2 * WPA Supplicant - WPA state machine and EAPOL-Key processing
3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/aes_wrap.h"
13 #include "crypto/crypto.h"
14 #include "crypto/random.h"
15 #include "common/ieee802_11_defs.h"
16 #include "eapol_supp/eapol_supp_sm.h"
20 #include "pmksa_cache.h"
27 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
28 * @sm: Pointer to WPA state machine data from wpa_sm_init()
29 * @kck: Key Confirmation Key (KCK, part of PTK)
30 * @kck_len: KCK length in octets
31 * @ver: Version field from Key Info
32 * @dest: Destination address for the frame
33 * @proto: Ethertype (usually ETH_P_EAPOL)
34 * @msg: EAPOL-Key message
35 * @msg_len: Length of message
36 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
38 void wpa_eapol_key_send(struct wpa_sm
*sm
, const u8
*kck
, size_t kck_len
,
39 int ver
, const u8
*dest
, u16 proto
,
40 u8
*msg
, size_t msg_len
, u8
*key_mic
)
42 size_t mic_len
= wpa_mic_len(sm
->key_mgmt
);
44 if (is_zero_ether_addr(dest
) && is_zero_ether_addr(sm
->bssid
)) {
46 * Association event was not yet received; try to fetch
47 * BSSID from the driver.
49 if (wpa_sm_get_bssid(sm
, sm
->bssid
) < 0) {
50 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
51 "WPA: Failed to read BSSID for "
52 "EAPOL-Key destination address");
55 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
56 "WPA: Use BSSID (" MACSTR
57 ") as the destination for EAPOL-Key",
62 wpa_eapol_key_mic(kck
, kck_len
, sm
->key_mgmt
, ver
, msg
, msg_len
,
64 wpa_msg(sm
->ctx
->msg_ctx
, MSG_ERROR
,
65 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
69 wpa_hexdump_key(MSG_DEBUG
, "WPA: KCK", kck
, kck_len
);
70 wpa_hexdump(MSG_DEBUG
, "WPA: Derived Key MIC", key_mic
, mic_len
);
71 wpa_hexdump(MSG_MSGDUMP
, "WPA: TX EAPOL-Key", msg
, msg_len
);
72 wpa_sm_ether_send(sm
, dest
, proto
, msg
, msg_len
);
73 eapol_sm_notify_tx_eapol_key(sm
->eapol
);
80 * wpa_sm_key_request - Send EAPOL-Key Request
81 * @sm: Pointer to WPA state machine data from wpa_sm_init()
82 * @error: Indicate whether this is an Michael MIC error report
83 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
85 * Send an EAPOL-Key Request to the current authenticator. This function is
86 * used to request rekeying and it is usually called when a local Michael MIC
87 * failure is detected.
89 void wpa_sm_key_request(struct wpa_sm
*sm
, int error
, int pairwise
)
91 size_t mic_len
, hdrlen
, rlen
;
92 struct wpa_eapol_key
*reply
;
93 struct wpa_eapol_key_192
*reply192
;
95 u8 bssid
[ETH_ALEN
], *rbuf
, *key_mic
;
97 if (sm
->key_mgmt
== WPA_KEY_MGMT_OSEN
||
98 wpa_key_mgmt_suite_b(sm
->key_mgmt
))
99 ver
= WPA_KEY_INFO_TYPE_AKM_DEFINED
;
100 else if (wpa_key_mgmt_ft(sm
->key_mgmt
) ||
101 wpa_key_mgmt_sha256(sm
->key_mgmt
))
102 ver
= WPA_KEY_INFO_TYPE_AES_128_CMAC
;
103 else if (sm
->pairwise_cipher
!= WPA_CIPHER_TKIP
)
104 ver
= WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
;
106 ver
= WPA_KEY_INFO_TYPE_HMAC_MD5_RC4
;
108 if (wpa_sm_get_bssid(sm
, bssid
) < 0) {
109 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
110 "Failed to read BSSID for EAPOL-Key request");
114 mic_len
= wpa_mic_len(sm
->key_mgmt
);
115 hdrlen
= mic_len
== 24 ? sizeof(*reply192
) : sizeof(*reply
);
116 rbuf
= wpa_sm_alloc_eapol(sm
, IEEE802_1X_TYPE_EAPOL_KEY
, NULL
,
117 hdrlen
, &rlen
, (void *) &reply
);
120 reply192
= (struct wpa_eapol_key_192
*) reply
;
122 reply
->type
= (sm
->proto
== WPA_PROTO_RSN
||
123 sm
->proto
== WPA_PROTO_OSEN
) ?
124 EAPOL_KEY_TYPE_RSN
: EAPOL_KEY_TYPE_WPA
;
125 key_info
= WPA_KEY_INFO_REQUEST
| ver
;
127 key_info
|= WPA_KEY_INFO_MIC
;
129 key_info
|= WPA_KEY_INFO_ERROR
;
131 key_info
|= WPA_KEY_INFO_KEY_TYPE
;
132 WPA_PUT_BE16(reply
->key_info
, key_info
);
133 WPA_PUT_BE16(reply
->key_length
, 0);
134 os_memcpy(reply
->replay_counter
, sm
->request_counter
,
135 WPA_REPLAY_COUNTER_LEN
);
136 inc_byte_array(sm
->request_counter
, WPA_REPLAY_COUNTER_LEN
);
139 WPA_PUT_BE16(reply192
->key_data_length
, 0);
141 WPA_PUT_BE16(reply
->key_data_length
, 0);
142 if (!(key_info
& WPA_KEY_INFO_MIC
))
145 key_mic
= reply192
->key_mic
; /* same offset in reply */
147 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
148 "WPA: Sending EAPOL-Key Request (error=%d "
149 "pairwise=%d ptk_set=%d len=%lu)",
150 error
, pairwise
, sm
->ptk_set
, (unsigned long) rlen
);
151 wpa_eapol_key_send(sm
, sm
->ptk
.kck
, sm
->ptk
.kck_len
, ver
, bssid
,
152 ETH_P_EAPOL
, rbuf
, rlen
, key_mic
);
156 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm
*sm
)
158 #ifdef CONFIG_IEEE80211R
159 if (sm
->key_mgmt
== WPA_KEY_MGMT_FT_IEEE8021X
) {
160 if (wpa_sm_key_mgmt_set_pmk(sm
, sm
->xxkey
, sm
->xxkey_len
))
161 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
162 "RSN: Cannot set low order 256 bits of MSK for key management offload");
164 #endif /* CONFIG_IEEE80211R */
165 if (wpa_sm_key_mgmt_set_pmk(sm
, sm
->pmk
, sm
->pmk_len
))
166 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
167 "RSN: Cannot set PMK for key management offload");
168 #ifdef CONFIG_IEEE80211R
170 #endif /* CONFIG_IEEE80211R */
174 static int wpa_supplicant_get_pmk(struct wpa_sm
*sm
,
175 const unsigned char *src_addr
,
178 int abort_cached
= 0;
180 if (pmkid
&& !sm
->cur_pmksa
) {
181 /* When using drivers that generate RSN IE, wpa_supplicant may
182 * not have enough time to get the association information
183 * event before receiving this 1/4 message, so try to find a
184 * matching PMKSA cache entry here. */
185 sm
->cur_pmksa
= pmksa_cache_get(sm
->pmksa
, src_addr
, pmkid
,
188 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
189 "RSN: found matching PMKID from PMKSA cache");
191 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
192 "RSN: no matching PMKID found");
197 if (pmkid
&& sm
->cur_pmksa
&&
198 os_memcmp_const(pmkid
, sm
->cur_pmksa
->pmkid
, PMKID_LEN
) == 0) {
199 wpa_hexdump(MSG_DEBUG
, "RSN: matched PMKID", pmkid
, PMKID_LEN
);
200 wpa_sm_set_pmk_from_pmksa(sm
);
201 wpa_hexdump_key(MSG_DEBUG
, "RSN: PMK from PMKSA cache",
202 sm
->pmk
, sm
->pmk_len
);
203 eapol_sm_notify_cached(sm
->eapol
);
204 #ifdef CONFIG_IEEE80211R
206 #endif /* CONFIG_IEEE80211R */
207 } else if (wpa_key_mgmt_wpa_ieee8021x(sm
->key_mgmt
) && sm
->eapol
) {
210 if (sm
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
)
211 pmk_len
= PMK_LEN_SUITE_B_192
;
214 res
= eapol_sm_get_key(sm
->eapol
, sm
->pmk
, pmk_len
);
216 if (pmk_len
== PMK_LEN
) {
218 * EAP-LEAP is an exception from other EAP
219 * methods: it uses only 16-byte PMK.
221 res
= eapol_sm_get_key(sm
->eapol
, sm
->pmk
, 16);
225 #ifdef CONFIG_IEEE80211R
227 if (eapol_sm_get_key(sm
->eapol
, buf
, 2 * PMK_LEN
) == 0)
229 os_memcpy(sm
->xxkey
, buf
+ PMK_LEN
, PMK_LEN
);
230 sm
->xxkey_len
= PMK_LEN
;
231 os_memset(buf
, 0, sizeof(buf
));
233 #endif /* CONFIG_IEEE80211R */
236 struct rsn_pmksa_cache_entry
*sa
= NULL
;
237 wpa_hexdump_key(MSG_DEBUG
, "WPA: PMK from EAPOL state "
238 "machines", sm
->pmk
, pmk_len
);
239 sm
->pmk_len
= pmk_len
;
240 wpa_supplicant_key_mgmt_set_pmk(sm
);
241 if (sm
->proto
== WPA_PROTO_RSN
&&
242 !wpa_key_mgmt_suite_b(sm
->key_mgmt
) &&
243 !wpa_key_mgmt_ft(sm
->key_mgmt
)) {
244 sa
= pmksa_cache_add(sm
->pmksa
,
247 src_addr
, sm
->own_addr
,
251 if (!sm
->cur_pmksa
&& pmkid
&&
252 pmksa_cache_get(sm
->pmksa
, src_addr
, pmkid
, NULL
))
254 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
255 "RSN: the new PMK matches with the "
258 } else if (sa
&& !sm
->cur_pmksa
&& pmkid
) {
260 * It looks like the authentication server
261 * derived mismatching MSK. This should not
262 * really happen, but bugs happen.. There is not
263 * much we can do here without knowing what
264 * exactly caused the server to misbehave.
266 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_INFO
,
267 "RSN: PMKID mismatch - authentication server may have derived different MSK?!");
274 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
275 "WPA: Failed to get master session key from "
276 "EAPOL state machines - key handshake "
279 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
280 "RSN: Cancelled PMKSA caching "
282 sm
->cur_pmksa
= NULL
;
284 } else if (!abort_cached
) {
290 if (abort_cached
&& wpa_key_mgmt_wpa_ieee8021x(sm
->key_mgmt
) &&
291 !wpa_key_mgmt_suite_b(sm
->key_mgmt
) &&
292 !wpa_key_mgmt_ft(sm
->key_mgmt
) && sm
->key_mgmt
!= WPA_KEY_MGMT_OSEN
)
294 /* Send EAPOL-Start to trigger full EAP authentication. */
298 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
299 "RSN: no PMKSA entry found - trigger "
300 "full EAP authentication");
301 buf
= wpa_sm_alloc_eapol(sm
, IEEE802_1X_TYPE_EAPOL_START
,
302 NULL
, 0, &buflen
, NULL
);
304 wpa_sm_ether_send(sm
, sm
->bssid
, ETH_P_EAPOL
,
318 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
319 * @sm: Pointer to WPA state machine data from wpa_sm_init()
320 * @dst: Destination address for the frame
321 * @key: Pointer to the EAPOL-Key frame header
322 * @ver: Version bits from EAPOL-Key Key Info
323 * @nonce: Nonce value for the EAPOL-Key frame
324 * @wpa_ie: WPA/RSN IE
325 * @wpa_ie_len: Length of the WPA/RSN IE
326 * @ptk: PTK to use for keyed hash and encryption
327 * Returns: 0 on success, -1 on failure
329 int wpa_supplicant_send_2_of_4(struct wpa_sm
*sm
, const unsigned char *dst
,
330 const struct wpa_eapol_key
*key
,
331 int ver
, const u8
*nonce
,
332 const u8
*wpa_ie
, size_t wpa_ie_len
,
335 size_t mic_len
, hdrlen
, rlen
;
336 struct wpa_eapol_key
*reply
;
337 struct wpa_eapol_key_192
*reply192
;
339 u8
*rsn_ie_buf
= NULL
;
341 if (wpa_ie
== NULL
) {
342 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
, "WPA: No wpa_ie set - "
343 "cannot generate msg 2/4");
347 #ifdef CONFIG_IEEE80211R
348 if (wpa_key_mgmt_ft(sm
->key_mgmt
)) {
352 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
353 * FTIE from (Re)Association Response.
355 rsn_ie_buf
= os_malloc(wpa_ie_len
+ 2 + 2 + PMKID_LEN
+
356 sm
->assoc_resp_ies_len
);
357 if (rsn_ie_buf
== NULL
)
359 os_memcpy(rsn_ie_buf
, wpa_ie
, wpa_ie_len
);
360 res
= wpa_insert_pmkid(rsn_ie_buf
, wpa_ie_len
,
368 if (sm
->assoc_resp_ies
) {
369 os_memcpy(rsn_ie_buf
+ wpa_ie_len
, sm
->assoc_resp_ies
,
370 sm
->assoc_resp_ies_len
);
371 wpa_ie_len
+= sm
->assoc_resp_ies_len
;
376 #endif /* CONFIG_IEEE80211R */
378 wpa_hexdump(MSG_DEBUG
, "WPA: WPA IE for msg 2/4", wpa_ie
, wpa_ie_len
);
380 mic_len
= wpa_mic_len(sm
->key_mgmt
);
381 hdrlen
= mic_len
== 24 ? sizeof(*reply192
) : sizeof(*reply
);
382 rbuf
= wpa_sm_alloc_eapol(sm
, IEEE802_1X_TYPE_EAPOL_KEY
,
383 NULL
, hdrlen
+ wpa_ie_len
,
384 &rlen
, (void *) &reply
);
389 reply192
= (struct wpa_eapol_key_192
*) reply
;
391 reply
->type
= (sm
->proto
== WPA_PROTO_RSN
||
392 sm
->proto
== WPA_PROTO_OSEN
) ?
393 EAPOL_KEY_TYPE_RSN
: EAPOL_KEY_TYPE_WPA
;
394 WPA_PUT_BE16(reply
->key_info
,
395 ver
| WPA_KEY_INFO_KEY_TYPE
| WPA_KEY_INFO_MIC
);
396 if (sm
->proto
== WPA_PROTO_RSN
|| sm
->proto
== WPA_PROTO_OSEN
)
397 WPA_PUT_BE16(reply
->key_length
, 0);
399 os_memcpy(reply
->key_length
, key
->key_length
, 2);
400 os_memcpy(reply
->replay_counter
, key
->replay_counter
,
401 WPA_REPLAY_COUNTER_LEN
);
402 wpa_hexdump(MSG_DEBUG
, "WPA: Replay Counter", reply
->replay_counter
,
403 WPA_REPLAY_COUNTER_LEN
);
405 key_mic
= reply192
->key_mic
; /* same offset for reply and reply192 */
407 WPA_PUT_BE16(reply192
->key_data_length
, wpa_ie_len
);
408 os_memcpy(reply192
+ 1, wpa_ie
, wpa_ie_len
);
410 WPA_PUT_BE16(reply
->key_data_length
, wpa_ie_len
);
411 os_memcpy(reply
+ 1, wpa_ie
, wpa_ie_len
);
415 os_memcpy(reply
->key_nonce
, nonce
, WPA_NONCE_LEN
);
417 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: Sending EAPOL-Key 2/4");
418 wpa_eapol_key_send(sm
, ptk
->kck
, ptk
->kck_len
, ver
, dst
, ETH_P_EAPOL
,
419 rbuf
, rlen
, key_mic
);
425 static int wpa_derive_ptk(struct wpa_sm
*sm
, const unsigned char *src_addr
,
426 const struct wpa_eapol_key
*key
, struct wpa_ptk
*ptk
)
428 #ifdef CONFIG_IEEE80211R
429 if (wpa_key_mgmt_ft(sm
->key_mgmt
))
430 return wpa_derive_ptk_ft(sm
, src_addr
, key
, ptk
);
431 #endif /* CONFIG_IEEE80211R */
433 return wpa_pmk_to_ptk(sm
->pmk
, sm
->pmk_len
, "Pairwise key expansion",
434 sm
->own_addr
, sm
->bssid
, sm
->snonce
,
435 key
->key_nonce
, ptk
, sm
->key_mgmt
,
436 sm
->pairwise_cipher
);
440 static void wpa_supplicant_process_1_of_4(struct wpa_sm
*sm
,
441 const unsigned char *src_addr
,
442 const struct wpa_eapol_key
*key
,
443 u16 ver
, const u8
*key_data
,
446 struct wpa_eapol_ie_parse ie
;
449 u8
*kde
, *kde_buf
= NULL
;
452 if (wpa_sm_get_network_ctx(sm
) == NULL
) {
453 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
, "WPA: No SSID info "
454 "found (msg 1 of 4)");
458 wpa_sm_set_state(sm
, WPA_4WAY_HANDSHAKE
);
459 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: RX message 1 of 4-Way "
460 "Handshake from " MACSTR
" (ver=%d)", MAC2STR(src_addr
), ver
);
462 os_memset(&ie
, 0, sizeof(ie
));
464 if (sm
->proto
== WPA_PROTO_RSN
|| sm
->proto
== WPA_PROTO_OSEN
) {
465 /* RSN: msg 1/4 should contain PMKID for the selected PMK */
466 wpa_hexdump(MSG_DEBUG
, "RSN: msg 1/4 key data",
467 key_data
, key_data_len
);
468 if (wpa_supplicant_parse_ies(key_data
, key_data_len
, &ie
) < 0)
471 wpa_hexdump(MSG_DEBUG
, "RSN: PMKID from "
472 "Authenticator", ie
.pmkid
, PMKID_LEN
);
476 res
= wpa_supplicant_get_pmk(sm
, src_addr
, ie
.pmkid
);
478 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "RSN: Do not reply to "
479 "msg 1/4 - requesting full EAP authentication");
485 if (sm
->renew_snonce
) {
486 if (random_get_bytes(sm
->snonce
, WPA_NONCE_LEN
)) {
487 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
488 "WPA: Failed to get random data for SNonce");
491 sm
->renew_snonce
= 0;
492 wpa_hexdump(MSG_DEBUG
, "WPA: Renewed SNonce",
493 sm
->snonce
, WPA_NONCE_LEN
);
496 /* Calculate PTK which will be stored as a temporary PTK until it has
497 * been verified when processing message 3/4. */
499 wpa_derive_ptk(sm
, src_addr
, key
, ptk
);
500 if (sm
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
502 /* Supplicant: swap tx/rx Mic keys */
503 os_memcpy(buf
, &ptk
->tk
[16], 8);
504 os_memcpy(&ptk
->tk
[16], &ptk
->tk
[24], 8);
505 os_memcpy(&ptk
->tk
[24], buf
, 8);
506 os_memset(buf
, 0, sizeof(buf
));
511 kde
= sm
->assoc_wpa_ie
;
512 kde_len
= sm
->assoc_wpa_ie_len
;
516 kde_buf
= os_malloc(kde_len
+ 2 + RSN_SELECTOR_LEN
+ 1);
519 wpa_printf(MSG_DEBUG
, "P2P: Add IP Address Request KDE "
520 "into EAPOL-Key 2/4");
521 os_memcpy(kde_buf
, kde
, kde_len
);
524 *pos
++ = WLAN_EID_VENDOR_SPECIFIC
;
525 *pos
++ = RSN_SELECTOR_LEN
+ 1;
526 RSN_SELECTOR_PUT(pos
, WFA_KEY_DATA_IP_ADDR_REQ
);
527 pos
+= RSN_SELECTOR_LEN
;
532 #endif /* CONFIG_P2P */
534 if (wpa_supplicant_send_2_of_4(sm
, sm
->bssid
, key
, ver
, sm
->snonce
,
539 os_memcpy(sm
->anonce
, key
->key_nonce
, WPA_NONCE_LEN
);
544 wpa_sm_deauthenticate(sm
, WLAN_REASON_UNSPECIFIED
);
548 static void wpa_sm_start_preauth(void *eloop_ctx
, void *timeout_ctx
)
550 struct wpa_sm
*sm
= eloop_ctx
;
551 rsn_preauth_candidate_process(sm
);
555 static void wpa_supplicant_key_neg_complete(struct wpa_sm
*sm
,
556 const u8
*addr
, int secure
)
558 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
559 "WPA: Key negotiation completed with "
560 MACSTR
" [PTK=%s GTK=%s]", MAC2STR(addr
),
561 wpa_cipher_txt(sm
->pairwise_cipher
),
562 wpa_cipher_txt(sm
->group_cipher
));
563 wpa_sm_cancel_auth_timeout(sm
);
564 wpa_sm_set_state(sm
, WPA_COMPLETED
);
567 wpa_sm_mlme_setprotection(
568 sm
, addr
, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX
,
569 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE
);
570 eapol_sm_notify_portValid(sm
->eapol
, TRUE
);
571 if (wpa_key_mgmt_wpa_psk(sm
->key_mgmt
))
572 eapol_sm_notify_eap_success(sm
->eapol
, TRUE
);
574 * Start preauthentication after a short wait to avoid a
575 * possible race condition between the data receive and key
576 * configuration after the 4-Way Handshake. This increases the
577 * likelihood of the first preauth EAPOL-Start frame getting to
580 eloop_register_timeout(1, 0, wpa_sm_start_preauth
, sm
, NULL
);
583 if (sm
->cur_pmksa
&& sm
->cur_pmksa
->opportunistic
) {
584 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
585 "RSN: Authenticator accepted "
586 "opportunistic PMKSA entry - marking it valid");
587 sm
->cur_pmksa
->opportunistic
= 0;
590 #ifdef CONFIG_IEEE80211R
591 if (wpa_key_mgmt_ft(sm
->key_mgmt
)) {
592 /* Prepare for the next transition */
593 wpa_ft_prepare_auth_request(sm
, NULL
);
595 #endif /* CONFIG_IEEE80211R */
599 static void wpa_sm_rekey_ptk(void *eloop_ctx
, void *timeout_ctx
)
601 struct wpa_sm
*sm
= eloop_ctx
;
602 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: Request PTK rekeying");
603 wpa_sm_key_request(sm
, 0, 1);
607 static int wpa_supplicant_install_ptk(struct wpa_sm
*sm
,
608 const struct wpa_eapol_key
*key
)
613 u8 null_rsc
[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
615 if (!sm
->tk_to_set
) {
616 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
617 "WPA: Do not re-install same PTK to the driver");
621 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
622 "WPA: Installing PTK to the driver");
624 if (sm
->pairwise_cipher
== WPA_CIPHER_NONE
) {
625 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: Pairwise Cipher "
626 "Suite: NONE - do not use pairwise keys");
630 if (!wpa_cipher_valid_pairwise(sm
->pairwise_cipher
)) {
631 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
632 "WPA: Unsupported pairwise cipher %d",
633 sm
->pairwise_cipher
);
637 alg
= wpa_cipher_to_alg(sm
->pairwise_cipher
);
638 keylen
= wpa_cipher_key_len(sm
->pairwise_cipher
);
639 rsclen
= wpa_cipher_rsc_len(sm
->pairwise_cipher
);
641 if (sm
->proto
== WPA_PROTO_RSN
|| sm
->proto
== WPA_PROTO_OSEN
) {
644 key_rsc
= key
->key_rsc
;
645 wpa_hexdump(MSG_DEBUG
, "WPA: RSC", key_rsc
, rsclen
);
648 if (wpa_sm_set_key(sm
, alg
, sm
->bssid
, 0, 1, key_rsc
, rsclen
,
649 sm
->ptk
.tk
, keylen
) < 0) {
650 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
651 "WPA: Failed to set PTK to the "
652 "driver (alg=%d keylen=%d bssid=" MACSTR
")",
653 alg
, keylen
, MAC2STR(sm
->bssid
));
657 /* TK is not needed anymore in supplicant */
658 os_memset(sm
->ptk
.tk
, 0, WPA_TK_MAX_LEN
);
661 if (sm
->wpa_ptk_rekey
) {
662 eloop_cancel_timeout(wpa_sm_rekey_ptk
, sm
, NULL
);
663 eloop_register_timeout(sm
->wpa_ptk_rekey
, 0, wpa_sm_rekey_ptk
,
671 static int wpa_supplicant_check_group_cipher(struct wpa_sm
*sm
,
673 int keylen
, int maxkeylen
,
679 *alg
= wpa_cipher_to_alg(group_cipher
);
680 if (*alg
== WPA_ALG_NONE
) {
681 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
682 "WPA: Unsupported Group Cipher %d",
686 *key_rsc_len
= wpa_cipher_rsc_len(group_cipher
);
688 klen
= wpa_cipher_key_len(group_cipher
);
689 if (keylen
!= klen
|| maxkeylen
< klen
) {
690 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
691 "WPA: Unsupported %s Group Cipher key length %d (%d)",
692 wpa_cipher_txt(group_cipher
), keylen
, maxkeylen
);
699 struct wpa_gtk_data
{
701 int tx
, key_rsc_len
, keyidx
;
707 static int wpa_supplicant_install_gtk(struct wpa_sm
*sm
,
708 const struct wpa_gtk_data
*gd
,
711 const u8
*_gtk
= gd
->gtk
;
714 wpa_hexdump_key(MSG_DEBUG
, "WPA: Group Key", gd
->gtk
, gd
->gtk_len
);
715 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
716 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
717 gd
->keyidx
, gd
->tx
, gd
->gtk_len
);
718 wpa_hexdump(MSG_DEBUG
, "WPA: RSC", key_rsc
, gd
->key_rsc_len
);
719 if (sm
->group_cipher
== WPA_CIPHER_TKIP
) {
720 /* Swap Tx/Rx keys for Michael MIC */
721 os_memcpy(gtk_buf
, gd
->gtk
, 16);
722 os_memcpy(gtk_buf
+ 16, gd
->gtk
+ 24, 8);
723 os_memcpy(gtk_buf
+ 24, gd
->gtk
+ 16, 8);
726 if (sm
->pairwise_cipher
== WPA_CIPHER_NONE
) {
727 if (wpa_sm_set_key(sm
, gd
->alg
, NULL
,
728 gd
->keyidx
, 1, key_rsc
, gd
->key_rsc_len
,
729 _gtk
, gd
->gtk_len
) < 0) {
730 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
731 "WPA: Failed to set GTK to the driver "
733 os_memset(gtk_buf
, 0, sizeof(gtk_buf
));
736 } else if (wpa_sm_set_key(sm
, gd
->alg
, broadcast_ether_addr
,
737 gd
->keyidx
, gd
->tx
, key_rsc
, gd
->key_rsc_len
,
738 _gtk
, gd
->gtk_len
) < 0) {
739 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
740 "WPA: Failed to set GTK to "
741 "the driver (alg=%d keylen=%d keyidx=%d)",
742 gd
->alg
, gd
->gtk_len
, gd
->keyidx
);
743 os_memset(gtk_buf
, 0, sizeof(gtk_buf
));
746 os_memset(gtk_buf
, 0, sizeof(gtk_buf
));
752 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm
*sm
,
755 if (tx
&& sm
->pairwise_cipher
!= WPA_CIPHER_NONE
) {
756 /* Ignore Tx bit for GTK if a pairwise key is used. One AP
757 * seemed to set this bit (incorrectly, since Tx is only when
758 * doing Group Key only APs) and without this workaround, the
759 * data connection does not work because wpa_supplicant
760 * configured non-zero keyidx to be used for unicast. */
761 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
762 "WPA: Tx bit set for GTK, but pairwise "
763 "keys are used - ignore Tx bit");
770 static int wpa_supplicant_pairwise_gtk(struct wpa_sm
*sm
,
771 const struct wpa_eapol_key
*key
,
772 const u8
*gtk
, size_t gtk_len
,
775 struct wpa_gtk_data gd
;
778 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
780 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
781 * Reserved [bits 0-7]
785 os_memset(&gd
, 0, sizeof(gd
));
786 wpa_hexdump_key(MSG_DEBUG
, "RSN: received GTK in pairwise handshake",
789 if (gtk_len
< 2 || gtk_len
- 2 > sizeof(gd
.gtk
))
792 gd
.keyidx
= gtk
[0] & 0x3;
793 gd
.tx
= wpa_supplicant_gtk_tx_bit_workaround(sm
,
794 !!(gtk
[0] & BIT(2)));
798 os_memcpy(gd
.gtk
, gtk
, gtk_len
);
799 gd
.gtk_len
= gtk_len
;
801 if (sm
->group_cipher
!= WPA_CIPHER_GTK_NOT_USED
&&
802 (wpa_supplicant_check_group_cipher(sm
, sm
->group_cipher
,
804 &gd
.key_rsc_len
, &gd
.alg
) ||
805 wpa_supplicant_install_gtk(sm
, &gd
, key
->key_rsc
))) {
806 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
807 "RSN: Failed to install GTK");
808 os_memset(&gd
, 0, sizeof(gd
));
811 os_memset(&gd
, 0, sizeof(gd
));
813 wpa_supplicant_key_neg_complete(sm
, sm
->bssid
,
814 key_info
& WPA_KEY_INFO_SECURE
);
819 static int ieee80211w_set_keys(struct wpa_sm
*sm
,
820 struct wpa_eapol_ie_parse
*ie
)
822 #ifdef CONFIG_IEEE80211W
823 if (!wpa_cipher_valid_mgmt_group(sm
->mgmt_group_cipher
))
828 const struct wpa_igtk_kde
*igtk
;
830 len
= wpa_cipher_key_len(sm
->mgmt_group_cipher
);
831 if (ie
->igtk_len
!= WPA_IGTK_KDE_PREFIX_LEN
+ len
)
833 igtk
= (const struct wpa_igtk_kde
*) ie
->igtk
;
834 keyidx
= WPA_GET_LE16(igtk
->keyid
);
835 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: IGTK keyid %d "
836 "pn %02x%02x%02x%02x%02x%02x",
837 keyidx
, MAC2STR(igtk
->pn
));
838 wpa_hexdump_key(MSG_DEBUG
, "WPA: IGTK",
841 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
842 "WPA: Invalid IGTK KeyID %d", keyidx
);
845 if (wpa_sm_set_key(sm
, wpa_cipher_to_alg(sm
->mgmt_group_cipher
),
846 broadcast_ether_addr
,
847 keyidx
, 0, igtk
->pn
, sizeof(igtk
->pn
),
848 igtk
->igtk
, len
) < 0) {
849 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
850 "WPA: Failed to configure IGTK to the driver");
856 #else /* CONFIG_IEEE80211W */
858 #endif /* CONFIG_IEEE80211W */
862 static void wpa_report_ie_mismatch(struct wpa_sm
*sm
,
863 const char *reason
, const u8
*src_addr
,
864 const u8
*wpa_ie
, size_t wpa_ie_len
,
865 const u8
*rsn_ie
, size_t rsn_ie_len
)
867 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
, "WPA: %s (src=" MACSTR
")",
868 reason
, MAC2STR(src_addr
));
871 wpa_hexdump(MSG_INFO
, "WPA: WPA IE in Beacon/ProbeResp",
872 sm
->ap_wpa_ie
, sm
->ap_wpa_ie_len
);
875 if (!sm
->ap_wpa_ie
) {
876 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
877 "WPA: No WPA IE in Beacon/ProbeResp");
879 wpa_hexdump(MSG_INFO
, "WPA: WPA IE in 3/4 msg",
884 wpa_hexdump(MSG_INFO
, "WPA: RSN IE in Beacon/ProbeResp",
885 sm
->ap_rsn_ie
, sm
->ap_rsn_ie_len
);
888 if (!sm
->ap_rsn_ie
) {
889 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
890 "WPA: No RSN IE in Beacon/ProbeResp");
892 wpa_hexdump(MSG_INFO
, "WPA: RSN IE in 3/4 msg",
896 wpa_sm_deauthenticate(sm
, WLAN_REASON_IE_IN_4WAY_DIFFERS
);
900 #ifdef CONFIG_IEEE80211R
902 static int ft_validate_mdie(struct wpa_sm
*sm
,
903 const unsigned char *src_addr
,
904 struct wpa_eapol_ie_parse
*ie
,
905 const u8
*assoc_resp_mdie
)
907 struct rsn_mdie
*mdie
;
909 mdie
= (struct rsn_mdie
*) (ie
->mdie
+ 2);
910 if (ie
->mdie
== NULL
|| ie
->mdie_len
< 2 + sizeof(*mdie
) ||
911 os_memcmp(mdie
->mobility_domain
, sm
->mobility_domain
,
912 MOBILITY_DOMAIN_ID_LEN
) != 0) {
913 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "FT: MDIE in msg 3/4 did "
914 "not match with the current mobility domain");
918 if (assoc_resp_mdie
&&
919 (assoc_resp_mdie
[1] != ie
->mdie
[1] ||
920 os_memcmp(assoc_resp_mdie
, ie
->mdie
, 2 + ie
->mdie
[1]) != 0)) {
921 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "FT: MDIE mismatch");
922 wpa_hexdump(MSG_DEBUG
, "FT: MDIE in EAPOL-Key msg 3/4",
923 ie
->mdie
, 2 + ie
->mdie
[1]);
924 wpa_hexdump(MSG_DEBUG
, "FT: MDIE in (Re)Association Response",
925 assoc_resp_mdie
, 2 + assoc_resp_mdie
[1]);
933 static int ft_validate_ftie(struct wpa_sm
*sm
,
934 const unsigned char *src_addr
,
935 struct wpa_eapol_ie_parse
*ie
,
936 const u8
*assoc_resp_ftie
)
938 if (ie
->ftie
== NULL
) {
939 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
940 "FT: No FTIE in EAPOL-Key msg 3/4");
944 if (assoc_resp_ftie
== NULL
)
947 if (assoc_resp_ftie
[1] != ie
->ftie
[1] ||
948 os_memcmp(assoc_resp_ftie
, ie
->ftie
, 2 + ie
->ftie
[1]) != 0) {
949 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "FT: FTIE mismatch");
950 wpa_hexdump(MSG_DEBUG
, "FT: FTIE in EAPOL-Key msg 3/4",
951 ie
->ftie
, 2 + ie
->ftie
[1]);
952 wpa_hexdump(MSG_DEBUG
, "FT: FTIE in (Re)Association Response",
953 assoc_resp_ftie
, 2 + assoc_resp_ftie
[1]);
961 static int ft_validate_rsnie(struct wpa_sm
*sm
,
962 const unsigned char *src_addr
,
963 struct wpa_eapol_ie_parse
*ie
)
965 struct wpa_ie_data rsn
;
971 * Verify that PMKR1Name from EAPOL-Key message 3/4
972 * matches with the value we derived.
974 if (wpa_parse_wpa_ie_rsn(ie
->rsn_ie
, ie
->rsn_ie_len
, &rsn
) < 0 ||
975 rsn
.num_pmkid
!= 1 || rsn
.pmkid
== NULL
) {
976 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "FT: No PMKR1Name in "
977 "FT 4-way handshake message 3/4");
981 if (os_memcmp_const(rsn
.pmkid
, sm
->pmk_r1_name
, WPA_PMK_NAME_LEN
) != 0)
983 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
984 "FT: PMKR1Name mismatch in "
985 "FT 4-way handshake message 3/4");
986 wpa_hexdump(MSG_DEBUG
, "FT: PMKR1Name from Authenticator",
987 rsn
.pmkid
, WPA_PMK_NAME_LEN
);
988 wpa_hexdump(MSG_DEBUG
, "FT: Derived PMKR1Name",
989 sm
->pmk_r1_name
, WPA_PMK_NAME_LEN
);
997 static int wpa_supplicant_validate_ie_ft(struct wpa_sm
*sm
,
998 const unsigned char *src_addr
,
999 struct wpa_eapol_ie_parse
*ie
)
1001 const u8
*pos
, *end
, *mdie
= NULL
, *ftie
= NULL
;
1003 if (sm
->assoc_resp_ies
) {
1004 pos
= sm
->assoc_resp_ies
;
1005 end
= pos
+ sm
->assoc_resp_ies_len
;
1006 while (pos
+ 2 < end
) {
1007 if (pos
+ 2 + pos
[1] > end
)
1010 case WLAN_EID_MOBILITY_DOMAIN
:
1013 case WLAN_EID_FAST_BSS_TRANSITION
:
1021 if (ft_validate_mdie(sm
, src_addr
, ie
, mdie
) < 0 ||
1022 ft_validate_ftie(sm
, src_addr
, ie
, ftie
) < 0 ||
1023 ft_validate_rsnie(sm
, src_addr
, ie
) < 0)
1029 #endif /* CONFIG_IEEE80211R */
1032 static int wpa_supplicant_validate_ie(struct wpa_sm
*sm
,
1033 const unsigned char *src_addr
,
1034 struct wpa_eapol_ie_parse
*ie
)
1036 if (sm
->ap_wpa_ie
== NULL
&& sm
->ap_rsn_ie
== NULL
) {
1037 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1038 "WPA: No WPA/RSN IE for this AP known. "
1039 "Trying to get from scan results");
1040 if (wpa_sm_get_beacon_ie(sm
) < 0) {
1041 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1042 "WPA: Could not find AP from "
1043 "the scan results");
1045 wpa_msg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1046 "WPA: Found the current AP from "
1047 "updated scan results");
1051 if (ie
->wpa_ie
== NULL
&& ie
->rsn_ie
== NULL
&&
1052 (sm
->ap_wpa_ie
|| sm
->ap_rsn_ie
)) {
1053 wpa_report_ie_mismatch(sm
, "IE in 3/4 msg does not match "
1054 "with IE in Beacon/ProbeResp (no IE?)",
1055 src_addr
, ie
->wpa_ie
, ie
->wpa_ie_len
,
1056 ie
->rsn_ie
, ie
->rsn_ie_len
);
1060 if ((ie
->wpa_ie
&& sm
->ap_wpa_ie
&&
1061 (ie
->wpa_ie_len
!= sm
->ap_wpa_ie_len
||
1062 os_memcmp(ie
->wpa_ie
, sm
->ap_wpa_ie
, ie
->wpa_ie_len
) != 0)) ||
1063 (ie
->rsn_ie
&& sm
->ap_rsn_ie
&&
1064 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm
->key_mgmt
),
1065 sm
->ap_rsn_ie
, sm
->ap_rsn_ie_len
,
1066 ie
->rsn_ie
, ie
->rsn_ie_len
))) {
1067 wpa_report_ie_mismatch(sm
, "IE in 3/4 msg does not match "
1068 "with IE in Beacon/ProbeResp",
1069 src_addr
, ie
->wpa_ie
, ie
->wpa_ie_len
,
1070 ie
->rsn_ie
, ie
->rsn_ie_len
);
1074 if (sm
->proto
== WPA_PROTO_WPA
&&
1075 ie
->rsn_ie
&& sm
->ap_rsn_ie
== NULL
&& sm
->rsn_enabled
) {
1076 wpa_report_ie_mismatch(sm
, "Possible downgrade attack "
1077 "detected - RSN was enabled and RSN IE "
1078 "was in msg 3/4, but not in "
1080 src_addr
, ie
->wpa_ie
, ie
->wpa_ie_len
,
1081 ie
->rsn_ie
, ie
->rsn_ie_len
);
1085 #ifdef CONFIG_IEEE80211R
1086 if (wpa_key_mgmt_ft(sm
->key_mgmt
) &&
1087 wpa_supplicant_validate_ie_ft(sm
, src_addr
, ie
) < 0)
1089 #endif /* CONFIG_IEEE80211R */
1096 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
1097 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1098 * @dst: Destination address for the frame
1099 * @key: Pointer to the EAPOL-Key frame header
1100 * @ver: Version bits from EAPOL-Key Key Info
1101 * @key_info: Key Info
1102 * @ptk: PTK to use for keyed hash and encryption
1103 * Returns: 0 on success, -1 on failure
1105 int wpa_supplicant_send_4_of_4(struct wpa_sm
*sm
, const unsigned char *dst
,
1106 const struct wpa_eapol_key
*key
,
1107 u16 ver
, u16 key_info
,
1108 struct wpa_ptk
*ptk
)
1110 size_t mic_len
, hdrlen
, rlen
;
1111 struct wpa_eapol_key
*reply
;
1112 struct wpa_eapol_key_192
*reply192
;
1115 mic_len
= wpa_mic_len(sm
->key_mgmt
);
1116 hdrlen
= mic_len
== 24 ? sizeof(*reply192
) : sizeof(*reply
);
1117 rbuf
= wpa_sm_alloc_eapol(sm
, IEEE802_1X_TYPE_EAPOL_KEY
, NULL
,
1118 hdrlen
, &rlen
, (void *) &reply
);
1121 reply192
= (struct wpa_eapol_key_192
*) reply
;
1123 reply
->type
= (sm
->proto
== WPA_PROTO_RSN
||
1124 sm
->proto
== WPA_PROTO_OSEN
) ?
1125 EAPOL_KEY_TYPE_RSN
: EAPOL_KEY_TYPE_WPA
;
1126 key_info
&= WPA_KEY_INFO_SECURE
;
1127 key_info
|= ver
| WPA_KEY_INFO_KEY_TYPE
| WPA_KEY_INFO_MIC
;
1128 WPA_PUT_BE16(reply
->key_info
, key_info
);
1129 if (sm
->proto
== WPA_PROTO_RSN
|| sm
->proto
== WPA_PROTO_OSEN
)
1130 WPA_PUT_BE16(reply
->key_length
, 0);
1132 os_memcpy(reply
->key_length
, key
->key_length
, 2);
1133 os_memcpy(reply
->replay_counter
, key
->replay_counter
,
1134 WPA_REPLAY_COUNTER_LEN
);
1136 key_mic
= reply192
->key_mic
; /* same offset for reply and reply192 */
1138 WPA_PUT_BE16(reply192
->key_data_length
, 0);
1140 WPA_PUT_BE16(reply
->key_data_length
, 0);
1142 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: Sending EAPOL-Key 4/4");
1143 wpa_eapol_key_send(sm
, ptk
->kck
, ptk
->kck_len
, ver
, dst
, ETH_P_EAPOL
,
1144 rbuf
, rlen
, key_mic
);
1150 static void wpa_supplicant_process_3_of_4(struct wpa_sm
*sm
,
1151 const struct wpa_eapol_key
*key
,
1152 u16 ver
, const u8
*key_data
,
1153 size_t key_data_len
)
1155 u16 key_info
, keylen
;
1156 struct wpa_eapol_ie_parse ie
;
1158 wpa_sm_set_state(sm
, WPA_4WAY_HANDSHAKE
);
1159 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: RX message 3 of 4-Way "
1160 "Handshake from " MACSTR
" (ver=%d)", MAC2STR(sm
->bssid
), ver
);
1162 key_info
= WPA_GET_BE16(key
->key_info
);
1164 wpa_hexdump(MSG_DEBUG
, "WPA: IE KeyData", key_data
, key_data_len
);
1165 if (wpa_supplicant_parse_ies(key_data
, key_data_len
, &ie
) < 0)
1167 if (ie
.gtk
&& !(key_info
& WPA_KEY_INFO_ENCR_KEY_DATA
)) {
1168 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1169 "WPA: GTK IE in unencrypted key data");
1172 #ifdef CONFIG_IEEE80211W
1173 if (ie
.igtk
&& !(key_info
& WPA_KEY_INFO_ENCR_KEY_DATA
)) {
1174 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1175 "WPA: IGTK KDE in unencrypted key data");
1180 wpa_cipher_valid_mgmt_group(sm
->mgmt_group_cipher
) &&
1181 ie
.igtk_len
!= WPA_IGTK_KDE_PREFIX_LEN
+
1182 (unsigned int) wpa_cipher_key_len(sm
->mgmt_group_cipher
)) {
1183 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1184 "WPA: Invalid IGTK KDE length %lu",
1185 (unsigned long) ie
.igtk_len
);
1188 #endif /* CONFIG_IEEE80211W */
1190 if (wpa_supplicant_validate_ie(sm
, sm
->bssid
, &ie
) < 0)
1193 if (os_memcmp(sm
->anonce
, key
->key_nonce
, WPA_NONCE_LEN
) != 0) {
1194 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1195 "WPA: ANonce from message 1 of 4-Way Handshake "
1196 "differs from 3 of 4-Way Handshake - drop packet (src="
1197 MACSTR
")", MAC2STR(sm
->bssid
));
1201 keylen
= WPA_GET_BE16(key
->key_length
);
1202 if (keylen
!= wpa_cipher_key_len(sm
->pairwise_cipher
)) {
1203 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1204 "WPA: Invalid %s key length %d (src=" MACSTR
1205 ")", wpa_cipher_txt(sm
->pairwise_cipher
), keylen
,
1206 MAC2STR(sm
->bssid
));
1211 if (ie
.ip_addr_alloc
) {
1212 os_memcpy(sm
->p2p_ip_addr
, ie
.ip_addr_alloc
, 3 * 4);
1213 wpa_hexdump(MSG_DEBUG
, "P2P: IP address info",
1214 sm
->p2p_ip_addr
, sizeof(sm
->p2p_ip_addr
));
1216 #endif /* CONFIG_P2P */
1218 if (wpa_supplicant_send_4_of_4(sm
, sm
->bssid
, key
, ver
, key_info
,
1223 /* SNonce was successfully used in msg 3/4, so mark it to be renewed
1224 * for the next 4-Way Handshake. If msg 3 is received again, the old
1225 * SNonce will still be used to avoid changing PTK. */
1226 sm
->renew_snonce
= 1;
1228 if (key_info
& WPA_KEY_INFO_INSTALL
) {
1229 if (wpa_supplicant_install_ptk(sm
, key
))
1233 if (key_info
& WPA_KEY_INFO_SECURE
) {
1234 wpa_sm_mlme_setprotection(
1235 sm
, sm
->bssid
, MLME_SETPROTECTION_PROTECT_TYPE_RX
,
1236 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE
);
1237 eapol_sm_notify_portValid(sm
->eapol
, TRUE
);
1239 wpa_sm_set_state(sm
, WPA_GROUP_HANDSHAKE
);
1241 if (sm
->group_cipher
== WPA_CIPHER_GTK_NOT_USED
) {
1242 wpa_supplicant_key_neg_complete(sm
, sm
->bssid
,
1243 key_info
& WPA_KEY_INFO_SECURE
);
1244 } else if (ie
.gtk
&&
1245 wpa_supplicant_pairwise_gtk(sm
, key
,
1246 ie
.gtk
, ie
.gtk_len
, key_info
) < 0) {
1247 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1248 "RSN: Failed to configure GTK");
1252 if (ieee80211w_set_keys(sm
, &ie
) < 0) {
1253 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1254 "RSN: Failed to configure IGTK");
1259 wpa_sm_set_rekey_offload(sm
);
1261 if (sm
->proto
== WPA_PROTO_RSN
&& wpa_key_mgmt_suite_b(sm
->key_mgmt
)) {
1262 struct rsn_pmksa_cache_entry
*sa
;
1264 sa
= pmksa_cache_add(sm
->pmksa
, sm
->pmk
, sm
->pmk_len
,
1265 sm
->ptk
.kck
, sm
->ptk
.kck_len
,
1266 sm
->bssid
, sm
->own_addr
,
1267 sm
->network_ctx
, sm
->key_mgmt
);
1272 sm
->msg_3_of_4_ok
= 1;
1276 wpa_sm_deauthenticate(sm
, WLAN_REASON_UNSPECIFIED
);
1280 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm
*sm
,
1284 struct wpa_gtk_data
*gd
)
1287 struct wpa_eapol_ie_parse ie
;
1289 wpa_hexdump(MSG_DEBUG
, "RSN: msg 1/2 key data", keydata
, keydatalen
);
1290 if (wpa_supplicant_parse_ies(keydata
, keydatalen
, &ie
) < 0)
1292 if (ie
.gtk
&& !(key_info
& WPA_KEY_INFO_ENCR_KEY_DATA
)) {
1293 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1294 "WPA: GTK IE in unencrypted key data");
1297 if (ie
.gtk
== NULL
) {
1298 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1299 "WPA: No GTK IE in Group Key msg 1/2");
1302 maxkeylen
= gd
->gtk_len
= ie
.gtk_len
- 2;
1304 if (wpa_supplicant_check_group_cipher(sm
, sm
->group_cipher
,
1305 gd
->gtk_len
, maxkeylen
,
1306 &gd
->key_rsc_len
, &gd
->alg
))
1309 wpa_hexdump_key(MSG_DEBUG
, "RSN: received GTK in group key handshake",
1310 ie
.gtk
, ie
.gtk_len
);
1311 gd
->keyidx
= ie
.gtk
[0] & 0x3;
1312 gd
->tx
= wpa_supplicant_gtk_tx_bit_workaround(sm
,
1313 !!(ie
.gtk
[0] & BIT(2)));
1314 if (ie
.gtk_len
- 2 > sizeof(gd
->gtk
)) {
1315 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1316 "RSN: Too long GTK in GTK IE (len=%lu)",
1317 (unsigned long) ie
.gtk_len
- 2);
1320 os_memcpy(gd
->gtk
, ie
.gtk
+ 2, ie
.gtk_len
- 2);
1322 if (ieee80211w_set_keys(sm
, &ie
) < 0)
1323 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1324 "RSN: Failed to configure IGTK");
1330 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm
*sm
,
1331 const struct wpa_eapol_key
*key
,
1333 size_t key_data_len
, u16 key_info
,
1334 u16 ver
, struct wpa_gtk_data
*gd
)
1339 gtk_len
= WPA_GET_BE16(key
->key_length
);
1340 maxkeylen
= key_data_len
;
1341 if (ver
== WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
) {
1342 if (maxkeylen
< 8) {
1343 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1344 "WPA: Too short maxkeylen (%lu)",
1345 (unsigned long) maxkeylen
);
1351 if (gtk_len
> maxkeylen
||
1352 wpa_supplicant_check_group_cipher(sm
, sm
->group_cipher
,
1354 &gd
->key_rsc_len
, &gd
->alg
))
1357 gd
->gtk_len
= gtk_len
;
1358 gd
->keyidx
= (key_info
& WPA_KEY_INFO_KEY_INDEX_MASK
) >>
1359 WPA_KEY_INFO_KEY_INDEX_SHIFT
;
1360 if (ver
== WPA_KEY_INFO_TYPE_HMAC_MD5_RC4
&& sm
->ptk
.kek_len
== 16) {
1361 #ifdef CONFIG_NO_RC4
1362 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1363 "WPA: RC4 not supported in the build");
1365 #else /* CONFIG_NO_RC4 */
1367 if (key_data_len
> sizeof(gd
->gtk
)) {
1368 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1369 "WPA: RC4 key data too long (%lu)",
1370 (unsigned long) key_data_len
);
1373 os_memcpy(ek
, key
->key_iv
, 16);
1374 os_memcpy(ek
+ 16, sm
->ptk
.kek
, sm
->ptk
.kek_len
);
1375 os_memcpy(gd
->gtk
, key_data
, key_data_len
);
1376 if (rc4_skip(ek
, 32, 256, gd
->gtk
, key_data_len
)) {
1377 os_memset(ek
, 0, sizeof(ek
));
1378 wpa_msg(sm
->ctx
->msg_ctx
, MSG_ERROR
,
1382 os_memset(ek
, 0, sizeof(ek
));
1383 #endif /* CONFIG_NO_RC4 */
1384 } else if (ver
== WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
) {
1385 if (maxkeylen
% 8) {
1386 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1387 "WPA: Unsupported AES-WRAP len %lu",
1388 (unsigned long) maxkeylen
);
1391 if (maxkeylen
> sizeof(gd
->gtk
)) {
1392 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1393 "WPA: AES-WRAP key data "
1394 "too long (keydatalen=%lu maxkeylen=%lu)",
1395 (unsigned long) key_data_len
,
1396 (unsigned long) maxkeylen
);
1399 if (aes_unwrap(sm
->ptk
.kek
, sm
->ptk
.kek_len
, maxkeylen
/ 8,
1400 key_data
, gd
->gtk
)) {
1401 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1402 "WPA: AES unwrap failed - could not decrypt "
1407 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1408 "WPA: Unsupported key_info type %d", ver
);
1411 gd
->tx
= wpa_supplicant_gtk_tx_bit_workaround(
1412 sm
, !!(key_info
& WPA_KEY_INFO_TXRX
));
1417 static int wpa_supplicant_send_2_of_2(struct wpa_sm
*sm
,
1418 const struct wpa_eapol_key
*key
,
1419 int ver
, u16 key_info
)
1421 size_t mic_len
, hdrlen
, rlen
;
1422 struct wpa_eapol_key
*reply
;
1423 struct wpa_eapol_key_192
*reply192
;
1426 mic_len
= wpa_mic_len(sm
->key_mgmt
);
1427 hdrlen
= mic_len
== 24 ? sizeof(*reply192
) : sizeof(*reply
);
1428 rbuf
= wpa_sm_alloc_eapol(sm
, IEEE802_1X_TYPE_EAPOL_KEY
, NULL
,
1429 hdrlen
, &rlen
, (void *) &reply
);
1432 reply192
= (struct wpa_eapol_key_192
*) reply
;
1434 reply
->type
= (sm
->proto
== WPA_PROTO_RSN
||
1435 sm
->proto
== WPA_PROTO_OSEN
) ?
1436 EAPOL_KEY_TYPE_RSN
: EAPOL_KEY_TYPE_WPA
;
1437 key_info
&= WPA_KEY_INFO_KEY_INDEX_MASK
;
1438 key_info
|= ver
| WPA_KEY_INFO_MIC
| WPA_KEY_INFO_SECURE
;
1439 WPA_PUT_BE16(reply
->key_info
, key_info
);
1440 if (sm
->proto
== WPA_PROTO_RSN
|| sm
->proto
== WPA_PROTO_OSEN
)
1441 WPA_PUT_BE16(reply
->key_length
, 0);
1443 os_memcpy(reply
->key_length
, key
->key_length
, 2);
1444 os_memcpy(reply
->replay_counter
, key
->replay_counter
,
1445 WPA_REPLAY_COUNTER_LEN
);
1447 key_mic
= reply192
->key_mic
; /* same offset for reply and reply192 */
1449 WPA_PUT_BE16(reply192
->key_data_length
, 0);
1451 WPA_PUT_BE16(reply
->key_data_length
, 0);
1453 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: Sending EAPOL-Key 2/2");
1454 wpa_eapol_key_send(sm
, sm
->ptk
.kck
, sm
->ptk
.kck_len
, ver
, sm
->bssid
,
1455 ETH_P_EAPOL
, rbuf
, rlen
, key_mic
);
1461 static void wpa_supplicant_process_1_of_2(struct wpa_sm
*sm
,
1462 const unsigned char *src_addr
,
1463 const struct wpa_eapol_key
*key
,
1465 size_t key_data_len
, u16 ver
)
1469 struct wpa_gtk_data gd
;
1471 if (!sm
->msg_3_of_4_ok
) {
1472 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1473 "WPA: Group Key Handshake started prior to completion of 4-way handshake");
1477 os_memset(&gd
, 0, sizeof(gd
));
1479 rekey
= wpa_sm_get_state(sm
) == WPA_COMPLETED
;
1480 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: RX message 1 of Group Key "
1481 "Handshake from " MACSTR
" (ver=%d)", MAC2STR(src_addr
), ver
);
1483 key_info
= WPA_GET_BE16(key
->key_info
);
1485 if (sm
->proto
== WPA_PROTO_RSN
|| sm
->proto
== WPA_PROTO_OSEN
) {
1486 ret
= wpa_supplicant_process_1_of_2_rsn(sm
, key_data
,
1487 key_data_len
, key_info
,
1490 ret
= wpa_supplicant_process_1_of_2_wpa(sm
, key
, key_data
,
1492 key_info
, ver
, &gd
);
1495 wpa_sm_set_state(sm
, WPA_GROUP_HANDSHAKE
);
1500 if (wpa_supplicant_install_gtk(sm
, &gd
, key
->key_rsc
) ||
1501 wpa_supplicant_send_2_of_2(sm
, key
, ver
, key_info
))
1503 os_memset(&gd
, 0, sizeof(gd
));
1506 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
, "WPA: Group rekeying "
1507 "completed with " MACSTR
" [GTK=%s]",
1508 MAC2STR(sm
->bssid
), wpa_cipher_txt(sm
->group_cipher
));
1509 wpa_sm_cancel_auth_timeout(sm
);
1510 wpa_sm_set_state(sm
, WPA_COMPLETED
);
1512 wpa_supplicant_key_neg_complete(sm
, sm
->bssid
,
1514 WPA_KEY_INFO_SECURE
);
1517 wpa_sm_set_rekey_offload(sm
);
1522 os_memset(&gd
, 0, sizeof(gd
));
1523 wpa_sm_deauthenticate(sm
, WLAN_REASON_UNSPECIFIED
);
1527 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm
*sm
,
1528 struct wpa_eapol_key_192
*key
,
1530 const u8
*buf
, size_t len
)
1532 u8 mic
[WPA_EAPOL_KEY_MIC_MAX_LEN
];
1534 size_t mic_len
= wpa_mic_len(sm
->key_mgmt
);
1536 os_memcpy(mic
, key
->key_mic
, mic_len
);
1538 os_memset(key
->key_mic
, 0, mic_len
);
1539 wpa_eapol_key_mic(sm
->tptk
.kck
, sm
->tptk
.kck_len
, sm
->key_mgmt
,
1540 ver
, buf
, len
, key
->key_mic
);
1541 if (os_memcmp_const(mic
, key
->key_mic
, mic_len
) != 0) {
1542 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1543 "WPA: Invalid EAPOL-Key MIC "
1544 "when using TPTK - ignoring TPTK");
1549 os_memcpy(&sm
->ptk
, &sm
->tptk
, sizeof(sm
->ptk
));
1550 os_memset(&sm
->tptk
, 0, sizeof(sm
->tptk
));
1554 if (!ok
&& sm
->ptk_set
) {
1555 os_memset(key
->key_mic
, 0, mic_len
);
1556 wpa_eapol_key_mic(sm
->ptk
.kck
, sm
->ptk
.kck_len
, sm
->key_mgmt
,
1557 ver
, buf
, len
, key
->key_mic
);
1558 if (os_memcmp_const(mic
, key
->key_mic
, mic_len
) != 0) {
1559 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1560 "WPA: Invalid EAPOL-Key MIC - "
1568 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1569 "WPA: Could not verify EAPOL-Key MIC - "
1574 os_memcpy(sm
->rx_replay_counter
, key
->replay_counter
,
1575 WPA_REPLAY_COUNTER_LEN
);
1576 sm
->rx_replay_counter_set
= 1;
1581 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
1582 static int wpa_supplicant_decrypt_key_data(struct wpa_sm
*sm
,
1583 struct wpa_eapol_key
*key
, u16 ver
,
1584 u8
*key_data
, size_t *key_data_len
)
1586 wpa_hexdump(MSG_DEBUG
, "RSN: encrypted key data",
1587 key_data
, *key_data_len
);
1589 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1590 "WPA: PTK not available, cannot decrypt EAPOL-Key Key "
1595 /* Decrypt key data here so that this operation does not need
1596 * to be implemented separately for each message type. */
1597 if (ver
== WPA_KEY_INFO_TYPE_HMAC_MD5_RC4
&& sm
->ptk
.kek_len
== 16) {
1598 #ifdef CONFIG_NO_RC4
1599 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1600 "WPA: RC4 not supported in the build");
1602 #else /* CONFIG_NO_RC4 */
1604 os_memcpy(ek
, key
->key_iv
, 16);
1605 os_memcpy(ek
+ 16, sm
->ptk
.kek
, sm
->ptk
.kek_len
);
1606 if (rc4_skip(ek
, 32, 256, key_data
, *key_data_len
)) {
1607 os_memset(ek
, 0, sizeof(ek
));
1608 wpa_msg(sm
->ctx
->msg_ctx
, MSG_ERROR
,
1612 os_memset(ek
, 0, sizeof(ek
));
1613 #endif /* CONFIG_NO_RC4 */
1614 } else if (ver
== WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
||
1615 ver
== WPA_KEY_INFO_TYPE_AES_128_CMAC
||
1616 sm
->key_mgmt
== WPA_KEY_MGMT_OSEN
||
1617 wpa_key_mgmt_suite_b(sm
->key_mgmt
)) {
1619 if (*key_data_len
< 8 || *key_data_len
% 8) {
1620 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1621 "WPA: Unsupported AES-WRAP len %u",
1622 (unsigned int) *key_data_len
);
1625 *key_data_len
-= 8; /* AES-WRAP adds 8 bytes */
1626 buf
= os_malloc(*key_data_len
);
1628 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1629 "WPA: No memory for AES-UNWRAP buffer");
1632 if (aes_unwrap(sm
->ptk
.kek
, sm
->ptk
.kek_len
, *key_data_len
/ 8,
1635 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1636 "WPA: AES unwrap failed - "
1637 "could not decrypt EAPOL-Key key data");
1640 os_memcpy(key_data
, buf
, *key_data_len
);
1642 WPA_PUT_BE16(key
->key_data_length
, *key_data_len
);
1644 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1645 "WPA: Unsupported key_info type %d", ver
);
1648 wpa_hexdump_key(MSG_DEBUG
, "WPA: decrypted EAPOL-Key key data",
1649 key_data
, *key_data_len
);
1655 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1656 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1658 void wpa_sm_aborted_cached(struct wpa_sm
*sm
)
1660 if (sm
&& sm
->cur_pmksa
) {
1661 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1662 "RSN: Cancelling PMKSA caching attempt");
1663 sm
->cur_pmksa
= NULL
;
1668 static void wpa_eapol_key_dump(struct wpa_sm
*sm
,
1669 const struct wpa_eapol_key
*key
,
1670 unsigned int key_data_len
,
1671 const u8
*mic
, unsigned int mic_len
)
1673 #ifndef CONFIG_NO_STDOUT_DEBUG
1674 u16 key_info
= WPA_GET_BE16(key
->key_info
);
1676 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, " EAPOL-Key type=%d", key
->type
);
1677 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1678 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
1679 key_info
, key_info
& WPA_KEY_INFO_TYPE_MASK
,
1680 (key_info
& WPA_KEY_INFO_KEY_INDEX_MASK
) >>
1681 WPA_KEY_INFO_KEY_INDEX_SHIFT
,
1682 (key_info
& (BIT(13) | BIT(14) | BIT(15))) >> 13,
1683 key_info
& WPA_KEY_INFO_KEY_TYPE
? "Pairwise" : "Group",
1684 key_info
& WPA_KEY_INFO_INSTALL
? " Install" : "",
1685 key_info
& WPA_KEY_INFO_ACK
? " Ack" : "",
1686 key_info
& WPA_KEY_INFO_MIC
? " MIC" : "",
1687 key_info
& WPA_KEY_INFO_SECURE
? " Secure" : "",
1688 key_info
& WPA_KEY_INFO_ERROR
? " Error" : "",
1689 key_info
& WPA_KEY_INFO_REQUEST
? " Request" : "",
1690 key_info
& WPA_KEY_INFO_ENCR_KEY_DATA
? " Encr" : "");
1691 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1692 " key_length=%u key_data_length=%u",
1693 WPA_GET_BE16(key
->key_length
), key_data_len
);
1694 wpa_hexdump(MSG_DEBUG
, " replay_counter",
1695 key
->replay_counter
, WPA_REPLAY_COUNTER_LEN
);
1696 wpa_hexdump(MSG_DEBUG
, " key_nonce", key
->key_nonce
, WPA_NONCE_LEN
);
1697 wpa_hexdump(MSG_DEBUG
, " key_iv", key
->key_iv
, 16);
1698 wpa_hexdump(MSG_DEBUG
, " key_rsc", key
->key_rsc
, 8);
1699 wpa_hexdump(MSG_DEBUG
, " key_id (reserved)", key
->key_id
, 8);
1700 wpa_hexdump(MSG_DEBUG
, " key_mic", mic
, mic_len
);
1701 #endif /* CONFIG_NO_STDOUT_DEBUG */
1706 * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1707 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1708 * @src_addr: Source MAC address of the EAPOL packet
1709 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1710 * @len: Length of the EAPOL frame
1711 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1713 * This function is called for each received EAPOL frame. Other than EAPOL-Key
1714 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1715 * only processing WPA and WPA2 EAPOL-Key frames.
1717 * The received EAPOL-Key packets are validated and valid packets are replied
1718 * to. In addition, key material (PTK, GTK) is configured at the end of a
1719 * successful key handshake.
1721 int wpa_sm_rx_eapol(struct wpa_sm
*sm
, const u8
*src_addr
,
1722 const u8
*buf
, size_t len
)
1724 size_t plen
, data_len
, key_data_len
;
1725 const struct ieee802_1x_hdr
*hdr
;
1726 struct wpa_eapol_key
*key
;
1727 struct wpa_eapol_key_192
*key192
;
1731 struct wpa_peerkey
*peerkey
= NULL
;
1733 size_t mic_len
, keyhdrlen
;
1735 #ifdef CONFIG_IEEE80211R
1736 sm
->ft_completed
= 0;
1737 #endif /* CONFIG_IEEE80211R */
1739 mic_len
= wpa_mic_len(sm
->key_mgmt
);
1740 keyhdrlen
= mic_len
== 24 ? sizeof(*key192
) : sizeof(*key
);
1742 if (len
< sizeof(*hdr
) + keyhdrlen
) {
1743 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1744 "WPA: EAPOL frame too short to be a WPA "
1745 "EAPOL-Key (len %lu, expecting at least %lu)",
1746 (unsigned long) len
,
1747 (unsigned long) sizeof(*hdr
) + keyhdrlen
);
1751 hdr
= (const struct ieee802_1x_hdr
*) buf
;
1752 plen
= be_to_host16(hdr
->length
);
1753 data_len
= plen
+ sizeof(*hdr
);
1754 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1755 "IEEE 802.1X RX: version=%d type=%d length=%lu",
1756 hdr
->version
, hdr
->type
, (unsigned long) plen
);
1758 if (hdr
->version
< EAPOL_VERSION
) {
1759 /* TODO: backwards compatibility */
1761 if (hdr
->type
!= IEEE802_1X_TYPE_EAPOL_KEY
) {
1762 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1763 "WPA: EAPOL frame (type %u) discarded, "
1764 "not a Key frame", hdr
->type
);
1768 wpa_hexdump(MSG_MSGDUMP
, "WPA: RX EAPOL-Key", buf
, len
);
1769 if (plen
> len
- sizeof(*hdr
) || plen
< keyhdrlen
) {
1770 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1771 "WPA: EAPOL frame payload size %lu "
1772 "invalid (frame size %lu)",
1773 (unsigned long) plen
, (unsigned long) len
);
1777 if (data_len
< len
) {
1778 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1779 "WPA: ignoring %lu bytes after the IEEE 802.1X data",
1780 (unsigned long) len
- data_len
);
1784 * Make a copy of the frame since we need to modify the buffer during
1785 * MAC validation and Key Data decryption.
1787 tmp
= os_malloc(data_len
);
1790 os_memcpy(tmp
, buf
, data_len
);
1791 key
= (struct wpa_eapol_key
*) (tmp
+ sizeof(struct ieee802_1x_hdr
));
1792 key192
= (struct wpa_eapol_key_192
*)
1793 (tmp
+ sizeof(struct ieee802_1x_hdr
));
1795 key_data
= (u8
*) (key192
+ 1);
1797 key_data
= (u8
*) (key
+ 1);
1799 if (key
->type
!= EAPOL_KEY_TYPE_WPA
&& key
->type
!= EAPOL_KEY_TYPE_RSN
)
1801 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1802 "WPA: EAPOL-Key type (%d) unknown, discarded",
1809 key_data_len
= WPA_GET_BE16(key192
->key_data_length
);
1811 key_data_len
= WPA_GET_BE16(key
->key_data_length
);
1812 wpa_eapol_key_dump(sm
, key
, key_data_len
, key192
->key_mic
, mic_len
);
1814 if (key_data_len
> plen
- keyhdrlen
) {
1815 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
, "WPA: Invalid EAPOL-Key "
1816 "frame - key_data overflow (%u > %u)",
1817 (unsigned int) key_data_len
,
1818 (unsigned int) (plen
- keyhdrlen
));
1822 eapol_sm_notify_lower_layer_success(sm
->eapol
, 0);
1823 key_info
= WPA_GET_BE16(key
->key_info
);
1824 ver
= key_info
& WPA_KEY_INFO_TYPE_MASK
;
1825 if (ver
!= WPA_KEY_INFO_TYPE_HMAC_MD5_RC4
&&
1826 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1827 ver
!= WPA_KEY_INFO_TYPE_AES_128_CMAC
&&
1828 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1829 ver
!= WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
&&
1830 !wpa_key_mgmt_suite_b(sm
->key_mgmt
) &&
1831 sm
->key_mgmt
!= WPA_KEY_MGMT_OSEN
) {
1832 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1833 "WPA: Unsupported EAPOL-Key descriptor version %d",
1838 if (sm
->key_mgmt
== WPA_KEY_MGMT_OSEN
&&
1839 ver
!= WPA_KEY_INFO_TYPE_AKM_DEFINED
) {
1840 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1841 "OSEN: Unsupported EAPOL-Key descriptor version %d",
1846 if (wpa_key_mgmt_suite_b(sm
->key_mgmt
) &&
1847 ver
!= WPA_KEY_INFO_TYPE_AKM_DEFINED
) {
1848 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1849 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
1854 #ifdef CONFIG_IEEE80211R
1855 if (wpa_key_mgmt_ft(sm
->key_mgmt
)) {
1856 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1857 if (ver
!= WPA_KEY_INFO_TYPE_AES_128_CMAC
) {
1858 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1859 "FT: AP did not use AES-128-CMAC");
1863 #endif /* CONFIG_IEEE80211R */
1864 #ifdef CONFIG_IEEE80211W
1865 if (wpa_key_mgmt_sha256(sm
->key_mgmt
)) {
1866 if (ver
!= WPA_KEY_INFO_TYPE_AES_128_CMAC
&&
1867 sm
->key_mgmt
!= WPA_KEY_MGMT_OSEN
&&
1868 !wpa_key_mgmt_suite_b(sm
->key_mgmt
)) {
1869 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1870 "WPA: AP did not use the "
1871 "negotiated AES-128-CMAC");
1875 #endif /* CONFIG_IEEE80211W */
1876 if (sm
->pairwise_cipher
== WPA_CIPHER_CCMP
&&
1877 !wpa_key_mgmt_suite_b(sm
->key_mgmt
) &&
1878 ver
!= WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
) {
1879 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1880 "WPA: CCMP is used, but EAPOL-Key "
1881 "descriptor version (%d) is not 2", ver
);
1882 if (sm
->group_cipher
!= WPA_CIPHER_CCMP
&&
1883 !(key_info
& WPA_KEY_INFO_KEY_TYPE
)) {
1884 /* Earlier versions of IEEE 802.11i did not explicitly
1885 * require version 2 descriptor for all EAPOL-Key
1886 * packets, so allow group keys to use version 1 if
1887 * CCMP is not used for them. */
1888 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1889 "WPA: Backwards compatibility: allow invalid "
1890 "version for non-CCMP group keys");
1891 } else if (ver
== WPA_KEY_INFO_TYPE_AES_128_CMAC
) {
1892 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1893 "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
1896 } else if (sm
->pairwise_cipher
== WPA_CIPHER_GCMP
&&
1897 !wpa_key_mgmt_suite_b(sm
->key_mgmt
) &&
1898 ver
!= WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
) {
1899 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1900 "WPA: GCMP is used, but EAPOL-Key "
1901 "descriptor version (%d) is not 2", ver
);
1905 #ifdef CONFIG_PEERKEY
1906 for (peerkey
= sm
->peerkey
; peerkey
; peerkey
= peerkey
->next
) {
1907 if (os_memcmp(peerkey
->addr
, src_addr
, ETH_ALEN
) == 0)
1911 if (!(key_info
& WPA_KEY_INFO_SMK_MESSAGE
) && peerkey
) {
1912 if (!peerkey
->initiator
&& peerkey
->replay_counter_set
&&
1913 os_memcmp(key
->replay_counter
, peerkey
->replay_counter
,
1914 WPA_REPLAY_COUNTER_LEN
) <= 0) {
1915 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1916 "RSN: EAPOL-Key Replay Counter did not "
1917 "increase (STK) - dropping packet");
1919 } else if (peerkey
->initiator
) {
1920 u8 _tmp
[WPA_REPLAY_COUNTER_LEN
];
1921 os_memcpy(_tmp
, key
->replay_counter
,
1922 WPA_REPLAY_COUNTER_LEN
);
1923 inc_byte_array(_tmp
, WPA_REPLAY_COUNTER_LEN
);
1924 if (os_memcmp(_tmp
, peerkey
->replay_counter
,
1925 WPA_REPLAY_COUNTER_LEN
) != 0) {
1926 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1927 "RSN: EAPOL-Key Replay "
1928 "Counter did not match (STK) - "
1935 if (peerkey
&& peerkey
->initiator
&& (key_info
& WPA_KEY_INFO_ACK
)) {
1936 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1937 "RSN: Ack bit in key_info from STK peer");
1940 #endif /* CONFIG_PEERKEY */
1942 if (!peerkey
&& sm
->rx_replay_counter_set
&&
1943 os_memcmp(key
->replay_counter
, sm
->rx_replay_counter
,
1944 WPA_REPLAY_COUNTER_LEN
) <= 0) {
1945 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1946 "WPA: EAPOL-Key Replay Counter did not increase - "
1951 if (!(key_info
& (WPA_KEY_INFO_ACK
| WPA_KEY_INFO_SMK_MESSAGE
))
1952 #ifdef CONFIG_PEERKEY
1953 && (peerkey
== NULL
|| !peerkey
->initiator
)
1954 #endif /* CONFIG_PEERKEY */
1956 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1957 "WPA: No Ack bit in key_info");
1961 if (key_info
& WPA_KEY_INFO_REQUEST
) {
1962 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1963 "WPA: EAPOL-Key with Request bit - dropped");
1967 if ((key_info
& WPA_KEY_INFO_MIC
) && !peerkey
&&
1968 wpa_supplicant_verify_eapol_key_mic(sm
, key192
, ver
, tmp
, data_len
))
1971 #ifdef CONFIG_PEERKEY
1972 if ((key_info
& WPA_KEY_INFO_MIC
) && peerkey
&&
1973 peerkey_verify_eapol_key_mic(sm
, peerkey
, key192
, ver
, tmp
,
1976 #endif /* CONFIG_PEERKEY */
1978 if ((sm
->proto
== WPA_PROTO_RSN
|| sm
->proto
== WPA_PROTO_OSEN
) &&
1979 (key_info
& WPA_KEY_INFO_ENCR_KEY_DATA
)) {
1980 if (wpa_supplicant_decrypt_key_data(sm
, key
, ver
, key_data
,
1985 if (key_info
& WPA_KEY_INFO_KEY_TYPE
) {
1986 if (key_info
& WPA_KEY_INFO_KEY_INDEX_MASK
) {
1987 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1988 "WPA: Ignored EAPOL-Key (Pairwise) with "
1989 "non-zero key index");
1993 /* PeerKey 4-Way Handshake */
1994 peerkey_rx_eapol_4way(sm
, peerkey
, key
, key_info
, ver
,
1995 key_data
, key_data_len
);
1996 } else if (key_info
& WPA_KEY_INFO_MIC
) {
1997 /* 3/4 4-Way Handshake */
1998 wpa_supplicant_process_3_of_4(sm
, key
, ver
, key_data
,
2001 /* 1/4 4-Way Handshake */
2002 wpa_supplicant_process_1_of_4(sm
, src_addr
, key
,
2006 } else if (key_info
& WPA_KEY_INFO_SMK_MESSAGE
) {
2007 /* PeerKey SMK Handshake */
2008 peerkey_rx_eapol_smk(sm
, src_addr
, key
, key_data_len
, key_info
,
2011 if (key_info
& WPA_KEY_INFO_MIC
) {
2012 /* 1/2 Group Key Handshake */
2013 wpa_supplicant_process_1_of_2(sm
, src_addr
, key
,
2014 key_data
, key_data_len
,
2017 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
2018 "WPA: EAPOL-Key (Group) without Mic bit - "
2026 bin_clear_free(tmp
, data_len
);
2031 #ifdef CONFIG_CTRL_IFACE
2032 static u32
wpa_key_mgmt_suite(struct wpa_sm
*sm
)
2034 switch (sm
->key_mgmt
) {
2035 case WPA_KEY_MGMT_IEEE8021X
:
2036 return ((sm
->proto
== WPA_PROTO_RSN
||
2037 sm
->proto
== WPA_PROTO_OSEN
) ?
2038 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X
:
2039 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X
);
2040 case WPA_KEY_MGMT_PSK
:
2041 return (sm
->proto
== WPA_PROTO_RSN
?
2042 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X
:
2043 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X
);
2044 #ifdef CONFIG_IEEE80211R
2045 case WPA_KEY_MGMT_FT_IEEE8021X
:
2046 return RSN_AUTH_KEY_MGMT_FT_802_1X
;
2047 case WPA_KEY_MGMT_FT_PSK
:
2048 return RSN_AUTH_KEY_MGMT_FT_PSK
;
2049 #endif /* CONFIG_IEEE80211R */
2050 #ifdef CONFIG_IEEE80211W
2051 case WPA_KEY_MGMT_IEEE8021X_SHA256
:
2052 return RSN_AUTH_KEY_MGMT_802_1X_SHA256
;
2053 case WPA_KEY_MGMT_PSK_SHA256
:
2054 return RSN_AUTH_KEY_MGMT_PSK_SHA256
;
2055 #endif /* CONFIG_IEEE80211W */
2056 case WPA_KEY_MGMT_CCKM
:
2057 return (sm
->proto
== WPA_PROTO_RSN
?
2058 RSN_AUTH_KEY_MGMT_CCKM
:
2059 WPA_AUTH_KEY_MGMT_CCKM
);
2060 case WPA_KEY_MGMT_WPA_NONE
:
2061 return WPA_AUTH_KEY_MGMT_NONE
;
2062 case WPA_KEY_MGMT_IEEE8021X_SUITE_B
:
2063 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B
;
2064 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
:
2065 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192
;
2072 #define RSN_SUITE "%02x-%02x-%02x-%d"
2073 #define RSN_SUITE_ARG(s) \
2074 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2077 * wpa_sm_get_mib - Dump text list of MIB entries
2078 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2079 * @buf: Buffer for the list
2080 * @buflen: Length of the buffer
2081 * Returns: Number of bytes written to buffer
2083 * This function is used fetch dot11 MIB variables.
2085 int wpa_sm_get_mib(struct wpa_sm
*sm
, char *buf
, size_t buflen
)
2087 char pmkid_txt
[PMKID_LEN
* 2 + 1];
2091 if (sm
->cur_pmksa
) {
2092 wpa_snprintf_hex(pmkid_txt
, sizeof(pmkid_txt
),
2093 sm
->cur_pmksa
->pmkid
, PMKID_LEN
);
2095 pmkid_txt
[0] = '\0';
2097 if ((wpa_key_mgmt_wpa_psk(sm
->key_mgmt
) ||
2098 wpa_key_mgmt_wpa_ieee8021x(sm
->key_mgmt
)) &&
2099 sm
->proto
== WPA_PROTO_RSN
)
2104 ret
= os_snprintf(buf
, buflen
,
2105 "dot11RSNAOptionImplemented=TRUE\n"
2106 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2107 "dot11RSNAEnabled=%s\n"
2108 "dot11RSNAPreauthenticationEnabled=%s\n"
2109 "dot11RSNAConfigVersion=%d\n"
2110 "dot11RSNAConfigPairwiseKeysSupported=5\n"
2111 "dot11RSNAConfigGroupCipherSize=%d\n"
2112 "dot11RSNAConfigPMKLifetime=%d\n"
2113 "dot11RSNAConfigPMKReauthThreshold=%d\n"
2114 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
2115 "dot11RSNAConfigSATimeout=%d\n",
2116 rsna
? "TRUE" : "FALSE",
2117 rsna
? "TRUE" : "FALSE",
2119 wpa_cipher_key_len(sm
->group_cipher
) * 8,
2120 sm
->dot11RSNAConfigPMKLifetime
,
2121 sm
->dot11RSNAConfigPMKReauthThreshold
,
2122 sm
->dot11RSNAConfigSATimeout
);
2123 if (os_snprintf_error(buflen
, ret
))
2128 buf
+ len
, buflen
- len
,
2129 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE
"\n"
2130 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE
"\n"
2131 "dot11RSNAGroupCipherSelected=" RSN_SUITE
"\n"
2132 "dot11RSNAPMKIDUsed=%s\n"
2133 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE
"\n"
2134 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE
"\n"
2135 "dot11RSNAGroupCipherRequested=" RSN_SUITE
"\n"
2136 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
2137 "dot11RSNA4WayHandshakeFailures=%u\n",
2138 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm
)),
2139 RSN_SUITE_ARG(wpa_cipher_to_suite(sm
->proto
,
2140 sm
->pairwise_cipher
)),
2141 RSN_SUITE_ARG(wpa_cipher_to_suite(sm
->proto
,
2144 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm
)),
2145 RSN_SUITE_ARG(wpa_cipher_to_suite(sm
->proto
,
2146 sm
->pairwise_cipher
)),
2147 RSN_SUITE_ARG(wpa_cipher_to_suite(sm
->proto
,
2149 sm
->dot11RSNA4WayHandshakeFailures
);
2150 if (!os_snprintf_error(buflen
- len
, ret
))
2155 #endif /* CONFIG_CTRL_IFACE */
2158 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry
*entry
,
2159 void *ctx
, enum pmksa_free_reason reason
)
2161 struct wpa_sm
*sm
= ctx
;
2164 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "RSN: PMKSA cache entry free_cb: "
2165 MACSTR
" reason=%d", MAC2STR(entry
->aa
), reason
);
2167 if (sm
->cur_pmksa
== entry
) {
2168 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
2169 "RSN: %s current PMKSA entry",
2170 reason
== PMKSA_REPLACE
? "replaced" : "removed");
2171 pmksa_cache_clear_current(sm
);
2174 * If an entry is simply being replaced, there's no need to
2175 * deauthenticate because it will be immediately re-added.
2176 * This happens when EAP authentication is completed again
2177 * (reauth or failed PMKSA caching attempt).
2179 if (reason
!= PMKSA_REPLACE
)
2183 if (reason
== PMKSA_EXPIRE
&&
2184 (sm
->pmk_len
== entry
->pmk_len
&&
2185 os_memcmp(sm
->pmk
, entry
->pmk
, sm
->pmk_len
) == 0)) {
2186 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
2187 "RSN: deauthenticating due to expired PMK");
2188 pmksa_cache_clear_current(sm
);
2193 os_memset(sm
->pmk
, 0, sizeof(sm
->pmk
));
2194 wpa_sm_deauthenticate(sm
, WLAN_REASON_UNSPECIFIED
);
2200 * wpa_sm_init - Initialize WPA state machine
2201 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
2202 * Returns: Pointer to the allocated WPA state machine data
2204 * This function is used to allocate a new WPA state machine and the returned
2205 * value is passed to all WPA state machine calls.
2207 struct wpa_sm
* wpa_sm_init(struct wpa_sm_ctx
*ctx
)
2211 sm
= os_zalloc(sizeof(*sm
));
2214 dl_list_init(&sm
->pmksa_candidates
);
2215 sm
->renew_snonce
= 1;
2218 sm
->dot11RSNAConfigPMKLifetime
= 43200;
2219 sm
->dot11RSNAConfigPMKReauthThreshold
= 70;
2220 sm
->dot11RSNAConfigSATimeout
= 60;
2222 sm
->pmksa
= pmksa_cache_init(wpa_sm_pmksa_free_cb
, sm
, sm
);
2223 if (sm
->pmksa
== NULL
) {
2224 wpa_msg(sm
->ctx
->msg_ctx
, MSG_ERROR
,
2225 "RSN: PMKSA cache initialization failed");
2235 * wpa_sm_deinit - Deinitialize WPA state machine
2236 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2238 void wpa_sm_deinit(struct wpa_sm
*sm
)
2242 pmksa_cache_deinit(sm
->pmksa
);
2243 eloop_cancel_timeout(wpa_sm_start_preauth
, sm
, NULL
);
2244 eloop_cancel_timeout(wpa_sm_rekey_ptk
, sm
, NULL
);
2245 os_free(sm
->assoc_wpa_ie
);
2246 os_free(sm
->ap_wpa_ie
);
2247 os_free(sm
->ap_rsn_ie
);
2251 #ifdef CONFIG_IEEE80211R
2252 os_free(sm
->assoc_resp_ies
);
2253 #endif /* CONFIG_IEEE80211R */
2259 * wpa_sm_notify_assoc - Notify WPA state machine about association
2260 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2261 * @bssid: The BSSID of the new association
2263 * This function is called to let WPA state machine know that the connection
2266 void wpa_sm_notify_assoc(struct wpa_sm
*sm
, const u8
*bssid
)
2273 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
2274 "WPA: Association event - clear replay counter");
2275 os_memcpy(sm
->bssid
, bssid
, ETH_ALEN
);
2276 os_memset(sm
->rx_replay_counter
, 0, WPA_REPLAY_COUNTER_LEN
);
2277 sm
->rx_replay_counter_set
= 0;
2278 sm
->renew_snonce
= 1;
2279 if (os_memcmp(sm
->preauth_bssid
, bssid
, ETH_ALEN
) == 0)
2280 rsn_preauth_deinit(sm
);
2282 #ifdef CONFIG_IEEE80211R
2283 if (wpa_ft_is_completed(sm
)) {
2285 * Clear portValid to kick EAPOL state machine to re-enter
2286 * AUTHENTICATED state to get the EAPOL port Authorized.
2288 eapol_sm_notify_portValid(sm
->eapol
, FALSE
);
2289 wpa_supplicant_key_neg_complete(sm
, sm
->bssid
, 1);
2291 /* Prepare for the next transition */
2292 wpa_ft_prepare_auth_request(sm
, NULL
);
2296 #endif /* CONFIG_IEEE80211R */
2300 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2301 * this is not part of a Fast BSS Transition.
2303 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: Clear old PTK");
2305 os_memset(&sm
->ptk
, 0, sizeof(sm
->ptk
));
2307 os_memset(&sm
->tptk
, 0, sizeof(sm
->tptk
));
2312 #endif /* CONFIG_TDLS */
2315 os_memset(sm
->p2p_ip_addr
, 0, sizeof(sm
->p2p_ip_addr
));
2316 #endif /* CONFIG_P2P */
2321 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
2322 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2324 * This function is called to let WPA state machine know that the connection
2325 * was lost. This will abort any existing pre-authentication session.
2327 void wpa_sm_notify_disassoc(struct wpa_sm
*sm
)
2329 eloop_cancel_timeout(wpa_sm_start_preauth
, sm
, NULL
);
2330 eloop_cancel_timeout(wpa_sm_rekey_ptk
, sm
, NULL
);
2332 rsn_preauth_deinit(sm
);
2333 pmksa_cache_clear_current(sm
);
2334 if (wpa_sm_get_state(sm
) == WPA_4WAY_HANDSHAKE
)
2335 sm
->dot11RSNA4WayHandshakeFailures
++;
2337 wpa_tdls_disassoc(sm
);
2338 #endif /* CONFIG_TDLS */
2340 /* Keys are not needed in the WPA state machine anymore */
2343 sm
->msg_3_of_4_ok
= 0;
2348 * wpa_sm_set_pmk - Set PMK
2349 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2351 * @pmk_len: The length of the new PMK in bytes
2352 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK
2354 * Configure the PMK for WPA state machine.
2356 void wpa_sm_set_pmk(struct wpa_sm
*sm
, const u8
*pmk
, size_t pmk_len
,
2362 sm
->pmk_len
= pmk_len
;
2363 os_memcpy(sm
->pmk
, pmk
, pmk_len
);
2365 #ifdef CONFIG_IEEE80211R
2366 /* Set XXKey to be PSK for FT key derivation */
2367 sm
->xxkey_len
= pmk_len
;
2368 os_memcpy(sm
->xxkey
, pmk
, pmk_len
);
2369 #endif /* CONFIG_IEEE80211R */
2372 pmksa_cache_add(sm
->pmksa
, pmk
, pmk_len
, NULL
, 0,
2373 bssid
, sm
->own_addr
,
2374 sm
->network_ctx
, sm
->key_mgmt
);
2380 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
2381 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2383 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
2386 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm
*sm
)
2391 if (sm
->cur_pmksa
) {
2392 sm
->pmk_len
= sm
->cur_pmksa
->pmk_len
;
2393 os_memcpy(sm
->pmk
, sm
->cur_pmksa
->pmk
, sm
->pmk_len
);
2395 sm
->pmk_len
= PMK_LEN
;
2396 os_memset(sm
->pmk
, 0, PMK_LEN
);
2402 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2403 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2404 * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2406 void wpa_sm_set_fast_reauth(struct wpa_sm
*sm
, int fast_reauth
)
2409 sm
->fast_reauth
= fast_reauth
;
2414 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2415 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2416 * @scard_ctx: Context pointer for smartcard related callback functions
2418 void wpa_sm_set_scard_ctx(struct wpa_sm
*sm
, void *scard_ctx
)
2422 sm
->scard_ctx
= scard_ctx
;
2423 if (sm
->preauth_eapol
)
2424 eapol_sm_register_scard_ctx(sm
->preauth_eapol
, scard_ctx
);
2429 * wpa_sm_set_config - Notification of current configration change
2430 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2431 * @config: Pointer to current network configuration
2433 * Notify WPA state machine that configuration has changed. config will be
2434 * stored as a backpointer to network configuration. This can be %NULL to clear
2435 * the stored pointed.
2437 void wpa_sm_set_config(struct wpa_sm
*sm
, struct rsn_supp_config
*config
)
2443 sm
->network_ctx
= config
->network_ctx
;
2444 sm
->peerkey_enabled
= config
->peerkey_enabled
;
2445 sm
->allowed_pairwise_cipher
= config
->allowed_pairwise_cipher
;
2446 sm
->proactive_key_caching
= config
->proactive_key_caching
;
2447 sm
->eap_workaround
= config
->eap_workaround
;
2448 sm
->eap_conf_ctx
= config
->eap_conf_ctx
;
2450 os_memcpy(sm
->ssid
, config
->ssid
, config
->ssid_len
);
2451 sm
->ssid_len
= config
->ssid_len
;
2454 sm
->wpa_ptk_rekey
= config
->wpa_ptk_rekey
;
2455 sm
->p2p
= config
->p2p
;
2457 sm
->network_ctx
= NULL
;
2458 sm
->peerkey_enabled
= 0;
2459 sm
->allowed_pairwise_cipher
= 0;
2460 sm
->proactive_key_caching
= 0;
2461 sm
->eap_workaround
= 0;
2462 sm
->eap_conf_ctx
= NULL
;
2464 sm
->wpa_ptk_rekey
= 0;
2471 * wpa_sm_set_own_addr - Set own MAC address
2472 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2473 * @addr: Own MAC address
2475 void wpa_sm_set_own_addr(struct wpa_sm
*sm
, const u8
*addr
)
2478 os_memcpy(sm
->own_addr
, addr
, ETH_ALEN
);
2483 * wpa_sm_set_ifname - Set network interface name
2484 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2485 * @ifname: Interface name
2486 * @bridge_ifname: Optional bridge interface name (for pre-auth)
2488 void wpa_sm_set_ifname(struct wpa_sm
*sm
, const char *ifname
,
2489 const char *bridge_ifname
)
2492 sm
->ifname
= ifname
;
2493 sm
->bridge_ifname
= bridge_ifname
;
2499 * wpa_sm_set_eapol - Set EAPOL state machine pointer
2500 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2501 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2503 void wpa_sm_set_eapol(struct wpa_sm
*sm
, struct eapol_sm
*eapol
)
2511 * wpa_sm_set_param - Set WPA state machine parameters
2512 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2513 * @param: Parameter field
2514 * @value: Parameter value
2515 * Returns: 0 on success, -1 on failure
2517 int wpa_sm_set_param(struct wpa_sm
*sm
, enum wpa_sm_conf_params param
,
2526 case RSNA_PMK_LIFETIME
:
2528 sm
->dot11RSNAConfigPMKLifetime
= value
;
2532 case RSNA_PMK_REAUTH_THRESHOLD
:
2533 if (value
> 0 && value
<= 100)
2534 sm
->dot11RSNAConfigPMKReauthThreshold
= value
;
2538 case RSNA_SA_TIMEOUT
:
2540 sm
->dot11RSNAConfigSATimeout
= value
;
2544 case WPA_PARAM_PROTO
:
2547 case WPA_PARAM_PAIRWISE
:
2548 sm
->pairwise_cipher
= value
;
2550 case WPA_PARAM_GROUP
:
2551 sm
->group_cipher
= value
;
2553 case WPA_PARAM_KEY_MGMT
:
2554 sm
->key_mgmt
= value
;
2556 #ifdef CONFIG_IEEE80211W
2557 case WPA_PARAM_MGMT_GROUP
:
2558 sm
->mgmt_group_cipher
= value
;
2560 #endif /* CONFIG_IEEE80211W */
2561 case WPA_PARAM_RSN_ENABLED
:
2562 sm
->rsn_enabled
= value
;
2576 * wpa_sm_get_status - Get WPA state machine
2577 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2578 * @buf: Buffer for status information
2579 * @buflen: Maximum buffer length
2580 * @verbose: Whether to include verbose status information
2581 * Returns: Number of bytes written to buf.
2583 * Query WPA state machine for status information. This function fills in
2584 * a text area with current status information. If the buffer (buf) is not
2585 * large enough, status information will be truncated to fit the buffer.
2587 int wpa_sm_get_status(struct wpa_sm
*sm
, char *buf
, size_t buflen
,
2590 char *pos
= buf
, *end
= buf
+ buflen
;
2593 ret
= os_snprintf(pos
, end
- pos
,
2594 "pairwise_cipher=%s\n"
2597 wpa_cipher_txt(sm
->pairwise_cipher
),
2598 wpa_cipher_txt(sm
->group_cipher
),
2599 wpa_key_mgmt_txt(sm
->key_mgmt
, sm
->proto
));
2600 if (os_snprintf_error(end
- pos
, ret
))
2604 if (sm
->mfp
!= NO_MGMT_FRAME_PROTECTION
&& sm
->ap_rsn_ie
) {
2605 struct wpa_ie_data rsn
;
2606 if (wpa_parse_wpa_ie_rsn(sm
->ap_rsn_ie
, sm
->ap_rsn_ie_len
, &rsn
)
2608 rsn
.capabilities
& (WPA_CAPABILITY_MFPR
|
2609 WPA_CAPABILITY_MFPC
)) {
2610 ret
= os_snprintf(pos
, end
- pos
, "pmf=%d\n",
2612 WPA_CAPABILITY_MFPR
) ? 2 : 1);
2613 if (os_snprintf_error(end
- pos
, ret
))
2623 int wpa_sm_pmf_enabled(struct wpa_sm
*sm
)
2625 struct wpa_ie_data rsn
;
2627 if (sm
->mfp
== NO_MGMT_FRAME_PROTECTION
|| !sm
->ap_rsn_ie
)
2630 if (wpa_parse_wpa_ie_rsn(sm
->ap_rsn_ie
, sm
->ap_rsn_ie_len
, &rsn
) >= 0 &&
2631 rsn
.capabilities
& (WPA_CAPABILITY_MFPR
| WPA_CAPABILITY_MFPC
))
2639 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2640 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2641 * @wpa_ie: Pointer to buffer for WPA/RSN IE
2642 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2643 * Returns: 0 on success, -1 on failure
2645 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm
*sm
, u8
*wpa_ie
,
2653 res
= wpa_gen_wpa_ie(sm
, wpa_ie
, *wpa_ie_len
);
2658 wpa_hexdump(MSG_DEBUG
, "WPA: Set own WPA IE default",
2659 wpa_ie
, *wpa_ie_len
);
2661 if (sm
->assoc_wpa_ie
== NULL
) {
2663 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2664 * the correct version of the IE even if PMKSA caching is
2665 * aborted (which would remove PMKID from IE generation).
2667 sm
->assoc_wpa_ie
= os_malloc(*wpa_ie_len
);
2668 if (sm
->assoc_wpa_ie
== NULL
)
2671 os_memcpy(sm
->assoc_wpa_ie
, wpa_ie
, *wpa_ie_len
);
2672 sm
->assoc_wpa_ie_len
= *wpa_ie_len
;
2680 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2681 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2682 * @ie: Pointer to IE data (starting from id)
2684 * Returns: 0 on success, -1 on failure
2686 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2687 * Request frame. The IE will be used to override the default value generated
2688 * with wpa_sm_set_assoc_wpa_ie_default().
2690 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm
*sm
, const u8
*ie
, size_t len
)
2695 os_free(sm
->assoc_wpa_ie
);
2696 if (ie
== NULL
|| len
== 0) {
2697 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
2698 "WPA: clearing own WPA/RSN IE");
2699 sm
->assoc_wpa_ie
= NULL
;
2700 sm
->assoc_wpa_ie_len
= 0;
2702 wpa_hexdump(MSG_DEBUG
, "WPA: set own WPA/RSN IE", ie
, len
);
2703 sm
->assoc_wpa_ie
= os_malloc(len
);
2704 if (sm
->assoc_wpa_ie
== NULL
)
2707 os_memcpy(sm
->assoc_wpa_ie
, ie
, len
);
2708 sm
->assoc_wpa_ie_len
= len
;
2716 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2717 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2718 * @ie: Pointer to IE data (starting from id)
2720 * Returns: 0 on success, -1 on failure
2722 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2725 int wpa_sm_set_ap_wpa_ie(struct wpa_sm
*sm
, const u8
*ie
, size_t len
)
2730 os_free(sm
->ap_wpa_ie
);
2731 if (ie
== NULL
|| len
== 0) {
2732 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
2733 "WPA: clearing AP WPA IE");
2734 sm
->ap_wpa_ie
= NULL
;
2735 sm
->ap_wpa_ie_len
= 0;
2737 wpa_hexdump(MSG_DEBUG
, "WPA: set AP WPA IE", ie
, len
);
2738 sm
->ap_wpa_ie
= os_malloc(len
);
2739 if (sm
->ap_wpa_ie
== NULL
)
2742 os_memcpy(sm
->ap_wpa_ie
, ie
, len
);
2743 sm
->ap_wpa_ie_len
= len
;
2751 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2752 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2753 * @ie: Pointer to IE data (starting from id)
2755 * Returns: 0 on success, -1 on failure
2757 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2760 int wpa_sm_set_ap_rsn_ie(struct wpa_sm
*sm
, const u8
*ie
, size_t len
)
2765 os_free(sm
->ap_rsn_ie
);
2766 if (ie
== NULL
|| len
== 0) {
2767 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
2768 "WPA: clearing AP RSN IE");
2769 sm
->ap_rsn_ie
= NULL
;
2770 sm
->ap_rsn_ie_len
= 0;
2772 wpa_hexdump(MSG_DEBUG
, "WPA: set AP RSN IE", ie
, len
);
2773 sm
->ap_rsn_ie
= os_malloc(len
);
2774 if (sm
->ap_rsn_ie
== NULL
)
2777 os_memcpy(sm
->ap_rsn_ie
, ie
, len
);
2778 sm
->ap_rsn_ie_len
= len
;
2786 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2787 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2788 * @data: Pointer to data area for parsing results
2789 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2791 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2792 * parsed data into data.
2794 int wpa_sm_parse_own_wpa_ie(struct wpa_sm
*sm
, struct wpa_ie_data
*data
)
2799 if (sm
->assoc_wpa_ie
== NULL
) {
2800 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
2801 "WPA: No WPA/RSN IE available from association info");
2804 if (wpa_parse_wpa_ie(sm
->assoc_wpa_ie
, sm
->assoc_wpa_ie_len
, data
))
2810 int wpa_sm_pmksa_cache_list(struct wpa_sm
*sm
, char *buf
, size_t len
)
2812 return pmksa_cache_list(sm
->pmksa
, buf
, len
);
2816 void wpa_sm_drop_sa(struct wpa_sm
*sm
)
2818 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "WPA: Clear old PMK and PTK");
2821 os_memset(sm
->pmk
, 0, sizeof(sm
->pmk
));
2822 os_memset(&sm
->ptk
, 0, sizeof(sm
->ptk
));
2823 os_memset(&sm
->tptk
, 0, sizeof(sm
->tptk
));
2824 #ifdef CONFIG_IEEE80211R
2825 os_memset(sm
->xxkey
, 0, sizeof(sm
->xxkey
));
2826 os_memset(sm
->pmk_r0
, 0, sizeof(sm
->pmk_r0
));
2827 os_memset(sm
->pmk_r1
, 0, sizeof(sm
->pmk_r1
));
2828 #endif /* CONFIG_IEEE80211R */
2832 int wpa_sm_has_ptk(struct wpa_sm
*sm
)
2840 void wpa_sm_update_replay_ctr(struct wpa_sm
*sm
, const u8
*replay_ctr
)
2842 os_memcpy(sm
->rx_replay_counter
, replay_ctr
, WPA_REPLAY_COUNTER_LEN
);
2846 void wpa_sm_pmksa_cache_flush(struct wpa_sm
*sm
, void *network_ctx
)
2848 pmksa_cache_flush(sm
->pmksa
, network_ctx
, NULL
, 0);
2853 int wpa_wnmsleep_install_key(struct wpa_sm
*sm
, u8 subelem_id
, u8
*buf
)
2856 u8 keylen
; /* plaintext key len */
2859 if (subelem_id
== WNM_SLEEP_SUBELEM_GTK
) {
2860 struct wpa_gtk_data gd
;
2862 os_memset(&gd
, 0, sizeof(gd
));
2863 keylen
= wpa_cipher_key_len(sm
->group_cipher
);
2864 gd
.key_rsc_len
= wpa_cipher_rsc_len(sm
->group_cipher
);
2865 gd
.alg
= wpa_cipher_to_alg(sm
->group_cipher
);
2866 if (gd
.alg
== WPA_ALG_NONE
) {
2867 wpa_printf(MSG_DEBUG
, "Unsupported group cipher suite");
2872 keyinfo
= WPA_GET_LE16(buf
+ 2);
2873 gd
.gtk_len
= keylen
;
2874 if (gd
.gtk_len
!= buf
[4]) {
2875 wpa_printf(MSG_DEBUG
, "GTK len mismatch len %d vs %d",
2876 gd
.gtk_len
, buf
[4]);
2879 gd
.keyidx
= keyinfo
& 0x03; /* B0 - B1 */
2880 gd
.tx
= wpa_supplicant_gtk_tx_bit_workaround(
2881 sm
, !!(keyinfo
& WPA_KEY_INFO_TXRX
));
2883 os_memcpy(gd
.gtk
, buf
+ 13, gd
.gtk_len
);
2885 wpa_hexdump_key(MSG_DEBUG
, "Install GTK (WNM SLEEP)",
2886 gd
.gtk
, gd
.gtk_len
);
2887 if (wpa_supplicant_install_gtk(sm
, &gd
, key_rsc
)) {
2888 os_memset(&gd
, 0, sizeof(gd
));
2889 wpa_printf(MSG_DEBUG
, "Failed to install the GTK in "
2893 os_memset(&gd
, 0, sizeof(gd
));
2894 #ifdef CONFIG_IEEE80211W
2895 } else if (subelem_id
== WNM_SLEEP_SUBELEM_IGTK
) {
2896 struct wpa_igtk_kde igd
;
2899 os_memset(&igd
, 0, sizeof(igd
));
2900 keylen
= wpa_cipher_key_len(sm
->mgmt_group_cipher
);
2901 os_memcpy(igd
.keyid
, buf
+ 2, 2);
2902 os_memcpy(igd
.pn
, buf
+ 4, 6);
2904 keyidx
= WPA_GET_LE16(igd
.keyid
);
2905 os_memcpy(igd
.igtk
, buf
+ 10, keylen
);
2907 wpa_hexdump_key(MSG_DEBUG
, "Install IGTK (WNM SLEEP)",
2909 if (wpa_sm_set_key(sm
, wpa_cipher_to_alg(sm
->mgmt_group_cipher
),
2910 broadcast_ether_addr
,
2911 keyidx
, 0, igd
.pn
, sizeof(igd
.pn
),
2912 igd
.igtk
, keylen
) < 0) {
2913 wpa_printf(MSG_DEBUG
, "Failed to install the IGTK in "
2915 os_memset(&igd
, 0, sizeof(igd
));
2918 os_memset(&igd
, 0, sizeof(igd
));
2919 #endif /* CONFIG_IEEE80211W */
2921 wpa_printf(MSG_DEBUG
, "Unknown element id");
2927 #endif /* CONFIG_WNM */
2930 #ifdef CONFIG_PEERKEY
2931 int wpa_sm_rx_eapol_peerkey(struct wpa_sm
*sm
, const u8
*src_addr
,
2932 const u8
*buf
, size_t len
)
2934 struct wpa_peerkey
*peerkey
;
2936 for (peerkey
= sm
->peerkey
; peerkey
; peerkey
= peerkey
->next
) {
2937 if (os_memcmp(peerkey
->addr
, src_addr
, ETH_ALEN
) == 0)
2944 wpa_sm_rx_eapol(sm
, src_addr
, buf
, len
);
2948 #endif /* CONFIG_PEERKEY */
2953 int wpa_sm_get_p2p_ip_addr(struct wpa_sm
*sm
, u8
*buf
)
2955 if (sm
== NULL
|| WPA_GET_BE32(sm
->p2p_ip_addr
) == 0)
2957 os_memcpy(buf
, sm
->p2p_ip_addr
, 3 * 4);
2961 #endif /* CONFIG_P2P */
2964 void wpa_sm_set_rx_replay_ctr(struct wpa_sm
*sm
, const u8
*rx_replay_counter
)
2966 if (rx_replay_counter
== NULL
)
2969 os_memcpy(sm
->rx_replay_counter
, rx_replay_counter
,
2970 WPA_REPLAY_COUNTER_LEN
);
2971 sm
->rx_replay_counter_set
= 1;
2972 wpa_printf(MSG_DEBUG
, "Updated key replay counter");
2976 void wpa_sm_set_ptk_kck_kek(struct wpa_sm
*sm
,
2977 const u8
*ptk_kck
, size_t ptk_kck_len
,
2978 const u8
*ptk_kek
, size_t ptk_kek_len
)
2980 if (ptk_kck
&& ptk_kck_len
<= WPA_KCK_MAX_LEN
) {
2981 os_memcpy(sm
->ptk
.kck
, ptk_kck
, ptk_kck_len
);
2982 sm
->ptk
.kck_len
= ptk_kck_len
;
2983 wpa_printf(MSG_DEBUG
, "Updated PTK KCK");
2985 if (ptk_kek
&& ptk_kek_len
<= WPA_KEK_MAX_LEN
) {
2986 os_memcpy(sm
->ptk
.kek
, ptk_kek
, ptk_kek_len
);
2987 sm
->ptk
.kek_len
= ptk_kek_len
;
2988 wpa_printf(MSG_DEBUG
, "Updated PTK KEK");