]> git.ipfire.org Git - thirdparty/hostap.git/blame - hostapd/wpa.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
[thirdparty/hostap.git] / hostapd / wpa.c
CommitLineData
6fc6879b
JM		 1/*
2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15#include "includes.h"
16
17#ifndef CONFIG_NATIVE_WINDOWS
18
19#include "common.h"
20#include "config.h"
21#include "eapol_sm.h"
22#include "wpa.h"
23#include "sha1.h"
24#include "rc4.h"
25#include "aes_wrap.h"
26#include "crypto.h"
27#include "eloop.h"
28#include "ieee802_11.h"
29#include "pmksa_cache.h"
30#include "state_machine.h"
31#include "wpa_auth_i.h"
32#include "wpa_auth_ie.h"
33
34#define STATE_MACHINE_DATA struct wpa_state_machine
35#define STATE_MACHINE_DEBUG_PREFIX "WPA"
36#define STATE_MACHINE_ADDR sm->addr
37
38
39static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
40static void wpa_sm_step(struct wpa_state_machine *sm);
41static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
42static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
43static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
44 struct wpa_group *group);
45
46/* Default timeouts are 100 ms, but this seems to be a bit too fast for most
47 * WPA Supplicants, so use a bit longer timeout. */
48static const u32 dot11RSNAConfigGroupUpdateTimeOut = 1000; /* ms */
49static const u32 dot11RSNAConfigGroupUpdateCount = 3;
50static const u32 dot11RSNAConfigPairwiseUpdateTimeOut = 1000; /* ms */
51static const u32 dot11RSNAConfigPairwiseUpdateCount = 3;
52
53/* TODO: make these configurable */
54static const int dot11RSNAConfigPMKLifetime = 43200;
55static const int dot11RSNAConfigPMKReauthThreshold = 70;
56static const int dot11RSNAConfigSATimeout = 60;
57
58
59static inline void wpa_auth_mic_failure_report(
60 struct wpa_authenticator *wpa_auth, const u8 *addr)
61{
62 if (wpa_auth->cb.mic_failure_report)
63 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
64}
65
66
67static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
68 const u8 *addr, wpa_eapol_variable var,
69 int value)
70{
71 if (wpa_auth->cb.set_eapol)
72 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
73}
74
75
76static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
77 const u8 *addr, wpa_eapol_variable var)
78{
79 if (wpa_auth->cb.get_eapol == NULL)
80 return -1;
81 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
82}
83
84
85static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
86 const u8 *addr, const u8 *prev_psk)
87{
88 if (wpa_auth->cb.get_psk == NULL)
89 return NULL;
90 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
91}
92
93
94static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
95 const u8 *addr, u8 *msk, size_t *len)
96{
97 if (wpa_auth->cb.get_msk == NULL)
98 return -1;
99 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
100}
101
102
103static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
104 int vlan_id,
105 const char *alg, const u8 *addr, int idx,
106 u8 *key, size_t key_len)
107{
108 if (wpa_auth->cb.set_key == NULL)
109 return -1;
110 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
111 key, key_len);
112}
113
114
115static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
116 const u8 *addr, int idx, u8 *seq)
117{
118 if (wpa_auth->cb.get_seqnum == NULL)
119 return -1;
120 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
121}
122
123
124static inline int wpa_auth_get_seqnum_igtk(struct wpa_authenticator *wpa_auth,
125 const u8 *addr, int idx, u8 *seq)
126{
127 if (wpa_auth->cb.get_seqnum_igtk == NULL)
128 return -1;
129 return wpa_auth->cb.get_seqnum_igtk(wpa_auth->cb.ctx, addr, idx, seq);
130}
131
132
133static inline int
134wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
135 const u8 *data, size_t data_len, int encrypt)
136{
137 if (wpa_auth->cb.send_eapol == NULL)
138 return -1;
139 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
140 encrypt);
141}
142
143
144int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
145 int (*cb)(struct wpa_state_machine *sm, void *ctx),
146 void *cb_ctx)
147{
148 if (wpa_auth->cb.for_each_sta == NULL)
149 return 0;
150 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
151}
152
153
154void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
155 logger_level level, const char *txt)
156{
157 if (wpa_auth->cb.logger == NULL)
158 return;
159 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
160}
161
162
163void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
164 logger_level level, const char *fmt, ...)
165{
166 char *format;
167 int maxlen;
168 va_list ap;
169
170 if (wpa_auth->cb.logger == NULL)
171 return;
172
173 maxlen = os_strlen(fmt) + 100;
174 format = os_malloc(maxlen);
175 if (!format)
176 return;
177
178 va_start(ap, fmt);
179 vsnprintf(format, maxlen, fmt, ap);
180 va_end(ap);
181
182 wpa_auth_logger(wpa_auth, addr, level, format);
183
184 os_free(format);
185}
186
187
188static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
189 const u8 *addr)
190{
191 if (wpa_auth->cb.disconnect == NULL)
192 return;
193 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
194 WLAN_REASON_PREV_AUTH_NOT_VALID);
195}
196
197
198static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
199{
200#ifdef CONFIG_IEEE80211R
201 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
202 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK;
203#else /* CONFIG_IEEE80211R */
204 return 0;
205#endif /* CONFIG_IEEE80211R */
206}
207
208
209static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
210{
211 struct wpa_authenticator *wpa_auth = eloop_ctx;
212
213 if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) {
214 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
215 "initialization.");
216 } else {
217 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
218 }
219
220 if (wpa_auth->conf.wpa_gmk_rekey) {
221 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
222 wpa_rekey_gmk, wpa_auth, NULL);
223 }
224}
225
226
227static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
228{
229 struct wpa_authenticator *wpa_auth = eloop_ctx;
230 struct wpa_group *group;
231
232 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
233 for (group = wpa_auth->group; group; group = group->next) {
234 group->GTKReKey = TRUE;
235 do {
236 group->changed = FALSE;
237 wpa_group_sm_step(wpa_auth, group);
238 } while (group->changed);
239 }
240
241 if (wpa_auth->conf.wpa_group_rekey) {
242 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
243 0, wpa_rekey_gtk, wpa_auth, NULL);
244 }
245}
246
247
248static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
249{
250 if (sm->pmksa == ctx)
251 sm->pmksa = NULL;
252 return 0;
253}
254
255
256static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
257 void *ctx)
258{
259 struct wpa_authenticator *wpa_auth = ctx;
260 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
261}
262
263
264static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
265 int vlan_id)
266{
267 struct wpa_group *group;
268 u8 buf[ETH_ALEN + 8 + sizeof(group)];
269 u8 rkey[32];
270
271 group = os_zalloc(sizeof(struct wpa_group));
272 if (group == NULL)
273 return NULL;
274
275 group->GTKAuthenticator = TRUE;
276 group->vlan_id = vlan_id;
277
278 switch (wpa_auth->conf.wpa_group) {
279 case WPA_CIPHER_CCMP:
280 group->GTK_len = 16;
281 break;
282 case WPA_CIPHER_TKIP:
283 group->GTK_len = 32;
284 break;
285 case WPA_CIPHER_WEP104:
286 group->GTK_len = 13;
287 break;
288 case WPA_CIPHER_WEP40:
289 group->GTK_len = 5;
290 break;
291 }
292
293 /* Counter = PRF-256(Random number, "Init Counter",
294 * Local MAC Address || Time)
295 */
296 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
297 wpa_get_ntp_timestamp(buf + ETH_ALEN);
298 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
299 if (os_get_random(rkey, sizeof(rkey)) ||
300 os_get_random(group->GMK, WPA_GMK_LEN)) {
301 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
302 "initialization.");
303 os_free(group);
304 return NULL;
305 }
306
307 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
308 group->Counter, WPA_NONCE_LEN);
309
310 group->GInit = TRUE;
311 wpa_group_sm_step(wpa_auth, group);
312 group->GInit = FALSE;
313 wpa_group_sm_step(wpa_auth, group);
314
315 return group;
316}
317
318
319/**
320 * wpa_init - Initialize WPA authenticator
321 * @addr: Authenticator address
322 * @conf: Configuration for WPA authenticator
323 * Returns: Pointer to WPA authenticator data or %NULL on failure
324 */
325struct wpa_authenticator * wpa_init(const u8 *addr,
326 struct wpa_auth_config *conf,
327 struct wpa_auth_callbacks *cb)
328{
329 struct wpa_authenticator *wpa_auth;
330
331 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
332 if (wpa_auth == NULL)
333 return NULL;
334 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
335 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
336 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
337
338 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
339 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
340 os_free(wpa_auth);
341 return NULL;
342 }
343
344 wpa_auth->group = wpa_group_init(wpa_auth, 0);
345 if (wpa_auth->group == NULL) {
346 os_free(wpa_auth->wpa_ie);
347 os_free(wpa_auth);
348 return NULL;
349 }
350
351 wpa_auth->pmksa = pmksa_cache_init(wpa_auth_pmksa_free_cb, wpa_auth);
352 if (wpa_auth->pmksa == NULL) {
353 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
354 os_free(wpa_auth->wpa_ie);
355 os_free(wpa_auth);
356 return NULL;
357 }
358
359#ifdef CONFIG_IEEE80211R
360 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
361 if (wpa_auth->ft_pmk_cache == NULL) {
362 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
363 os_free(wpa_auth->wpa_ie);
364 pmksa_cache_deinit(wpa_auth->pmksa);
365 os_free(wpa_auth);
366 return NULL;
367 }
368#endif /* CONFIG_IEEE80211R */
369
370 if (wpa_auth->conf.wpa_gmk_rekey) {
371 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
372 wpa_rekey_gmk, wpa_auth, NULL);
373 }
374
375 if (wpa_auth->conf.wpa_group_rekey) {
376 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
377 wpa_rekey_gtk, wpa_auth, NULL);
378 }
379
380 return wpa_auth;
381}
382
383
384/**
385 * wpa_deinit - Deinitialize WPA authenticator
386 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
387 */
388void wpa_deinit(struct wpa_authenticator *wpa_auth)
389{
390 struct wpa_group *group, *prev;
391
392 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
393 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
394
395#ifdef CONFIG_PEERKEY
396 while (wpa_auth->stsl_negotiations)
397 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
398#endif /* CONFIG_PEERKEY */
399
400 pmksa_cache_deinit(wpa_auth->pmksa);
401
402#ifdef CONFIG_IEEE80211R
403 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
404 wpa_auth->ft_pmk_cache = NULL;
405#endif /* CONFIG_IEEE80211R */
406
407 os_free(wpa_auth->wpa_ie);
408
409 group = wpa_auth->group;
410 while (group) {
411 prev = group;
412 group = group->next;
413 os_free(prev);
414 }
415
416 os_free(wpa_auth);
417}
418
419
420/**
421 * wpa_reconfig - Update WPA authenticator configuration
422 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
423 * @conf: Configuration for WPA authenticator
424 */
425int wpa_reconfig(struct wpa_authenticator *wpa_auth,
426 struct wpa_auth_config *conf)
427{
428 if (wpa_auth == NULL)
429 return 0;
430
431 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
432 /*
433 * TODO:
434 * Disassociate stations if configuration changed
435 * Update WPA/RSN IE
436 */
437 return 0;
438}
439
440
441struct wpa_state_machine *
442wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
443{
444 struct wpa_state_machine *sm;
445
446 sm = os_zalloc(sizeof(struct wpa_state_machine));
447 if (sm == NULL)
448 return NULL;
449 os_memcpy(sm->addr, addr, ETH_ALEN);
450
451 sm->wpa_auth = wpa_auth;
452 sm->group = wpa_auth->group;
453
454 return sm;
455}
456
457
458void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
459 struct wpa_state_machine *sm)
460{
461 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
462 return;
463
464#ifdef CONFIG_IEEE80211R
465 if (sm->ft_completed) {
466 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
467 "FT authentication already completed - do not "
468 "start 4-way handshake");
469 return;
470 }
471#endif /* CONFIG_IEEE80211R */
472
473 if (sm->started) {
474 os_memset(sm->key_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
475 sm->ReAuthenticationRequest = TRUE;
476 wpa_sm_step(sm);
477 return;
478 }
479
480 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
481 "start authentication");
482 sm->started = 1;
483
484 sm->Init = TRUE;
485 wpa_sm_step(sm);
486 sm->Init = FALSE;
487 sm->AuthenticationRequest = TRUE;
488 wpa_sm_step(sm);
489}
490
491
492static void wpa_free_sta_sm(struct wpa_state_machine *sm)
493{
494 os_free(sm->last_rx_eapol_key);
495 os_free(sm->wpa_ie);
496 os_free(sm);
497}
498
499
500void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
501{
502 if (sm == NULL)
503 return;
504
505 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
506 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
507 "strict rekeying - force GTK rekey since STA "
508 "is leaving");
509 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
510 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
511 NULL);
512 }
513
514 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
515 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
516 if (sm->in_step_loop) {
517 /* Must not free state machine while wpa_sm_step() is running.
518 * Freeing will be completed in the end of wpa_sm_step(). */
519 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
520 "machine deinit for " MACSTR, MAC2STR(sm->addr));
521 sm->pending_deinit = 1;
522 } else
523 wpa_free_sta_sm(sm);
524}
525
526
527static void wpa_request_new_ptk(struct wpa_state_machine *sm)
528{
529 if (sm == NULL)
530 return;
531
532 sm->PTKRequest = TRUE;
533 sm->PTK_valid = 0;
534}
535
536
537void wpa_receive(struct wpa_authenticator *wpa_auth,
538 struct wpa_state_machine *sm,
539 u8 *data, size_t data_len)
540{
541 struct ieee802_1x_hdr *hdr;
542 struct wpa_eapol_key *key;
543 u16 key_info, key_data_length;
544 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
545 SMK_M1, SMK_M3, SMK_ERROR } msg;
546 char *msgtxt;
547 struct wpa_eapol_ie_parse kde;
548
549 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
550 return;
551
552 if (data_len < sizeof(*hdr) + sizeof(*key))
553 return;
554
555 hdr = (struct ieee802_1x_hdr *) data;
556 key = (struct wpa_eapol_key *) (hdr + 1);
557 key_info = WPA_GET_BE16(key->key_info);
558 key_data_length = WPA_GET_BE16(key->key_data_length);
559 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
560 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
561 "key_data overflow (%d > %lu)",
562 key_data_length,
563 (unsigned long) (data_len - sizeof(*hdr) -
564 sizeof(*key)));
565 return;
566 }
567
568 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
569 * are set */
570
571 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
572 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
573 if (key_info & WPA_KEY_INFO_ERROR) {
574 msg = SMK_ERROR;
575 msgtxt = "SMK Error";
576 } else {
577 msg = SMK_M1;
578 msgtxt = "SMK M1";
579 }
580 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
581 msg = SMK_M3;
582 msgtxt = "SMK M3";
583 } else if (key_info & WPA_KEY_INFO_REQUEST) {
584 msg = REQUEST;
585 msgtxt = "Request";
586 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
587 msg = GROUP_2;
588 msgtxt = "2/2 Group";
589 } else if (key_data_length == 0) {
590 msg = PAIRWISE_4;
591 msgtxt = "4/4 Pairwise";
592 } else {
593 msg = PAIRWISE_2;
594 msgtxt = "2/4 Pairwise";
595 }
596
597 /* TODO: key_info type validation for PeerKey */
598 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
599 msg == GROUP_2) {
600 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
601 if (sm->pairwise == WPA_CIPHER_CCMP) {
602 if (wpa_use_aes_cmac(sm) &&
603 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
604 wpa_auth_logger(wpa_auth, sm->addr,
605 LOGGER_WARNING,
606 "advertised support for "
607 "AES-128-CMAC, but did not "
608 "use it");
609 return;
610 }
611
612 if (!wpa_use_aes_cmac(sm) &&
613 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
614 wpa_auth_logger(wpa_auth, sm->addr,
615 LOGGER_WARNING,
616 "did not use HMAC-SHA1-AES "
617 "with CCMP");
618 return;
619 }
620 }
621 }
622
623 if (key_info & WPA_KEY_INFO_REQUEST) {
624 if (sm->req_replay_counter_used &&
625 os_memcmp(key->replay_counter, sm->req_replay_counter,
626 WPA_REPLAY_COUNTER_LEN) <= 0) {
627 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
628 "received EAPOL-Key request with "
629 "replayed counter");
630 return;
631 }
632 }
633
634 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
635 (!sm->key_replay_counter_valid ||
636 os_memcmp(key->replay_counter, sm->key_replay_counter,
637 WPA_REPLAY_COUNTER_LEN) != 0)) {
638 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
639 "received EAPOL-Key %s with unexpected "
640 "replay counter", msgtxt);
641 wpa_hexdump(MSG_DEBUG, "expected replay counter",
642 sm->key_replay_counter, WPA_REPLAY_COUNTER_LEN);
643 wpa_hexdump(MSG_DEBUG, "received replay counter",
644 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
645 return;
646 }
647
648 switch (msg) {
649 case PAIRWISE_2:
650 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
651 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
652 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
653 "received EAPOL-Key msg 2/4 in "
654 "invalid state (%d) - dropped",
655 sm->wpa_ptk_state);
656 return;
657 }
658 if (sm->wpa_ie == NULL ||
659 sm->wpa_ie_len != key_data_length ||
660 os_memcmp(sm->wpa_ie, key + 1, key_data_length) != 0) {
661 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
662 "WPA IE from (Re)AssocReq did not "
663 "match with msg 2/4");
664 if (sm->wpa_ie) {
665 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
666 sm->wpa_ie, sm->wpa_ie_len);
667 }
668 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
669 (u8 *) (key + 1), key_data_length);
670 /* MLME-DEAUTHENTICATE.request */
671 wpa_sta_disconnect(wpa_auth, sm->addr);
672 return;
673 }
674 break;
675 case PAIRWISE_4:
676 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
677 !sm->PTK_valid) {
678 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
679 "received EAPOL-Key msg 4/4 in "
680 "invalid state (%d) - dropped",
681 sm->wpa_ptk_state);
682 return;
683 }
684 break;
685 case GROUP_2:
686 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
687 || !sm->PTK_valid) {
688 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
689 "received EAPOL-Key msg 2/2 in "
690 "invalid state (%d) - dropped",
691 sm->wpa_ptk_group_state);
692 return;
693 }
694 break;
695#ifdef CONFIG_PEERKEY
696 case SMK_M1:
697 case SMK_M3:
698 case SMK_ERROR:
699 if (!wpa_auth->conf.peerkey) {
700 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
701 "PeerKey use disabled - ignoring message");
702 return;
703 }
704 if (!sm->PTK_valid) {
705 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
706 "received EAPOL-Key msg SMK in "
707 "invalid state - dropped");
708 return;
709 }
710 break;
711#else /* CONFIG_PEERKEY */
712 case SMK_M1:
713 case SMK_M3:
714 case SMK_ERROR:
715 return; /* STSL disabled - ignore SMK messages */
716#endif /* CONFIG_PEERKEY */
717 case REQUEST:
718 break;
719 }
720
721 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
722 "received EAPOL-Key frame (%s)", msgtxt);
723
724 if (key_info & WPA_KEY_INFO_ACK) {
725 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
726 "received invalid EAPOL-Key: Key Ack set");
727 return;
728 }
729
730 if (!(key_info & WPA_KEY_INFO_MIC)) {
731 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
732 "received invalid EAPOL-Key: Key MIC not set");
733 return;
734 }
735
736 sm->MICVerified = FALSE;
737 if (sm->PTK_valid) {
738 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
739 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
740 "received EAPOL-Key with invalid MIC");
741 return;
742 }
743 sm->MICVerified = TRUE;
744 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
745 }
746
747 if (key_info & WPA_KEY_INFO_REQUEST) {
748 if (sm->MICVerified) {
749 sm->req_replay_counter_used = 1;
750 os_memcpy(sm->req_replay_counter, key->replay_counter,
751 WPA_REPLAY_COUNTER_LEN);
752 } else {
753 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
754 "received EAPOL-Key request with "
755 "invalid MIC");
756 return;
757 }
758
759 /*
760 * TODO: should decrypt key data field if encryption was used;
761 * even though MAC address KDE is not normally encrypted,
762 * supplicant is allowed to encrypt it.
763 */
764 if (msg == SMK_ERROR) {
765#ifdef CONFIG_PEERKEY
766 wpa_smk_error(wpa_auth, sm, key);
767#endif /* CONFIG_PEERKEY */
768 return;
769 } else if (key_info & WPA_KEY_INFO_ERROR) {
770 /* Supplicant reported a Michael MIC error */
771 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
772 "received EAPOL-Key Error Request "
773 "(STA detected Michael MIC failure)");
774 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
775 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
776 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
777 /* Error report is not a request for a new key
778 * handshake, but since Authenticator may do it, let's
779 * change the keys now anyway. */
780 wpa_request_new_ptk(sm);
781 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
782 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
783 "received EAPOL-Key Request for new "
784 "4-Way Handshake");
785 wpa_request_new_ptk(sm);
786#ifdef CONFIG_PEERKEY
787 } else if (msg == SMK_M1) {
788 wpa_smk_m1(wpa_auth, sm, key);
789#endif /* CONFIG_PEERKEY */
790 } else if (key_data_length > 0 &&
791 wpa_parse_kde_ies((const u8 *) (key + 1),
792 key_data_length, &kde) == 0 &&
793 kde.mac_addr) {
794 } else {
795 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
796 "received EAPOL-Key Request for GTK "
797 "rekeying");
798 /* FIX: why was this triggering PTK rekeying for the
799 * STA that requested Group Key rekeying?? */
800 /* wpa_request_new_ptk(sta->wpa_sm); */
801 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
802 wpa_rekey_gtk(wpa_auth, NULL);
803 }
804 } else {
805 /* Do not allow the same key replay counter to be reused. */
806 sm->key_replay_counter_valid = FALSE;
807 }
808
809#ifdef CONFIG_PEERKEY
810 if (msg == SMK_M3) {
811 wpa_smk_m3(wpa_auth, sm, key);
812 return;
813 }
814#endif /* CONFIG_PEERKEY */
815
816 os_free(sm->last_rx_eapol_key);
817 sm->last_rx_eapol_key = os_malloc(data_len);
818 if (sm->last_rx_eapol_key == NULL)
819 return;
820 os_memcpy(sm->last_rx_eapol_key, data, data_len);
821 sm->last_rx_eapol_key_len = data_len;
822
823 sm->EAPOLKeyReceived = TRUE;
824 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
825 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
826 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
827 wpa_sm_step(sm);
828}
829
830
831static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce,
832 u8 *gtk, size_t gtk_len)
833{
834 u8 data[ETH_ALEN + WPA_NONCE_LEN];
835
836 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
837 os_memcpy(data, addr, ETH_ALEN);
838 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
839
840 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion",
841 data, sizeof(data), gtk, gtk_len);
842
843 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN);
844 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len);
845}
846
847
848static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
849{
850 struct wpa_authenticator *wpa_auth = eloop_ctx;
851 struct wpa_state_machine *sm = timeout_ctx;
852
853 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
854 sm->TimeoutEvt = TRUE;
855 wpa_sm_step(sm);
856}
857
858
859void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
860 struct wpa_state_machine *sm, int key_info,
861 const u8 *key_rsc, const u8 *nonce,
862 const u8 *kde, size_t kde_len,
863 int keyidx, int encr, int force_version)
864{
865 struct ieee802_1x_hdr *hdr;
866 struct wpa_eapol_key *key;
867 size_t len;
868 int alg;
869 int key_data_len, pad_len = 0;
870 u8 *buf, *pos;
871 int version, pairwise;
872
873 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
874
875 if (force_version)
876 version = force_version;
877 else if (wpa_use_aes_cmac(sm))
878 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
879 else if (sm->pairwise == WPA_CIPHER_CCMP)
880 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
881 else
882 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
883
884 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
885
886 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
887 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
888 "encr=%d)",
889 version,
890 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
891 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
892 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
893 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
894 pairwise, (unsigned long) kde_len, keyidx, encr);
895
896 key_data_len = kde_len;
897
898 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
899 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
900 pad_len = key_data_len % 8;
901 if (pad_len)
902 pad_len = 8 - pad_len;
903 key_data_len += pad_len + 8;
904 }
905
906 len += key_data_len;
907
908 hdr = os_zalloc(len);
909 if (hdr == NULL)
910 return;
911 hdr->version = wpa_auth->conf.eapol_version;
912 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
913 hdr->length = host_to_be16(len - sizeof(*hdr));
914 key = (struct wpa_eapol_key *) (hdr + 1);
915
916 key->type = sm->wpa == WPA_VERSION_WPA2 ?
917 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
918 key_info |= version;
919 if (encr && sm->wpa == WPA_VERSION_WPA2)
920 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
921 if (sm->wpa != WPA_VERSION_WPA2)
922 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
923 WPA_PUT_BE16(key->key_info, key_info);
924
925 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
926 switch (alg) {
927 case WPA_CIPHER_CCMP:
928 WPA_PUT_BE16(key->key_length, 16);
929 break;
930 case WPA_CIPHER_TKIP:
931 WPA_PUT_BE16(key->key_length, 32);
932 break;
933 case WPA_CIPHER_WEP40:
934 WPA_PUT_BE16(key->key_length, 5);
935 break;
936 case WPA_CIPHER_WEP104:
937 WPA_PUT_BE16(key->key_length, 13);
938 break;
939 }
940 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
941 WPA_PUT_BE16(key->key_length, 0);
942
943 /* FIX: STSL: what to use as key_replay_counter? */
944 inc_byte_array(sm->key_replay_counter, WPA_REPLAY_COUNTER_LEN);
945 os_memcpy(key->replay_counter, sm->key_replay_counter,
946 WPA_REPLAY_COUNTER_LEN);
947 sm->key_replay_counter_valid = TRUE;
948
949 if (nonce)
950 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
951
952 if (key_rsc)
953 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
954
955 if (kde && !encr) {
956 os_memcpy(key + 1, kde, kde_len);
957 WPA_PUT_BE16(key->key_data_length, kde_len);
958 } else if (encr && kde) {
959 buf = os_zalloc(key_data_len);
960 if (buf == NULL) {
961 os_free(hdr);
962 return;
963 }
964 pos = buf;
965 os_memcpy(pos, kde, kde_len);
966 pos += kde_len;
967
968 if (pad_len)
969 *pos++ = 0xdd;
970
971 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
972 buf, key_data_len);
973 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
974 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
975 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
976 (u8 *) (key + 1))) {
977 os_free(hdr);
978 os_free(buf);
979 return;
980 }
981 WPA_PUT_BE16(key->key_data_length, key_data_len);
982 } else {
983 u8 ek[32];
984 os_memcpy(key->key_iv,
985 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
986 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
987 os_memcpy(ek, key->key_iv, 16);
988 os_memcpy(ek + 16, sm->PTK.kek, 16);
989 os_memcpy(key + 1, buf, key_data_len);
990 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
991 WPA_PUT_BE16(key->key_data_length, key_data_len);
992 }
993 os_free(buf);
994 }
995
996 if (key_info & WPA_KEY_INFO_MIC) {
997 if (!sm->PTK_valid) {
998 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
999 "PTK not valid when sending EAPOL-Key "
1000 "frame");
1001 os_free(hdr);
1002 return;
1003 }
1004 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1005 key->key_mic);
1006 }
1007
1008 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1009 1);
1010 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1011 sm->pairwise_set);
1012 os_free(hdr);
1013}
1014
1015
1016static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1017 struct wpa_state_machine *sm, int key_info,
1018 const u8 *key_rsc, const u8 *nonce,
1019 const u8 *kde, size_t kde_len,
1020 int keyidx, int encr)
1021{
1022 int timeout_ms;
1023 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1024
1025 if (sm == NULL)
1026 return;
1027
1028 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1029 keyidx, encr, 0);
1030
1031 timeout_ms = pairwise ? dot11RSNAConfigPairwiseUpdateTimeOut :
1032 dot11RSNAConfigGroupUpdateTimeOut;
1033 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1034 wpa_send_eapol_timeout, wpa_auth, sm);
1035}
1036
1037
1038static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1039{
1040 struct ieee802_1x_hdr *hdr;
1041 struct wpa_eapol_key *key;
1042 u16 key_info;
1043 int ret = 0;
1044 u8 mic[16];
1045
1046 if (data_len < sizeof(*hdr) + sizeof(*key))
1047 return -1;
1048
1049 hdr = (struct ieee802_1x_hdr *) data;
1050 key = (struct wpa_eapol_key *) (hdr + 1);
1051 key_info = WPA_GET_BE16(key->key_info);
1052 os_memcpy(mic, key->key_mic, 16);
1053 os_memset(key->key_mic, 0, 16);
1054 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1055 data, data_len, key->key_mic) ||
1056 os_memcmp(mic, key->key_mic, 16) != 0)
1057 ret = -1;
1058 os_memcpy(key->key_mic, mic, 16);
1059 return ret;
1060}
1061
1062
1063void wpa_remove_ptk(struct wpa_state_machine *sm)
1064{
1065 sm->PTK_valid = FALSE;
1066 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1067 wpa_auth_set_key(sm->wpa_auth, 0, "none", sm->addr, 0, (u8 *) "", 0);
1068 sm->pairwise_set = FALSE;
1069}
1070
1071
1072void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
1073{
1074 if (sm == NULL)
1075 return;
1076
1077 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1078 "event %d notification", event);
1079
1080 switch (event) {
1081 case WPA_AUTH:
1082 case WPA_ASSOC:
1083 break;
1084 case WPA_DEAUTH:
1085 case WPA_DISASSOC:
1086 sm->DeauthenticationRequest = TRUE;
1087 break;
1088 case WPA_REAUTH:
1089 case WPA_REAUTH_EAPOL:
1090 sm->ReAuthenticationRequest = TRUE;
1091 break;
1092 case WPA_ASSOC_FT:
1093#ifdef CONFIG_IEEE80211R
1094 /* Using FT protocol, not WPA auth state machine */
1095 sm->ft_completed = 1;
1096 return;
1097#else /* CONFIG_IEEE80211R */
1098 break;
1099#endif /* CONFIG_IEEE80211R */
1100 }
1101
1102#ifdef CONFIG_IEEE80211R
1103 sm->ft_completed = 0;
1104#endif /* CONFIG_IEEE80211R */
1105
1106 sm->PTK_valid = FALSE;
1107 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1108
1109 if (event != WPA_REAUTH_EAPOL)
1110 wpa_remove_ptk(sm);
1111
1112 wpa_sm_step(sm);
1113}
1114
1115
1116static const char * wpa_alg_txt(int alg)
1117{
1118 switch (alg) {
1119 case WPA_CIPHER_CCMP:
1120 return "CCMP";
1121 case WPA_CIPHER_TKIP:
1122 return "TKIP";
1123 case WPA_CIPHER_WEP104:
1124 case WPA_CIPHER_WEP40:
1125 return "WEP";
1126 default:
1127 return "";
1128 }
1129}
1130
1131
1132SM_STATE(WPA_PTK, INITIALIZE)
1133{
1134 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1135 if (sm->Init) {
1136 /* Init flag is not cleared here, so avoid busy
1137 * loop by claiming nothing changed. */
1138 sm->changed = FALSE;
1139 }
1140
1141 sm->keycount = 0;
1142 if (sm->GUpdateStationKeys)
1143 sm->group->GKeyDoneStations--;
1144 sm->GUpdateStationKeys = FALSE;
1145 if (sm->wpa == WPA_VERSION_WPA)
1146 sm->PInitAKeys = FALSE;
1147 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1148 * Local AA > Remote AA)) */) {
1149 sm->Pair = TRUE;
1150 }
1151 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1152 wpa_remove_ptk(sm);
1153 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1154 sm->TimeoutCtr = 0;
1155 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK ||
1156 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK) {
1157 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1158 WPA_EAPOL_authorized, 0);
1159 }
1160}
1161
1162
1163SM_STATE(WPA_PTK, DISCONNECT)
1164{
1165 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1166 sm->Disconnect = FALSE;
1167 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1168}
1169
1170
1171SM_STATE(WPA_PTK, DISCONNECTED)
1172{
1173 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1174 sm->DeauthenticationRequest = FALSE;
1175}
1176
1177
1178SM_STATE(WPA_PTK, AUTHENTICATION)
1179{
1180 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1181 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1182 sm->PTK_valid = FALSE;
1183 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1184 1);
1185 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1186 sm->AuthenticationRequest = FALSE;
1187}
1188
1189
1190SM_STATE(WPA_PTK, AUTHENTICATION2)
1191{
1192 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1193 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
1194 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1195 sm->ReAuthenticationRequest = FALSE;
1196 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1197 * logical place than INITIALIZE since AUTHENTICATION2 can be
1198 * re-entered on ReAuthenticationRequest without going through
1199 * INITIALIZE. */
1200 sm->TimeoutCtr = 0;
1201}
1202
1203
1204SM_STATE(WPA_PTK, INITPMK)
1205{
1206 u8 msk[2 * PMK_LEN];
1207 size_t len = 2 * PMK_LEN;
1208
1209 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1210#ifdef CONFIG_IEEE80211R
1211 sm->xxkey_len = 0;
1212#endif /* CONFIG_IEEE80211R */
1213 if (sm->pmksa) {
1214 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1215 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1216 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1217 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1218 "(len=%lu)", (unsigned long) len);
1219 os_memcpy(sm->PMK, msk, PMK_LEN);
1220#ifdef CONFIG_IEEE80211R
1221 if (len >= 2 * PMK_LEN) {
1222 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1223 sm->xxkey_len = PMK_LEN;
1224 }
1225#endif /* CONFIG_IEEE80211R */
1226 } else {
1227 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1228 }
1229
1230 sm->req_replay_counter_used = 0;
1231 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1232 * will break reauthentication since EAPOL state machines may not be
1233 * get into AUTHENTICATING state that clears keyRun before WPA state
1234 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1235 * state and takes PMK from the previously used AAA Key. This will
1236 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1237 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1238 * be good workaround for this issue. */
1239 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1240}
1241
1242
1243SM_STATE(WPA_PTK, INITPSK)
1244{
1245 const u8 *psk;
1246 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1247 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
1248 if (psk) {
1249 os_memcpy(sm->PMK, psk, PMK_LEN);
1250#ifdef CONFIG_IEEE80211R
1251 os_memcpy(sm->xxkey, psk, PMK_LEN);
1252 sm->xxkey_len = PMK_LEN;
1253#endif /* CONFIG_IEEE80211R */
1254 }
1255 sm->req_replay_counter_used = 0;
1256}
1257
1258
1259SM_STATE(WPA_PTK, PTKSTART)
1260{
1261 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1262 size_t pmkid_len = 0;
1263
1264 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1265 sm->PTKRequest = FALSE;
1266 sm->TimeoutEvt = FALSE;
1267 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1268 "sending 1/4 msg of 4-Way Handshake");
1269 /*
1270 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1271 * one possible PSK for this STA.
1272 */
1273 if (sm->wpa == WPA_VERSION_WPA2 &&
1274 sm->wpa_key_mgmt != WPA_KEY_MGMT_PSK) {
1275 pmkid = buf;
1276 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1277 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1278 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1279 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1280 if (sm->pmksa)
1281 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1282 sm->pmksa->pmkid, PMKID_LEN);
1283 else {
1284 /*
1285 * Calculate PMKID since no PMKSA cache entry was
1286 * available with pre-calculated PMKID.
1287 */
1288 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
1289 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN]);
1290 }
1291 }
1292 wpa_send_eapol(sm->wpa_auth, sm,
1293 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1294 sm->ANonce, pmkid, pmkid_len, 0, 0);
1295 sm->TimeoutCtr++;
1296}
1297
1298
1299static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1300 struct wpa_ptk *ptk)
1301{
1302#ifdef CONFIG_IEEE80211R
1303 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
1304 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK)
1305 return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
1306#endif /* CONFIG_IEEE80211R */
1307
1308 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1309 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
1310 (u8 *) ptk, sizeof(*ptk));
1311
1312 return 0;
1313}
1314
1315
1316SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1317{
1318 struct wpa_ptk PTK;
1319 int ok = 0;
1320 const u8 *pmk = NULL;
1321
1322 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1323 sm->EAPOLKeyReceived = FALSE;
1324
1325 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1326 * WPA-PSK: iterate through possible PSKs and select the one matching
1327 * the packet */
1328 for (;;) {
1329 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK ||
1330 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK) {
1331 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
1332 if (pmk == NULL)
1333 break;
1334 } else
1335 pmk = sm->PMK;
1336
1337 wpa_derive_ptk(sm, pmk, &PTK);
1338
1339 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1340 sm->last_rx_eapol_key_len) == 0) {
1341 ok = 1;
1342 break;
1343 }
1344
1345 if (sm->wpa_key_mgmt != WPA_KEY_MGMT_PSK &&
1346 sm->wpa_key_mgmt != WPA_KEY_MGMT_FT_PSK)
1347 break;
1348 }
1349
1350 if (!ok) {
1351 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1352 "invalid MIC in msg 2/4 of 4-Way Handshake");
1353 return;
1354 }
1355
1356 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1357
1358 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK ||
1359 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK) {
1360 /* PSK may have changed from the previous choice, so update
1361 * state machine data based on whatever PSK was selected here.
1362 */
1363 os_memcpy(sm->PMK, pmk, PMK_LEN);
1364 }
1365
1366 sm->MICVerified = TRUE;
1367
1368 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1369 sm->PTK_valid = TRUE;
1370}
1371
1372
1373SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1374{
1375 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1376 sm->TimeoutCtr = 0;
1377}
1378
1379
1380#ifdef CONFIG_IEEE80211W
1381
1382static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1383{
1384 if (sm->mgmt_frame_prot) {
1385 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
1386 }
1387
1388 return 0;
1389}
1390
1391
1392static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1393{
1394 struct wpa_igtk_kde igtk;
1395 struct wpa_group *gsm = sm->group;
1396
1397 if (!sm->mgmt_frame_prot)
1398 return pos;
1399
1400 igtk.keyid[0] = gsm->GN_igtk;
1401 igtk.keyid[1] = 0;
1402 if (wpa_auth_get_seqnum_igtk(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn)
1403 < 0)
1404 os_memset(igtk.pn, 0, sizeof(igtk.pn));
1405 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
1406 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1407 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
1408
1409 return pos;
1410}
1411
1412#else /* CONFIG_IEEE80211W */
1413
1414static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1415{
1416 return 0;
1417}
1418
1419
1420static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1421{
1422 return pos;
1423}
1424
1425#endif /* CONFIG_IEEE80211W */
1426
1427
1428SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1429{
1430 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
1431 size_t gtk_len, kde_len;
1432 struct wpa_group *gsm = sm->group;
1433 u8 *wpa_ie;
1434 int wpa_ie_len, secure, keyidx, encr = 0;
1435
1436 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1437 sm->TimeoutEvt = FALSE;
1438 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, GTK[GN])
1439 */
1440 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1441 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1442 wpa_ie = sm->wpa_auth->wpa_ie;
1443 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
1444 if (sm->wpa == WPA_VERSION_WPA &&
1445 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
1446 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
1447 /* WPA-only STA, remove RSN IE */
1448 wpa_ie = wpa_ie + wpa_ie[1] + 2;
1449 wpa_ie_len = wpa_ie[1] + 2;
1450 }
1451 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1452 "sending 3/4 msg of 4-Way Handshake");
1453 if (sm->wpa == WPA_VERSION_WPA2) {
1454 /* WPA2 send GTK in the 4-way handshake */
1455 secure = 1;
1456 gtk = gsm->GTK[gsm->GN - 1];
1457 gtk_len = gsm->GTK_len;
1458 keyidx = gsm->GN;
1459 _rsc = rsc;
1460 encr = 1;
1461 } else {
1462 /* WPA does not include GTK in msg 3/4 */
1463 secure = 0;
1464 gtk = NULL;
1465 gtk_len = 0;
1466 keyidx = 0;
1467 _rsc = NULL;
1468 }
1469
1470 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
1471 if (gtk)
1472 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
1473 kde = os_malloc(kde_len);
1474 if (kde == NULL)
1475 return;
1476
1477 pos = kde;
1478 os_memcpy(pos, wpa_ie, wpa_ie_len);
1479 pos += wpa_ie_len;
1480 if (gtk) {
1481 u8 hdr[2];
1482 hdr[0] = keyidx & 0x03;
1483 hdr[1] = 0;
1484 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1485 gtk, gtk_len);
1486 }
1487 pos = ieee80211w_kde_add(sm, pos);
1488
1489 wpa_send_eapol(sm->wpa_auth, sm,
1490 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
1491 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
1492 WPA_KEY_INFO_KEY_TYPE,
1493 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
1494 os_free(kde);
1495 sm->TimeoutCtr++;
1496}
1497
1498
1499SM_STATE(WPA_PTK, PTKINITDONE)
1500{
1501 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
1502 sm->EAPOLKeyReceived = FALSE;
1503 if (sm->Pair) {
1504 char *alg;
1505 int klen;
1506 if (sm->pairwise == WPA_CIPHER_TKIP) {
1507 alg = "TKIP";
1508 klen = 32;
1509 } else {
1510 alg = "CCMP";
1511 klen = 16;
1512 }
1513 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
1514 sm->PTK.tk1, klen)) {
1515 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1516 return;
1517 }
1518 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1519 sm->pairwise_set = TRUE;
1520
1521 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK ||
1522 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK) {
1523 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1524 WPA_EAPOL_authorized, 1);
1525 }
1526 }
1527
1528 if (0 /* IBSS == TRUE */) {
1529 sm->keycount++;
1530 if (sm->keycount == 2) {
1531 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1532 WPA_EAPOL_portValid, 1);
1533 }
1534 } else {
1535 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
1536 1);
1537 }
1538 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
1539 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
1540 if (sm->wpa == WPA_VERSION_WPA)
1541 sm->PInitAKeys = TRUE;
1542 else
1543 sm->has_GTK = TRUE;
1544 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1545 "pairwise key handshake completed (%s)",
1546 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1547
1548#ifdef CONFIG_IEEE80211R
1549 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
1550#endif /* CONFIG_IEEE80211R */
1551}
1552
1553
1554SM_STEP(WPA_PTK)
1555{
1556 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
1557
1558 if (sm->Init)
1559 SM_ENTER(WPA_PTK, INITIALIZE);
1560 else if (sm->Disconnect
1561 /* || FIX: dot11RSNAConfigSALifetime timeout */)
1562 SM_ENTER(WPA_PTK, DISCONNECT);
1563 else if (sm->DeauthenticationRequest)
1564 SM_ENTER(WPA_PTK, DISCONNECTED);
1565 else if (sm->AuthenticationRequest)
1566 SM_ENTER(WPA_PTK, AUTHENTICATION);
1567 else if (sm->ReAuthenticationRequest)
1568 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1569 else if (sm->PTKRequest)
1570 SM_ENTER(WPA_PTK, PTKSTART);
1571 else switch (sm->wpa_ptk_state) {
1572 case WPA_PTK_INITIALIZE:
1573 break;
1574 case WPA_PTK_DISCONNECT:
1575 SM_ENTER(WPA_PTK, DISCONNECTED);
1576 break;
1577 case WPA_PTK_DISCONNECTED:
1578 SM_ENTER(WPA_PTK, INITIALIZE);
1579 break;
1580 case WPA_PTK_AUTHENTICATION:
1581 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1582 break;
1583 case WPA_PTK_AUTHENTICATION2:
1584 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
1585 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) &&
1586 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1587 WPA_EAPOL_keyRun) > 0)
1588 SM_ENTER(WPA_PTK, INITPMK);
1589 else if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK ||
1590 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK)
1591 /* FIX: && 802.1X::keyRun */)
1592 SM_ENTER(WPA_PTK, INITPSK);
1593 break;
1594 case WPA_PTK_INITPMK:
1595 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1596 WPA_EAPOL_keyAvailable) > 0)
1597 SM_ENTER(WPA_PTK, PTKSTART);
1598 else {
1599 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1600 SM_ENTER(WPA_PTK, DISCONNECT);
1601 }
1602 break;
1603 case WPA_PTK_INITPSK:
1604 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
1605 SM_ENTER(WPA_PTK, PTKSTART);
1606 else {
1607 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1608 "no PSK configured for the STA");
1609 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1610 SM_ENTER(WPA_PTK, DISCONNECT);
1611 }
1612 break;
1613 case WPA_PTK_PTKSTART:
1614 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1615 sm->EAPOLKeyPairwise)
1616 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1617 else if (sm->TimeoutCtr >
1618 (int) dot11RSNAConfigPairwiseUpdateCount) {
1619 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1620 SM_ENTER(WPA_PTK, DISCONNECT);
1621 } else if (sm->TimeoutEvt)
1622 SM_ENTER(WPA_PTK, PTKSTART);
1623 break;
1624 case WPA_PTK_PTKCALCNEGOTIATING:
1625 if (sm->MICVerified)
1626 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
1627 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1628 sm->EAPOLKeyPairwise)
1629 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1630 else if (sm->TimeoutEvt)
1631 SM_ENTER(WPA_PTK, PTKSTART);
1632 break;
1633 case WPA_PTK_PTKCALCNEGOTIATING2:
1634 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1635 break;
1636 case WPA_PTK_PTKINITNEGOTIATING:
1637 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1638 sm->EAPOLKeyPairwise && sm->MICVerified)
1639 SM_ENTER(WPA_PTK, PTKINITDONE);
1640 else if (sm->TimeoutCtr >
1641 (int) dot11RSNAConfigPairwiseUpdateCount) {
1642 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1643 SM_ENTER(WPA_PTK, DISCONNECT);
1644 } else if (sm->TimeoutEvt)
1645 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1646 break;
1647 case WPA_PTK_PTKINITDONE:
1648 break;
1649 }
1650}
1651
1652
1653SM_STATE(WPA_PTK_GROUP, IDLE)
1654{
1655 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
1656 if (sm->Init) {
1657 /* Init flag is not cleared here, so avoid busy
1658 * loop by claiming nothing changed. */
1659 sm->changed = FALSE;
1660 }
1661 sm->GTimeoutCtr = 0;
1662}
1663
1664
1665SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
1666{
1667 u8 rsc[WPA_KEY_RSC_LEN];
1668 struct wpa_group *gsm = sm->group;
1669 u8 *kde, *pos, hdr[2];
1670 size_t kde_len;
1671
1672 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
1673 if (sm->wpa == WPA_VERSION_WPA)
1674 sm->PInitAKeys = FALSE;
1675 sm->TimeoutEvt = FALSE;
1676 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
1677 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1678 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
1679 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1680 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1681 "sending 1/2 msg of Group Key Handshake");
1682
1683 if (sm->wpa == WPA_VERSION_WPA2) {
1684 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
1685 ieee80211w_kde_len(sm);
1686 kde = os_malloc(kde_len);
1687 if (kde == NULL)
1688 return;
1689
1690 pos = kde;
1691 hdr[0] = gsm->GN & 0x03;
1692 hdr[1] = 0;
1693 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1694 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
1695 pos = ieee80211w_kde_add(sm, pos);
1696 } else {
1697 kde = gsm->GTK[gsm->GN - 1];
1698 pos = kde + gsm->GTK_len;
1699 }
1700
1701 wpa_send_eapol(sm->wpa_auth, sm,
1702 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1703 WPA_KEY_INFO_ACK |
1704 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
1705 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
1706 if (sm->wpa == WPA_VERSION_WPA2)
1707 os_free(kde);
1708 sm->GTimeoutCtr++;
1709}
1710
1711
1712SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
1713{
1714 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
1715 sm->EAPOLKeyReceived = FALSE;
1716 if (sm->GUpdateStationKeys)
1717 sm->group->GKeyDoneStations--;
1718 sm->GUpdateStationKeys = FALSE;
1719 sm->GTimeoutCtr = 0;
1720 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
1721 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1722 "group key handshake completed (%s)",
1723 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1724 sm->has_GTK = TRUE;
1725}
1726
1727
1728SM_STATE(WPA_PTK_GROUP, KEYERROR)
1729{
1730 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
1731 if (sm->GUpdateStationKeys)
1732 sm->group->GKeyDoneStations--;
1733 sm->GUpdateStationKeys = FALSE;
1734 sm->Disconnect = TRUE;
1735}
1736
1737
1738SM_STEP(WPA_PTK_GROUP)
1739{
1740 if (sm->Init)
1741 SM_ENTER(WPA_PTK_GROUP, IDLE);
1742 else switch (sm->wpa_ptk_group_state) {
1743 case WPA_PTK_GROUP_IDLE:
1744 if (sm->GUpdateStationKeys ||
1745 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
1746 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1747 break;
1748 case WPA_PTK_GROUP_REKEYNEGOTIATING:
1749 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1750 !sm->EAPOLKeyPairwise && sm->MICVerified)
1751 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
1752 else if (sm->GTimeoutCtr >
1753 (int) dot11RSNAConfigGroupUpdateCount)
1754 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
1755 else if (sm->TimeoutEvt)
1756 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1757 break;
1758 case WPA_PTK_GROUP_KEYERROR:
1759 SM_ENTER(WPA_PTK_GROUP, IDLE);
1760 break;
1761 case WPA_PTK_GROUP_REKEYESTABLISHED:
1762 SM_ENTER(WPA_PTK_GROUP, IDLE);
1763 break;
1764 }
1765}
1766
1767
1768static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
1769 struct wpa_group *group)
1770{
1771 int ret = 0;
1772
1773 /* FIX: is this the correct way of getting GNonce? */
1774 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
1775 inc_byte_array(group->Counter, WPA_NONCE_LEN);
1776 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce,
1777 group->GTK[group->GN - 1], group->GTK_len);
1778
1779#ifdef CONFIG_IEEE80211W
1780 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
1781 if (os_get_random(group->IGTK[group->GN_igtk - 4],
1782 WPA_IGTK_LEN) < 0) {
1783 wpa_printf(MSG_INFO, "RSN: Failed to get new random "
1784 "IGTK");
1785 ret = -1;
1786 }
1787 wpa_hexdump_key(MSG_DEBUG, "IGTK",
1788 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
1789 }
1790#endif /* CONFIG_IEEE80211W */
1791
1792 return ret;
1793}
1794
1795
1796static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
1797 struct wpa_group *group)
1798{
1799 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1800 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
1801 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
1802 group->wpa_group_state = WPA_GROUP_GTK_INIT;
1803
1804 /* GTK[0..N] = 0 */
1805 os_memset(group->GTK, 0, sizeof(group->GTK));
1806 group->GN = 1;
1807 group->GM = 2;
1808#ifdef CONFIG_IEEE80211W
1809 group->GN_igtk = 4;
1810 group->GM_igtk = 5;
1811#endif /* CONFIG_IEEE80211W */
1812 /* GTK[GN] = CalcGTK() */
1813 wpa_gtk_update(wpa_auth, group);
1814}
1815
1816
1817static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
1818{
1819 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
1820 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1821 "Not in PTKINITDONE; skip Group Key update");
1822 return 0;
1823 }
1824 sm->group->GKeyDoneStations++;
1825 sm->GUpdateStationKeys = TRUE;
1826 wpa_sm_step(sm);
1827 return 0;
1828}
1829
1830
1831static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
1832 struct wpa_group *group)
1833{
1834 int tmp;
1835
1836 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1837 "SETKEYS (VLAN-ID %d)", group->vlan_id);
1838 group->changed = TRUE;
1839 group->wpa_group_state = WPA_GROUP_SETKEYS;
1840 group->GTKReKey = FALSE;
1841 tmp = group->GM;
1842 group->GM = group->GN;
1843 group->GN = tmp;
1844#ifdef CONFIG_IEEE80211W
1845 tmp = group->GM_igtk;
1846 group->GM_igtk = group->GN_igtk;
1847 group->GN_igtk = tmp;
1848#endif /* CONFIG_IEEE80211W */
1849 /* "GKeyDoneStations = GNoStations" is done in more robust way by
1850 * counting the STAs that are marked with GUpdateStationKeys instead of
1851 * including all STAs that could be in not-yet-completed state. */
1852 wpa_gtk_update(wpa_auth, group);
1853
1854 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
1855 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
1856 group->GKeyDoneStations);
1857}
1858
1859
1860static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
1861 struct wpa_group *group)
1862{
1863 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1864 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
1865 group->changed = TRUE;
1866 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
1867 wpa_auth_set_key(wpa_auth, group->vlan_id,
1868 wpa_alg_txt(wpa_auth->conf.wpa_group),
1869 NULL, group->GN, group->GTK[group->GN - 1],
1870 group->GTK_len);
1871
1872#ifdef CONFIG_IEEE80211W
1873 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
1874 wpa_auth_set_key(wpa_auth, group->vlan_id, "IGTK",
1875 NULL, group->GN_igtk,
1876 group->IGTK[group->GN_igtk - 4],
1877 WPA_IGTK_LEN);
1878 }
1879#endif /* CONFIG_IEEE80211W */
1880}
1881
1882
1883static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
1884 struct wpa_group *group)
1885{
1886 if (group->GInit) {
1887 wpa_group_gtk_init(wpa_auth, group);
1888 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
1889 group->GTKAuthenticator) {
1890 wpa_group_setkeysdone(wpa_auth, group);
1891 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
1892 group->GTKReKey) {
1893 wpa_group_setkeys(wpa_auth, group);
1894 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
1895 if (group->GKeyDoneStations == 0)
1896 wpa_group_setkeysdone(wpa_auth, group);
1897 else if (group->GTKReKey)
1898 wpa_group_setkeys(wpa_auth, group);
1899 }
1900}
1901
1902
1903static void wpa_sm_step(struct wpa_state_machine *sm)
1904{
1905 if (sm == NULL)
1906 return;
1907
1908 if (sm->in_step_loop) {
1909 /* This should not happen, but if it does, make sure we do not
1910 * end up freeing the state machine too early by exiting the
1911 * recursive call. */
1912 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
1913 return;
1914 }
1915
1916 sm->in_step_loop = 1;
1917 do {
1918 if (sm->pending_deinit)
1919 break;
1920
1921 sm->changed = FALSE;
1922 sm->wpa_auth->group->changed = FALSE;
1923
1924 SM_STEP_RUN(WPA_PTK);
1925 if (sm->pending_deinit)
1926 break;
1927 SM_STEP_RUN(WPA_PTK_GROUP);
1928 if (sm->pending_deinit)
1929 break;
1930 wpa_group_sm_step(sm->wpa_auth, sm->group);
1931 } while (sm->changed || sm->wpa_auth->group->changed);
1932 sm->in_step_loop = 0;
1933
1934 if (sm->pending_deinit) {
1935 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
1936 "machine deinit for " MACSTR, MAC2STR(sm->addr));
1937 wpa_free_sta_sm(sm);
1938 }
1939}
1940
1941
1942static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
1943{
1944 struct wpa_state_machine *sm = eloop_ctx;
1945 wpa_sm_step(sm);
1946}
1947
1948
1949void wpa_auth_sm_notify(struct wpa_state_machine *sm)
1950{
1951 if (sm == NULL)
1952 return;
1953 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
1954}
1955
1956
1957void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
1958{
1959 int tmp, i;
1960 struct wpa_group *group;
1961
1962 if (wpa_auth == NULL)
1963 return;
1964
1965 group = wpa_auth->group;
1966
1967 for (i = 0; i < 2; i++) {
1968 tmp = group->GM;
1969 group->GM = group->GN;
1970 group->GN = tmp;
1971#ifdef CONFIG_IEEE80211W
1972 tmp = group->GM_igtk;
1973 group->GM_igtk = group->GN_igtk;
1974 group->GN_igtk = tmp;
1975#endif /* CONFIG_IEEE80211W */
1976 wpa_gtk_update(wpa_auth, group);
1977 }
1978}
1979
1980
1981static const char * wpa_bool_txt(int bool)
1982{
1983 return bool ? "TRUE" : "FALSE";
1984}
1985
1986
1987static int wpa_cipher_bits(int cipher)
1988{
1989 switch (cipher) {
1990 case WPA_CIPHER_CCMP:
1991 return 128;
1992 case WPA_CIPHER_TKIP:
1993 return 256;
1994 case WPA_CIPHER_WEP104:
1995 return 104;
1996 case WPA_CIPHER_WEP40:
1997 return 40;
1998 default:
1999 return 0;
2000 }
2001}
2002
2003
2004#define RSN_SUITE "%02x-%02x-%02x-%d"
2005#define RSN_SUITE_ARG(s) \
2006((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2007
2008int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2009{
2010 int len = 0, ret;
2011 char pmkid_txt[PMKID_LEN * 2 + 1];
2012
2013 if (wpa_auth == NULL)
2014 return len;
2015
2016 ret = os_snprintf(buf + len, buflen - len,
2017 "dot11RSNAOptionImplemented=TRUE\n"
2018#ifdef CONFIG_RSN_PREAUTH
2019 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2020#else /* CONFIG_RSN_PREAUTH */
2021 "dot11RSNAPreauthenticationImplemented=FALSE\n"
2022#endif /* CONFIG_RSN_PREAUTH */
2023 "dot11RSNAEnabled=%s\n"
2024 "dot11RSNAPreauthenticationEnabled=%s\n",
2025 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2026 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2027 if (ret < 0 || (size_t) ret >= buflen - len)
2028 return len;
2029 len += ret;
2030
2031 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2032 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2033
2034 ret = os_snprintf(
2035 buf + len, buflen - len,
2036 "dot11RSNAConfigVersion=%u\n"
2037 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2038 /* FIX: dot11RSNAConfigGroupCipher */
2039 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2040 /* FIX: dot11RSNAConfigGroupRekeyTime */
2041 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2042 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2043 "dot11RSNAConfigGroupUpdateCount=%u\n"
2044 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2045 "dot11RSNAConfigGroupCipherSize=%u\n"
2046 "dot11RSNAConfigPMKLifetime=%u\n"
2047 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2048 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2049 "dot11RSNAConfigSATimeout=%u\n"
2050 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2051 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2052 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2053 "dot11RSNAPMKIDUsed=%s\n"
2054 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2055 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2056 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2057 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2058 "dot11RSNA4WayHandshakeFailures=%u\n"
2059 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2060 RSN_VERSION,
2061 !!wpa_auth->conf.wpa_strict_rekey,
2062 dot11RSNAConfigGroupUpdateCount,
2063 dot11RSNAConfigPairwiseUpdateCount,
2064 wpa_cipher_bits(wpa_auth->conf.wpa_group),
2065 dot11RSNAConfigPMKLifetime,
2066 dot11RSNAConfigPMKReauthThreshold,
2067 dot11RSNAConfigSATimeout,
2068 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2069 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2070 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2071 pmkid_txt,
2072 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2073 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2074 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2075 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2076 wpa_auth->dot11RSNA4WayHandshakeFailures);
2077 if (ret < 0 || (size_t) ret >= buflen - len)
2078 return len;
2079 len += ret;
2080
2081 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2082 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2083
2084 /* Private MIB */
2085 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2086 wpa_auth->group->wpa_group_state);
2087 if (ret < 0 || (size_t) ret >= buflen - len)
2088 return len;
2089 len += ret;
2090
2091 return len;
2092}
2093
2094
2095int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2096{
2097 int len = 0, ret;
2098 u32 pairwise = 0;
2099
2100 if (sm == NULL)
2101 return 0;
2102
2103 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2104
2105 /* dot11RSNAStatsEntry */
2106
2107 if (sm->wpa == WPA_VERSION_WPA) {
2108 if (sm->pairwise == WPA_CIPHER_CCMP)
2109 pairwise = WPA_CIPHER_SUITE_CCMP;
2110 else if (sm->pairwise == WPA_CIPHER_TKIP)
2111 pairwise = WPA_CIPHER_SUITE_TKIP;
2112 else if (sm->pairwise == WPA_CIPHER_WEP104)
2113 pairwise = WPA_CIPHER_SUITE_WEP104;
2114 else if (sm->pairwise == WPA_CIPHER_WEP40)
2115 pairwise = WPA_CIPHER_SUITE_WEP40;
2116 else if (sm->pairwise == WPA_CIPHER_NONE)
2117 pairwise = WPA_CIPHER_SUITE_NONE;
2118 } else if (sm->wpa == WPA_VERSION_WPA2) {
2119 if (sm->pairwise == WPA_CIPHER_CCMP)
2120 pairwise = RSN_CIPHER_SUITE_CCMP;
2121 else if (sm->pairwise == WPA_CIPHER_TKIP)
2122 pairwise = RSN_CIPHER_SUITE_TKIP;
2123 else if (sm->pairwise == WPA_CIPHER_WEP104)
2124 pairwise = RSN_CIPHER_SUITE_WEP104;
2125 else if (sm->pairwise == WPA_CIPHER_WEP40)
2126 pairwise = RSN_CIPHER_SUITE_WEP40;
2127 else if (sm->pairwise == WPA_CIPHER_NONE)
2128 pairwise = RSN_CIPHER_SUITE_NONE;
2129 } else
2130 return 0;
2131
2132 ret = os_snprintf(
2133 buf + len, buflen - len,
2134 /* TODO: dot11RSNAStatsIndex */
2135 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2136 "dot11RSNAStatsVersion=1\n"
2137 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2138 /* TODO: dot11RSNAStatsTKIPICVErrors */
2139 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2140 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
2141 /* TODO: dot11RSNAStatsCCMPReplays */
2142 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2143 /* TODO: dot11RSNAStatsTKIPReplays */,
2144 MAC2STR(sm->addr),
2145 RSN_SUITE_ARG(pairwise),
2146 sm->dot11RSNAStatsTKIPLocalMICFailures,
2147 sm->dot11RSNAStatsTKIPRemoteMICFailures);
2148 if (ret < 0 || (size_t) ret >= buflen - len)
2149 return len;
2150 len += ret;
2151
2152 /* Private MIB */
2153 ret = os_snprintf(buf + len, buflen - len,
2154 "hostapdWPAPTKState=%d\n"
2155 "hostapdWPAPTKGroupState=%d\n",
2156 sm->wpa_ptk_state,
2157 sm->wpa_ptk_group_state);
2158 if (ret < 0 || (size_t) ret >= buflen - len)
2159 return len;
2160 len += ret;
2161
2162 return len;
2163}
2164
2165
2166void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2167{
2168 if (wpa_auth)
2169 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2170}
2171
2172
2173int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2174{
2175 return sm && sm->pairwise_set;
2176}
2177
2178
2179int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2180{
2181 if (sm == NULL)
2182 return -1;
2183 return sm->wpa_key_mgmt;
2184}
2185
2186
2187int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
2188{
2189 if (sm == NULL)
2190 return 0;
2191 return sm->wpa;
2192}
2193
2194
2195int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
2196 struct rsn_pmksa_cache_entry *entry)
2197{
2198 if (sm == NULL || sm->pmksa != entry)
2199 return -1;
2200 sm->pmksa = NULL;
2201 return 0;
2202}
2203
2204
2205struct rsn_pmksa_cache_entry *
2206wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
2207{
2208 return sm ? sm->pmksa : NULL;
2209}
2210
2211
2212void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
2213{
2214 if (sm)
2215 sm->dot11RSNAStatsTKIPLocalMICFailures++;
2216}
2217
2218
2219const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
2220{
2221 if (wpa_auth == NULL)
2222 return NULL;
2223 *len = wpa_auth->wpa_ie_len;
2224 return wpa_auth->wpa_ie;
2225}
2226
2227
2228int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
2229 int session_timeout, struct eapol_state_machine *eapol)
2230{
2231 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
2232 return -1;
2233
2234 if (pmksa_cache_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
2235 sm->wpa_auth->addr, sm->addr, session_timeout,
2236 eapol))
2237 return 0;
2238
2239 return -1;
2240}
2241
2242
2243int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
2244 const u8 *pmk, size_t len, const u8 *sta_addr,
2245 int session_timeout,
2246 struct eapol_state_machine *eapol)
2247{
2248 if (wpa_auth == NULL)
2249 return -1;
2250
2251 if (pmksa_cache_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
2252 sta_addr, session_timeout, eapol))
2253 return 0;
2254
2255 return -1;
2256}
2257
2258
2259static struct wpa_group *
2260wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
2261{
2262 struct wpa_group *group;
2263
2264 if (wpa_auth == NULL || wpa_auth->group == NULL)
2265 return NULL;
2266
2267 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
2268 vlan_id);
2269 group = wpa_group_init(wpa_auth, vlan_id);
2270 if (group == NULL)
2271 return NULL;
2272
2273 group->next = wpa_auth->group->next;
2274 wpa_auth->group->next = group;
2275
2276 return group;
2277}
2278
2279
2280int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
2281{
2282 struct wpa_group *group;
2283
2284 if (sm == NULL || sm->wpa_auth == NULL)
2285 return 0;
2286
2287 group = sm->wpa_auth->group;
2288 while (group) {
2289 if (group->vlan_id == vlan_id)
2290 break;
2291 group = group->next;
2292 }
2293
2294 if (group == NULL) {
2295 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
2296 if (group == NULL)
2297 return -1;
2298 }
2299
2300 if (sm->group == group)
2301 return 0;
2302
2303 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
2304 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
2305
2306 sm->group = group;
2307 return 0;
2308}
2309
2310#endif /* CONFIG_NATIVE_WINDOWS */
Unnamed repository; edit this file 'description' to name the repository.