)
4022 {
4023 return val ? "TRUE" : "FALSE";
4024 }
4025
4026
4027 #define RSN_SUITE "%02x-%02x-%02x-%d"
4028 #define RSN_SUITE_ARG(s) \
4029 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
4030
4031 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
4032 {
4033 int len = 0, ret;
4034 char pmkid_txt[PMKID_LEN * 2 + 1];
4035 #ifdef CONFIG_RSN_PREAUTH
4036 const int preauth = 1;
4037 #else /* CONFIG_RSN_PREAUTH */
4038 const int preauth = 0;
4039 #endif /* CONFIG_RSN_PREAUTH */
4040
4041 if (wpa_auth == NULL)
4042 return len;
4043
4044 ret = os_snprintf(buf + len, buflen - len,
4045 "dot11RSNAOptionImplemented=TRUE\n"
4046 "dot11RSNAPreauthenticationImplemented=%s\n"
4047 "dot11RSNAEnabled=%s\n"
4048 "dot11RSNAPreauthenticationEnabled=%s\n",
4049 wpa_bool_txt(preauth),
4050 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
4051 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
4052 if (os_snprintf_error(buflen - len, ret))
4053 return len;
4054 len += ret;
4055
4056 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
4057 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
4058
4059 ret = os_snprintf(
4060 buf + len, buflen - len,
4061 "dot11RSNAConfigVersion=%u\n"
4062 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
4063 /* FIX: dot11RSNAConfigGroupCipher */
4064 /* FIX: dot11RSNAConfigGroupRekeyMethod */
4065 /* FIX: dot11RSNAConfigGroupRekeyTime */
4066 /* FIX: dot11RSNAConfigGroupRekeyPackets */
4067 "dot11RSNAConfigGroupRekeyStrict=%u\n"
4068 "dot11RSNAConfigGroupUpdateCount=%u\n"
4069 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
4070 "dot11RSNAConfigGroupCipherSize=%u\n"
4071 "dot11RSNAConfigPMKLifetime=%u\n"
4072 "dot11RSNAConfigPMKReauthThreshold=%u\n"
4073 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
4074 "dot11RSNAConfigSATimeout=%u\n"
4075 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
4076 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
4077 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
4078 "dot11RSNAPMKIDUsed=%s\n"
4079 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
4080 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
4081 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
4082 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
4083 "dot11RSNA4WayHandshakeFailures=%u\n"
4084 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
4085 RSN_VERSION,
4086 !!wpa_auth->conf.wpa_strict_rekey,
4087 wpa_auth->conf.wpa_group_update_count,
4088 wpa_auth->conf.wpa_pairwise_update_count,
4089 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
4090 dot11RSNAConfigPMKLifetime,
4091 dot11RSNAConfigPMKReauthThreshold,
4092 dot11RSNAConfigSATimeout,
4093 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
4094 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
4095 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
4096 pmkid_txt,
4097 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
4098 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
4099 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
4100 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
4101 wpa_auth->dot11RSNA4WayHandshakeFailures);
4102 if (os_snprintf_error(buflen - len, ret))
4103 return len;
4104 len += ret;
4105
4106 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
4107 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
4108
4109 /* Private MIB */
4110 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
4111 wpa_auth->group->wpa_group_state);
4112 if (os_snprintf_error(buflen - len, ret))
4113 return len;
4114 len += ret;
4115
4116 return len;
4117 }
4118
4119
4120 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
4121 {
4122 int len = 0, ret;
4123 u32 pairwise = 0;
4124
4125 if (sm == NULL)
4126 return 0;
4127
4128 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
4129
4130 /* dot11RSNAStatsEntry */
4131
4132 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
4133 WPA_PROTO_RSN : WPA_PROTO_WPA,
4134 sm->pairwise);
4135 if (pairwise == 0)
4136 return 0;
4137
4138 ret = os_snprintf(
4139 buf + len, buflen - len,
4140 /* TODO: dot11RSNAStatsIndex */
4141 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
4142 "dot11RSNAStatsVersion=1\n"
4143 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
4144 /* TODO: dot11RSNAStatsTKIPICVErrors */
4145 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
4146 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
4147 /* TODO: dot11RSNAStatsCCMPReplays */
4148 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
4149 /* TODO: dot11RSNAStatsTKIPReplays */,
4150 MAC2STR(sm->addr),
4151 RSN_SUITE_ARG(pairwise),
4152 sm->dot11RSNAStatsTKIPLocalMICFailures,
4153 sm->dot11RSNAStatsTKIPRemoteMICFailures);
4154 if (os_snprintf_error(buflen - len, ret))
4155 return len;
4156 len += ret;
4157
4158 /* Private MIB */
4159 ret = os_snprintf(buf + len, buflen - len,
4160 "hostapdWPAPTKState=%d\n"
4161 "hostapdWPAPTKGroupState=%d\n",
4162 sm->wpa_ptk_state,
4163 sm->wpa_ptk_group_state);
4164 if (os_snprintf_error(buflen - len, ret))
4165 return len;
4166 len += ret;
4167
4168 return len;
4169 }
4170
4171
4172 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
4173 {
4174 if (wpa_auth)
4175 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
4176 }
4177
4178
4179 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
4180 {
4181 return sm && sm->pairwise_set;
4182 }
4183
4184
4185 int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
4186 {
4187 return sm->pairwise;
4188 }
4189
4190
4191 const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len)
4192 {
4193 if (!sm)
4194 return NULL;
4195 *len = sm->pmk_len;
4196 return sm->PMK;
4197 }
4198
4199
4200 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
4201 {
4202 if (sm == NULL)
4203 return -1;
4204 return sm->wpa_key_mgmt;
4205 }
4206
4207
4208 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
4209 {
4210 if (sm == NULL)
4211 return 0;
4212 return sm->wpa;
4213 }
4214
4215
4216 int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
4217 {
4218 if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
4219 return 0;
4220 return sm->tk_already_set;
4221 }
4222
4223
4224 int wpa_auth_sta_fils_tk_already_set(struct wpa_state_machine *sm)
4225 {
4226 if (!sm || !wpa_key_mgmt_fils(sm->wpa_key_mgmt))
4227 return 0;
4228 return sm->tk_already_set;
4229 }
4230
4231
4232 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
4233 struct rsn_pmksa_cache_entry *entry)
4234 {
4235 if (sm == NULL || sm->pmksa != entry)
4236 return -1;
4237 sm->pmksa = NULL;
4238 return 0;
4239 }
4240
4241
4242 struct rsn_pmksa_cache_entry *
4243 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
4244 {
4245 return sm ? sm->pmksa : NULL;
4246 }
4247
4248
4249 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
4250 {
4251 if (sm)
4252 sm->dot11RSNAStatsTKIPLocalMICFailures++;
4253 }
4254
4255
4256 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
4257 {
4258 if (wpa_auth == NULL)
4259 return NULL;
4260 *len = wpa_auth->wpa_ie_len;
4261 return wpa_auth->wpa_ie;
4262 }
4263
4264
4265 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
4266 unsigned int pmk_len,
4267 int session_timeout, struct eapol_state_machine *eapol)
4268 {
4269 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
4270 sm->wpa_auth->conf.disable_pmksa_caching)
4271 return -1;
4272
4273 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
4274 if (pmk_len > PMK_LEN_SUITE_B_192)
4275 pmk_len = PMK_LEN_SUITE_B_192;
4276 } else if (pmk_len > PMK_LEN) {
4277 pmk_len = PMK_LEN;
4278 }
4279
4280 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
4281 sm->PTK.kck, sm->PTK.kck_len,
4282 sm->wpa_auth->addr, sm->addr, session_timeout,
4283 eapol, sm->wpa_key_mgmt))
4284 return 0;
4285
4286 return -1;
4287 }
4288
4289
4290 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
4291 const u8 *pmk, size_t len, const u8 *sta_addr,
4292 int session_timeout,
4293 struct eapol_state_machine *eapol)
4294 {
4295 if (wpa_auth == NULL)
4296 return -1;
4297
4298 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, NULL,
4299 NULL, 0,
4300 wpa_auth->addr,
4301 sta_addr, session_timeout, eapol,
4302 WPA_KEY_MGMT_IEEE8021X))
4303 return 0;
4304
4305 return -1;
4306 }
4307
4308
4309 int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
4310 const u8 *pmk, const u8 *pmkid)
4311 {
4312 if (wpa_auth->conf.disable_pmksa_caching)
4313 return -1;
4314
4315 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, pmkid,
4316 NULL, 0,
4317 wpa_auth->addr, addr, 0, NULL,
4318 WPA_KEY_MGMT_SAE))
4319 return 0;
4320
4321 return -1;
4322 }
4323
4324
4325 void wpa_auth_add_sae_pmkid(struct wpa_state_machine *sm, const u8 *pmkid)
4326 {
4327 os_memcpy(sm->pmkid, pmkid, PMKID_LEN);
4328 sm->pmkid_set = 1;
4329 }
4330
4331
4332 int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr,
4333 const u8 *pmk, size_t pmk_len, const u8 *pmkid,
4334 int session_timeout, int akmp)
4335 {
4336 if (wpa_auth->conf.disable_pmksa_caching)
4337 return -1;
4338
4339 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
4340 NULL, 0, wpa_auth->addr, addr, session_timeout,
4341 NULL, akmp))
4342 return 0;
4343
4344 return -1;
4345 }
4346
4347
4348 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
4349 const u8 *sta_addr)
4350 {
4351 struct rsn_pmksa_cache_entry *pmksa;
4352
4353 if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
4354 return;
4355 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
4356 if (pmksa) {
4357 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
4358 MACSTR " based on request", MAC2STR(sta_addr));
4359 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
4360 }
4361 }
4362
4363
4364 int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
4365 size_t len)
4366 {
4367 if (!wpa_auth || !wpa_auth->pmksa)
4368 return 0;
4369 return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
4370 }
4371
4372
4373 void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
4374 {
4375 if (wpa_auth && wpa_auth->pmksa)
4376 pmksa_cache_auth_flush(wpa_auth->pmksa);
4377 }
4378
4379
4380 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
4381 #ifdef CONFIG_MESH
4382
4383 int wpa_auth_pmksa_list_mesh(struct wpa_authenticator *wpa_auth, const u8 *addr,
4384 char *buf, size_t len)
4385 {
4386 if (!wpa_auth || !wpa_auth->pmksa)
4387 return 0;
4388
4389 return pmksa_cache_auth_list_mesh(wpa_auth->pmksa, addr, buf, len);
4390 }
4391
4392
4393 struct rsn_pmksa_cache_entry *
4394 wpa_auth_pmksa_create_entry(const u8 *aa, const u8 *spa, const u8 *pmk,
4395 const u8 *pmkid, int expiration)
4396 {
4397 struct rsn_pmksa_cache_entry *entry;
4398 struct os_reltime now;
4399
4400 entry = pmksa_cache_auth_create_entry(pmk, PMK_LEN, pmkid, NULL, 0, aa,
4401 spa, 0, NULL, WPA_KEY_MGMT_SAE);
4402 if (!entry)
4403 return NULL;
4404
4405 os_get_reltime(&now);
4406 entry->expiration = now.sec + expiration;
4407 return entry;
4408 }
4409
4410
4411 int wpa_auth_pmksa_add_entry(struct wpa_authenticator *wpa_auth,
4412 struct rsn_pmksa_cache_entry *entry)
4413 {
4414 int ret;
4415
4416 if (!wpa_auth || !wpa_auth->pmksa)
4417 return -1;
4418
4419 ret = pmksa_cache_auth_add_entry(wpa_auth->pmksa, entry);
4420 if (ret < 0)
4421 wpa_printf(MSG_DEBUG,
4422 "RSN: Failed to store external PMKSA cache for "
4423 MACSTR, MAC2STR(entry->spa));
4424
4425 return ret;
4426 }
4427
4428 #endif /* CONFIG_MESH */
4429 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
4430
4431
4432 struct rsn_pmksa_cache_entry *
4433 wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
4434 const u8 *pmkid)
4435 {
4436 if (!wpa_auth || !wpa_auth->pmksa)
4437 return NULL;
4438 return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, pmkid);
4439 }
4440
4441
4442 void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
4443 struct wpa_state_machine *sm,
4444 struct wpa_authenticator *wpa_auth,
4445 u8 *pmkid, u8 *pmk)
4446 {
4447 if (!sm)
4448 return;
4449
4450 sm->pmksa = pmksa;
4451 os_memcpy(pmk, pmksa->pmk, PMK_LEN);
4452 os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN);
4453 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
4454 }
4455
4456
4457 /*
4458 * Remove and free the group from wpa_authenticator. This is triggered by a
4459 * callback to make sure nobody is currently iterating the group list while it
4460 * gets modified.
4461 */
4462 static void wpa_group_free(struct wpa_authenticator *wpa_auth,
4463 struct wpa_group *group)
4464 {
4465 struct wpa_group *prev = wpa_auth->group;
4466
4467 wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
4468 group->vlan_id);
4469
4470 while (prev) {
4471 if (prev->next == group) {
4472 /* This never frees the special first group as needed */
4473 prev->next = group->next;
4474 os_free(group);
4475 break;
4476 }
4477 prev = prev->next;
4478 }
4479
4480 }
4481
4482
4483 /* Increase the reference counter for group */
4484 static void wpa_group_get(struct wpa_authenticator *wpa_auth,
4485 struct wpa_group *group)
4486 {
4487 /* Skip the special first group */
4488 if (wpa_auth->group == group)
4489 return;
4490
4491 group->references++;
4492 }
4493
4494
4495 /* Decrease the reference counter and maybe free the group */
4496 static void wpa_group_put(struct wpa_authenticator *wpa_auth,
4497 struct wpa_group *group)
4498 {
4499 /* Skip the special first group */
4500 if (wpa_auth->group == group)
4501 return;
4502
4503 group->references--;
4504 if (group->references)
4505 return;
4506 wpa_group_free(wpa_auth, group);
4507 }
4508
4509
4510 /*
4511 * Add a group that has its references counter set to zero. Caller needs to
4512 * call wpa_group_get() on the return value to mark the entry in use.
4513 */
4514 static struct wpa_group *
4515 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4516 {
4517 struct wpa_group *group;
4518
4519 if (wpa_auth == NULL || wpa_auth->group == NULL)
4520 return NULL;
4521
4522 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
4523 vlan_id);
4524 group = wpa_group_init(wpa_auth, vlan_id, 0);
4525 if (group == NULL)
4526 return NULL;
4527
4528 group->next = wpa_auth->group->next;
4529 wpa_auth->group->next = group;
4530
4531 return group;
4532 }
4533
4534
4535 /*
4536 * Enforce that the group state machine for the VLAN is running, increase
4537 * reference counter as interface is up. References might have been increased
4538 * even if a negative value is returned.
4539 * Returns: -1 on error (group missing, group already failed); otherwise, 0
4540 */
4541 int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4542 {
4543 struct wpa_group *group;
4544
4545 if (wpa_auth == NULL)
4546 return 0;
4547
4548 group = wpa_auth->group;
4549 while (group) {
4550 if (group->vlan_id == vlan_id)
4551 break;
4552 group = group->next;
4553 }
4554
4555 if (group == NULL) {
4556 group = wpa_auth_add_group(wpa_auth, vlan_id);
4557 if (group == NULL)
4558 return -1;
4559 }
4560
4561 wpa_printf(MSG_DEBUG,
4562 "WPA: Ensure group state machine running for VLAN ID %d",
4563 vlan_id);
4564
4565 wpa_group_get(wpa_auth, group);
4566 group->num_setup_iface++;
4567
4568 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
4569 return -1;
4570
4571 return 0;
4572 }
4573
4574
4575 /*
4576 * Decrease reference counter, expected to be zero afterwards.
4577 * returns: -1 on error (group not found, group in fail state)
4578 * -2 if wpa_group is still referenced
4579 * 0 else
4580 */
4581 int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4582 {
4583 struct wpa_group *group;
4584 int ret = 0;
4585
4586 if (wpa_auth == NULL)
4587 return 0;
4588
4589 group = wpa_auth->group;
4590 while (group) {
4591 if (group->vlan_id == vlan_id)
4592 break;
4593 group = group->next;
4594 }
4595
4596 if (group == NULL)
4597 return -1;
4598
4599 wpa_printf(MSG_DEBUG,
4600 "WPA: Try stopping group state machine for VLAN ID %d",
4601 vlan_id);
4602
4603 if (group->num_setup_iface <= 0) {
4604 wpa_printf(MSG_ERROR,
4605 "WPA: wpa_auth_release_group called more often than wpa_auth_ensure_group for VLAN ID %d, skipping.",
4606 vlan_id);
4607 return -1;
4608 }
4609 group->num_setup_iface--;
4610
4611 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
4612 ret = -1;
4613
4614 if (group->references > 1) {
4615 wpa_printf(MSG_DEBUG,
4616 "WPA: Cannot stop group state machine for VLAN ID %d as references are still hold",
4617 vlan_id);
4618 ret = -2;
4619 }
4620
4621 wpa_group_put(wpa_auth, group);
4622
4623 return ret;
4624 }
4625
4626
4627 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
4628 {
4629 struct wpa_group *group;
4630
4631 if (sm == NULL || sm->wpa_auth == NULL)
4632 return 0;
4633
4634 group = sm->wpa_auth->group;
4635 while (group) {
4636 if (group->vlan_id == vlan_id)
4637 break;
4638 group = group->next;
4639 }
4640
4641 if (group == NULL) {
4642 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
4643 if (group == NULL)
4644 return -1;
4645 }
4646
4647 if (sm->group == group)
4648 return 0;
4649
4650 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
4651 return -1;
4652
4653 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
4654 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
4655
4656 wpa_group_get(sm->wpa_auth, group);
4657 wpa_group_put(sm->wpa_auth, sm->group);
4658 sm->group = group;
4659
4660 return 0;
4661 }
4662
4663
4664 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
4665 struct wpa_state_machine *sm, int ack)
4666 {
4667 if (wpa_auth == NULL || sm == NULL)
4668 return;
4669 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
4670 " ack=%d", MAC2STR(sm->addr), ack);
4671 if (sm->pending_1_of_4_timeout && ack) {
4672 /*
4673 * Some deployed supplicant implementations update their SNonce
4674 * for each EAPOL-Key 2/4 message even within the same 4-way
4675 * handshake and then fail to use the first SNonce when
4676 * deriving the PTK. This results in unsuccessful 4-way
4677 * handshake whenever the relatively short initial timeout is
4678 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
4679 * around this by increasing the timeout now that we know that
4680 * the station has received the frame.
4681 */
4682 int timeout_ms = eapol_key_timeout_subseq;
4683 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
4684 "timeout by %u ms because of acknowledged frame",
4685 timeout_ms);
4686 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
4687 eloop_register_timeout(timeout_ms / 1000,
4688 (timeout_ms % 1000) * 1000,
4689 wpa_send_eapol_timeout, wpa_auth, sm);
4690 }
4691
4692 #ifdef CONFIG_TESTING_OPTIONS
4693 if (sm->eapol_status_cb) {
4694 sm->eapol_status_cb(sm->eapol_status_cb_ctx1,
4695 sm->eapol_status_cb_ctx2);
4696 sm->eapol_status_cb = NULL;
4697 }
4698 #endif /* CONFIG_TESTING_OPTIONS */
4699 }
4700
4701
4702 int wpa_auth_uses_sae(struct wpa_state_machine *sm)
4703 {
4704 if (sm == NULL)
4705 return 0;
4706 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
4707 }
4708
4709
4710 int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
4711 {
4712 if (sm == NULL)
4713 return 0;
4714 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
4715 }
4716
4717
4718 #ifdef CONFIG_P2P
4719 int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
4720 {
4721 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
4722 return -1;
4723 os_memcpy(addr, sm->ip_addr, 4);
4724 return 0;
4725 }
4726 #endif /* CONFIG_P2P */
4727
4728
4729 int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
4730 struct radius_das_attrs *attr)
4731 {
4732 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
4733 }
4734
4735
4736 void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth)
4737 {
4738 struct wpa_group *group;
4739
4740 if (!wpa_auth)
4741 return;
4742 for (group = wpa_auth->group; group; group = group->next)
4743 wpa_group_config_group_keys(wpa_auth, group);
4744 }
4745
4746
4747 #ifdef CONFIG_FILS
4748
4749 struct wpa_auth_fils_iter_data {
4750 struct wpa_authenticator *auth;
4751 const u8 *cache_id;
4752 struct rsn_pmksa_cache_entry *pmksa;
4753 const u8 *spa;
4754 const u8 *pmkid;
4755 };
4756
4757
4758 static int wpa_auth_fils_iter(struct wpa_authenticator *a, void *ctx)
4759 {
4760 struct wpa_auth_fils_iter_data *data = ctx;
4761
4762 if (a == data->auth || !a->conf.fils_cache_id_set ||
4763 os_memcmp(a->conf.fils_cache_id, data->cache_id,
4764 FILS_CACHE_ID_LEN) != 0)
4765 return 0;
4766 data->pmksa = pmksa_cache_auth_get(a->pmksa, data->spa, data->pmkid);
4767 return data->pmksa != NULL;
4768 }
4769
4770
4771 struct rsn_pmksa_cache_entry *
4772 wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
4773 const u8 *sta_addr, const u8 *pmkid)
4774 {
4775 struct wpa_auth_fils_iter_data idata;
4776
4777 if (!wpa_auth->conf.fils_cache_id_set)
4778 return NULL;
4779 idata.auth = wpa_auth;
4780 idata.cache_id = wpa_auth->conf.fils_cache_id;
4781 idata.pmksa = NULL;
4782 idata.spa = sta_addr;
4783 idata.pmkid = pmkid;
4784 wpa_auth_for_each_auth(wpa_auth, wpa_auth_fils_iter, &idata);
4785 return idata.pmksa;
4786 }
4787
4788
4789 #ifdef CONFIG_IEEE80211R_AP
4790 int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, int use_sha384,
4791 u8 *buf, size_t len)
4792 {
4793 struct wpa_auth_config *conf = &wpa_auth->conf;
4794
4795 return wpa_write_ftie(conf, use_sha384, conf->r0_key_holder,
4796 conf->r0_key_holder_len,
4797 NULL, NULL, buf, len, NULL, 0);
4798 }
4799 #endif /* CONFIG_IEEE80211R_AP */
4800
4801
4802 void wpa_auth_get_fils_aead_params(struct wpa_state_machine *sm,
4803 u8 *fils_anonce, u8 *fils_snonce,
4804 u8 *fils_kek, size_t *fils_kek_len)
4805 {
4806 os_memcpy(fils_anonce, sm->ANonce, WPA_NONCE_LEN);
4807 os_memcpy(fils_snonce, sm->SNonce, WPA_NONCE_LEN);
4808 os_memcpy(fils_kek, sm->PTK.kek, WPA_KEK_MAX_LEN);
4809 *fils_kek_len = sm->PTK.kek_len;
4810 }
4811
4812 #endif /* CONFIG_FILS */
4813
4814
4815 #ifdef CONFIG_TESTING_OPTIONS
4816
4817 int wpa_auth_resend_m1(struct wpa_state_machine *sm, int change_anonce,
4818 void (*cb)(void *ctx1, void *ctx2),
4819 void *ctx1, void *ctx2)
4820 {
4821 const u8 *anonce = sm->ANonce;
4822 u8 anonce_buf[WPA_NONCE_LEN];
4823
4824 if (change_anonce) {
4825 if (random_get_bytes(anonce_buf, WPA_NONCE_LEN))
4826 return -1;
4827 anonce = anonce_buf;
4828 }
4829
4830 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4831 "sending 1/4 msg of 4-Way Handshake (TESTING)");
4832 wpa_send_eapol(sm->wpa_auth, sm,
4833 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
4834 anonce, NULL, 0, 0, 0);
4835 return 0;
4836 }
4837
4838
4839 int wpa_auth_resend_m3(struct wpa_state_machine *sm,
4840 void (*cb)(void *ctx1, void *ctx2),
4841 void *ctx1, void *ctx2)
4842 {
4843 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
4844 #ifdef CONFIG_IEEE80211W
4845 u8 *opos;
4846 #endif /* CONFIG_IEEE80211W */
4847 size_t gtk_len, kde_len;
4848 struct wpa_group *gsm = sm->group;
4849 u8 *wpa_ie;
4850 int wpa_ie_len, secure, keyidx, encr = 0;
4851
4852 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
4853 GTK[GN], IGTK, [FTIE], [TIE * 2])
4854 */
4855
4856 /* Use 0 RSC */
4857 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
4858 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
4859 wpa_ie = sm->wpa_auth->wpa_ie;
4860 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
4861 if (sm->wpa == WPA_VERSION_WPA &&
4862 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
4863 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
4864 /* WPA-only STA, remove RSN IE and possible MDIE */
4865 wpa_ie = wpa_ie + wpa_ie[1] + 2;
4866 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
4867 wpa_ie = wpa_ie + wpa_ie[1] + 2;
4868 wpa_ie_len = wpa_ie[1] + 2;
4869 }
4870 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4871 "sending 3/4 msg of 4-Way Handshake (TESTING)");
4872 if (sm->wpa == WPA_VERSION_WPA2) {
4873 /* WPA2 send GTK in the 4-way handshake */
4874 secure = 1;
4875 gtk = gsm->GTK[gsm->GN - 1];
4876 gtk_len = gsm->GTK_len;
4877 keyidx = gsm->GN;
4878 _rsc = rsc;
4879 encr = 1;
4880 } else {
4881 /* WPA does not include GTK in msg 3/4 */
4882 secure = 0;
4883 gtk = NULL;
4884 gtk_len = 0;
4885 keyidx = 0;
4886 _rsc = NULL;
4887 if (sm->rx_eapol_key_secure) {
4888 /*
4889 * It looks like Windows 7 supplicant tries to use
4890 * Secure bit in msg 2/4 after having reported Michael
4891 * MIC failure and it then rejects the 4-way handshake
4892 * if msg 3/4 does not set Secure bit. Work around this
4893 * by setting the Secure bit here even in the case of
4894 * WPA if the supplicant used it first.
4895 */
4896 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4897 "STA used Secure bit in WPA msg 2/4 - "
4898 "set Secure for 3/4 as workaround");
4899 secure = 1;
4900 }
4901 }
4902
4903 kde_len = wpa_ie_len + ieee80211w_kde_len(sm) + ocv_oci_len(sm);
4904 if (gtk)
4905 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
4906 #ifdef CONFIG_IEEE80211R_AP
4907 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4908 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
4909 kde_len += 300; /* FTIE + 2 * TIE */
4910 }
4911 #endif /* CONFIG_IEEE80211R_AP */
4912 kde = os_malloc(kde_len);
4913 if (kde == NULL)
4914 return -1;
4915
4916 pos = kde;
4917 os_memcpy(pos, wpa_ie, wpa_ie_len);
4918 pos += wpa_ie_len;
4919 #ifdef CONFIG_IEEE80211R_AP
4920 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4921 int res;
4922 size_t elen;
4923
4924 elen = pos - kde;
4925 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
4926 if (res < 0) {
4927 wpa_printf(MSG_ERROR, "FT: Failed to insert "
4928 "PMKR1Name into RSN IE in EAPOL-Key data");
4929 os_free(kde);
4930 return -1;
4931 }
4932 pos -= wpa_ie_len;
4933 pos += elen;
4934 }
4935 #endif /* CONFIG_IEEE80211R_AP */
4936 if (gtk) {
4937 u8 hdr[2];
4938 hdr[0] = keyidx & 0x03;
4939 hdr[1] = 0;
4940 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
4941 gtk, gtk_len);
4942 }
4943 #ifdef CONFIG_IEEE80211W
4944 opos = pos;
4945 pos = ieee80211w_kde_add(sm, pos);
4946 if (pos - opos >= 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) {
4947 /* skip KDE header and keyid */
4948 opos += 2 + RSN_SELECTOR_LEN + 2;
4949 os_memset(opos, 0, 6); /* clear PN */
4950 }
4951 #endif /* CONFIG_IEEE80211W */
4952 if (ocv_oci_add(sm, &pos) < 0) {
4953 os_free(kde);
4954 return -1;
4955 }
4956
4957 #ifdef CONFIG_IEEE80211R_AP
4958 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4959 int res;
4960 struct wpa_auth_config *conf;
4961
4962 conf = &sm->wpa_auth->conf;
4963 if (sm->assoc_resp_ftie &&
4964 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
4965 os_memcpy(pos, sm->assoc_resp_ftie,
4966 2 + sm->assoc_resp_ftie[1]);
4967 res = 2 + sm->assoc_resp_ftie[1];
4968 } else {
4969 int use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
4970
4971 res = wpa_write_ftie(conf, use_sha384,
4972 conf->r0_key_holder,
4973 conf->r0_key_holder_len,
4974 NULL, NULL, pos,
4975 kde + kde_len - pos,
4976 NULL, 0);
4977 }
4978 if (res < 0) {
4979 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
4980 "into EAPOL-Key Key Data");
4981 os_free(kde);
4982 return -1;
4983 }
4984 pos += res;
4985
4986 /* TIE[ReassociationDeadline] (TU) */
4987 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
4988 *pos++ = 5;
4989 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
4990 WPA_PUT_LE32(pos, conf->reassociation_deadline);
4991 pos += 4;
4992
4993 /* TIE[KeyLifetime] (seconds) */
4994 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
4995 *pos++ = 5;
4996 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
4997 WPA_PUT_LE32(pos, conf->r0_key_lifetime);
4998 pos += 4;
4999 }
5000 #endif /* CONFIG_IEEE80211R_AP */
5001
5002 wpa_send_eapol(sm->wpa_auth, sm,
5003 (secure ? WPA_KEY_INFO_SECURE : 0) |
5004 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
5005 WPA_KEY_INFO_MIC : 0) |
5006 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
5007 WPA_KEY_INFO_KEY_TYPE,
5008 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
5009 os_free(kde);
5010 return 0;
5011 }
5012
5013
5014 int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
5015 void (*cb)(void *ctx1, void *ctx2),
5016 void *ctx1, void *ctx2)
5017 {
5018 u8 rsc[WPA_KEY_RSC_LEN];
5019 struct wpa_group *gsm = sm->group;
5020 const u8 *kde;
5021 u8 *kde_buf = NULL, *pos, hdr[2];
5022 #ifdef CONFIG_IEEE80211W
5023 u8 *opos;
5024 #endif /* CONFIG_IEEE80211W */
5025 size_t kde_len;
5026 u8 *gtk;
5027
5028 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
5029 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
5030 /* Use 0 RSC */
5031 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
5032 "sending 1/2 msg of Group Key Handshake (TESTING)");
5033
5034 gtk = gsm->GTK[gsm->GN - 1];
5035 if (sm->wpa == WPA_VERSION_WPA2) {
5036 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
5037 ieee80211w_kde_len(sm) + ocv_oci_len(sm);
5038 kde_buf = os_malloc(kde_len);
5039 if (kde_buf == NULL)
5040 return -1;
5041
5042 kde = pos = kde_buf;
5043 hdr[0] = gsm->GN & 0x03;
5044 hdr[1] = 0;
5045 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
5046 gtk, gsm->GTK_len);
5047 #ifdef CONFIG_IEEE80211W
5048 opos = pos;
5049 pos = ieee80211w_kde_add(sm, pos);
5050 if (pos - opos >=
5051 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) {
5052 /* skip KDE header and keyid */
5053 opos += 2 + RSN_SELECTOR_LEN + 2;
5054 os_memset(opos, 0, 6); /* clear PN */
5055 }
5056 #endif /* CONFIG_IEEE80211W */
5057 if (ocv_oci_add(sm, &pos) < 0) {
5058 os_free(kde_buf);
5059 return -1;
5060 }
5061 kde_len = pos - kde;
5062 } else {
5063 kde = gtk;
5064 kde_len = gsm->GTK_len;
5065 }
5066
5067 sm->eapol_status_cb = cb;
5068 sm->eapol_status_cb_ctx1 = ctx1;
5069 sm->eapol_status_cb_ctx2 = ctx2;
5070
5071 wpa_send_eapol(sm->wpa_auth, sm,
5072 WPA_KEY_INFO_SECURE |
5073 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
5074 WPA_KEY_INFO_MIC : 0) |
5075 WPA_KEY_INFO_ACK |
5076 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
5077 rsc, NULL, kde, kde_len, gsm->GN, 1);
5078
5079 os_free(kde_buf);
5080 return 0;
5081 }
5082
5083
5084 int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth)
5085 {
5086 if (!wpa_auth)
5087 return -1;
5088 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
5089 return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL);
5090 }
5091
5092 #endif /* CONFIG_TESTING_OPTIONS */
Unnamed repository; edit this file 'description' to name the repository.