]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/rsn_supp/wpa.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix Suite B 192-bit AKM to use proper PMK length
[thirdparty/hostap.git] / src / rsn_supp / wpa.c
1 /*
2 * WPA Supplicant - WPA state machine and EAPOL-Key processing
3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/aes_wrap.h"
13 #include "crypto/crypto.h"
14 #include "crypto/random.h"
15 #include "common/ieee802_11_defs.h"
16 #include "eapol_supp/eapol_supp_sm.h"
17 #include "wpa.h"
18 #include "eloop.h"
19 #include "preauth.h"
20 #include "pmksa_cache.h"
21 #include "wpa_i.h"
22 #include "wpa_ie.h"
23 #include "peerkey.h"
24
25
26 /**
27 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
28 * @sm: Pointer to WPA state machine data from wpa_sm_init()
29 * @kck: Key Confirmation Key (KCK, part of PTK)
30 * @kck_len: KCK length in octets
31 * @ver: Version field from Key Info
32 * @dest: Destination address for the frame
33 * @proto: Ethertype (usually ETH_P_EAPOL)
34 * @msg: EAPOL-Key message
35 * @msg_len: Length of message
36 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
37 */
38 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
39 int ver, const u8 *dest, u16 proto,
40 u8 *msg, size_t msg_len, u8 *key_mic)
41 {
42 size_t mic_len = wpa_mic_len(sm->key_mgmt);
43
44 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
45 /*
46 * Association event was not yet received; try to fetch
47 * BSSID from the driver.
48 */
49 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
50 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
51 "WPA: Failed to read BSSID for "
52 "EAPOL-Key destination address");
53 } else {
54 dest = sm->bssid;
55 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
56 "WPA: Use BSSID (" MACSTR
57 ") as the destination for EAPOL-Key",
58 MAC2STR(dest));
59 }
60 }
61 if (key_mic &&
62 wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len,
63 key_mic)) {
64 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
65 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
66 ver, sm->key_mgmt);
67 goto out;
68 }
69 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
70 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len);
71 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
72 wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
73 eapol_sm_notify_tx_eapol_key(sm->eapol);
74 out:
75 os_free(msg);
76 }
77
78
79 /**
80 * wpa_sm_key_request - Send EAPOL-Key Request
81 * @sm: Pointer to WPA state machine data from wpa_sm_init()
82 * @error: Indicate whether this is an Michael MIC error report
83 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
84 *
85 * Send an EAPOL-Key Request to the current authenticator. This function is
86 * used to request rekeying and it is usually called when a local Michael MIC
87 * failure is detected.
88 */
89 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
90 {
91 size_t mic_len, hdrlen, rlen;
92 struct wpa_eapol_key *reply;
93 struct wpa_eapol_key_192 *reply192;
94 int key_info, ver;
95 u8 bssid[ETH_ALEN], *rbuf, *key_mic;
96
97 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
98 wpa_key_mgmt_suite_b(sm->key_mgmt))
99 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
100 else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
101 wpa_key_mgmt_sha256(sm->key_mgmt))
102 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
103 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
104 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
105 else
106 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
107
108 if (wpa_sm_get_bssid(sm, bssid) < 0) {
109 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
110 "Failed to read BSSID for EAPOL-Key request");
111 return;
112 }
113
114 mic_len = wpa_mic_len(sm->key_mgmt);
115 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
116 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
117 hdrlen, &rlen, (void *) &reply);
118 if (rbuf == NULL)
119 return;
120 reply192 = (struct wpa_eapol_key_192 *) reply;
121
122 reply->type = (sm->proto == WPA_PROTO_RSN ||
123 sm->proto == WPA_PROTO_OSEN) ?
124 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
125 key_info = WPA_KEY_INFO_REQUEST | ver;
126 if (sm->ptk_set)
127 key_info |= WPA_KEY_INFO_MIC;
128 if (error)
129 key_info |= WPA_KEY_INFO_ERROR;
130 if (pairwise)
131 key_info |= WPA_KEY_INFO_KEY_TYPE;
132 WPA_PUT_BE16(reply->key_info, key_info);
133 WPA_PUT_BE16(reply->key_length, 0);
134 os_memcpy(reply->replay_counter, sm->request_counter,
135 WPA_REPLAY_COUNTER_LEN);
136 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
137
138 if (mic_len == 24)
139 WPA_PUT_BE16(reply192->key_data_length, 0);
140 else
141 WPA_PUT_BE16(reply->key_data_length, 0);
142 if (!(key_info & WPA_KEY_INFO_MIC))
143 key_mic = NULL;
144 else
145 key_mic = reply192->key_mic; /* same offset in reply */
146
147 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
148 "WPA: Sending EAPOL-Key Request (error=%d "
149 "pairwise=%d ptk_set=%d len=%lu)",
150 error, pairwise, sm->ptk_set, (unsigned long) rlen);
151 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
152 ETH_P_EAPOL, rbuf, rlen, key_mic);
153 }
154
155
156 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm)
157 {
158 #ifdef CONFIG_IEEE80211R
159 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
160 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len))
161 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
162 "RSN: Cannot set low order 256 bits of MSK for key management offload");
163 } else {
164 #endif /* CONFIG_IEEE80211R */
165 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len))
166 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
167 "RSN: Cannot set PMK for key management offload");
168 #ifdef CONFIG_IEEE80211R
169 }
170 #endif /* CONFIG_IEEE80211R */
171 }
172
173
174 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
175 const unsigned char *src_addr,
176 const u8 *pmkid)
177 {
178 int abort_cached = 0;
179
180 if (pmkid && !sm->cur_pmksa) {
181 /* When using drivers that generate RSN IE, wpa_supplicant may
182 * not have enough time to get the association information
183 * event before receiving this 1/4 message, so try to find a
184 * matching PMKSA cache entry here. */
185 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
186 NULL);
187 if (sm->cur_pmksa) {
188 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
189 "RSN: found matching PMKID from PMKSA cache");
190 } else {
191 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
192 "RSN: no matching PMKID found");
193 abort_cached = 1;
194 }
195 }
196
197 if (pmkid && sm->cur_pmksa &&
198 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
199 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
200 wpa_sm_set_pmk_from_pmksa(sm);
201 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
202 sm->pmk, sm->pmk_len);
203 eapol_sm_notify_cached(sm->eapol);
204 #ifdef CONFIG_IEEE80211R
205 sm->xxkey_len = 0;
206 #endif /* CONFIG_IEEE80211R */
207 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
208 int res, pmk_len;
209
210 if (sm->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
211 pmk_len = PMK_LEN_SUITE_B_192;
212 else
213 pmk_len = PMK_LEN;
214 res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len);
215 if (res) {
216 if (pmk_len == PMK_LEN) {
217 /*
218 * EAP-LEAP is an exception from other EAP
219 * methods: it uses only 16-byte PMK.
220 */
221 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
222 pmk_len = 16;
223 }
224 } else {
225 #ifdef CONFIG_IEEE80211R
226 u8 buf[2 * PMK_LEN];
227 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
228 {
229 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
230 sm->xxkey_len = PMK_LEN;
231 os_memset(buf, 0, sizeof(buf));
232 }
233 #endif /* CONFIG_IEEE80211R */
234 }
235 if (res == 0) {
236 struct rsn_pmksa_cache_entry *sa = NULL;
237 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
238 "machines", sm->pmk, pmk_len);
239 sm->pmk_len = pmk_len;
240 wpa_supplicant_key_mgmt_set_pmk(sm);
241 if (sm->proto == WPA_PROTO_RSN &&
242 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
243 !wpa_key_mgmt_ft(sm->key_mgmt)) {
244 sa = pmksa_cache_add(sm->pmksa,
245 sm->pmk, pmk_len,
246 NULL, 0,
247 src_addr, sm->own_addr,
248 sm->network_ctx,
249 sm->key_mgmt);
250 }
251 if (!sm->cur_pmksa && pmkid &&
252 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
253 {
254 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
255 "RSN: the new PMK matches with the "
256 "PMKID");
257 abort_cached = 0;
258 } else if (sa && !sm->cur_pmksa && pmkid) {
259 /*
260 * It looks like the authentication server
261 * derived mismatching MSK. This should not
262 * really happen, but bugs happen.. There is not
263 * much we can do here without knowing what
264 * exactly caused the server to misbehave.
265 */
266 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO,
267 "RSN: PMKID mismatch - authentication server may have derived different MSK?!");
268 return -1;
269 }
270
271 if (!sm->cur_pmksa)
272 sm->cur_pmksa = sa;
273 } else {
274 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
275 "WPA: Failed to get master session key from "
276 "EAPOL state machines - key handshake "
277 "aborted");
278 if (sm->cur_pmksa) {
279 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
280 "RSN: Cancelled PMKSA caching "
281 "attempt");
282 sm->cur_pmksa = NULL;
283 abort_cached = 1;
284 } else if (!abort_cached) {
285 return -1;
286 }
287 }
288 }
289
290 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
291 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
292 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
293 {
294 /* Send EAPOL-Start to trigger full EAP authentication. */
295 u8 *buf;
296 size_t buflen;
297
298 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
299 "RSN: no PMKSA entry found - trigger "
300 "full EAP authentication");
301 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
302 NULL, 0, &buflen, NULL);
303 if (buf) {
304 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
305 buf, buflen);
306 os_free(buf);
307 return -2;
308 }
309
310 return -1;
311 }
312
313 return 0;
314 }
315
316
317 /**
318 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
319 * @sm: Pointer to WPA state machine data from wpa_sm_init()
320 * @dst: Destination address for the frame
321 * @key: Pointer to the EAPOL-Key frame header
322 * @ver: Version bits from EAPOL-Key Key Info
323 * @nonce: Nonce value for the EAPOL-Key frame
324 * @wpa_ie: WPA/RSN IE
325 * @wpa_ie_len: Length of the WPA/RSN IE
326 * @ptk: PTK to use for keyed hash and encryption
327 * Returns: 0 on success, -1 on failure
328 */
329 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
330 const struct wpa_eapol_key *key,
331 int ver, const u8 *nonce,
332 const u8 *wpa_ie, size_t wpa_ie_len,
333 struct wpa_ptk *ptk)
334 {
335 size_t mic_len, hdrlen, rlen;
336 struct wpa_eapol_key *reply;
337 struct wpa_eapol_key_192 *reply192;
338 u8 *rbuf, *key_mic;
339 u8 *rsn_ie_buf = NULL;
340
341 if (wpa_ie == NULL) {
342 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
343 "cannot generate msg 2/4");
344 return -1;
345 }
346
347 #ifdef CONFIG_IEEE80211R
348 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
349 int res;
350
351 /*
352 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
353 * FTIE from (Re)Association Response.
354 */
355 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
356 sm->assoc_resp_ies_len);
357 if (rsn_ie_buf == NULL)
358 return -1;
359 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
360 res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len,
361 sm->pmk_r1_name);
362 if (res < 0) {
363 os_free(rsn_ie_buf);
364 return -1;
365 }
366 wpa_ie_len += res;
367
368 if (sm->assoc_resp_ies) {
369 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
370 sm->assoc_resp_ies_len);
371 wpa_ie_len += sm->assoc_resp_ies_len;
372 }
373
374 wpa_ie = rsn_ie_buf;
375 }
376 #endif /* CONFIG_IEEE80211R */
377
378 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
379
380 mic_len = wpa_mic_len(sm->key_mgmt);
381 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
382 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
383 NULL, hdrlen + wpa_ie_len,
384 &rlen, (void *) &reply);
385 if (rbuf == NULL) {
386 os_free(rsn_ie_buf);
387 return -1;
388 }
389 reply192 = (struct wpa_eapol_key_192 *) reply;
390
391 reply->type = (sm->proto == WPA_PROTO_RSN ||
392 sm->proto == WPA_PROTO_OSEN) ?
393 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
394 WPA_PUT_BE16(reply->key_info,
395 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
396 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
397 WPA_PUT_BE16(reply->key_length, 0);
398 else
399 os_memcpy(reply->key_length, key->key_length, 2);
400 os_memcpy(reply->replay_counter, key->replay_counter,
401 WPA_REPLAY_COUNTER_LEN);
402 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
403 WPA_REPLAY_COUNTER_LEN);
404
405 key_mic = reply192->key_mic; /* same offset for reply and reply192 */
406 if (mic_len == 24) {
407 WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len);
408 os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len);
409 } else {
410 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
411 os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
412 }
413 os_free(rsn_ie_buf);
414
415 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
416
417 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
418 wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
419 rbuf, rlen, key_mic);
420
421 return 0;
422 }
423
424
425 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
426 const struct wpa_eapol_key *key, struct wpa_ptk *ptk)
427 {
428 #ifdef CONFIG_IEEE80211R
429 if (wpa_key_mgmt_ft(sm->key_mgmt))
430 return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
431 #endif /* CONFIG_IEEE80211R */
432
433 return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
434 sm->own_addr, sm->bssid, sm->snonce,
435 key->key_nonce, ptk, sm->key_mgmt,
436 sm->pairwise_cipher);
437 }
438
439
440 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
441 const unsigned char *src_addr,
442 const struct wpa_eapol_key *key,
443 u16 ver, const u8 *key_data,
444 size_t key_data_len)
445 {
446 struct wpa_eapol_ie_parse ie;
447 struct wpa_ptk *ptk;
448 int res;
449 u8 *kde, *kde_buf = NULL;
450 size_t kde_len;
451
452 if (wpa_sm_get_network_ctx(sm) == NULL) {
453 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
454 "found (msg 1 of 4)");
455 return;
456 }
457
458 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
459 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
460 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
461
462 os_memset(&ie, 0, sizeof(ie));
463
464 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
465 /* RSN: msg 1/4 should contain PMKID for the selected PMK */
466 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
467 key_data, key_data_len);
468 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
469 goto failed;
470 if (ie.pmkid) {
471 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
472 "Authenticator", ie.pmkid, PMKID_LEN);
473 }
474 }
475
476 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
477 if (res == -2) {
478 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
479 "msg 1/4 - requesting full EAP authentication");
480 return;
481 }
482 if (res)
483 goto failed;
484
485 if (sm->renew_snonce) {
486 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
487 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
488 "WPA: Failed to get random data for SNonce");
489 goto failed;
490 }
491 sm->renew_snonce = 0;
492 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
493 sm->snonce, WPA_NONCE_LEN);
494 }
495
496 /* Calculate PTK which will be stored as a temporary PTK until it has
497 * been verified when processing message 3/4. */
498 ptk = &sm->tptk;
499 wpa_derive_ptk(sm, src_addr, key, ptk);
500 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
501 u8 buf[8];
502 /* Supplicant: swap tx/rx Mic keys */
503 os_memcpy(buf, &ptk->tk[16], 8);
504 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
505 os_memcpy(&ptk->tk[24], buf, 8);
506 os_memset(buf, 0, sizeof(buf));
507 }
508 sm->tptk_set = 1;
509 sm->tk_to_set = 1;
510
511 kde = sm->assoc_wpa_ie;
512 kde_len = sm->assoc_wpa_ie_len;
513
514 #ifdef CONFIG_P2P
515 if (sm->p2p) {
516 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
517 if (kde_buf) {
518 u8 *pos;
519 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE "
520 "into EAPOL-Key 2/4");
521 os_memcpy(kde_buf, kde, kde_len);
522 kde = kde_buf;
523 pos = kde + kde_len;
524 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
525 *pos++ = RSN_SELECTOR_LEN + 1;
526 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
527 pos += RSN_SELECTOR_LEN;
528 *pos++ = 0x01;
529 kde_len = pos - kde;
530 }
531 }
532 #endif /* CONFIG_P2P */
533
534 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
535 kde, kde_len, ptk))
536 goto failed;
537
538 os_free(kde_buf);
539 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
540 return;
541
542 failed:
543 os_free(kde_buf);
544 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
545 }
546
547
548 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
549 {
550 struct wpa_sm *sm = eloop_ctx;
551 rsn_preauth_candidate_process(sm);
552 }
553
554
555 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
556 const u8 *addr, int secure)
557 {
558 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
559 "WPA: Key negotiation completed with "
560 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
561 wpa_cipher_txt(sm->pairwise_cipher),
562 wpa_cipher_txt(sm->group_cipher));
563 wpa_sm_cancel_auth_timeout(sm);
564 wpa_sm_set_state(sm, WPA_COMPLETED);
565
566 if (secure) {
567 wpa_sm_mlme_setprotection(
568 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
569 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
570 eapol_sm_notify_portValid(sm->eapol, TRUE);
571 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
572 eapol_sm_notify_eap_success(sm->eapol, TRUE);
573 /*
574 * Start preauthentication after a short wait to avoid a
575 * possible race condition between the data receive and key
576 * configuration after the 4-Way Handshake. This increases the
577 * likelihood of the first preauth EAPOL-Start frame getting to
578 * the target AP.
579 */
580 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
581 }
582
583 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
584 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
585 "RSN: Authenticator accepted "
586 "opportunistic PMKSA entry - marking it valid");
587 sm->cur_pmksa->opportunistic = 0;
588 }
589
590 #ifdef CONFIG_IEEE80211R
591 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
592 /* Prepare for the next transition */
593 wpa_ft_prepare_auth_request(sm, NULL);
594 }
595 #endif /* CONFIG_IEEE80211R */
596 }
597
598
599 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
600 {
601 struct wpa_sm *sm = eloop_ctx;
602 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
603 wpa_sm_key_request(sm, 0, 1);
604 }
605
606
607 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
608 const struct wpa_eapol_key *key)
609 {
610 int keylen, rsclen;
611 enum wpa_alg alg;
612 const u8 *key_rsc;
613 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
614
615 if (!sm->tk_to_set) {
616 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
617 "WPA: Do not re-install same PTK to the driver");
618 return 0;
619 }
620
621 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
622 "WPA: Installing PTK to the driver");
623
624 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
625 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
626 "Suite: NONE - do not use pairwise keys");
627 return 0;
628 }
629
630 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
631 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
632 "WPA: Unsupported pairwise cipher %d",
633 sm->pairwise_cipher);
634 return -1;
635 }
636
637 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
638 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
639 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
640
641 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
642 key_rsc = null_rsc;
643 } else {
644 key_rsc = key->key_rsc;
645 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
646 }
647
648 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
649 sm->ptk.tk, keylen) < 0) {
650 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
651 "WPA: Failed to set PTK to the "
652 "driver (alg=%d keylen=%d bssid=" MACSTR ")",
653 alg, keylen, MAC2STR(sm->bssid));
654 return -1;
655 }
656
657 /* TK is not needed anymore in supplicant */
658 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
659 sm->tk_to_set = 0;
660
661 if (sm->wpa_ptk_rekey) {
662 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
663 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
664 sm, NULL);
665 }
666
667 return 0;
668 }
669
670
671 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
672 int group_cipher,
673 int keylen, int maxkeylen,
674 int *key_rsc_len,
675 enum wpa_alg *alg)
676 {
677 int klen;
678
679 *alg = wpa_cipher_to_alg(group_cipher);
680 if (*alg == WPA_ALG_NONE) {
681 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
682 "WPA: Unsupported Group Cipher %d",
683 group_cipher);
684 return -1;
685 }
686 *key_rsc_len = wpa_cipher_rsc_len(group_cipher);
687
688 klen = wpa_cipher_key_len(group_cipher);
689 if (keylen != klen || maxkeylen < klen) {
690 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
691 "WPA: Unsupported %s Group Cipher key length %d (%d)",
692 wpa_cipher_txt(group_cipher), keylen, maxkeylen);
693 return -1;
694 }
695 return 0;
696 }
697
698
699 struct wpa_gtk_data {
700 enum wpa_alg alg;
701 int tx, key_rsc_len, keyidx;
702 u8 gtk[32];
703 int gtk_len;
704 };
705
706
707 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
708 const struct wpa_gtk_data *gd,
709 const u8 *key_rsc)
710 {
711 const u8 *_gtk = gd->gtk;
712 u8 gtk_buf[32];
713
714 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
715 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
716 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
717 gd->keyidx, gd->tx, gd->gtk_len);
718 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
719 if (sm->group_cipher == WPA_CIPHER_TKIP) {
720 /* Swap Tx/Rx keys for Michael MIC */
721 os_memcpy(gtk_buf, gd->gtk, 16);
722 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
723 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
724 _gtk = gtk_buf;
725 }
726 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
727 if (wpa_sm_set_key(sm, gd->alg, NULL,
728 gd->keyidx, 1, key_rsc, gd->key_rsc_len,
729 _gtk, gd->gtk_len) < 0) {
730 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
731 "WPA: Failed to set GTK to the driver "
732 "(Group only)");
733 os_memset(gtk_buf, 0, sizeof(gtk_buf));
734 return -1;
735 }
736 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
737 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
738 _gtk, gd->gtk_len) < 0) {
739 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
740 "WPA: Failed to set GTK to "
741 "the driver (alg=%d keylen=%d keyidx=%d)",
742 gd->alg, gd->gtk_len, gd->keyidx);
743 os_memset(gtk_buf, 0, sizeof(gtk_buf));
744 return -1;
745 }
746 os_memset(gtk_buf, 0, sizeof(gtk_buf));
747
748 return 0;
749 }
750
751
752 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
753 int tx)
754 {
755 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
756 /* Ignore Tx bit for GTK if a pairwise key is used. One AP
757 * seemed to set this bit (incorrectly, since Tx is only when
758 * doing Group Key only APs) and without this workaround, the
759 * data connection does not work because wpa_supplicant
760 * configured non-zero keyidx to be used for unicast. */
761 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
762 "WPA: Tx bit set for GTK, but pairwise "
763 "keys are used - ignore Tx bit");
764 return 0;
765 }
766 return tx;
767 }
768
769
770 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
771 const struct wpa_eapol_key *key,
772 const u8 *gtk, size_t gtk_len,
773 int key_info)
774 {
775 struct wpa_gtk_data gd;
776
777 /*
778 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
779 * GTK KDE format:
780 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
781 * Reserved [bits 0-7]
782 * GTK
783 */
784
785 os_memset(&gd, 0, sizeof(gd));
786 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
787 gtk, gtk_len);
788
789 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
790 return -1;
791
792 gd.keyidx = gtk[0] & 0x3;
793 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
794 !!(gtk[0] & BIT(2)));
795 gtk += 2;
796 gtk_len -= 2;
797
798 os_memcpy(gd.gtk, gtk, gtk_len);
799 gd.gtk_len = gtk_len;
800
801 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
802 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
803 gtk_len, gtk_len,
804 &gd.key_rsc_len, &gd.alg) ||
805 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) {
806 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
807 "RSN: Failed to install GTK");
808 os_memset(&gd, 0, sizeof(gd));
809 return -1;
810 }
811 os_memset(&gd, 0, sizeof(gd));
812
813 wpa_supplicant_key_neg_complete(sm, sm->bssid,
814 key_info & WPA_KEY_INFO_SECURE);
815 return 0;
816 }
817
818
819 static int ieee80211w_set_keys(struct wpa_sm *sm,
820 struct wpa_eapol_ie_parse *ie)
821 {
822 #ifdef CONFIG_IEEE80211W
823 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
824 return 0;
825
826 if (ie->igtk) {
827 size_t len;
828 const struct wpa_igtk_kde *igtk;
829 u16 keyidx;
830 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
831 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
832 return -1;
833 igtk = (const struct wpa_igtk_kde *) ie->igtk;
834 keyidx = WPA_GET_LE16(igtk->keyid);
835 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
836 "pn %02x%02x%02x%02x%02x%02x",
837 keyidx, MAC2STR(igtk->pn));
838 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
839 igtk->igtk, len);
840 if (keyidx > 4095) {
841 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
842 "WPA: Invalid IGTK KeyID %d", keyidx);
843 return -1;
844 }
845 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
846 broadcast_ether_addr,
847 keyidx, 0, igtk->pn, sizeof(igtk->pn),
848 igtk->igtk, len) < 0) {
849 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
850 "WPA: Failed to configure IGTK to the driver");
851 return -1;
852 }
853 }
854
855 return 0;
856 #else /* CONFIG_IEEE80211W */
857 return 0;
858 #endif /* CONFIG_IEEE80211W */
859 }
860
861
862 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
863 const char *reason, const u8 *src_addr,
864 const u8 *wpa_ie, size_t wpa_ie_len,
865 const u8 *rsn_ie, size_t rsn_ie_len)
866 {
867 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
868 reason, MAC2STR(src_addr));
869
870 if (sm->ap_wpa_ie) {
871 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
872 sm->ap_wpa_ie, sm->ap_wpa_ie_len);
873 }
874 if (wpa_ie) {
875 if (!sm->ap_wpa_ie) {
876 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
877 "WPA: No WPA IE in Beacon/ProbeResp");
878 }
879 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
880 wpa_ie, wpa_ie_len);
881 }
882
883 if (sm->ap_rsn_ie) {
884 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
885 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
886 }
887 if (rsn_ie) {
888 if (!sm->ap_rsn_ie) {
889 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
890 "WPA: No RSN IE in Beacon/ProbeResp");
891 }
892 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
893 rsn_ie, rsn_ie_len);
894 }
895
896 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
897 }
898
899
900 #ifdef CONFIG_IEEE80211R
901
902 static int ft_validate_mdie(struct wpa_sm *sm,
903 const unsigned char *src_addr,
904 struct wpa_eapol_ie_parse *ie,
905 const u8 *assoc_resp_mdie)
906 {
907 struct rsn_mdie *mdie;
908
909 mdie = (struct rsn_mdie *) (ie->mdie + 2);
910 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
911 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
912 MOBILITY_DOMAIN_ID_LEN) != 0) {
913 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
914 "not match with the current mobility domain");
915 return -1;
916 }
917
918 if (assoc_resp_mdie &&
919 (assoc_resp_mdie[1] != ie->mdie[1] ||
920 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
921 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
922 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
923 ie->mdie, 2 + ie->mdie[1]);
924 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
925 assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
926 return -1;
927 }
928
929 return 0;
930 }
931
932
933 static int ft_validate_ftie(struct wpa_sm *sm,
934 const unsigned char *src_addr,
935 struct wpa_eapol_ie_parse *ie,
936 const u8 *assoc_resp_ftie)
937 {
938 if (ie->ftie == NULL) {
939 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
940 "FT: No FTIE in EAPOL-Key msg 3/4");
941 return -1;
942 }
943
944 if (assoc_resp_ftie == NULL)
945 return 0;
946
947 if (assoc_resp_ftie[1] != ie->ftie[1] ||
948 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
949 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
950 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
951 ie->ftie, 2 + ie->ftie[1]);
952 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
953 assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
954 return -1;
955 }
956
957 return 0;
958 }
959
960
961 static int ft_validate_rsnie(struct wpa_sm *sm,
962 const unsigned char *src_addr,
963 struct wpa_eapol_ie_parse *ie)
964 {
965 struct wpa_ie_data rsn;
966
967 if (!ie->rsn_ie)
968 return 0;
969
970 /*
971 * Verify that PMKR1Name from EAPOL-Key message 3/4
972 * matches with the value we derived.
973 */
974 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
975 rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
976 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
977 "FT 4-way handshake message 3/4");
978 return -1;
979 }
980
981 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
982 {
983 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
984 "FT: PMKR1Name mismatch in "
985 "FT 4-way handshake message 3/4");
986 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
987 rsn.pmkid, WPA_PMK_NAME_LEN);
988 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
989 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
990 return -1;
991 }
992
993 return 0;
994 }
995
996
997 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
998 const unsigned char *src_addr,
999 struct wpa_eapol_ie_parse *ie)
1000 {
1001 const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
1002
1003 if (sm->assoc_resp_ies) {
1004 pos = sm->assoc_resp_ies;
1005 end = pos + sm->assoc_resp_ies_len;
1006 while (pos + 2 < end) {
1007 if (pos + 2 + pos[1] > end)
1008 break;
1009 switch (*pos) {
1010 case WLAN_EID_MOBILITY_DOMAIN:
1011 mdie = pos;
1012 break;
1013 case WLAN_EID_FAST_BSS_TRANSITION:
1014 ftie = pos;
1015 break;
1016 }
1017 pos += 2 + pos[1];
1018 }
1019 }
1020
1021 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
1022 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
1023 ft_validate_rsnie(sm, src_addr, ie) < 0)
1024 return -1;
1025
1026 return 0;
1027 }
1028
1029 #endif /* CONFIG_IEEE80211R */
1030
1031
1032 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
1033 const unsigned char *src_addr,
1034 struct wpa_eapol_ie_parse *ie)
1035 {
1036 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
1037 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1038 "WPA: No WPA/RSN IE for this AP known. "
1039 "Trying to get from scan results");
1040 if (wpa_sm_get_beacon_ie(sm) < 0) {
1041 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1042 "WPA: Could not find AP from "
1043 "the scan results");
1044 } else {
1045 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
1046 "WPA: Found the current AP from "
1047 "updated scan results");
1048 }
1049 }
1050
1051 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
1052 (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
1053 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1054 "with IE in Beacon/ProbeResp (no IE?)",
1055 src_addr, ie->wpa_ie, ie->wpa_ie_len,
1056 ie->rsn_ie, ie->rsn_ie_len);
1057 return -1;
1058 }
1059
1060 if ((ie->wpa_ie && sm->ap_wpa_ie &&
1061 (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1062 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1063 (ie->rsn_ie && sm->ap_rsn_ie &&
1064 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
1065 sm->ap_rsn_ie, sm->ap_rsn_ie_len,
1066 ie->rsn_ie, ie->rsn_ie_len))) {
1067 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1068 "with IE in Beacon/ProbeResp",
1069 src_addr, ie->wpa_ie, ie->wpa_ie_len,
1070 ie->rsn_ie, ie->rsn_ie_len);
1071 return -1;
1072 }
1073
1074 if (sm->proto == WPA_PROTO_WPA &&
1075 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
1076 wpa_report_ie_mismatch(sm, "Possible downgrade attack "
1077 "detected - RSN was enabled and RSN IE "
1078 "was in msg 3/4, but not in "
1079 "Beacon/ProbeResp",
1080 src_addr, ie->wpa_ie, ie->wpa_ie_len,
1081 ie->rsn_ie, ie->rsn_ie_len);
1082 return -1;
1083 }
1084
1085 #ifdef CONFIG_IEEE80211R
1086 if (wpa_key_mgmt_ft(sm->key_mgmt) &&
1087 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
1088 return -1;
1089 #endif /* CONFIG_IEEE80211R */
1090
1091 return 0;
1092 }
1093
1094
1095 /**
1096 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
1097 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1098 * @dst: Destination address for the frame
1099 * @key: Pointer to the EAPOL-Key frame header
1100 * @ver: Version bits from EAPOL-Key Key Info
1101 * @key_info: Key Info
1102 * @ptk: PTK to use for keyed hash and encryption
1103 * Returns: 0 on success, -1 on failure
1104 */
1105 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
1106 const struct wpa_eapol_key *key,
1107 u16 ver, u16 key_info,
1108 struct wpa_ptk *ptk)
1109 {
1110 size_t mic_len, hdrlen, rlen;
1111 struct wpa_eapol_key *reply;
1112 struct wpa_eapol_key_192 *reply192;
1113 u8 *rbuf, *key_mic;
1114
1115 mic_len = wpa_mic_len(sm->key_mgmt);
1116 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1117 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1118 hdrlen, &rlen, (void *) &reply);
1119 if (rbuf == NULL)
1120 return -1;
1121 reply192 = (struct wpa_eapol_key_192 *) reply;
1122
1123 reply->type = (sm->proto == WPA_PROTO_RSN ||
1124 sm->proto == WPA_PROTO_OSEN) ?
1125 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1126 key_info &= WPA_KEY_INFO_SECURE;
1127 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
1128 WPA_PUT_BE16(reply->key_info, key_info);
1129 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1130 WPA_PUT_BE16(reply->key_length, 0);
1131 else
1132 os_memcpy(reply->key_length, key->key_length, 2);
1133 os_memcpy(reply->replay_counter, key->replay_counter,
1134 WPA_REPLAY_COUNTER_LEN);
1135
1136 key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1137 if (mic_len == 24)
1138 WPA_PUT_BE16(reply192->key_data_length, 0);
1139 else
1140 WPA_PUT_BE16(reply->key_data_length, 0);
1141
1142 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
1143 wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
1144 rbuf, rlen, key_mic);
1145
1146 return 0;
1147 }
1148
1149
1150 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1151 const struct wpa_eapol_key *key,
1152 u16 ver, const u8 *key_data,
1153 size_t key_data_len)
1154 {
1155 u16 key_info, keylen;
1156 struct wpa_eapol_ie_parse ie;
1157
1158 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1159 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
1160 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1161
1162 key_info = WPA_GET_BE16(key->key_info);
1163
1164 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
1165 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
1166 goto failed;
1167 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1168 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1169 "WPA: GTK IE in unencrypted key data");
1170 goto failed;
1171 }
1172 #ifdef CONFIG_IEEE80211W
1173 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1174 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1175 "WPA: IGTK KDE in unencrypted key data");
1176 goto failed;
1177 }
1178
1179 if (ie.igtk &&
1180 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
1181 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
1182 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
1183 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1184 "WPA: Invalid IGTK KDE length %lu",
1185 (unsigned long) ie.igtk_len);
1186 goto failed;
1187 }
1188 #endif /* CONFIG_IEEE80211W */
1189
1190 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1191 goto failed;
1192
1193 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1194 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1195 "WPA: ANonce from message 1 of 4-Way Handshake "
1196 "differs from 3 of 4-Way Handshake - drop packet (src="
1197 MACSTR ")", MAC2STR(sm->bssid));
1198 goto failed;
1199 }
1200
1201 keylen = WPA_GET_BE16(key->key_length);
1202 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1203 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1204 "WPA: Invalid %s key length %d (src=" MACSTR
1205 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1206 MAC2STR(sm->bssid));
1207 goto failed;
1208 }
1209
1210 #ifdef CONFIG_P2P
1211 if (ie.ip_addr_alloc) {
1212 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
1213 wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
1214 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
1215 }
1216 #endif /* CONFIG_P2P */
1217
1218 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1219 &sm->ptk)) {
1220 goto failed;
1221 }
1222
1223 /* SNonce was successfully used in msg 3/4, so mark it to be renewed
1224 * for the next 4-Way Handshake. If msg 3 is received again, the old
1225 * SNonce will still be used to avoid changing PTK. */
1226 sm->renew_snonce = 1;
1227
1228 if (key_info & WPA_KEY_INFO_INSTALL) {
1229 if (wpa_supplicant_install_ptk(sm, key))
1230 goto failed;
1231 }
1232
1233 if (key_info & WPA_KEY_INFO_SECURE) {
1234 wpa_sm_mlme_setprotection(
1235 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1236 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1237 eapol_sm_notify_portValid(sm->eapol, TRUE);
1238 }
1239 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1240
1241 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
1242 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1243 key_info & WPA_KEY_INFO_SECURE);
1244 } else if (ie.gtk &&
1245 wpa_supplicant_pairwise_gtk(sm, key,
1246 ie.gtk, ie.gtk_len, key_info) < 0) {
1247 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1248 "RSN: Failed to configure GTK");
1249 goto failed;
1250 }
1251
1252 if (ieee80211w_set_keys(sm, &ie) < 0) {
1253 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1254 "RSN: Failed to configure IGTK");
1255 goto failed;
1256 }
1257
1258 if (ie.gtk)
1259 wpa_sm_set_rekey_offload(sm);
1260
1261 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1262 struct rsn_pmksa_cache_entry *sa;
1263
1264 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len,
1265 sm->ptk.kck, sm->ptk.kck_len,
1266 sm->bssid, sm->own_addr,
1267 sm->network_ctx, sm->key_mgmt);
1268 if (!sm->cur_pmksa)
1269 sm->cur_pmksa = sa;
1270 }
1271
1272 sm->msg_3_of_4_ok = 1;
1273 return;
1274
1275 failed:
1276 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1277 }
1278
1279
1280 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1281 const u8 *keydata,
1282 size_t keydatalen,
1283 u16 key_info,
1284 struct wpa_gtk_data *gd)
1285 {
1286 int maxkeylen;
1287 struct wpa_eapol_ie_parse ie;
1288
1289 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
1290 if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
1291 return -1;
1292 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1293 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1294 "WPA: GTK IE in unencrypted key data");
1295 return -1;
1296 }
1297 if (ie.gtk == NULL) {
1298 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1299 "WPA: No GTK IE in Group Key msg 1/2");
1300 return -1;
1301 }
1302 maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1303
1304 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1305 gd->gtk_len, maxkeylen,
1306 &gd->key_rsc_len, &gd->alg))
1307 return -1;
1308
1309 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
1310 ie.gtk, ie.gtk_len);
1311 gd->keyidx = ie.gtk[0] & 0x3;
1312 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1313 !!(ie.gtk[0] & BIT(2)));
1314 if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1315 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1316 "RSN: Too long GTK in GTK IE (len=%lu)",
1317 (unsigned long) ie.gtk_len - 2);
1318 return -1;
1319 }
1320 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1321
1322 if (ieee80211w_set_keys(sm, &ie) < 0)
1323 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1324 "RSN: Failed to configure IGTK");
1325
1326 return 0;
1327 }
1328
1329
1330 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1331 const struct wpa_eapol_key *key,
1332 const u8 *key_data,
1333 size_t key_data_len, u16 key_info,
1334 u16 ver, struct wpa_gtk_data *gd)
1335 {
1336 size_t maxkeylen;
1337 u16 gtk_len;
1338
1339 gtk_len = WPA_GET_BE16(key->key_length);
1340 maxkeylen = key_data_len;
1341 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1342 if (maxkeylen < 8) {
1343 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1344 "WPA: Too short maxkeylen (%lu)",
1345 (unsigned long) maxkeylen);
1346 return -1;
1347 }
1348 maxkeylen -= 8;
1349 }
1350
1351 if (gtk_len > maxkeylen ||
1352 wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1353 gtk_len, maxkeylen,
1354 &gd->key_rsc_len, &gd->alg))
1355 return -1;
1356
1357 gd->gtk_len = gtk_len;
1358 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1359 WPA_KEY_INFO_KEY_INDEX_SHIFT;
1360 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1361 #ifdef CONFIG_NO_RC4
1362 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1363 "WPA: RC4 not supported in the build");
1364 return -1;
1365 #else /* CONFIG_NO_RC4 */
1366 u8 ek[32];
1367 if (key_data_len > sizeof(gd->gtk)) {
1368 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1369 "WPA: RC4 key data too long (%lu)",
1370 (unsigned long) key_data_len);
1371 return -1;
1372 }
1373 os_memcpy(ek, key->key_iv, 16);
1374 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1375 os_memcpy(gd->gtk, key_data, key_data_len);
1376 if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
1377 os_memset(ek, 0, sizeof(ek));
1378 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1379 "WPA: RC4 failed");
1380 return -1;
1381 }
1382 os_memset(ek, 0, sizeof(ek));
1383 #endif /* CONFIG_NO_RC4 */
1384 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1385 if (maxkeylen % 8) {
1386 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1387 "WPA: Unsupported AES-WRAP len %lu",
1388 (unsigned long) maxkeylen);
1389 return -1;
1390 }
1391 if (maxkeylen > sizeof(gd->gtk)) {
1392 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1393 "WPA: AES-WRAP key data "
1394 "too long (keydatalen=%lu maxkeylen=%lu)",
1395 (unsigned long) key_data_len,
1396 (unsigned long) maxkeylen);
1397 return -1;
1398 }
1399 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
1400 key_data, gd->gtk)) {
1401 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1402 "WPA: AES unwrap failed - could not decrypt "
1403 "GTK");
1404 return -1;
1405 }
1406 } else {
1407 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1408 "WPA: Unsupported key_info type %d", ver);
1409 return -1;
1410 }
1411 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1412 sm, !!(key_info & WPA_KEY_INFO_TXRX));
1413 return 0;
1414 }
1415
1416
1417 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1418 const struct wpa_eapol_key *key,
1419 int ver, u16 key_info)
1420 {
1421 size_t mic_len, hdrlen, rlen;
1422 struct wpa_eapol_key *reply;
1423 struct wpa_eapol_key_192 *reply192;
1424 u8 *rbuf, *key_mic;
1425
1426 mic_len = wpa_mic_len(sm->key_mgmt);
1427 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1428 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1429 hdrlen, &rlen, (void *) &reply);
1430 if (rbuf == NULL)
1431 return -1;
1432 reply192 = (struct wpa_eapol_key_192 *) reply;
1433
1434 reply->type = (sm->proto == WPA_PROTO_RSN ||
1435 sm->proto == WPA_PROTO_OSEN) ?
1436 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1437 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1438 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1439 WPA_PUT_BE16(reply->key_info, key_info);
1440 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1441 WPA_PUT_BE16(reply->key_length, 0);
1442 else
1443 os_memcpy(reply->key_length, key->key_length, 2);
1444 os_memcpy(reply->replay_counter, key->replay_counter,
1445 WPA_REPLAY_COUNTER_LEN);
1446
1447 key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1448 if (mic_len == 24)
1449 WPA_PUT_BE16(reply192->key_data_length, 0);
1450 else
1451 WPA_PUT_BE16(reply->key_data_length, 0);
1452
1453 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1454 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid,
1455 ETH_P_EAPOL, rbuf, rlen, key_mic);
1456
1457 return 0;
1458 }
1459
1460
1461 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1462 const unsigned char *src_addr,
1463 const struct wpa_eapol_key *key,
1464 const u8 *key_data,
1465 size_t key_data_len, u16 ver)
1466 {
1467 u16 key_info;
1468 int rekey, ret;
1469 struct wpa_gtk_data gd;
1470
1471 if (!sm->msg_3_of_4_ok) {
1472 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1473 "WPA: Group Key Handshake started prior to completion of 4-way handshake");
1474 goto failed;
1475 }
1476
1477 os_memset(&gd, 0, sizeof(gd));
1478
1479 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1480 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1481 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1482
1483 key_info = WPA_GET_BE16(key->key_info);
1484
1485 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
1486 ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
1487 key_data_len, key_info,
1488 &gd);
1489 } else {
1490 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
1491 key_data_len,
1492 key_info, ver, &gd);
1493 }
1494
1495 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1496
1497 if (ret)
1498 goto failed;
1499
1500 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
1501 wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
1502 goto failed;
1503 os_memset(&gd, 0, sizeof(gd));
1504
1505 if (rekey) {
1506 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
1507 "completed with " MACSTR " [GTK=%s]",
1508 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1509 wpa_sm_cancel_auth_timeout(sm);
1510 wpa_sm_set_state(sm, WPA_COMPLETED);
1511 } else {
1512 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1513 key_info &
1514 WPA_KEY_INFO_SECURE);
1515 }
1516
1517 wpa_sm_set_rekey_offload(sm);
1518
1519 return;
1520
1521 failed:
1522 os_memset(&gd, 0, sizeof(gd));
1523 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1524 }
1525
1526
1527 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1528 struct wpa_eapol_key_192 *key,
1529 u16 ver,
1530 const u8 *buf, size_t len)
1531 {
1532 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
1533 int ok = 0;
1534 size_t mic_len = wpa_mic_len(sm->key_mgmt);
1535
1536 os_memcpy(mic, key->key_mic, mic_len);
1537 if (sm->tptk_set) {
1538 os_memset(key->key_mic, 0, mic_len);
1539 wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
1540 ver, buf, len, key->key_mic);
1541 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1542 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1543 "WPA: Invalid EAPOL-Key MIC "
1544 "when using TPTK - ignoring TPTK");
1545 } else {
1546 ok = 1;
1547 sm->tptk_set = 0;
1548 sm->ptk_set = 1;
1549 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1550 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
1551 }
1552 }
1553
1554 if (!ok && sm->ptk_set) {
1555 os_memset(key->key_mic, 0, mic_len);
1556 wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
1557 ver, buf, len, key->key_mic);
1558 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1559 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1560 "WPA: Invalid EAPOL-Key MIC - "
1561 "dropping packet");
1562 return -1;
1563 }
1564 ok = 1;
1565 }
1566
1567 if (!ok) {
1568 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1569 "WPA: Could not verify EAPOL-Key MIC - "
1570 "dropping packet");
1571 return -1;
1572 }
1573
1574 os_memcpy(sm->rx_replay_counter, key->replay_counter,
1575 WPA_REPLAY_COUNTER_LEN);
1576 sm->rx_replay_counter_set = 1;
1577 return 0;
1578 }
1579
1580
1581 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
1582 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1583 struct wpa_eapol_key *key, u16 ver,
1584 u8 *key_data, size_t *key_data_len)
1585 {
1586 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1587 key_data, *key_data_len);
1588 if (!sm->ptk_set) {
1589 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1590 "WPA: PTK not available, cannot decrypt EAPOL-Key Key "
1591 "Data");
1592 return -1;
1593 }
1594
1595 /* Decrypt key data here so that this operation does not need
1596 * to be implemented separately for each message type. */
1597 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1598 #ifdef CONFIG_NO_RC4
1599 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1600 "WPA: RC4 not supported in the build");
1601 return -1;
1602 #else /* CONFIG_NO_RC4 */
1603 u8 ek[32];
1604 os_memcpy(ek, key->key_iv, 16);
1605 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1606 if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
1607 os_memset(ek, 0, sizeof(ek));
1608 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1609 "WPA: RC4 failed");
1610 return -1;
1611 }
1612 os_memset(ek, 0, sizeof(ek));
1613 #endif /* CONFIG_NO_RC4 */
1614 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1615 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
1616 sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
1617 wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1618 u8 *buf;
1619 if (*key_data_len < 8 || *key_data_len % 8) {
1620 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1621 "WPA: Unsupported AES-WRAP len %u",
1622 (unsigned int) *key_data_len);
1623 return -1;
1624 }
1625 *key_data_len -= 8; /* AES-WRAP adds 8 bytes */
1626 buf = os_malloc(*key_data_len);
1627 if (buf == NULL) {
1628 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1629 "WPA: No memory for AES-UNWRAP buffer");
1630 return -1;
1631 }
1632 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
1633 key_data, buf)) {
1634 os_free(buf);
1635 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1636 "WPA: AES unwrap failed - "
1637 "could not decrypt EAPOL-Key key data");
1638 return -1;
1639 }
1640 os_memcpy(key_data, buf, *key_data_len);
1641 os_free(buf);
1642 WPA_PUT_BE16(key->key_data_length, *key_data_len);
1643 } else {
1644 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1645 "WPA: Unsupported key_info type %d", ver);
1646 return -1;
1647 }
1648 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1649 key_data, *key_data_len);
1650 return 0;
1651 }
1652
1653
1654 /**
1655 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1656 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1657 */
1658 void wpa_sm_aborted_cached(struct wpa_sm *sm)
1659 {
1660 if (sm && sm->cur_pmksa) {
1661 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1662 "RSN: Cancelling PMKSA caching attempt");
1663 sm->cur_pmksa = NULL;
1664 }
1665 }
1666
1667
1668 static void wpa_eapol_key_dump(struct wpa_sm *sm,
1669 const struct wpa_eapol_key *key,
1670 unsigned int key_data_len,
1671 const u8 *mic, unsigned int mic_len)
1672 {
1673 #ifndef CONFIG_NO_STDOUT_DEBUG
1674 u16 key_info = WPA_GET_BE16(key->key_info);
1675
1676 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type);
1677 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1678 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
1679 key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1680 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1681 WPA_KEY_INFO_KEY_INDEX_SHIFT,
1682 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1683 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1684 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1685 key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1686 key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1687 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1688 key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1689 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1690 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1691 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1692 " key_length=%u key_data_length=%u",
1693 WPA_GET_BE16(key->key_length), key_data_len);
1694 wpa_hexdump(MSG_DEBUG, " replay_counter",
1695 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1696 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN);
1697 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16);
1698 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8);
1699 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8);
1700 wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len);
1701 #endif /* CONFIG_NO_STDOUT_DEBUG */
1702 }
1703
1704
1705 /**
1706 * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1707 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1708 * @src_addr: Source MAC address of the EAPOL packet
1709 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1710 * @len: Length of the EAPOL frame
1711 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1712 *
1713 * This function is called for each received EAPOL frame. Other than EAPOL-Key
1714 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1715 * only processing WPA and WPA2 EAPOL-Key frames.
1716 *
1717 * The received EAPOL-Key packets are validated and valid packets are replied
1718 * to. In addition, key material (PTK, GTK) is configured at the end of a
1719 * successful key handshake.
1720 */
1721 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1722 const u8 *buf, size_t len)
1723 {
1724 size_t plen, data_len, key_data_len;
1725 const struct ieee802_1x_hdr *hdr;
1726 struct wpa_eapol_key *key;
1727 struct wpa_eapol_key_192 *key192;
1728 u16 key_info, ver;
1729 u8 *tmp = NULL;
1730 int ret = -1;
1731 struct wpa_peerkey *peerkey = NULL;
1732 u8 *key_data;
1733 size_t mic_len, keyhdrlen;
1734
1735 #ifdef CONFIG_IEEE80211R
1736 sm->ft_completed = 0;
1737 #endif /* CONFIG_IEEE80211R */
1738
1739 mic_len = wpa_mic_len(sm->key_mgmt);
1740 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key);
1741
1742 if (len < sizeof(*hdr) + keyhdrlen) {
1743 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1744 "WPA: EAPOL frame too short to be a WPA "
1745 "EAPOL-Key (len %lu, expecting at least %lu)",
1746 (unsigned long) len,
1747 (unsigned long) sizeof(*hdr) + keyhdrlen);
1748 return 0;
1749 }
1750
1751 hdr = (const struct ieee802_1x_hdr *) buf;
1752 plen = be_to_host16(hdr->length);
1753 data_len = plen + sizeof(*hdr);
1754 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1755 "IEEE 802.1X RX: version=%d type=%d length=%lu",
1756 hdr->version, hdr->type, (unsigned long) plen);
1757
1758 if (hdr->version < EAPOL_VERSION) {
1759 /* TODO: backwards compatibility */
1760 }
1761 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1762 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1763 "WPA: EAPOL frame (type %u) discarded, "
1764 "not a Key frame", hdr->type);
1765 ret = 0;
1766 goto out;
1767 }
1768 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len);
1769 if (plen > len - sizeof(*hdr) || plen < keyhdrlen) {
1770 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1771 "WPA: EAPOL frame payload size %lu "
1772 "invalid (frame size %lu)",
1773 (unsigned long) plen, (unsigned long) len);
1774 ret = 0;
1775 goto out;
1776 }
1777 if (data_len < len) {
1778 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1779 "WPA: ignoring %lu bytes after the IEEE 802.1X data",
1780 (unsigned long) len - data_len);
1781 }
1782
1783 /*
1784 * Make a copy of the frame since we need to modify the buffer during
1785 * MAC validation and Key Data decryption.
1786 */
1787 tmp = os_malloc(data_len);
1788 if (tmp == NULL)
1789 goto out;
1790 os_memcpy(tmp, buf, data_len);
1791 key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
1792 key192 = (struct wpa_eapol_key_192 *)
1793 (tmp + sizeof(struct ieee802_1x_hdr));
1794 if (mic_len == 24)
1795 key_data = (u8 *) (key192 + 1);
1796 else
1797 key_data = (u8 *) (key + 1);
1798
1799 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1800 {
1801 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1802 "WPA: EAPOL-Key type (%d) unknown, discarded",
1803 key->type);
1804 ret = 0;
1805 goto out;
1806 }
1807
1808 if (mic_len == 24)
1809 key_data_len = WPA_GET_BE16(key192->key_data_length);
1810 else
1811 key_data_len = WPA_GET_BE16(key->key_data_length);
1812 wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len);
1813
1814 if (key_data_len > plen - keyhdrlen) {
1815 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1816 "frame - key_data overflow (%u > %u)",
1817 (unsigned int) key_data_len,
1818 (unsigned int) (plen - keyhdrlen));
1819 goto out;
1820 }
1821
1822 eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1823 key_info = WPA_GET_BE16(key->key_info);
1824 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1825 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1826 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1827 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1828 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1829 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
1830 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1831 sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
1832 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1833 "WPA: Unsupported EAPOL-Key descriptor version %d",
1834 ver);
1835 goto out;
1836 }
1837
1838 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN &&
1839 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1840 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1841 "OSEN: Unsupported EAPOL-Key descriptor version %d",
1842 ver);
1843 goto out;
1844 }
1845
1846 if (wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1847 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1848 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1849 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
1850 ver);
1851 goto out;
1852 }
1853
1854 #ifdef CONFIG_IEEE80211R
1855 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1856 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1857 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1858 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1859 "FT: AP did not use AES-128-CMAC");
1860 goto out;
1861 }
1862 } else
1863 #endif /* CONFIG_IEEE80211R */
1864 #ifdef CONFIG_IEEE80211W
1865 if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
1866 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1867 sm->key_mgmt != WPA_KEY_MGMT_OSEN &&
1868 !wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1869 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1870 "WPA: AP did not use the "
1871 "negotiated AES-128-CMAC");
1872 goto out;
1873 }
1874 } else
1875 #endif /* CONFIG_IEEE80211W */
1876 if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1877 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1878 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1879 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1880 "WPA: CCMP is used, but EAPOL-Key "
1881 "descriptor version (%d) is not 2", ver);
1882 if (sm->group_cipher != WPA_CIPHER_CCMP &&
1883 !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1884 /* Earlier versions of IEEE 802.11i did not explicitly
1885 * require version 2 descriptor for all EAPOL-Key
1886 * packets, so allow group keys to use version 1 if
1887 * CCMP is not used for them. */
1888 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1889 "WPA: Backwards compatibility: allow invalid "
1890 "version for non-CCMP group keys");
1891 } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1892 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1893 "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
1894 } else
1895 goto out;
1896 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
1897 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1898 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1899 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1900 "WPA: GCMP is used, but EAPOL-Key "
1901 "descriptor version (%d) is not 2", ver);
1902 goto out;
1903 }
1904
1905 #ifdef CONFIG_PEERKEY
1906 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1907 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1908 break;
1909 }
1910
1911 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1912 if (!peerkey->initiator && peerkey->replay_counter_set &&
1913 os_memcmp(key->replay_counter, peerkey->replay_counter,
1914 WPA_REPLAY_COUNTER_LEN) <= 0) {
1915 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1916 "RSN: EAPOL-Key Replay Counter did not "
1917 "increase (STK) - dropping packet");
1918 goto out;
1919 } else if (peerkey->initiator) {
1920 u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1921 os_memcpy(_tmp, key->replay_counter,
1922 WPA_REPLAY_COUNTER_LEN);
1923 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1924 if (os_memcmp(_tmp, peerkey->replay_counter,
1925 WPA_REPLAY_COUNTER_LEN) != 0) {
1926 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1927 "RSN: EAPOL-Key Replay "
1928 "Counter did not match (STK) - "
1929 "dropping packet");
1930 goto out;
1931 }
1932 }
1933 }
1934
1935 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1936 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1937 "RSN: Ack bit in key_info from STK peer");
1938 goto out;
1939 }
1940 #endif /* CONFIG_PEERKEY */
1941
1942 if (!peerkey && sm->rx_replay_counter_set &&
1943 os_memcmp(key->replay_counter, sm->rx_replay_counter,
1944 WPA_REPLAY_COUNTER_LEN) <= 0) {
1945 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1946 "WPA: EAPOL-Key Replay Counter did not increase - "
1947 "dropping packet");
1948 goto out;
1949 }
1950
1951 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
1952 #ifdef CONFIG_PEERKEY
1953 && (peerkey == NULL || !peerkey->initiator)
1954 #endif /* CONFIG_PEERKEY */
1955 ) {
1956 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1957 "WPA: No Ack bit in key_info");
1958 goto out;
1959 }
1960
1961 if (key_info & WPA_KEY_INFO_REQUEST) {
1962 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1963 "WPA: EAPOL-Key with Request bit - dropped");
1964 goto out;
1965 }
1966
1967 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
1968 wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len))
1969 goto out;
1970
1971 #ifdef CONFIG_PEERKEY
1972 if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
1973 peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp,
1974 data_len))
1975 goto out;
1976 #endif /* CONFIG_PEERKEY */
1977
1978 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
1979 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1980 if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
1981 &key_data_len))
1982 goto out;
1983 }
1984
1985 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1986 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
1987 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1988 "WPA: Ignored EAPOL-Key (Pairwise) with "
1989 "non-zero key index");
1990 goto out;
1991 }
1992 if (peerkey) {
1993 /* PeerKey 4-Way Handshake */
1994 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
1995 key_data, key_data_len);
1996 } else if (key_info & WPA_KEY_INFO_MIC) {
1997 /* 3/4 4-Way Handshake */
1998 wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
1999 key_data_len);
2000 } else {
2001 /* 1/4 4-Way Handshake */
2002 wpa_supplicant_process_1_of_4(sm, src_addr, key,
2003 ver, key_data,
2004 key_data_len);
2005 }
2006 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
2007 /* PeerKey SMK Handshake */
2008 peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info,
2009 ver);
2010 } else {
2011 if (key_info & WPA_KEY_INFO_MIC) {
2012 /* 1/2 Group Key Handshake */
2013 wpa_supplicant_process_1_of_2(sm, src_addr, key,
2014 key_data, key_data_len,
2015 ver);
2016 } else {
2017 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2018 "WPA: EAPOL-Key (Group) without Mic bit - "
2019 "dropped");
2020 }
2021 }
2022
2023 ret = 1;
2024
2025 out:
2026 bin_clear_free(tmp, data_len);
2027 return ret;
2028 }
2029
2030
2031 #ifdef CONFIG_CTRL_IFACE
2032 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
2033 {
2034 switch (sm->key_mgmt) {
2035 case WPA_KEY_MGMT_IEEE8021X:
2036 return ((sm->proto == WPA_PROTO_RSN ||
2037 sm->proto == WPA_PROTO_OSEN) ?
2038 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
2039 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
2040 case WPA_KEY_MGMT_PSK:
2041 return (sm->proto == WPA_PROTO_RSN ?
2042 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
2043 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
2044 #ifdef CONFIG_IEEE80211R
2045 case WPA_KEY_MGMT_FT_IEEE8021X:
2046 return RSN_AUTH_KEY_MGMT_FT_802_1X;
2047 case WPA_KEY_MGMT_FT_PSK:
2048 return RSN_AUTH_KEY_MGMT_FT_PSK;
2049 #endif /* CONFIG_IEEE80211R */
2050 #ifdef CONFIG_IEEE80211W
2051 case WPA_KEY_MGMT_IEEE8021X_SHA256:
2052 return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
2053 case WPA_KEY_MGMT_PSK_SHA256:
2054 return RSN_AUTH_KEY_MGMT_PSK_SHA256;
2055 #endif /* CONFIG_IEEE80211W */
2056 case WPA_KEY_MGMT_CCKM:
2057 return (sm->proto == WPA_PROTO_RSN ?
2058 RSN_AUTH_KEY_MGMT_CCKM:
2059 WPA_AUTH_KEY_MGMT_CCKM);
2060 case WPA_KEY_MGMT_WPA_NONE:
2061 return WPA_AUTH_KEY_MGMT_NONE;
2062 case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
2063 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
2064 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
2065 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
2066 default:
2067 return 0;
2068 }
2069 }
2070
2071
2072 #define RSN_SUITE "%02x-%02x-%02x-%d"
2073 #define RSN_SUITE_ARG(s) \
2074 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2075
2076 /**
2077 * wpa_sm_get_mib - Dump text list of MIB entries
2078 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2079 * @buf: Buffer for the list
2080 * @buflen: Length of the buffer
2081 * Returns: Number of bytes written to buffer
2082 *
2083 * This function is used fetch dot11 MIB variables.
2084 */
2085 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
2086 {
2087 char pmkid_txt[PMKID_LEN * 2 + 1];
2088 int rsna, ret;
2089 size_t len;
2090
2091 if (sm->cur_pmksa) {
2092 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2093 sm->cur_pmksa->pmkid, PMKID_LEN);
2094 } else
2095 pmkid_txt[0] = '\0';
2096
2097 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
2098 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
2099 sm->proto == WPA_PROTO_RSN)
2100 rsna = 1;
2101 else
2102 rsna = 0;
2103
2104 ret = os_snprintf(buf, buflen,
2105 "dot11RSNAOptionImplemented=TRUE\n"
2106 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2107 "dot11RSNAEnabled=%s\n"
2108 "dot11RSNAPreauthenticationEnabled=%s\n"
2109 "dot11RSNAConfigVersion=%d\n"
2110 "dot11RSNAConfigPairwiseKeysSupported=5\n"
2111 "dot11RSNAConfigGroupCipherSize=%d\n"
2112 "dot11RSNAConfigPMKLifetime=%d\n"
2113 "dot11RSNAConfigPMKReauthThreshold=%d\n"
2114 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
2115 "dot11RSNAConfigSATimeout=%d\n",
2116 rsna ? "TRUE" : "FALSE",
2117 rsna ? "TRUE" : "FALSE",
2118 RSN_VERSION,
2119 wpa_cipher_key_len(sm->group_cipher) * 8,
2120 sm->dot11RSNAConfigPMKLifetime,
2121 sm->dot11RSNAConfigPMKReauthThreshold,
2122 sm->dot11RSNAConfigSATimeout);
2123 if (os_snprintf_error(buflen, ret))
2124 return 0;
2125 len = ret;
2126
2127 ret = os_snprintf(
2128 buf + len, buflen - len,
2129 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2130 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2131 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2132 "dot11RSNAPMKIDUsed=%s\n"
2133 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2134 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2135 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2136 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
2137 "dot11RSNA4WayHandshakeFailures=%u\n",
2138 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2139 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2140 sm->pairwise_cipher)),
2141 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2142 sm->group_cipher)),
2143 pmkid_txt,
2144 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2145 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2146 sm->pairwise_cipher)),
2147 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2148 sm->group_cipher)),
2149 sm->dot11RSNA4WayHandshakeFailures);
2150 if (!os_snprintf_error(buflen - len, ret))
2151 len += ret;
2152
2153 return (int) len;
2154 }
2155 #endif /* CONFIG_CTRL_IFACE */
2156
2157
2158 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
2159 void *ctx, enum pmksa_free_reason reason)
2160 {
2161 struct wpa_sm *sm = ctx;
2162 int deauth = 0;
2163
2164 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
2165 MACSTR " reason=%d", MAC2STR(entry->aa), reason);
2166
2167 if (sm->cur_pmksa == entry) {
2168 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2169 "RSN: %s current PMKSA entry",
2170 reason == PMKSA_REPLACE ? "replaced" : "removed");
2171 pmksa_cache_clear_current(sm);
2172
2173 /*
2174 * If an entry is simply being replaced, there's no need to
2175 * deauthenticate because it will be immediately re-added.
2176 * This happens when EAP authentication is completed again
2177 * (reauth or failed PMKSA caching attempt).
2178 */
2179 if (reason != PMKSA_REPLACE)
2180 deauth = 1;
2181 }
2182
2183 if (reason == PMKSA_EXPIRE &&
2184 (sm->pmk_len == entry->pmk_len &&
2185 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
2186 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2187 "RSN: deauthenticating due to expired PMK");
2188 pmksa_cache_clear_current(sm);
2189 deauth = 1;
2190 }
2191
2192 if (deauth) {
2193 os_memset(sm->pmk, 0, sizeof(sm->pmk));
2194 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2195 }
2196 }
2197
2198
2199 /**
2200 * wpa_sm_init - Initialize WPA state machine
2201 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
2202 * Returns: Pointer to the allocated WPA state machine data
2203 *
2204 * This function is used to allocate a new WPA state machine and the returned
2205 * value is passed to all WPA state machine calls.
2206 */
2207 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
2208 {
2209 struct wpa_sm *sm;
2210
2211 sm = os_zalloc(sizeof(*sm));
2212 if (sm == NULL)
2213 return NULL;
2214 dl_list_init(&sm->pmksa_candidates);
2215 sm->renew_snonce = 1;
2216 sm->ctx = ctx;
2217
2218 sm->dot11RSNAConfigPMKLifetime = 43200;
2219 sm->dot11RSNAConfigPMKReauthThreshold = 70;
2220 sm->dot11RSNAConfigSATimeout = 60;
2221
2222 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
2223 if (sm->pmksa == NULL) {
2224 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2225 "RSN: PMKSA cache initialization failed");
2226 os_free(sm);
2227 return NULL;
2228 }
2229
2230 return sm;
2231 }
2232
2233
2234 /**
2235 * wpa_sm_deinit - Deinitialize WPA state machine
2236 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2237 */
2238 void wpa_sm_deinit(struct wpa_sm *sm)
2239 {
2240 if (sm == NULL)
2241 return;
2242 pmksa_cache_deinit(sm->pmksa);
2243 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2244 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2245 os_free(sm->assoc_wpa_ie);
2246 os_free(sm->ap_wpa_ie);
2247 os_free(sm->ap_rsn_ie);
2248 wpa_sm_drop_sa(sm);
2249 os_free(sm->ctx);
2250 peerkey_deinit(sm);
2251 #ifdef CONFIG_IEEE80211R
2252 os_free(sm->assoc_resp_ies);
2253 #endif /* CONFIG_IEEE80211R */
2254 os_free(sm);
2255 }
2256
2257
2258 /**
2259 * wpa_sm_notify_assoc - Notify WPA state machine about association
2260 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2261 * @bssid: The BSSID of the new association
2262 *
2263 * This function is called to let WPA state machine know that the connection
2264 * was established.
2265 */
2266 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2267 {
2268 int clear_ptk = 1;
2269
2270 if (sm == NULL)
2271 return;
2272
2273 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2274 "WPA: Association event - clear replay counter");
2275 os_memcpy(sm->bssid, bssid, ETH_ALEN);
2276 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2277 sm->rx_replay_counter_set = 0;
2278 sm->renew_snonce = 1;
2279 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2280 rsn_preauth_deinit(sm);
2281
2282 #ifdef CONFIG_IEEE80211R
2283 if (wpa_ft_is_completed(sm)) {
2284 /*
2285 * Clear portValid to kick EAPOL state machine to re-enter
2286 * AUTHENTICATED state to get the EAPOL port Authorized.
2287 */
2288 eapol_sm_notify_portValid(sm->eapol, FALSE);
2289 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2290
2291 /* Prepare for the next transition */
2292 wpa_ft_prepare_auth_request(sm, NULL);
2293
2294 clear_ptk = 0;
2295 }
2296 #endif /* CONFIG_IEEE80211R */
2297
2298 if (clear_ptk) {
2299 /*
2300 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2301 * this is not part of a Fast BSS Transition.
2302 */
2303 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2304 sm->ptk_set = 0;
2305 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2306 sm->tptk_set = 0;
2307 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2308 }
2309
2310 #ifdef CONFIG_TDLS
2311 wpa_tdls_assoc(sm);
2312 #endif /* CONFIG_TDLS */
2313
2314 #ifdef CONFIG_P2P
2315 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2316 #endif /* CONFIG_P2P */
2317 }
2318
2319
2320 /**
2321 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
2322 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2323 *
2324 * This function is called to let WPA state machine know that the connection
2325 * was lost. This will abort any existing pre-authentication session.
2326 */
2327 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2328 {
2329 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2330 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2331 peerkey_deinit(sm);
2332 rsn_preauth_deinit(sm);
2333 pmksa_cache_clear_current(sm);
2334 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2335 sm->dot11RSNA4WayHandshakeFailures++;
2336 #ifdef CONFIG_TDLS
2337 wpa_tdls_disassoc(sm);
2338 #endif /* CONFIG_TDLS */
2339
2340 /* Keys are not needed in the WPA state machine anymore */
2341 wpa_sm_drop_sa(sm);
2342
2343 sm->msg_3_of_4_ok = 0;
2344 }
2345
2346
2347 /**
2348 * wpa_sm_set_pmk - Set PMK
2349 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2350 * @pmk: The new PMK
2351 * @pmk_len: The length of the new PMK in bytes
2352 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK
2353 *
2354 * Configure the PMK for WPA state machine.
2355 */
2356 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
2357 const u8 *bssid)
2358 {
2359 if (sm == NULL)
2360 return;
2361
2362 sm->pmk_len = pmk_len;
2363 os_memcpy(sm->pmk, pmk, pmk_len);
2364
2365 #ifdef CONFIG_IEEE80211R
2366 /* Set XXKey to be PSK for FT key derivation */
2367 sm->xxkey_len = pmk_len;
2368 os_memcpy(sm->xxkey, pmk, pmk_len);
2369 #endif /* CONFIG_IEEE80211R */
2370
2371 if (bssid) {
2372 pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, 0,
2373 bssid, sm->own_addr,
2374 sm->network_ctx, sm->key_mgmt);
2375 }
2376 }
2377
2378
2379 /**
2380 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
2381 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2382 *
2383 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
2384 * will be cleared.
2385 */
2386 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2387 {
2388 if (sm == NULL)
2389 return;
2390
2391 if (sm->cur_pmksa) {
2392 sm->pmk_len = sm->cur_pmksa->pmk_len;
2393 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2394 } else {
2395 sm->pmk_len = PMK_LEN;
2396 os_memset(sm->pmk, 0, PMK_LEN);
2397 }
2398 }
2399
2400
2401 /**
2402 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2403 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2404 * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2405 */
2406 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2407 {
2408 if (sm)
2409 sm->fast_reauth = fast_reauth;
2410 }
2411
2412
2413 /**
2414 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2415 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2416 * @scard_ctx: Context pointer for smartcard related callback functions
2417 */
2418 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2419 {
2420 if (sm == NULL)
2421 return;
2422 sm->scard_ctx = scard_ctx;
2423 if (sm->preauth_eapol)
2424 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2425 }
2426
2427
2428 /**
2429 * wpa_sm_set_config - Notification of current configration change
2430 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2431 * @config: Pointer to current network configuration
2432 *
2433 * Notify WPA state machine that configuration has changed. config will be
2434 * stored as a backpointer to network configuration. This can be %NULL to clear
2435 * the stored pointed.
2436 */
2437 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2438 {
2439 if (!sm)
2440 return;
2441
2442 if (config) {
2443 sm->network_ctx = config->network_ctx;
2444 sm->peerkey_enabled = config->peerkey_enabled;
2445 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2446 sm->proactive_key_caching = config->proactive_key_caching;
2447 sm->eap_workaround = config->eap_workaround;
2448 sm->eap_conf_ctx = config->eap_conf_ctx;
2449 if (config->ssid) {
2450 os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2451 sm->ssid_len = config->ssid_len;
2452 } else
2453 sm->ssid_len = 0;
2454 sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2455 sm->p2p = config->p2p;
2456 } else {
2457 sm->network_ctx = NULL;
2458 sm->peerkey_enabled = 0;
2459 sm->allowed_pairwise_cipher = 0;
2460 sm->proactive_key_caching = 0;
2461 sm->eap_workaround = 0;
2462 sm->eap_conf_ctx = NULL;
2463 sm->ssid_len = 0;
2464 sm->wpa_ptk_rekey = 0;
2465 sm->p2p = 0;
2466 }
2467 }
2468
2469
2470 /**
2471 * wpa_sm_set_own_addr - Set own MAC address
2472 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2473 * @addr: Own MAC address
2474 */
2475 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2476 {
2477 if (sm)
2478 os_memcpy(sm->own_addr, addr, ETH_ALEN);
2479 }
2480
2481
2482 /**
2483 * wpa_sm_set_ifname - Set network interface name
2484 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2485 * @ifname: Interface name
2486 * @bridge_ifname: Optional bridge interface name (for pre-auth)
2487 */
2488 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2489 const char *bridge_ifname)
2490 {
2491 if (sm) {
2492 sm->ifname = ifname;
2493 sm->bridge_ifname = bridge_ifname;
2494 }
2495 }
2496
2497
2498 /**
2499 * wpa_sm_set_eapol - Set EAPOL state machine pointer
2500 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2501 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2502 */
2503 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2504 {
2505 if (sm)
2506 sm->eapol = eapol;
2507 }
2508
2509
2510 /**
2511 * wpa_sm_set_param - Set WPA state machine parameters
2512 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2513 * @param: Parameter field
2514 * @value: Parameter value
2515 * Returns: 0 on success, -1 on failure
2516 */
2517 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2518 unsigned int value)
2519 {
2520 int ret = 0;
2521
2522 if (sm == NULL)
2523 return -1;
2524
2525 switch (param) {
2526 case RSNA_PMK_LIFETIME:
2527 if (value > 0)
2528 sm->dot11RSNAConfigPMKLifetime = value;
2529 else
2530 ret = -1;
2531 break;
2532 case RSNA_PMK_REAUTH_THRESHOLD:
2533 if (value > 0 && value <= 100)
2534 sm->dot11RSNAConfigPMKReauthThreshold = value;
2535 else
2536 ret = -1;
2537 break;
2538 case RSNA_SA_TIMEOUT:
2539 if (value > 0)
2540 sm->dot11RSNAConfigSATimeout = value;
2541 else
2542 ret = -1;
2543 break;
2544 case WPA_PARAM_PROTO:
2545 sm->proto = value;
2546 break;
2547 case WPA_PARAM_PAIRWISE:
2548 sm->pairwise_cipher = value;
2549 break;
2550 case WPA_PARAM_GROUP:
2551 sm->group_cipher = value;
2552 break;
2553 case WPA_PARAM_KEY_MGMT:
2554 sm->key_mgmt = value;
2555 break;
2556 #ifdef CONFIG_IEEE80211W
2557 case WPA_PARAM_MGMT_GROUP:
2558 sm->mgmt_group_cipher = value;
2559 break;
2560 #endif /* CONFIG_IEEE80211W */
2561 case WPA_PARAM_RSN_ENABLED:
2562 sm->rsn_enabled = value;
2563 break;
2564 case WPA_PARAM_MFP:
2565 sm->mfp = value;
2566 break;
2567 default:
2568 break;
2569 }
2570
2571 return ret;
2572 }
2573
2574
2575 /**
2576 * wpa_sm_get_status - Get WPA state machine
2577 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2578 * @buf: Buffer for status information
2579 * @buflen: Maximum buffer length
2580 * @verbose: Whether to include verbose status information
2581 * Returns: Number of bytes written to buf.
2582 *
2583 * Query WPA state machine for status information. This function fills in
2584 * a text area with current status information. If the buffer (buf) is not
2585 * large enough, status information will be truncated to fit the buffer.
2586 */
2587 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2588 int verbose)
2589 {
2590 char *pos = buf, *end = buf + buflen;
2591 int ret;
2592
2593 ret = os_snprintf(pos, end - pos,
2594 "pairwise_cipher=%s\n"
2595 "group_cipher=%s\n"
2596 "key_mgmt=%s\n",
2597 wpa_cipher_txt(sm->pairwise_cipher),
2598 wpa_cipher_txt(sm->group_cipher),
2599 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2600 if (os_snprintf_error(end - pos, ret))
2601 return pos - buf;
2602 pos += ret;
2603
2604 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
2605 struct wpa_ie_data rsn;
2606 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
2607 >= 0 &&
2608 rsn.capabilities & (WPA_CAPABILITY_MFPR |
2609 WPA_CAPABILITY_MFPC)) {
2610 ret = os_snprintf(pos, end - pos, "pmf=%d\n",
2611 (rsn.capabilities &
2612 WPA_CAPABILITY_MFPR) ? 2 : 1);
2613 if (os_snprintf_error(end - pos, ret))
2614 return pos - buf;
2615 pos += ret;
2616 }
2617 }
2618
2619 return pos - buf;
2620 }
2621
2622
2623 int wpa_sm_pmf_enabled(struct wpa_sm *sm)
2624 {
2625 struct wpa_ie_data rsn;
2626
2627 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
2628 return 0;
2629
2630 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
2631 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
2632 return 1;
2633
2634 return 0;
2635 }
2636
2637
2638 /**
2639 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2640 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2641 * @wpa_ie: Pointer to buffer for WPA/RSN IE
2642 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2643 * Returns: 0 on success, -1 on failure
2644 */
2645 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2646 size_t *wpa_ie_len)
2647 {
2648 int res;
2649
2650 if (sm == NULL)
2651 return -1;
2652
2653 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2654 if (res < 0)
2655 return -1;
2656 *wpa_ie_len = res;
2657
2658 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2659 wpa_ie, *wpa_ie_len);
2660
2661 if (sm->assoc_wpa_ie == NULL) {
2662 /*
2663 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2664 * the correct version of the IE even if PMKSA caching is
2665 * aborted (which would remove PMKID from IE generation).
2666 */
2667 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2668 if (sm->assoc_wpa_ie == NULL)
2669 return -1;
2670
2671 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2672 sm->assoc_wpa_ie_len = *wpa_ie_len;
2673 }
2674
2675 return 0;
2676 }
2677
2678
2679 /**
2680 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2681 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2682 * @ie: Pointer to IE data (starting from id)
2683 * @len: IE length
2684 * Returns: 0 on success, -1 on failure
2685 *
2686 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2687 * Request frame. The IE will be used to override the default value generated
2688 * with wpa_sm_set_assoc_wpa_ie_default().
2689 */
2690 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2691 {
2692 if (sm == NULL)
2693 return -1;
2694
2695 os_free(sm->assoc_wpa_ie);
2696 if (ie == NULL || len == 0) {
2697 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2698 "WPA: clearing own WPA/RSN IE");
2699 sm->assoc_wpa_ie = NULL;
2700 sm->assoc_wpa_ie_len = 0;
2701 } else {
2702 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2703 sm->assoc_wpa_ie = os_malloc(len);
2704 if (sm->assoc_wpa_ie == NULL)
2705 return -1;
2706
2707 os_memcpy(sm->assoc_wpa_ie, ie, len);
2708 sm->assoc_wpa_ie_len = len;
2709 }
2710
2711 return 0;
2712 }
2713
2714
2715 /**
2716 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2717 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2718 * @ie: Pointer to IE data (starting from id)
2719 * @len: IE length
2720 * Returns: 0 on success, -1 on failure
2721 *
2722 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2723 * frame.
2724 */
2725 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2726 {
2727 if (sm == NULL)
2728 return -1;
2729
2730 os_free(sm->ap_wpa_ie);
2731 if (ie == NULL || len == 0) {
2732 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2733 "WPA: clearing AP WPA IE");
2734 sm->ap_wpa_ie = NULL;
2735 sm->ap_wpa_ie_len = 0;
2736 } else {
2737 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2738 sm->ap_wpa_ie = os_malloc(len);
2739 if (sm->ap_wpa_ie == NULL)
2740 return -1;
2741
2742 os_memcpy(sm->ap_wpa_ie, ie, len);
2743 sm->ap_wpa_ie_len = len;
2744 }
2745
2746 return 0;
2747 }
2748
2749
2750 /**
2751 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2752 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2753 * @ie: Pointer to IE data (starting from id)
2754 * @len: IE length
2755 * Returns: 0 on success, -1 on failure
2756 *
2757 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2758 * frame.
2759 */
2760 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2761 {
2762 if (sm == NULL)
2763 return -1;
2764
2765 os_free(sm->ap_rsn_ie);
2766 if (ie == NULL || len == 0) {
2767 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2768 "WPA: clearing AP RSN IE");
2769 sm->ap_rsn_ie = NULL;
2770 sm->ap_rsn_ie_len = 0;
2771 } else {
2772 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2773 sm->ap_rsn_ie = os_malloc(len);
2774 if (sm->ap_rsn_ie == NULL)
2775 return -1;
2776
2777 os_memcpy(sm->ap_rsn_ie, ie, len);
2778 sm->ap_rsn_ie_len = len;
2779 }
2780
2781 return 0;
2782 }
2783
2784
2785 /**
2786 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2787 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2788 * @data: Pointer to data area for parsing results
2789 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2790 *
2791 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2792 * parsed data into data.
2793 */
2794 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2795 {
2796 if (sm == NULL)
2797 return -1;
2798
2799 if (sm->assoc_wpa_ie == NULL) {
2800 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2801 "WPA: No WPA/RSN IE available from association info");
2802 return -1;
2803 }
2804 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2805 return -2;
2806 return 0;
2807 }
2808
2809
2810 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
2811 {
2812 return pmksa_cache_list(sm->pmksa, buf, len);
2813 }
2814
2815
2816 void wpa_sm_drop_sa(struct wpa_sm *sm)
2817 {
2818 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
2819 sm->ptk_set = 0;
2820 sm->tptk_set = 0;
2821 os_memset(sm->pmk, 0, sizeof(sm->pmk));
2822 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2823 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2824 #ifdef CONFIG_IEEE80211R
2825 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
2826 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
2827 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
2828 #endif /* CONFIG_IEEE80211R */
2829 }
2830
2831
2832 int wpa_sm_has_ptk(struct wpa_sm *sm)
2833 {
2834 if (sm == NULL)
2835 return 0;
2836 return sm->ptk_set;
2837 }
2838
2839
2840 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
2841 {
2842 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
2843 }
2844
2845
2846 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
2847 {
2848 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
2849 }
2850
2851
2852 #ifdef CONFIG_WNM
2853 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
2854 {
2855 u16 keyinfo;
2856 u8 keylen; /* plaintext key len */
2857 u8 *key_rsc;
2858
2859 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
2860 struct wpa_gtk_data gd;
2861
2862 os_memset(&gd, 0, sizeof(gd));
2863 keylen = wpa_cipher_key_len(sm->group_cipher);
2864 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
2865 gd.alg = wpa_cipher_to_alg(sm->group_cipher);
2866 if (gd.alg == WPA_ALG_NONE) {
2867 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
2868 return -1;
2869 }
2870
2871 key_rsc = buf + 5;
2872 keyinfo = WPA_GET_LE16(buf + 2);
2873 gd.gtk_len = keylen;
2874 if (gd.gtk_len != buf[4]) {
2875 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
2876 gd.gtk_len, buf[4]);
2877 return -1;
2878 }
2879 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
2880 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
2881 sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
2882
2883 os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
2884
2885 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
2886 gd.gtk, gd.gtk_len);
2887 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
2888 os_memset(&gd, 0, sizeof(gd));
2889 wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
2890 "WNM mode");
2891 return -1;
2892 }
2893 os_memset(&gd, 0, sizeof(gd));
2894 #ifdef CONFIG_IEEE80211W
2895 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
2896 struct wpa_igtk_kde igd;
2897 u16 keyidx;
2898
2899 os_memset(&igd, 0, sizeof(igd));
2900 keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
2901 os_memcpy(igd.keyid, buf + 2, 2);
2902 os_memcpy(igd.pn, buf + 4, 6);
2903
2904 keyidx = WPA_GET_LE16(igd.keyid);
2905 os_memcpy(igd.igtk, buf + 10, keylen);
2906
2907 wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
2908 igd.igtk, keylen);
2909 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
2910 broadcast_ether_addr,
2911 keyidx, 0, igd.pn, sizeof(igd.pn),
2912 igd.igtk, keylen) < 0) {
2913 wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
2914 "WNM mode");
2915 os_memset(&igd, 0, sizeof(igd));
2916 return -1;
2917 }
2918 os_memset(&igd, 0, sizeof(igd));
2919 #endif /* CONFIG_IEEE80211W */
2920 } else {
2921 wpa_printf(MSG_DEBUG, "Unknown element id");
2922 return -1;
2923 }
2924
2925 return 0;
2926 }
2927 #endif /* CONFIG_WNM */
2928
2929
2930 #ifdef CONFIG_PEERKEY
2931 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
2932 const u8 *buf, size_t len)
2933 {
2934 struct wpa_peerkey *peerkey;
2935
2936 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2937 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
2938 break;
2939 }
2940
2941 if (!peerkey)
2942 return 0;
2943
2944 wpa_sm_rx_eapol(sm, src_addr, buf, len);
2945
2946 return 1;
2947 }
2948 #endif /* CONFIG_PEERKEY */
2949
2950
2951 #ifdef CONFIG_P2P
2952
2953 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
2954 {
2955 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
2956 return -1;
2957 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
2958 return 0;
2959 }
2960
2961 #endif /* CONFIG_P2P */
2962
2963
2964 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter)
2965 {
2966 if (rx_replay_counter == NULL)
2967 return;
2968
2969 os_memcpy(sm->rx_replay_counter, rx_replay_counter,
2970 WPA_REPLAY_COUNTER_LEN);
2971 sm->rx_replay_counter_set = 1;
2972 wpa_printf(MSG_DEBUG, "Updated key replay counter");
2973 }
2974
2975
2976 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
2977 const u8 *ptk_kck, size_t ptk_kck_len,
2978 const u8 *ptk_kek, size_t ptk_kek_len)
2979 {
2980 if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) {
2981 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len);
2982 sm->ptk.kck_len = ptk_kck_len;
2983 wpa_printf(MSG_DEBUG, "Updated PTK KCK");
2984 }
2985 if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) {
2986 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len);
2987 sm->ptk.kek_len = ptk_kek_len;
2988 wpa_printf(MSG_DEBUG, "Updated PTK KEK");
2989 }
2990 sm->ptk_set = 1;
2991 }
Unnamed repository; edit this file 'description' to name the repository.