]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
FILS: Do not try to add PMKSA cache entry if caching is disabled
[thirdparty/hostap.git] / src / ap / wpa_auth.c
CommitLineData
6fc6879b 1/*
00338a4f 2 * IEEE 802.11 RSN / WPA Authenticator
bb05d036 3 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
6fc6879b 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
6fc6879b
JM		 7 */
8
6226e38d 9#include "utils/includes.h"
6fc6879b 10
6226e38d
JM		 11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/state_machine.h"
25ef8529 14#include "utils/bitfield.h"
81f4f619 15#include "common/ieee802_11_defs.h"
17c2559c 16#include "common/ocv.h"
3b5b7aa8 17#include "crypto/aes.h"
03da66bd 18#include "crypto/aes_wrap.h"
3b5b7aa8 19#include "crypto/aes_siv.h"
03da66bd
JM		 20#include "crypto/crypto.h"
21#include "crypto/sha1.h"
22#include "crypto/sha256.h"
c6eb3e34 23#include "crypto/sha384.h"
3642c431 24#include "crypto/random.h"
281c950b 25#include "eapol_auth/eapol_auth_sm.h"
17c2559c 26#include "drivers/driver.h"
6226e38d 27#include "ap_config.h"
6fc6879b 28#include "ieee802_11.h"
6226e38d
JM		 29#include "wpa_auth.h"
30#include "pmksa_cache_auth.h"
6fc6879b
JM		 31#include "wpa_auth_i.h"
32#include "wpa_auth_ie.h"
33
34#define STATE_MACHINE_DATA struct wpa_state_machine
35#define STATE_MACHINE_DEBUG_PREFIX "WPA"
36#define STATE_MACHINE_ADDR sm->addr
37
38
39static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
e4a6ea1d 40static int wpa_sm_step(struct wpa_state_machine *sm);
567da5bb
JM		 41static int wpa_verify_key_mic(int akmp, size_t pmk_len, struct wpa_ptk *PTK,
42 u8 *data, size_t data_len);
75c8563e
JM		 43#ifdef CONFIG_FILS
44static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
45 u8 *buf, size_t buf_len, u16 *_key_data_len);
9392859d
JM		 46static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm,
47 const struct wpabuf *hlp);
75c8563e 48#endif /* CONFIG_FILS */
6fc6879b
JM		 49static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
50static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
51 struct wpa_group *group);
581a8cde 52static void wpa_request_new_ptk(struct wpa_state_machine *sm);
e6965d4e
JM		 53static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
54 struct wpa_group *group);
1bdb7ab3
JM		 55static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
56 struct wpa_group *group);
f23c5b17 57static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
207976f0
JM		 58 const u8 *pmk, unsigned int pmk_len,
59 struct wpa_ptk *ptk);
a0ad9e8c
MB		 60static void wpa_group_free(struct wpa_authenticator *wpa_auth,
61 struct wpa_group *group);
62static void wpa_group_get(struct wpa_authenticator *wpa_auth,
63 struct wpa_group *group);
64static void wpa_group_put(struct wpa_authenticator *wpa_auth,
65 struct wpa_group *group);
e73ffa09 66static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos);
6fc6879b 67
bae61562
JM		 68static const u32 eapol_key_timeout_first = 100; /* ms */
69static const u32 eapol_key_timeout_subseq = 1000; /* ms */
00338a4f 70static const u32 eapol_key_timeout_first_group = 500; /* ms */
6f234c1e 71static const u32 eapol_key_timeout_no_retrans = 4000; /* ms */
6fc6879b
JM		 72
73/* TODO: make these configurable */
74static const int dot11RSNAConfigPMKLifetime = 43200;
75static const int dot11RSNAConfigPMKReauthThreshold = 70;
76static const int dot11RSNAConfigSATimeout = 60;
77
78
c772d054 79static inline int wpa_auth_mic_failure_report(
6fc6879b
JM		 80 struct wpa_authenticator *wpa_auth, const u8 *addr)
81{
cef8fac0
JB		 82 if (wpa_auth->cb->mic_failure_report)
83 return wpa_auth->cb->mic_failure_report(wpa_auth->cb_ctx, addr);
c772d054 84 return 0;
6fc6879b
JM		 85}
86
87
2c502460
JM		 88static inline void wpa_auth_psk_failure_report(
89 struct wpa_authenticator *wpa_auth, const u8 *addr)
90{
cef8fac0
JB		 91 if (wpa_auth->cb->psk_failure_report)
92 wpa_auth->cb->psk_failure_report(wpa_auth->cb_ctx, addr);
2c502460
JM		 93}
94
95
6fc6879b
JM		 96static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
97 const u8 *addr, wpa_eapol_variable var,
98 int value)
99{
cef8fac0
JB		 100 if (wpa_auth->cb->set_eapol)
101 wpa_auth->cb->set_eapol(wpa_auth->cb_ctx, addr, var, value);
6fc6879b
JM		 102}
103
104
105static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
106 const u8 *addr, wpa_eapol_variable var)
107{
cef8fac0 108 if (wpa_auth->cb->get_eapol == NULL)
6fc6879b 109 return -1;
cef8fac0 110 return wpa_auth->cb->get_eapol(wpa_auth->cb_ctx, addr, var);
6fc6879b
JM		 111}
112
113
114static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
759fd76b
JM		 115 const u8 *addr,
116 const u8 *p2p_dev_addr,
dbfa691d
JM		 117 const u8 *prev_psk, size_t *psk_len,
118 int *vlan_id)
6fc6879b 119{
cef8fac0 120 if (wpa_auth->cb->get_psk == NULL)
6fc6879b 121 return NULL;
cef8fac0 122 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
dbfa691d 123 prev_psk, psk_len, vlan_id);
6fc6879b
JM		 124}
125
126
127static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
128 const u8 *addr, u8 *msk, size_t *len)
129{
cef8fac0 130 if (wpa_auth->cb->get_msk == NULL)
6fc6879b 131 return -1;
cef8fac0 132 return wpa_auth->cb->get_msk(wpa_auth->cb_ctx, addr, msk, len);
6fc6879b
JM		 133}
134
135
136static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
137 int vlan_id,
71934751 138 enum wpa_alg alg, const u8 *addr, int idx,
6fc6879b
JM		 139 u8 *key, size_t key_len)
140{
cef8fac0 141 if (wpa_auth->cb->set_key == NULL)
6fc6879b 142 return -1;
cef8fac0
JB		 143 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
144 key, key_len);
6fc6879b
JM		 145}
146
147
148static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
149 const u8 *addr, int idx, u8 *seq)
150{
cef8fac0 151 if (wpa_auth->cb->get_seqnum == NULL)
6fc6879b 152 return -1;
cef8fac0 153 return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
6fc6879b
JM		 154}
155
156
6fc6879b
JM		 157static inline int
158wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
159 const u8 *data, size_t data_len, int encrypt)
160{
cef8fac0 161 if (wpa_auth->cb->send_eapol == NULL)
6fc6879b 162 return -1;
cef8fac0
JB		 163 return wpa_auth->cb->send_eapol(wpa_auth->cb_ctx, addr, data, data_len,
164 encrypt);
6fc6879b
JM		 165}
166
167
c50d94f1
BC		 168#ifdef CONFIG_MESH
169static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
170 const u8 *addr)
171{
cef8fac0 172 if (wpa_auth->cb->start_ampe == NULL)
c50d94f1 173 return -1;
cef8fac0 174 return wpa_auth->cb->start_ampe(wpa_auth->cb_ctx, addr);
c50d94f1
BC		 175}
176#endif /* CONFIG_MESH */
177
178
6fc6879b
JM		 179int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
180 int (*cb)(struct wpa_state_machine *sm, void *ctx),
181 void *cb_ctx)
182{
cef8fac0 183 if (wpa_auth->cb->for_each_sta == NULL)
6fc6879b 184 return 0;
cef8fac0 185 return wpa_auth->cb->for_each_sta(wpa_auth->cb_ctx, cb, cb_ctx);
6fc6879b
JM		 186}
187
188
bf98f7f3
JM		 189int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
190 int (*cb)(struct wpa_authenticator *a, void *ctx),
191 void *cb_ctx)
192{
cef8fac0 193 if (wpa_auth->cb->for_each_auth == NULL)
bf98f7f3 194 return 0;
cef8fac0 195 return wpa_auth->cb->for_each_auth(wpa_auth->cb_ctx, cb, cb_ctx);
bf98f7f3
JM		 196}
197
198
6fc6879b
JM		 199void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
200 logger_level level, const char *txt)
201{
cef8fac0 202 if (wpa_auth->cb->logger == NULL)
6fc6879b 203 return;
cef8fac0 204 wpa_auth->cb->logger(wpa_auth->cb_ctx, addr, level, txt);
6fc6879b
JM		 205}
206
207
208void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
209 logger_level level, const char *fmt, ...)
210{
211 char *format;
212 int maxlen;
213 va_list ap;
214
cef8fac0 215 if (wpa_auth->cb->logger == NULL)
6fc6879b
JM		 216 return;
217
218 maxlen = os_strlen(fmt) + 100;
219 format = os_malloc(maxlen);
220 if (!format)
221 return;
222
223 va_start(ap, fmt);
224 vsnprintf(format, maxlen, fmt, ap);
225 va_end(ap);
226
227 wpa_auth_logger(wpa_auth, addr, level, format);
228
229 os_free(format);
230}
231
232
233static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
567da5bb 234 const u8 *addr, u16 reason)
6fc6879b 235{
cef8fac0 236 if (wpa_auth->cb->disconnect == NULL)
6fc6879b 237 return;
567da5bb
JM		 238 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR " (reason %u)",
239 MAC2STR(addr), reason);
240 wpa_auth->cb->disconnect(wpa_auth->cb_ctx, addr, reason);
6fc6879b
JM		 241}
242
243
17c2559c
MV		 244#ifdef CONFIG_OCV
245static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
246 struct wpa_channel_info *ci)
247{
248 if (!wpa_auth->cb->channel_info)
249 return -1;
250 return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
251}
252#endif /* CONFIG_OCV */
253
254
dbfa691d
JM		 255static int wpa_auth_update_vlan(struct wpa_authenticator *wpa_auth,
256 const u8 *addr, int vlan_id)
257{
258 if (!wpa_auth->cb->update_vlan)
259 return -1;
260 return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_id);
261}
262
263
6fc6879b
JM		 264static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
265{
266 struct wpa_authenticator *wpa_auth = eloop_ctx;
267
3642c431 268 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
6fc6879b
JM		 269 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
270 "initialization.");
271 } else {
272 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
5cb9d5c3
JM		 273 wpa_hexdump_key(MSG_DEBUG, "GMK",
274 wpa_auth->group->GMK, WPA_GMK_LEN);
6fc6879b
JM		 275 }
276
277 if (wpa_auth->conf.wpa_gmk_rekey) {
278 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
279 wpa_rekey_gmk, wpa_auth, NULL);
280 }
281}
282
283
284static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
285{
286 struct wpa_authenticator *wpa_auth = eloop_ctx;
a0ad9e8c 287 struct wpa_group *group, *next;
6fc6879b
JM		 288
289 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
a0ad9e8c
MB		 290 group = wpa_auth->group;
291 while (group) {
292 wpa_group_get(wpa_auth, group);
293
6fc6879b
JM		 294 group->GTKReKey = TRUE;
295 do {
296 group->changed = FALSE;
297 wpa_group_sm_step(wpa_auth, group);
298 } while (group->changed);
a0ad9e8c
MB		 299
300 next = group->next;
301 wpa_group_put(wpa_auth, group);
302 group = next;
6fc6879b
JM		 303 }
304
305 if (wpa_auth->conf.wpa_group_rekey) {
306 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
307 0, wpa_rekey_gtk, wpa_auth, NULL);
308 }
309}
310
311
581a8cde
JM		 312static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
313{
314 struct wpa_authenticator *wpa_auth = eloop_ctx;
315 struct wpa_state_machine *sm = timeout_ctx;
316
317 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
318 wpa_request_new_ptk(sm);
319 wpa_sm_step(sm);
320}
321
322
6fc6879b
JM		 323static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
324{
325 if (sm->pmksa == ctx)
326 sm->pmksa = NULL;
327 return 0;
328}
329
330
331static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
332 void *ctx)
333{
334 struct wpa_authenticator *wpa_auth = ctx;
335 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
336}
337
338
1bdb7ab3
JM		 339static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
340 struct wpa_group *group)
341{
559cdabb 342 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
1bdb7ab3 343 u8 rkey[32];
559cdabb 344 unsigned long ptr;
1bdb7ab3 345
3642c431 346 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
1bdb7ab3
JM		 347 return -1;
348 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
349
350 /*
351 * Counter = PRF-256(Random number, "Init Counter",
352 * Local MAC Address || Time)
353 */
354 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
355 wpa_get_ntp_timestamp(buf + ETH_ALEN);
559cdabb
JM		 356 ptr = (unsigned long) group;
357 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
525923b1
JM		 358#ifdef TEST_FUZZ
359 os_memset(buf + ETH_ALEN, 0xab, 8);
360 os_memset(buf + ETH_ALEN + 8, 0xcd, sizeof(ptr));
361#endif /* TEST_FUZZ */
3642c431 362 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
1bdb7ab3
JM		 363 return -1;
364
365 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
366 group->Counter, WPA_NONCE_LEN) < 0)
367 return -1;
368 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
369 group->Counter, WPA_NONCE_LEN);
370
371 return 0;
372}
373
374
e6965d4e 375static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
bdffdc5d 376 int vlan_id, int delay_init)
e6965d4e
JM		 377{
378 struct wpa_group *group;
e6965d4e
JM		 379
380 group = os_zalloc(sizeof(struct wpa_group));
381 if (group == NULL)
382 return NULL;
383
384 group->GTKAuthenticator = TRUE;
385 group->vlan_id = vlan_id;
c3550295 386 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
6fc6879b 387
08704cd8
JM		 388 if (random_pool_ready() != 1) {
389 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
390 "for secure operations - update keys later when "
391 "the first station connects");
392 }
393
1bdb7ab3
JM		 394 /*
395 * Set initial GMK/Counter value here. The actual values that will be
396 * used in negotiations will be set once the first station tries to
397 * connect. This allows more time for collecting additional randomness
398 * on embedded devices.
6fc6879b 399 */
1bdb7ab3 400 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
6fc6879b
JM		 401 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
402 "initialization.");
403 os_free(group);
404 return NULL;
405 }
6fc6879b
JM		 406
407 group->GInit = TRUE;
bdffdc5d
JM		 408 if (delay_init) {
409 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
410 "until Beacon frames have been configured");
411 /* Initialization is completed in wpa_init_keys(). */
412 } else {
413 wpa_group_sm_step(wpa_auth, group);
414 group->GInit = FALSE;
415 wpa_group_sm_step(wpa_auth, group);
416 }
6fc6879b
JM		 417
418 return group;
419}
420
421
422/**
423 * wpa_init - Initialize WPA authenticator
424 * @addr: Authenticator address
425 * @conf: Configuration for WPA authenticator
a17df5fb 426 * @cb: Callback functions for WPA authenticator
6fc6879b
JM		 427 * Returns: Pointer to WPA authenticator data or %NULL on failure
428 */
429struct wpa_authenticator * wpa_init(const u8 *addr,
430 struct wpa_auth_config *conf,
cef8fac0
JB		 431 const struct wpa_auth_callbacks *cb,
432 void *cb_ctx)
6fc6879b
JM		 433{
434 struct wpa_authenticator *wpa_auth;
435
436 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
437 if (wpa_auth == NULL)
438 return NULL;
439 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
440 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
cef8fac0
JB		 441 wpa_auth->cb = cb;
442 wpa_auth->cb_ctx = cb_ctx;
6fc6879b
JM		 443
444 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
445 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
446 os_free(wpa_auth);
447 return NULL;
448 }
449
bdffdc5d 450 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
6fc6879b
JM		 451 if (wpa_auth->group == NULL) {
452 os_free(wpa_auth->wpa_ie);
453 os_free(wpa_auth);
454 return NULL;
455 }
456
4bb081f1
JM		 457 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
458 wpa_auth);
6fc6879b
JM		 459 if (wpa_auth->pmksa == NULL) {
460 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
27d9701d 461 os_free(wpa_auth->group);
6fc6879b
JM		 462 os_free(wpa_auth->wpa_ie);
463 os_free(wpa_auth);
464 return NULL;
465 }
466
4ec1fd8e 467#ifdef CONFIG_IEEE80211R_AP
6fc6879b
JM		 468 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
469 if (wpa_auth->ft_pmk_cache == NULL) {
470 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
27d9701d 471 os_free(wpa_auth->group);
6fc6879b 472 os_free(wpa_auth->wpa_ie);
4bb081f1 473 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 474 os_free(wpa_auth);
475 return NULL;
476 }
4ec1fd8e 477#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 478
479 if (wpa_auth->conf.wpa_gmk_rekey) {
480 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
481 wpa_rekey_gmk, wpa_auth, NULL);
482 }
483
484 if (wpa_auth->conf.wpa_group_rekey) {
485 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
486 wpa_rekey_gtk, wpa_auth, NULL);
487 }
488
25ef8529
JM		 489#ifdef CONFIG_P2P
490 if (WPA_GET_BE32(conf->ip_addr_start)) {
491 int count = WPA_GET_BE32(conf->ip_addr_end) -
492 WPA_GET_BE32(conf->ip_addr_start) + 1;
493 if (count > 1000)
494 count = 1000;
495 if (count > 0)
496 wpa_auth->ip_pool = bitfield_alloc(count);
497 }
498#endif /* CONFIG_P2P */
499
6fc6879b
JM		 500 return wpa_auth;
501}
502
503
bdffdc5d
JM		 504int wpa_init_keys(struct wpa_authenticator *wpa_auth)
505{
506 struct wpa_group *group = wpa_auth->group;
507
508 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
509 "keys");
510 wpa_group_sm_step(wpa_auth, group);
511 group->GInit = FALSE;
512 wpa_group_sm_step(wpa_auth, group);
7d7f7be2
JM		 513 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
514 return -1;
bdffdc5d
JM		 515 return 0;
516}
517
518
6fc6879b
JM		 519/**
520 * wpa_deinit - Deinitialize WPA authenticator
521 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
522 */
523void wpa_deinit(struct wpa_authenticator *wpa_auth)
524{
525 struct wpa_group *group, *prev;
526
527 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
528 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
529
4bb081f1 530 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b 531
4ec1fd8e 532#ifdef CONFIG_IEEE80211R_AP
6fc6879b
JM		 533 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
534 wpa_auth->ft_pmk_cache = NULL;
eefe8630 535 wpa_ft_deinit(wpa_auth);
4ec1fd8e 536#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 537
25ef8529
JM		 538#ifdef CONFIG_P2P
539 bitfield_free(wpa_auth->ip_pool);
540#endif /* CONFIG_P2P */
541
542
6fc6879b
JM		 543 os_free(wpa_auth->wpa_ie);
544
545 group = wpa_auth->group;
546 while (group) {
547 prev = group;
548 group = group->next;
549 os_free(prev);
550 }
551
552 os_free(wpa_auth);
553}
554
555
556/**
557 * wpa_reconfig - Update WPA authenticator configuration
558 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
559 * @conf: Configuration for WPA authenticator
560 */
561int wpa_reconfig(struct wpa_authenticator *wpa_auth,
562 struct wpa_auth_config *conf)
563{
e6965d4e 564 struct wpa_group *group;
6fc6879b
JM		 565 if (wpa_auth == NULL)
566 return 0;
567
568 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
ad08c363
JM		 569 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
570 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
571 return -1;
572 }
573
e6965d4e
JM		 574 /*
575 * Reinitialize GTK to make sure it is suitable for the new
576 * configuration.
577 */
578 group = wpa_auth->group;
c3550295 579 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
e6965d4e
JM		 580 group->GInit = TRUE;
581 wpa_group_sm_step(wpa_auth, group);
582 group->GInit = FALSE;
583 wpa_group_sm_step(wpa_auth, group);
584
6fc6879b
JM		 585 return 0;
586}
587
588
589struct wpa_state_machine *
94ddef3e
JM		 590wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
591 const u8 *p2p_dev_addr)
6fc6879b
JM		 592{
593 struct wpa_state_machine *sm;
594
7d7f7be2
JM		 595 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
596 return NULL;
597
6fc6879b
JM		 598 sm = os_zalloc(sizeof(struct wpa_state_machine));
599 if (sm == NULL)
600 return NULL;
601 os_memcpy(sm->addr, addr, ETH_ALEN);
94ddef3e
JM		 602 if (p2p_dev_addr)
603 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
6fc6879b
JM		 604
605 sm->wpa_auth = wpa_auth;
606 sm->group = wpa_auth->group;
a0ad9e8c 607 wpa_group_get(sm->wpa_auth, sm->group);
6fc6879b
JM		 608
609 return sm;
610}
611
612
6f9b5d16
JM		 613int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
614 struct wpa_state_machine *sm)
6fc6879b
JM		 615{
616 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
6f9b5d16 617 return -1;
6fc6879b 618
4ec1fd8e 619#ifdef CONFIG_IEEE80211R_AP
6fc6879b
JM		 620 if (sm->ft_completed) {
621 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
622 "FT authentication already completed - do not "
623 "start 4-way handshake");
3d4d2348
JM		 624 /* Go to PTKINITDONE state to allow GTK rekeying */
625 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
3bbc4705 626 sm->Pair = TRUE;
6f9b5d16 627 return 0;
6fc6879b 628 }
4ec1fd8e 629#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 630
07e0117d
JM		 631#ifdef CONFIG_FILS
632 if (sm->fils_completed) {
633 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
634 "FILS authentication already completed - do not start 4-way handshake");
635 /* Go to PTKINITDONE state to allow GTK rekeying */
636 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
3bbc4705 637 sm->Pair = TRUE;
07e0117d
JM		 638 return 0;
639 }
640#endif /* CONFIG_FILS */
641
6fc6879b 642 if (sm->started) {
22a299ee 643 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
6fc6879b 644 sm->ReAuthenticationRequest = TRUE;
6f9b5d16 645 return wpa_sm_step(sm);
6fc6879b
JM		 646 }
647
648 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
649 "start authentication");
650 sm->started = 1;
651
652 sm->Init = TRUE;
e4a6ea1d 653 if (wpa_sm_step(sm) == 1)
6f9b5d16 654 return 1; /* should not really happen */
6fc6879b
JM		 655 sm->Init = FALSE;
656 sm->AuthenticationRequest = TRUE;
6f9b5d16 657 return wpa_sm_step(sm);
6fc6879b
JM		 658}
659
660
a8d05fca
JM		 661void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
662{
663 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
664 * reassociates back to the same AP while the previous entry for the
665 * STA has not yet been removed. */
666 if (sm == NULL)
667 return;
668
669 sm->wpa_key_mgmt = 0;
670}
671
672
6fc6879b
JM		 673static void wpa_free_sta_sm(struct wpa_state_machine *sm)
674{
25ef8529
JM		 675#ifdef CONFIG_P2P
676 if (WPA_GET_BE32(sm->ip_addr)) {
677 u32 start;
678 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
679 "address %u.%u.%u.%u from " MACSTR,
680 sm->ip_addr[0], sm->ip_addr[1],
681 sm->ip_addr[2], sm->ip_addr[3],
682 MAC2STR(sm->addr));
683 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
684 bitfield_clear(sm->wpa_auth->ip_pool,
685 WPA_GET_BE32(sm->ip_addr) - start);
686 }
687#endif /* CONFIG_P2P */
2ade8ef2
JM		 688 if (sm->GUpdateStationKeys) {
689 sm->group->GKeyDoneStations--;
690 sm->GUpdateStationKeys = FALSE;
691 }
4ec1fd8e 692#ifdef CONFIG_IEEE80211R_AP
0f857f43 693 os_free(sm->assoc_resp_ftie);
692ec305 694 wpabuf_free(sm->ft_pending_req_ies);
4ec1fd8e 695#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 696 os_free(sm->last_rx_eapol_key);
697 os_free(sm->wpa_ie);
a0ad9e8c 698 wpa_group_put(sm->wpa_auth, sm->group);
6fc6879b
JM		 699 os_free(sm);
700}
701
702
703void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
704{
705 if (sm == NULL)
706 return;
707
708 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
709 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
710 "strict rekeying - force GTK rekey since STA "
711 "is leaving");
3f5a1860
JB		 712 if (eloop_deplete_timeout(0, 500000, wpa_rekey_gtk,
713 sm->wpa_auth, NULL) == -1)
714 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
715 NULL);
6fc6879b
JM		 716 }
717
718 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
e4bf4db9 719 sm->pending_1_of_4_timeout = 0;
6fc6879b 720 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
581a8cde 721 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
3a46cf93
MB		 722#ifdef CONFIG_IEEE80211R_AP
723 wpa_ft_sta_deinit(sm);
724#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 725 if (sm->in_step_loop) {
726 /* Must not free state machine while wpa_sm_step() is running.
727 * Freeing will be completed in the end of wpa_sm_step(). */
728 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
729 "machine deinit for " MACSTR, MAC2STR(sm->addr));
730 sm->pending_deinit = 1;
731 } else
732 wpa_free_sta_sm(sm);
733}
734
735
736static void wpa_request_new_ptk(struct wpa_state_machine *sm)
737{
738 if (sm == NULL)
739 return;
740
741 sm->PTKRequest = TRUE;
742 sm->PTK_valid = 0;
743}
744
745
68921e24 746static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
22a299ee
JM		 747 const u8 *replay_counter)
748{
749 int i;
750 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
68921e24 751 if (!ctr[i].valid)
22a299ee 752 break;
68921e24 753 if (os_memcmp(replay_counter, ctr[i].counter,
22a299ee
JM		 754 WPA_REPLAY_COUNTER_LEN) == 0)
755 return 1;
756 }
757 return 0;
758}
759
760
68921e24
JM		 761static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
762 const u8 *replay_counter)
763{
764 int i;
765 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
766 if (ctr[i].valid &&
767 (replay_counter == NULL ||
768 os_memcmp(replay_counter, ctr[i].counter,
769 WPA_REPLAY_COUNTER_LEN) == 0))
770 ctr[i].valid = FALSE;
771 }
772}
773
774
4ec1fd8e 775#ifdef CONFIG_IEEE80211R_AP
0f857f43
JM		 776static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
777 struct wpa_state_machine *sm,
778 struct wpa_eapol_ie_parse *kde)
779{
780 struct wpa_ie_data ie;
781 struct rsn_mdie *mdie;
782
783 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
784 ie.num_pmkid != 1 || ie.pmkid == NULL) {
785 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
786 "FT 4-way handshake message 2/4");
787 return -1;
788 }
789
790 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
791 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
792 sm->sup_pmk_r1_name, PMKID_LEN);
793
794 if (!kde->mdie || !kde->ftie) {
795 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
796 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
797 return -1;
798 }
799
800 mdie = (struct rsn_mdie *) (kde->mdie + 2);
801 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
802 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
803 MOBILITY_DOMAIN_ID_LEN) != 0) {
804 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
805 return -1;
806 }
807
808 if (sm->assoc_resp_ftie &&
809 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
810 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
811 2 + sm->assoc_resp_ftie[1]) != 0)) {
812 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
813 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
814 kde->ftie, kde->ftie_len);
815 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
816 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
817 return -1;
818 }
819
820 return 0;
821}
4ec1fd8e 822#endif /* CONFIG_IEEE80211R_AP */
0f857f43
JM		 823
824
c772d054
JM		 825static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
826 struct wpa_state_machine *sm, int group)
ec027805
JM		 827{
828 /* Supplicant reported a Michael MIC error */
829 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
830 "received EAPOL-Key Error Request "
831 "(STA detected Michael MIC failure (group=%d))",
832 group);
fbc72d32
JM		 833
834 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
835 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
836 "ignore Michael MIC failure report since "
837 "group cipher is not TKIP");
838 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
839 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
840 "ignore Michael MIC failure report since "
841 "pairwise cipher is not TKIP");
842 } else {
c772d054
JM		 843 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
844 return 1; /* STA entry was removed */
fbc72d32
JM		 845 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
846 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
847 }
ec027805
JM		 848
849 /*
850 * Error report is not a request for a new key handshake, but since
851 * Authenticator may do it, let's change the keys now anyway.
852 */
853 wpa_request_new_ptk(sm);
c772d054 854 return 0;
ec027805
JM		 855}
856
857
f23c5b17
JM		 858static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
859 size_t data_len)
860{
861 struct wpa_ptk PTK;
862 int ok = 0;
863 const u8 *pmk = NULL;
7a12edd1 864 size_t pmk_len;
dbfa691d 865 int vlan_id = 0;
f23c5b17 866
b729fd8d 867 os_memset(&PTK, 0, sizeof(PTK));
f23c5b17 868 for (;;) {
e61fea6b
JM		 869 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
870 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
f23c5b17 871 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
dbfa691d
JM		 872 sm->p2p_dev_addr, pmk, &pmk_len,
873 &vlan_id);
f23c5b17
JM		 874 if (pmk == NULL)
875 break;
f9854c18
MK		 876#ifdef CONFIG_IEEE80211R_AP
877 if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
878 os_memcpy(sm->xxkey, pmk, pmk_len);
879 sm->xxkey_len = pmk_len;
880 }
881#endif /* CONFIG_IEEE80211R_AP */
207976f0 882 } else {
f23c5b17 883 pmk = sm->PMK;
207976f0
JM		 884 pmk_len = sm->pmk_len;
885 }
f23c5b17 886
364c064a
JM		 887 if (wpa_derive_ptk(sm, sm->alt_SNonce, pmk, pmk_len, &PTK) < 0)
888 break;
f23c5b17 889
567da5bb
JM		 890 if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
891 data, data_len) == 0) {
b08c9ad0
MK		 892 os_memcpy(sm->PMK, pmk, pmk_len);
893 sm->pmk_len = pmk_len;
f23c5b17
JM		 894 ok = 1;
895 break;
896 }
897
f5e0a332
JM		 898 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
899 wpa_key_mgmt_sae(sm->wpa_key_mgmt))
f23c5b17
JM		 900 break;
901 }
902
903 if (!ok) {
904 wpa_printf(MSG_DEBUG,
905 "WPA: Earlier SNonce did not result in matching MIC");
906 return -1;
907 }
908
909 wpa_printf(MSG_DEBUG,
910 "WPA: Earlier SNonce resulted in matching MIC");
911 sm->alt_snonce_valid = 0;
dbfa691d
JM		 912
913 if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
914 wpa_auth_update_vlan(sm->wpa_auth, sm->addr, vlan_id) < 0)
915 return -1;
916
f23c5b17
JM		 917 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
918 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
919 sm->PTK_valid = TRUE;
920
921 return 0;
922}
923
924
6fc6879b
JM		 925void wpa_receive(struct wpa_authenticator *wpa_auth,
926 struct wpa_state_machine *sm,
927 u8 *data, size_t data_len)
928{
929 struct ieee802_1x_hdr *hdr;
930 struct wpa_eapol_key *key;
931 u16 key_info, key_data_length;
a0bf1b68 932 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST } msg;
6fc6879b
JM		 933 char *msgtxt;
934 struct wpa_eapol_ie_parse kde;
3b5b7aa8
JM		 935 const u8 *key_data;
936 size_t keyhdrlen, mic_len;
6d014ffc 937 u8 *mic;
6fc6879b
JM		 938
939 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
940 return;
dc5bad48 941 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL data", data, data_len);
6fc6879b 942
567da5bb 943 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
6d014ffc 944 keyhdrlen = sizeof(*key) + mic_len + 2;
5e3b5197 945
dc5bad48
JM		 946 if (data_len < sizeof(*hdr) + keyhdrlen) {
947 wpa_printf(MSG_DEBUG, "WPA: Ignore too short EAPOL-Key frame");
6fc6879b 948 return;
dc5bad48 949 }
6fc6879b
JM		 950
951 hdr = (struct ieee802_1x_hdr *) data;
952 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 953 mic = (u8 *) (key + 1);
6fc6879b 954 key_info = WPA_GET_BE16(key->key_info);
6d014ffc
JM		 955 key_data = mic + mic_len + 2;
956 key_data_length = WPA_GET_BE16(mic + mic_len);
0d442aff 957 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
dc5bad48
JM		 958 " key_info=0x%x type=%u mic_len=%u key_data_length=%u",
959 MAC2STR(sm->addr), key_info, key->type,
960 (unsigned int) mic_len, key_data_length);
961 wpa_hexdump(MSG_MSGDUMP,
962 "WPA: EAPOL-Key header (ending before Key MIC)",
963 key, sizeof(*key));
964 wpa_hexdump(MSG_MSGDUMP, "WPA: EAPOL-Key Key MIC",
965 mic, mic_len);
5e3b5197 966 if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
6fc6879b
JM		 967 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
968 "key_data overflow (%d > %lu)",
969 key_data_length,
970 (unsigned long) (data_len - sizeof(*hdr) -
5e3b5197 971 keyhdrlen));
6fc6879b
JM		 972 return;
973 }
974
f8e96eb6 975 if (sm->wpa == WPA_VERSION_WPA2) {
74590e71
JM		 976 if (key->type == EAPOL_KEY_TYPE_WPA) {
977 /*
978 * Some deployed station implementations seem to send
979 * msg 4/4 with incorrect type value in WPA2 mode.
980 */
981 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
982 "with unexpected WPA type in RSN mode");
983 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
f8e96eb6
JM		 984 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
985 "unexpected type %d in RSN mode",
986 key->type);
987 return;
988 }
989 } else {
990 if (key->type != EAPOL_KEY_TYPE_WPA) {
991 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
992 "unexpected type %d in WPA mode",
993 key->type);
994 return;
995 }
996 }
997
bc8318ac
JM		 998 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
999 WPA_NONCE_LEN);
1000 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
1001 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1002
6fc6879b
JM		 1003 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
1004 * are set */
1005
a0bf1b68
JM		 1006 if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
1007 wpa_printf(MSG_DEBUG, "WPA: Ignore SMK message");
1008 return;
1009 }
1010
1011 if (key_info & WPA_KEY_INFO_REQUEST) {
6fc6879b
JM		 1012 msg = REQUEST;
1013 msgtxt = "Request";
1014 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1015 msg = GROUP_2;
1016 msgtxt = "2/2 Group";
3b5b7aa8
JM		 1017 } else if (key_data_length == 0 ||
1018 (mic_len == 0 && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) &&
1019 key_data_length == AES_BLOCK_SIZE)) {
6fc6879b
JM		 1020 msg = PAIRWISE_4;
1021 msgtxt = "4/4 Pairwise";
1022 } else {
1023 msg = PAIRWISE_2;
1024 msgtxt = "2/4 Pairwise";
1025 }
1026
6fc6879b
JM		 1027 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
1028 msg == GROUP_2) {
1029 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
eb7719ff
JM		 1030 if (sm->pairwise == WPA_CIPHER_CCMP ||
1031 sm->pairwise == WPA_CIPHER_GCMP) {
4bc801ab
JM		 1032 if (wpa_use_cmac(sm->wpa_key_mgmt) &&
1033 !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
6fc6879b
JM		 1034 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1035 wpa_auth_logger(wpa_auth, sm->addr,
1036 LOGGER_WARNING,
1037 "advertised support for "
1038 "AES-128-CMAC, but did not "
1039 "use it");
1040 return;
1041 }
1042
4bc801ab
JM		 1043 if (!wpa_use_cmac(sm->wpa_key_mgmt) &&
1044 !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
6fc6879b
JM		 1045 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1046 wpa_auth_logger(wpa_auth, sm->addr,
1047 LOGGER_WARNING,
1048 "did not use HMAC-SHA1-AES "
eb7719ff 1049 "with CCMP/GCMP");
6fc6879b
JM		 1050 return;
1051 }
1052 }
929a2ea5 1053
4bc801ab 1054 if (wpa_use_akm_defined(sm->wpa_key_mgmt) &&
929a2ea5
JM		 1055 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1056 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1057 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
1058 return;
1059 }
6fc6879b
JM		 1060 }
1061
1062 if (key_info & WPA_KEY_INFO_REQUEST) {
1063 if (sm->req_replay_counter_used &&
1064 os_memcmp(key->replay_counter, sm->req_replay_counter,
1065 WPA_REPLAY_COUNTER_LEN) <= 0) {
1066 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1067 "received EAPOL-Key request with "
1068 "replayed counter");
1069 return;
1070 }
1071 }
1072
1073 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
68921e24 1074 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
22a299ee 1075 int i;
68921e24
JM		 1076
1077 if (msg == PAIRWISE_2 &&
1078 wpa_replay_counter_valid(sm->prev_key_replay,
1079 key->replay_counter) &&
1080 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1081 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
1082 {
1083 /*
1084 * Some supplicant implementations (e.g., Windows XP
1085 * WZC) update SNonce for each EAPOL-Key 2/4. This
1086 * breaks the workaround on accepting any of the
1087 * pending requests, so allow the SNonce to be updated
1088 * even if we have already sent out EAPOL-Key 3/4.
1089 */
1090 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1091 "Process SNonce update from STA "
1092 "based on retransmitted EAPOL-Key "
1093 "1/4");
1094 sm->update_snonce = 1;
f23c5b17
JM		 1095 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1096 sm->alt_snonce_valid = TRUE;
1097 os_memcpy(sm->alt_replay_counter,
1098 sm->key_replay[0].counter,
1099 WPA_REPLAY_COUNTER_LEN);
1100 goto continue_processing;
1101 }
1102
1103 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1104 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1105 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1106 WPA_REPLAY_COUNTER_LEN) == 0) {
1107 /*
1108 * Supplicant may still be using the old SNonce since
1109 * there was two EAPOL-Key 2/4 messages and they had
1110 * different SNonce values.
1111 */
1112 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1113 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
68921e24
JM		 1114 goto continue_processing;
1115 }
1116
1117 if (msg == PAIRWISE_2 &&
1118 wpa_replay_counter_valid(sm->prev_key_replay,
1119 key->replay_counter) &&
1120 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1121 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1122 "ignore retransmitted EAPOL-Key %s - "
1123 "SNonce did not change", msgtxt);
1124 } else {
1125 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1126 "received EAPOL-Key %s with "
1127 "unexpected replay counter", msgtxt);
1128 }
22a299ee
JM		 1129 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
1130 if (!sm->key_replay[i].valid)
1131 break;
1132 wpa_hexdump(MSG_DEBUG, "pending replay counter",
1133 sm->key_replay[i].counter,
1134 WPA_REPLAY_COUNTER_LEN);
1135 }
6fc6879b
JM		 1136 wpa_hexdump(MSG_DEBUG, "received replay counter",
1137 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1138 return;
1139 }
1140
68921e24 1141continue_processing:
3b5b7aa8
JM		 1142#ifdef CONFIG_FILS
1143 if (sm->wpa == WPA_VERSION_WPA2 && mic_len == 0 &&
1144 !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1145 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1146 "WPA: Encr Key Data bit not set even though AEAD cipher is supposed to be used - drop frame");
1147 return;
1148 }
1149#endif /* CONFIG_FILS */
1150
6fc6879b
JM		 1151 switch (msg) {
1152 case PAIRWISE_2:
1153 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
68921e24
JM		 1154 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1155 (!sm->update_snonce ||
1156 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
6fc6879b
JM		 1157 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1158 "received EAPOL-Key msg 2/4 in "
1159 "invalid state (%d) - dropped",
1160 sm->wpa_ptk_state);
1161 return;
1162 }
bbb921da 1163 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
08704cd8
JM		 1164 if (sm->group->reject_4way_hs_for_entropy) {
1165 /*
1166 * The system did not have enough entropy to generate
1167 * strong random numbers. Reject the first 4-way
1168 * handshake(s) and collect some entropy based on the
1169 * information from it. Once enough entropy is
1170 * available, the next atempt will trigger GMK/Key
1171 * Counter update and the station will be allowed to
1172 * continue.
1173 */
1174 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
1175 "collect more entropy for random number "
1176 "generation");
08704cd8 1177 random_mark_pool_ready();
567da5bb
JM		 1178 wpa_sta_disconnect(wpa_auth, sm->addr,
1179 WLAN_REASON_PREV_AUTH_NOT_VALID);
08704cd8
JM		 1180 return;
1181 }
6fc6879b
JM		 1182 break;
1183 case PAIRWISE_4:
1184 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1185 !sm->PTK_valid) {
1186 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1187 "received EAPOL-Key msg 4/4 in "
1188 "invalid state (%d) - dropped",
1189 sm->wpa_ptk_state);
1190 return;
1191 }
1192 break;
1193 case GROUP_2:
1194 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1195 || !sm->PTK_valid) {
1196 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1197 "received EAPOL-Key msg 2/2 in "
1198 "invalid state (%d) - dropped",
1199 sm->wpa_ptk_group_state);
1200 return;
1201 }
1202 break;
6fc6879b
JM		 1203 case REQUEST:
1204 break;
1205 }
1206
1207 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1208 "received EAPOL-Key frame (%s)", msgtxt);
1209
1210 if (key_info & WPA_KEY_INFO_ACK) {
1211 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1212 "received invalid EAPOL-Key: Key Ack set");
1213 return;
1214 }
1215
b9866483
JM		 1216 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1217 !(key_info & WPA_KEY_INFO_MIC)) {
6fc6879b
JM		 1218 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1219 "received invalid EAPOL-Key: Key MIC not set");
1220 return;
1221 }
1222
b9866483
JM		 1223#ifdef CONFIG_FILS
1224 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1225 (key_info & WPA_KEY_INFO_MIC)) {
1226 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1227 "received invalid EAPOL-Key: Key MIC set");
1228 return;
1229 }
1230#endif /* CONFIG_FILS */
1231
6fc6879b 1232 sm->MICVerified = FALSE;
68921e24 1233 if (sm->PTK_valid && !sm->update_snonce) {
3b5b7aa8 1234 if (mic_len &&
567da5bb
JM		 1235 wpa_verify_key_mic(sm->wpa_key_mgmt, sm->pmk_len, &sm->PTK,
1236 data, data_len) &&
f23c5b17
JM		 1237 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1238 wpa_try_alt_snonce(sm, data, data_len))) {
6fc6879b
JM		 1239 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1240 "received EAPOL-Key with invalid MIC");
525923b1
JM		 1241#ifdef TEST_FUZZ
1242 wpa_printf(MSG_INFO,
1243 "TEST: Ignore Key MIC failure for fuzz testing");
1244 goto continue_fuzz;
1245#endif /* TEST_FUZZ */
6fc6879b
JM		 1246 return;
1247 }
75c8563e
JM		 1248#ifdef CONFIG_FILS
1249 if (!mic_len &&
1250 wpa_aead_decrypt(sm, &sm->PTK, data, data_len,
1251 &key_data_length) < 0) {
1252 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1253 "received EAPOL-Key with invalid MIC");
525923b1
JM		 1254#ifdef TEST_FUZZ
1255 wpa_printf(MSG_INFO,
1256 "TEST: Ignore Key MIC failure for fuzz testing");
1257 goto continue_fuzz;
1258#endif /* TEST_FUZZ */
75c8563e
JM		 1259 return;
1260 }
1261#endif /* CONFIG_FILS */
525923b1
JM		 1262#ifdef TEST_FUZZ
1263 continue_fuzz:
1264#endif /* TEST_FUZZ */
6fc6879b
JM		 1265 sm->MICVerified = TRUE;
1266 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
e4bf4db9 1267 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1268 }
1269
1270 if (key_info & WPA_KEY_INFO_REQUEST) {
1271 if (sm->MICVerified) {
1272 sm->req_replay_counter_used = 1;
1273 os_memcpy(sm->req_replay_counter, key->replay_counter,
1274 WPA_REPLAY_COUNTER_LEN);
1275 } else {
1276 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1277 "received EAPOL-Key request with "
1278 "invalid MIC");
1279 return;
1280 }
1281
1282 /*
1283 * TODO: should decrypt key data field if encryption was used;
1284 * even though MAC address KDE is not normally encrypted,
1285 * supplicant is allowed to encrypt it.
1286 */
a0bf1b68 1287 if (key_info & WPA_KEY_INFO_ERROR) {
c772d054
JM		 1288 if (wpa_receive_error_report(
1289 wpa_auth, sm,
1290 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1291 return; /* STA entry was removed */
6fc6879b
JM		 1292 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1293 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1294 "received EAPOL-Key Request for new "
1295 "4-Way Handshake");
1296 wpa_request_new_ptk(sm);
6fc6879b 1297 } else if (key_data_length > 0 &&
5e3b5197
JM		 1298 wpa_parse_kde_ies(key_data, key_data_length,
1299 &kde) == 0 &&
6fc6879b
JM		 1300 kde.mac_addr) {
1301 } else {
1302 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1303 "received EAPOL-Key Request for GTK "
1304 "rekeying");
6fc6879b
JM		 1305 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1306 wpa_rekey_gtk(wpa_auth, NULL);
1307 }
1308 } else {
68921e24
JM		 1309 /* Do not allow the same key replay counter to be reused. */
1310 wpa_replay_counter_mark_invalid(sm->key_replay,
1311 key->replay_counter);
1312
1313 if (msg == PAIRWISE_2) {
1314 /*
1315 * Maintain a copy of the pending EAPOL-Key frames in
1316 * case the EAPOL-Key frame was retransmitted. This is
1317 * needed to allow EAPOL-Key msg 2/4 reply to another
1318 * pending msg 1/4 to update the SNonce to work around
1319 * unexpected supplicant behavior.
1320 */
1321 os_memcpy(sm->prev_key_replay, sm->key_replay,
1322 sizeof(sm->key_replay));
1323 } else {
1324 os_memset(sm->prev_key_replay, 0,
1325 sizeof(sm->prev_key_replay));
1326 }
1327
1328 /*
1329 * Make sure old valid counters are not accepted anymore and
1330 * do not get copied again.
1331 */
1332 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
6fc6879b
JM		 1333 }
1334
6fc6879b 1335 os_free(sm->last_rx_eapol_key);
a1f11e34 1336 sm->last_rx_eapol_key = os_memdup(data, data_len);
6fc6879b
JM		 1337 if (sm->last_rx_eapol_key == NULL)
1338 return;
6fc6879b
JM		 1339 sm->last_rx_eapol_key_len = data_len;
1340
0d442aff 1341 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
6fc6879b
JM		 1342 sm->EAPOLKeyReceived = TRUE;
1343 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1344 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1345 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1346 wpa_sm_step(sm);
1347}
1348
1349
3c7302c2
JM		 1350static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1351 const u8 *gnonce, u8 *gtk, size_t gtk_len)
6fc6879b 1352{
c6eb3e34 1353 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + WPA_GTK_MAX_LEN];
5cb9d5c3 1354 u8 *pos;
3c7302c2 1355 int ret = 0;
6fc6879b 1356
5cb9d5c3
JM		 1357 /* GTK = PRF-X(GMK, "Group key expansion",
1358 * AA || GNonce || Time || random data)
1359 * The example described in the IEEE 802.11 standard uses only AA and
1360 * GNonce as inputs here. Add some more entropy since this derivation
1361 * is done only at the Authenticator and as such, does not need to be
1362 * exactly same.
1363 */
c6eb3e34 1364 os_memset(data, 0, sizeof(data));
6fc6879b
JM		 1365 os_memcpy(data, addr, ETH_ALEN);
1366 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
5cb9d5c3
JM		 1367 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1368 wpa_get_ntp_timestamp(pos);
525923b1
JM		 1369#ifdef TEST_FUZZ
1370 os_memset(pos, 0xef, 8);
1371#endif /* TEST_FUZZ */
5cb9d5c3 1372 pos += 8;
c6eb3e34 1373 if (random_get_bytes(pos, gtk_len) < 0)
3c7302c2 1374 ret = -1;
6fc6879b 1375
c6eb3e34
JM		 1376#ifdef CONFIG_SHA384
1377 if (sha384_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data),
1378 gtk, gtk_len) < 0)
3c7302c2 1379 ret = -1;
c6eb3e34
JM		 1380#else /* CONFIG_SHA384 */
1381#ifdef CONFIG_SHA256
1382 if (sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data),
1383 gtk, gtk_len) < 0)
1384 ret = -1;
1385#else /* CONFIG_SHA256 */
1386 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data),
1387 gtk, gtk_len) < 0)
1388 ret = -1;
1389#endif /* CONFIG_SHA256 */
1390#endif /* CONFIG_SHA384 */
3c7302c2
JM		 1391
1392 return ret;
6fc6879b
JM		 1393}
1394
1395
1396static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1397{
1398 struct wpa_authenticator *wpa_auth = eloop_ctx;
1399 struct wpa_state_machine *sm = timeout_ctx;
1400
e4bf4db9 1401 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1402 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1403 sm->TimeoutEvt = TRUE;
1404 wpa_sm_step(sm);
1405}
1406
1407
1408void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1409 struct wpa_state_machine *sm, int key_info,
1410 const u8 *key_rsc, const u8 *nonce,
1411 const u8 *kde, size_t kde_len,
1412 int keyidx, int encr, int force_version)
1413{
1414 struct ieee802_1x_hdr *hdr;
1415 struct wpa_eapol_key *key;
5e3b5197 1416 size_t len, mic_len, keyhdrlen;
6fc6879b
JM		 1417 int alg;
1418 int key_data_len, pad_len = 0;
1419 u8 *buf, *pos;
1420 int version, pairwise;
22a299ee 1421 int i;
6d014ffc 1422 u8 *key_mic, *key_data;
6fc6879b 1423
567da5bb 1424 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
6d014ffc 1425 keyhdrlen = sizeof(*key) + mic_len + 2;
5e3b5197
JM		 1426
1427 len = sizeof(struct ieee802_1x_hdr) + keyhdrlen;
6fc6879b
JM		 1428
1429 if (force_version)
1430 version = force_version;
4bc801ab 1431 else if (wpa_use_akm_defined(sm->wpa_key_mgmt))
a14896e8 1432 version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
4bc801ab 1433 else if (wpa_use_cmac(sm->wpa_key_mgmt))
6fc6879b 1434 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
eb7719ff 1435 else if (sm->pairwise != WPA_CIPHER_TKIP)
6fc6879b
JM		 1436 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1437 else
1438 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1439
8543ed8a 1440 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
6fc6879b
JM		 1441
1442 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1443 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1444 "encr=%d)",
1445 version,
1446 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1447 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1448 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1449 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1450 pairwise, (unsigned long) kde_len, keyidx, encr);
1451
1452 key_data_len = kde_len;
1453
1454 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
4bc801ab 1455 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) ||
6fc6879b
JM		 1456 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1457 pad_len = key_data_len % 8;
1458 if (pad_len)
1459 pad_len = 8 - pad_len;
1460 key_data_len += pad_len + 8;
1461 }
1462
1463 len += key_data_len;
b729fd8d
JM		 1464 if (!mic_len && encr)
1465 len += AES_BLOCK_SIZE;
6fc6879b
JM		 1466
1467 hdr = os_zalloc(len);
1468 if (hdr == NULL)
1469 return;
1470 hdr->version = wpa_auth->conf.eapol_version;
1471 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1472 hdr->length = host_to_be16(len - sizeof(*hdr));
1473 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 1474 key_mic = (u8 *) (key + 1);
5e3b5197 1475 key_data = ((u8 *) (hdr + 1)) + keyhdrlen;
6fc6879b
JM		 1476
1477 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1478 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1479 key_info |= version;
1480 if (encr && sm->wpa == WPA_VERSION_WPA2)
1481 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1482 if (sm->wpa != WPA_VERSION_WPA2)
1483 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1484 WPA_PUT_BE16(key->key_info, key_info);
1485
1486 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
a0bf1b68 1487 if (sm->wpa == WPA_VERSION_WPA2 && !pairwise)
6fc6879b 1488 WPA_PUT_BE16(key->key_length, 0);
caab23f1
JM		 1489 else
1490 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
6fc6879b 1491
22a299ee
JM		 1492 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1493 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1494 os_memcpy(sm->key_replay[i].counter,
1495 sm->key_replay[i - 1].counter,
1496 WPA_REPLAY_COUNTER_LEN);
1497 }
1498 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1499 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
6fc6879b 1500 WPA_REPLAY_COUNTER_LEN);
db099951
JM		 1501 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
1502 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
22a299ee 1503 sm->key_replay[0].valid = TRUE;
6fc6879b
JM		 1504
1505 if (nonce)
1506 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1507
1508 if (key_rsc)
1509 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1510
1511 if (kde && !encr) {
5e3b5197 1512 os_memcpy(key_data, kde, kde_len);
6d014ffc 1513 WPA_PUT_BE16(key_mic + mic_len, kde_len);
b729fd8d 1514#ifdef CONFIG_FILS
c05f96a3 1515 } else if (!mic_len && kde) {
b729fd8d
JM		 1516 const u8 *aad[1];
1517 size_t aad_len[1];
1518
1519 WPA_PUT_BE16(key_mic, AES_BLOCK_SIZE + kde_len);
1520 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1521 kde, kde_len);
1522
1523 wpa_hexdump_key(MSG_DEBUG, "WPA: KEK",
1524 sm->PTK.kek, sm->PTK.kek_len);
1525 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
1526 * to Key Data (exclusive). */
1527 aad[0] = (u8 *) hdr;
1528 aad_len[0] = key_mic + 2 - (u8 *) hdr;
1529 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len, kde, kde_len,
1530 1, aad, aad_len, key_mic + 2) < 0) {
1531 wpa_printf(MSG_DEBUG, "WPA: AES-SIV encryption failed");
1532 return;
1533 }
1534
1535 wpa_hexdump(MSG_DEBUG, "WPA: Encrypted Key Data from SIV",
1536 key_mic + 2, AES_BLOCK_SIZE + kde_len);
1537#endif /* CONFIG_FILS */
6fc6879b
JM		 1538 } else if (encr && kde) {
1539 buf = os_zalloc(key_data_len);
1540 if (buf == NULL) {
1541 os_free(hdr);
1542 return;
1543 }
1544 pos = buf;
1545 os_memcpy(pos, kde, kde_len);
1546 pos += kde_len;
1547
1548 if (pad_len)
1549 *pos++ = 0xdd;
1550
1551 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1552 buf, key_data_len);
1553 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
4bc801ab 1554 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) ||
6fc6879b 1555 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
ef9627cb
JM		 1556 wpa_printf(MSG_DEBUG,
1557 "WPA: Encrypt Key Data using AES-WRAP (KEK length %u)",
1558 (unsigned int) sm->PTK.kek_len);
98cd3d1c 1559 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
5e3b5197 1560 (key_data_len - 8) / 8, buf, key_data)) {
6fc6879b
JM		 1561 os_free(hdr);
1562 os_free(buf);
1563 return;
1564 }
6d014ffc 1565 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
7cb53ded 1566#ifndef CONFIG_NO_RC4
98cd3d1c 1567 } else if (sm->PTK.kek_len == 16) {
6fc6879b 1568 u8 ek[32];
ef9627cb
JM		 1569
1570 wpa_printf(MSG_DEBUG,
1571 "WPA: Encrypt Key Data using RC4");
6fc6879b
JM		 1572 os_memcpy(key->key_iv,
1573 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1574 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1575 os_memcpy(ek, key->key_iv, 16);
98cd3d1c 1576 os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len);
5e3b5197
JM		 1577 os_memcpy(key_data, buf, key_data_len);
1578 rc4_skip(ek, 32, 256, key_data, key_data_len);
6d014ffc 1579 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
7cb53ded 1580#endif /* CONFIG_NO_RC4 */
98cd3d1c
JM		 1581 } else {
1582 os_free(hdr);
1583 os_free(buf);
1584 return;
6fc6879b
JM		 1585 }
1586 os_free(buf);
1587 }
1588
1589 if (key_info & WPA_KEY_INFO_MIC) {
b729fd8d 1590 if (!sm->PTK_valid || !mic_len) {
6fc6879b
JM		 1591 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1592 "PTK not valid when sending EAPOL-Key "
1593 "frame");
1594 os_free(hdr);
1595 return;
1596 }
5e3b5197 1597
beae255a
JM		 1598 if (wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len,
1599 sm->wpa_key_mgmt, version,
1600 (u8 *) hdr, len, key_mic) < 0) {
1601 os_free(hdr);
1602 return;
1603 }
7af092a0
JB		 1604#ifdef CONFIG_TESTING_OPTIONS
1605 if (!pairwise &&
06df2aa6 1606 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
7af092a0
JB		 1607 drand48() <
1608 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1609 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1610 "Corrupting group EAPOL-Key Key MIC");
5e3b5197 1611 key_mic[0]++;
7af092a0
JB		 1612 }
1613#endif /* CONFIG_TESTING_OPTIONS */
6fc6879b
JM		 1614 }
1615
1616 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1617 1);
1618 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1619 sm->pairwise_set);
1620 os_free(hdr);
1621}
1622
1623
1624static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1625 struct wpa_state_machine *sm, int key_info,
1626 const u8 *key_rsc, const u8 *nonce,
1627 const u8 *kde, size_t kde_len,
1628 int keyidx, int encr)
1629{
1630 int timeout_ms;
1631 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
41f140d3 1632 u32 ctr;
6fc6879b
JM		 1633
1634 if (sm == NULL)
1635 return;
1636
1637 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1638 keyidx, encr, 0);
1639
bae61562 1640 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
e4bf4db9 1641 if (ctr == 1 && wpa_auth->conf.tx_status)
00338a4f
JM		 1642 timeout_ms = pairwise ? eapol_key_timeout_first :
1643 eapol_key_timeout_first_group;
bae61562
JM		 1644 else
1645 timeout_ms = eapol_key_timeout_subseq;
6f234c1e
JM		 1646 if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
1647 (!pairwise || (key_info & WPA_KEY_INFO_MIC)))
1648 timeout_ms = eapol_key_timeout_no_retrans;
e4bf4db9
JM		 1649 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1650 sm->pending_1_of_4_timeout = 1;
525923b1
JM		 1651#ifdef TEST_FUZZ
1652 timeout_ms = 1;
1653#endif /* TEST_FUZZ */
e4bf4db9 1654 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
41f140d3 1655 "counter %u)", timeout_ms, ctr);
6fc6879b
JM		 1656 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1657 wpa_send_eapol_timeout, wpa_auth, sm);
1658}
1659
1660
567da5bb
JM		 1661static int wpa_verify_key_mic(int akmp, size_t pmk_len, struct wpa_ptk *PTK,
1662 u8 *data, size_t data_len)
6fc6879b
JM		 1663{
1664 struct ieee802_1x_hdr *hdr;
1665 struct wpa_eapol_key *key;
1666 u16 key_info;
1667 int ret = 0;
6d014ffc 1668 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN], *mic_pos;
567da5bb 1669 size_t mic_len = wpa_mic_len(akmp, pmk_len);
6fc6879b
JM		 1670
1671 if (data_len < sizeof(*hdr) + sizeof(*key))
1672 return -1;
1673
1674 hdr = (struct ieee802_1x_hdr *) data;
1675 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 1676 mic_pos = (u8 *) (key + 1);
6fc6879b 1677 key_info = WPA_GET_BE16(key->key_info);
6d014ffc
JM		 1678 os_memcpy(mic, mic_pos, mic_len);
1679 os_memset(mic_pos, 0, mic_len);
98cd3d1c
JM		 1680 if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp,
1681 key_info & WPA_KEY_INFO_TYPE_MASK,
6d014ffc
JM		 1682 data, data_len, mic_pos) ||
1683 os_memcmp_const(mic, mic_pos, mic_len) != 0)
6fc6879b 1684 ret = -1;
6d014ffc 1685 os_memcpy(mic_pos, mic, mic_len);
6fc6879b
JM		 1686 return ret;
1687}
1688
1689
1690void wpa_remove_ptk(struct wpa_state_machine *sm)
1691{
1692 sm->PTK_valid = FALSE;
1693 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
2a0b86d3
JM		 1694 if (wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL,
1695 0))
1696 wpa_printf(MSG_DEBUG,
1697 "RSN: PTK removal from the driver failed");
6fc6879b 1698 sm->pairwise_set = FALSE;
581a8cde 1699 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 1700}
1701
1702
bb119228 1703int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
6fc6879b 1704{
5d22a1d5
JM		 1705 int remove_ptk = 1;
1706
6fc6879b 1707 if (sm == NULL)
6f9b5d16 1708 return -1;
6fc6879b
JM		 1709
1710 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1711 "event %d notification", event);
1712
1713 switch (event) {
1714 case WPA_AUTH:
c50d94f1
BC		 1715#ifdef CONFIG_MESH
1716 /* PTKs are derived through AMPE */
1717 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1718 /* not mesh */
1719 break;
1720 }
1721 return 0;
1722#endif /* CONFIG_MESH */
6fc6879b
JM		 1723 case WPA_ASSOC:
1724 break;
1725 case WPA_DEAUTH:
1726 case WPA_DISASSOC:
1727 sm->DeauthenticationRequest = TRUE;
1728 break;
1729 case WPA_REAUTH:
1730 case WPA_REAUTH_EAPOL:
3ab72b62
JM		 1731 if (!sm->started) {
1732 /*
1733 * When using WPS, we may end up here if the STA
1734 * manages to re-associate without the previous STA
1735 * entry getting removed. Consequently, we need to make
1736 * sure that the WPA state machines gets initialized
1737 * properly at this point.
1738 */
1739 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1740 "started - initialize now");
1741 sm->started = 1;
1742 sm->Init = TRUE;
1743 if (wpa_sm_step(sm) == 1)
1744 return 1; /* should not really happen */
1745 sm->Init = FALSE;
1746 sm->AuthenticationRequest = TRUE;
1747 break;
1748 }
9663596f
JM		 1749 if (sm->GUpdateStationKeys) {
1750 /*
1751 * Reauthentication cancels the pending group key
1752 * update for this STA.
1753 */
1754 sm->group->GKeyDoneStations--;
1755 sm->GUpdateStationKeys = FALSE;
1756 sm->PtkGroupInit = TRUE;
1757 }
6fc6879b
JM		 1758 sm->ReAuthenticationRequest = TRUE;
1759 break;
1760 case WPA_ASSOC_FT:
4ec1fd8e 1761#ifdef CONFIG_IEEE80211R_AP
81a658d7
JM		 1762 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1763 "after association");
1764 wpa_ft_install_ptk(sm);
1765
6fc6879b
JM		 1766 /* Using FT protocol, not WPA auth state machine */
1767 sm->ft_completed = 1;
6f9b5d16 1768 return 0;
4ec1fd8e 1769#else /* CONFIG_IEEE80211R_AP */
6fc6879b 1770 break;
4ec1fd8e 1771#endif /* CONFIG_IEEE80211R_AP */
957bff83
JM		 1772 case WPA_ASSOC_FILS:
1773#ifdef CONFIG_FILS
1774 wpa_printf(MSG_DEBUG,
1775 "FILS: TK configuration after association");
1776 fils_set_tk(sm);
1777 sm->fils_completed = 1;
1778 return 0;
1779#else /* CONFIG_FILS */
1780 break;
1781#endif /* CONFIG_FILS */
0e3bd7ac
MV		 1782 case WPA_DRV_STA_REMOVED:
1783 sm->tk_already_set = FALSE;
1784 return 0;
6fc6879b
JM		 1785 }
1786
4ec1fd8e 1787#ifdef CONFIG_IEEE80211R_AP
6fc6879b 1788 sm->ft_completed = 0;
4ec1fd8e 1789#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 1790
5d22a1d5
JM		 1791#ifdef CONFIG_IEEE80211W
1792 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1793 remove_ptk = 0;
1794#endif /* CONFIG_IEEE80211W */
78815f3d 1795#ifdef CONFIG_FILS
da24c5aa
JM		 1796 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1797 (event == WPA_AUTH || event == WPA_ASSOC))
78815f3d
JM		 1798 remove_ptk = 0;
1799#endif /* CONFIG_FILS */
6fc6879b 1800
5d22a1d5
JM		 1801 if (remove_ptk) {
1802 sm->PTK_valid = FALSE;
1803 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1804
1805 if (event != WPA_REAUTH_EAPOL)
1806 wpa_remove_ptk(sm);
1807 }
6fc6879b 1808
43f49c37
JM		 1809 if (sm->in_step_loop) {
1810 /*
1811 * wpa_sm_step() is already running - avoid recursive call to
1812 * it by making the existing loop process the new update.
1813 */
1814 sm->changed = TRUE;
1815 return 0;
1816 }
6f9b5d16 1817 return wpa_sm_step(sm);
6fc6879b
JM		 1818}
1819
1820
6fc6879b
JM		 1821SM_STATE(WPA_PTK, INITIALIZE)
1822{
1823 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1824 if (sm->Init) {
1825 /* Init flag is not cleared here, so avoid busy
1826 * loop by claiming nothing changed. */
1827 sm->changed = FALSE;
1828 }
1829
1830 sm->keycount = 0;
1831 if (sm->GUpdateStationKeys)
1832 sm->group->GKeyDoneStations--;
1833 sm->GUpdateStationKeys = FALSE;
1834 if (sm->wpa == WPA_VERSION_WPA)
1835 sm->PInitAKeys = FALSE;
1836 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1837 * Local AA > Remote AA)) */) {
1838 sm->Pair = TRUE;
1839 }
1840 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1841 wpa_remove_ptk(sm);
1842 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1843 sm->TimeoutCtr = 0;
a1ea1b45 1844 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
567da5bb 1845 sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP ||
a1ea1b45 1846 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) {
6fc6879b
JM		 1847 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1848 WPA_EAPOL_authorized, 0);
1849 }
1850}
1851
1852
1853SM_STATE(WPA_PTK, DISCONNECT)
1854{
567da5bb
JM		 1855 u16 reason = sm->disconnect_reason;
1856
6fc6879b
JM		 1857 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1858 sm->Disconnect = FALSE;
567da5bb
JM		 1859 sm->disconnect_reason = 0;
1860 if (!reason)
1861 reason = WLAN_REASON_PREV_AUTH_NOT_VALID;
1862 wpa_sta_disconnect(sm->wpa_auth, sm->addr, reason);
6fc6879b
JM		 1863}
1864
1865
1866SM_STATE(WPA_PTK, DISCONNECTED)
1867{
1868 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1869 sm->DeauthenticationRequest = FALSE;
1870}
1871
1872
1873SM_STATE(WPA_PTK, AUTHENTICATION)
1874{
1875 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1876 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1877 sm->PTK_valid = FALSE;
1878 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1879 1);
1880 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1881 sm->AuthenticationRequest = FALSE;
1882}
1883
1884
40d00d2b
NC		 1885static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1886 struct wpa_group *group)
1bdb7ab3 1887{
40d00d2b
NC		 1888 if (group->first_sta_seen)
1889 return;
1bdb7ab3
JM		 1890 /*
1891 * System has run bit further than at the time hostapd was started
1892 * potentially very early during boot up. This provides better chances
1893 * of collecting more randomness on embedded systems. Re-initialize the
1894 * GMK and Counter here to improve their strength if there was not
1895 * enough entropy available immediately after system startup.
1896 */
1897 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1898 "station");
08704cd8
JM		 1899 if (random_pool_ready() != 1) {
1900 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1901 "to proceed - reject first 4-way handshake");
1902 group->reject_4way_hs_for_entropy = TRUE;
40d00d2b
NC		 1903 } else {
1904 group->first_sta_seen = TRUE;
1905 group->reject_4way_hs_for_entropy = FALSE;
08704cd8 1906 }
40d00d2b 1907
aac1efec
JM		 1908 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
1909 wpa_gtk_update(wpa_auth, group) < 0 ||
1910 wpa_group_config_group_keys(wpa_auth, group) < 0) {
1911 wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed");
1912 group->first_sta_seen = FALSE;
1913 group->reject_4way_hs_for_entropy = TRUE;
1914 }
1bdb7ab3
JM		 1915}
1916
1917
6fc6879b
JM		 1918SM_STATE(WPA_PTK, AUTHENTICATION2)
1919{
1920 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1bdb7ab3 1921
40d00d2b 1922 wpa_group_ensure_init(sm->wpa_auth, sm->group);
65a32cdb 1923 sm->ReAuthenticationRequest = FALSE;
1bdb7ab3 1924
3825a19b
JM		 1925 /*
1926 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
1927 * ambiguous. The Authenticator state machine uses a counter that is
1928 * incremented by one for each 4-way handshake. However, the security
1929 * analysis of 4-way handshake points out that unpredictable nonces
1930 * help in preventing precomputation attacks. Instead of the state
1931 * machine definition, use an unpredictable nonce value here to provide
1932 * stronger protection against potential precomputation attacks.
1933 */
1934 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1935 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
1936 "ANonce.");
65a32cdb 1937 sm->Disconnect = TRUE;
3825a19b
JM		 1938 return;
1939 }
bc8318ac
JM		 1940 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1941 WPA_NONCE_LEN);
6fc6879b
JM		 1942 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1943 * logical place than INITIALIZE since AUTHENTICATION2 can be
1944 * re-entered on ReAuthenticationRequest without going through
1945 * INITIALIZE. */
1946 sm->TimeoutCtr = 0;
1947}
1948
1949
0adc9b28
JM		 1950static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
1951{
1952 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1953 wpa_printf(MSG_ERROR,
1954 "WPA: Failed to get random data for ANonce");
1955 sm->Disconnect = TRUE;
1956 return -1;
1957 }
1958 wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
1959 WPA_NONCE_LEN);
1960 sm->TimeoutCtr = 0;
1961 return 0;
1962}
1963
1964
6fc6879b
JM		 1965SM_STATE(WPA_PTK, INITPMK)
1966{
1967 u8 msk[2 * PMK_LEN];
1968 size_t len = 2 * PMK_LEN;
1969
1970 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
4ec1fd8e 1971#ifdef CONFIG_IEEE80211R_AP
6fc6879b 1972 sm->xxkey_len = 0;
4ec1fd8e 1973#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 1974 if (sm->pmksa) {
1975 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
207976f0
JM		 1976 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
1977 sm->pmk_len = sm->pmksa->pmk_len;
567da5bb
JM		 1978#ifdef CONFIG_DPP
1979 } else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP) {
1980 wpa_printf(MSG_DEBUG,
1981 "DPP: No PMKSA cache entry for STA - reject connection");
1982 sm->Disconnect = TRUE;
1983 sm->disconnect_reason = WLAN_REASON_INVALID_PMKID;
1984 return;
1985#endif /* CONFIG_DPP */
6fc6879b 1986 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
207976f0
JM		 1987 unsigned int pmk_len;
1988
834c5d68 1989 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
207976f0
JM		 1990 pmk_len = PMK_LEN_SUITE_B_192;
1991 else
1992 pmk_len = PMK_LEN;
6fc6879b 1993 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
207976f0
JM		 1994 "(MSK len=%lu PMK len=%u)", (unsigned long) len,
1995 pmk_len);
1996 if (len < pmk_len) {
1997 wpa_printf(MSG_DEBUG,
1998 "WPA: MSK not long enough (%u) to create PMK (%u)",
1999 (unsigned int) len, (unsigned int) pmk_len);
2000 sm->Disconnect = TRUE;
2001 return;
2002 }
2003 os_memcpy(sm->PMK, msk, pmk_len);
2004 sm->pmk_len = pmk_len;
4ec1fd8e 2005#ifdef CONFIG_IEEE80211R_AP
6fc6879b 2006 if (len >= 2 * PMK_LEN) {
9f12271b
JM		 2007 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
2008 os_memcpy(sm->xxkey, msk, SHA384_MAC_LEN);
2009 sm->xxkey_len = SHA384_MAC_LEN;
2010 } else {
2011 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
2012 sm->xxkey_len = PMK_LEN;
2013 }
6fc6879b 2014 }
4ec1fd8e 2015#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 2016 } else {
400de9b1 2017 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
cef8fac0 2018 sm->wpa_auth->cb->get_msk);
1180dd66
JM		 2019 sm->Disconnect = TRUE;
2020 return;
6fc6879b 2021 }
40aaa64f 2022 os_memset(msk, 0, sizeof(msk));
6fc6879b
JM		 2023
2024 sm->req_replay_counter_used = 0;
2025 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
2026 * will break reauthentication since EAPOL state machines may not be
2027 * get into AUTHENTICATING state that clears keyRun before WPA state
2028 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
2029 * state and takes PMK from the previously used AAA Key. This will
2030 * eventually fail in 4-Way Handshake because Supplicant uses PMK
2031 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
2032 * be good workaround for this issue. */
2033 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
2034}
2035
2036
2037SM_STATE(WPA_PTK, INITPSK)
2038{
2039 const u8 *psk;
7a12edd1
JM		 2040 size_t psk_len;
2041
6fc6879b 2042 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
7a12edd1 2043 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL,
dbfa691d 2044 &psk_len, NULL);
6fc6879b 2045 if (psk) {
7a12edd1
JM		 2046 os_memcpy(sm->PMK, psk, psk_len);
2047 sm->pmk_len = psk_len;
4ec1fd8e 2048#ifdef CONFIG_IEEE80211R_AP
6fc6879b
JM		 2049 os_memcpy(sm->xxkey, psk, PMK_LEN);
2050 sm->xxkey_len = PMK_LEN;
4ec1fd8e 2051#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 2052 }
e61fea6b
JM		 2053#ifdef CONFIG_SAE
2054 if (wpa_auth_uses_sae(sm) && sm->pmksa) {
2055 wpa_printf(MSG_DEBUG, "SAE: PMK from PMKSA cache");
2056 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
2057 sm->pmk_len = sm->pmksa->pmk_len;
2058 }
2059#endif /* CONFIG_SAE */
6fc6879b
JM		 2060 sm->req_replay_counter_used = 0;
2061}
2062
2063
2064SM_STATE(WPA_PTK, PTKSTART)
2065{
2066 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
2067 size_t pmkid_len = 0;
2068
2069 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
2070 sm->PTKRequest = FALSE;
2071 sm->TimeoutEvt = FALSE;
f23c5b17 2072 sm->alt_snonce_valid = FALSE;
bae61562
JM		 2073
2074 sm->TimeoutCtr++;
41f140d3 2075 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
bae61562
JM		 2076 /* No point in sending the EAPOL-Key - we will disconnect
2077 * immediately following this. */
2078 return;
2079 }
2080
6fc6879b
JM		 2081 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2082 "sending 1/4 msg of 4-Way Handshake");
2083 /*
c6e1a9a0
JM		 2084 * For infrastructure BSS cases, it is better for the AP not to include
2085 * the PMKID KDE in EAPOL-Key msg 1/4 since it could be used to initiate
2086 * offline search for the passphrase/PSK without having to be able to
2087 * capture a 4-way handshake from a STA that has access to the network.
2088 *
2089 * For IBSS cases, addition of PMKID KDE could be considered even with
2090 * WPA2-PSK cases that use multiple PSKs, but only if there is a single
2091 * possible PSK for this STA. However, this should not be done unless
2092 * there is support for using that information on the supplicant side.
2093 * The concern about exposing PMKID unnecessarily in infrastructure BSS
2094 * cases would also apply here, but at least in the IBSS case, this
2095 * would cover a potential real use case.
6fc6879b
JM		 2096 */
2097 if (sm->wpa == WPA_VERSION_WPA2 &&
e61fea6b 2098 (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) ||
d90f10fa 2099 (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && sm->pmksa) ||
e61fea6b 2100 wpa_key_mgmt_sae(sm->wpa_key_mgmt)) &&
a14896e8 2101 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
6fc6879b
JM		 2102 pmkid = buf;
2103 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
2104 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
2105 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
2106 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
929a2ea5 2107 if (sm->pmksa) {
9d94e4bb
JM		 2108 wpa_hexdump(MSG_DEBUG,
2109 "RSN: Message 1/4 PMKID from PMKSA entry",
2110 sm->pmksa->pmkid, PMKID_LEN);
6fc6879b
JM		 2111 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
2112 sm->pmksa->pmkid, PMKID_LEN);
929a2ea5
JM		 2113 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
2114 /* No KCK available to derive PMKID */
9d94e4bb
JM		 2115 wpa_printf(MSG_DEBUG,
2116 "RSN: No KCK available to derive PMKID for message 1/4");
929a2ea5 2117 pmkid = NULL;
9d94e4bb
JM		 2118#ifdef CONFIG_SAE
2119 } else if (wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
2120 if (sm->pmkid_set) {
2121 wpa_hexdump(MSG_DEBUG,
2122 "RSN: Message 1/4 PMKID from SAE",
2123 sm->pmkid, PMKID_LEN);
2124 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
2125 sm->pmkid, PMKID_LEN);
2126 } else {
2127 /* No PMKID available */
2128 wpa_printf(MSG_DEBUG,
2129 "RSN: No SAE PMKID available for message 1/4");
2130 pmkid = NULL;
2131 }
2132#endif /* CONFIG_SAE */
929a2ea5 2133 } else {
6fc6879b
JM		 2134 /*
2135 * Calculate PMKID since no PMKSA cache entry was
2136 * available with pre-calculated PMKID.
2137 */
207976f0 2138 rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr,
56586197 2139 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
41b81914 2140 sm->wpa_key_mgmt);
9d94e4bb
JM		 2141 wpa_hexdump(MSG_DEBUG,
2142 "RSN: Message 1/4 PMKID derived from PMK",
2143 &pmkid[2 + RSN_SELECTOR_LEN], PMKID_LEN);
6fc6879b
JM		 2144 }
2145 }
2146 wpa_send_eapol(sm->wpa_auth, sm,
2147 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
2148 sm->ANonce, pmkid, pmkid_len, 0, 0);
6fc6879b
JM		 2149}
2150
2151
f23c5b17 2152static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
207976f0
JM		 2153 const u8 *pmk, unsigned int pmk_len,
2154 struct wpa_ptk *ptk)
6fc6879b 2155{
4ec1fd8e 2156#ifdef CONFIG_IEEE80211R_AP
56586197 2157 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
98cd3d1c 2158 return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
4ec1fd8e 2159#endif /* CONFIG_IEEE80211R_AP */
6fc6879b 2160
207976f0 2161 return wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
98cd3d1c
JM		 2162 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
2163 ptk, sm->wpa_key_mgmt, sm->pairwise);
6fc6879b
JM		 2164}
2165
2166
3b5b7aa8 2167#ifdef CONFIG_FILS
c4fd6d8a
JM		 2168
2169int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
80ddf5d9 2170 size_t pmk_len, const u8 *snonce, const u8 *anonce,
4cada9dc 2171 const u8 *dhss, size_t dhss_len,
80ddf5d9 2172 struct wpabuf *g_sta, struct wpabuf *g_ap)
c4fd6d8a
JM		 2173{
2174 u8 ick[FILS_ICK_MAX_LEN];
2175 size_t ick_len;
2176 int res;
8fed47e0
JM		 2177 u8 fils_ft[FILS_FT_MAX_LEN];
2178 size_t fils_ft_len = 0;
c4fd6d8a
JM		 2179
2180 res = fils_pmk_to_ptk(pmk, pmk_len, sm->addr, sm->wpa_auth->addr,
4cada9dc
JM		 2181 snonce, anonce, dhss, dhss_len,
2182 &sm->PTK, ick, &ick_len,
8fed47e0
JM		 2183 sm->wpa_key_mgmt, sm->pairwise,
2184 fils_ft, &fils_ft_len);
c4fd6d8a
JM		 2185 if (res < 0)
2186 return res;
2187 sm->PTK_valid = TRUE;
2f1357fb 2188 sm->tk_already_set = FALSE;
c4fd6d8a 2189
8fed47e0
JM		 2190#ifdef CONFIG_IEEE80211R_AP
2191 if (fils_ft_len) {
2192 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2193 struct wpa_auth_config *conf = &wpa_auth->conf;
994eac7e
JM		 2194 u8 pmk_r0[PMK_LEN_MAX], pmk_r0_name[WPA_PMK_NAME_LEN];
2195 int use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
2196 size_t pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
8fed47e0
JM		 2197
2198 if (wpa_derive_pmk_r0(fils_ft, fils_ft_len,
2199 conf->ssid, conf->ssid_len,
2200 conf->mobility_domain,
2201 conf->r0_key_holder,
2202 conf->r0_key_holder_len,
994eac7e
JM		 2203 sm->addr, pmk_r0, pmk_r0_name,
2204 use_sha384) < 0)
8fed47e0
JM		 2205 return -1;
2206
994eac7e
JM		 2207 wpa_hexdump_key(MSG_DEBUG, "FILS+FT: PMK-R0",
2208 pmk_r0, pmk_r0_len);
8fed47e0
JM		 2209 wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR0Name",
2210 pmk_r0_name, WPA_PMK_NAME_LEN);
89dea17e 2211 wpa_ft_store_pmk_fils(sm, pmk_r0, pmk_r0_name);
8fed47e0
JM		 2212 os_memset(fils_ft, 0, sizeof(fils_ft));
2213 }
2214#endif /* CONFIG_IEEE80211R_AP */
2215
c4fd6d8a
JM		 2216 res = fils_key_auth_sk(ick, ick_len, snonce, anonce,
2217 sm->addr, sm->wpa_auth->addr,
80ddf5d9
JM		 2218 g_sta ? wpabuf_head(g_sta) : NULL,
2219 g_sta ? wpabuf_len(g_sta) : 0,
2220 g_ap ? wpabuf_head(g_ap) : NULL,
2221 g_ap ? wpabuf_len(g_ap) : 0,
c4fd6d8a
JM		 2222 sm->wpa_key_mgmt, sm->fils_key_auth_sta,
2223 sm->fils_key_auth_ap,
2224 &sm->fils_key_auth_len);
2225 os_memset(ick, 0, sizeof(ick));
78815f3d
JM		 2226
2227 /* Store nonces for (Re)Association Request/Response frame processing */
2228 os_memcpy(sm->SNonce, snonce, FILS_NONCE_LEN);
2229 os_memcpy(sm->ANonce, anonce, FILS_NONCE_LEN);
2230
c4fd6d8a
JM		 2231 return res;
2232}
2233
2234
3b5b7aa8 2235static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
75c8563e 2236 u8 *buf, size_t buf_len, u16 *_key_data_len)
3b5b7aa8
JM		 2237{
2238 struct ieee802_1x_hdr *hdr;
2239 struct wpa_eapol_key *key;
2240 u8 *pos;
2241 u16 key_data_len;
2242 u8 *tmp;
2243 const u8 *aad[1];
2244 size_t aad_len[1];
2245
75c8563e 2246 hdr = (struct ieee802_1x_hdr *) buf;
3b5b7aa8
JM		 2247 key = (struct wpa_eapol_key *) (hdr + 1);
2248 pos = (u8 *) (key + 1);
2249 key_data_len = WPA_GET_BE16(pos);
2250 if (key_data_len < AES_BLOCK_SIZE ||
2251 key_data_len > buf_len - sizeof(*hdr) - sizeof(*key) - 2) {
2252 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2253 "No room for AES-SIV data in the frame");
2254 return -1;
2255 }
2256 pos += 2; /* Pointing at the Encrypted Key Data field */
2257
2258 tmp = os_malloc(key_data_len);
2259 if (!tmp)
2260 return -1;
2261
2262 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
2263 * to Key Data (exclusive). */
75c8563e
JM		 2264 aad[0] = buf;
2265 aad_len[0] = pos - buf;
3b5b7aa8
JM		 2266 if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, key_data_len,
2267 1, aad, aad_len, tmp) < 0) {
2268 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2269 "Invalid AES-SIV data in the frame");
2270 bin_clear_free(tmp, key_data_len);
2271 return -1;
2272 }
2273
2274 /* AEAD decryption and validation completed successfully */
2275 key_data_len -= AES_BLOCK_SIZE;
2276 wpa_hexdump_key(MSG_DEBUG, "WPA: Decrypted Key Data",
2277 tmp, key_data_len);
2278
2279 /* Replace Key Data field with the decrypted version */
2280 os_memcpy(pos, tmp, key_data_len);
2281 pos -= 2; /* Key Data Length field */
2282 WPA_PUT_BE16(pos, key_data_len);
2283 bin_clear_free(tmp, key_data_len);
2284 if (_key_data_len)
2285 *_key_data_len = key_data_len;
2286 return 0;
2287}
78815f3d
JM		 2288
2289
087631b9
JM		 2290const u8 * wpa_fils_validate_fils_session(struct wpa_state_machine *sm,
2291 const u8 *ies, size_t ies_len,
2292 const u8 *fils_session)
2293{
2294 const u8 *ie, *end;
2295 const u8 *session = NULL;
2296
2297 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2298 wpa_printf(MSG_DEBUG,
2299 "FILS: Not a FILS AKM - reject association");
2300 return NULL;
2301 }
2302
2303 /* Verify Session element */
2304 ie = ies;
2305 end = ((const u8 *) ie) + ies_len;
2306 while (ie + 1 < end) {
2307 if (ie + 2 + ie[1] > end)
2308 break;
2309 if (ie[0] == WLAN_EID_EXTENSION &&
2310 ie[1] >= 1 + FILS_SESSION_LEN &&
2311 ie[2] == WLAN_EID_EXT_FILS_SESSION) {
2312 session = ie;
2313 break;
2314 }
2315 ie += 2 + ie[1];
2316 }
2317
2318 if (!session) {
2319 wpa_printf(MSG_DEBUG,
2320 "FILS: %s: Could not find FILS Session element in Assoc Req - reject",
2321 __func__);
2322 return NULL;
2323 }
2324
2325 if (!fils_session) {
2326 wpa_printf(MSG_DEBUG,
2327 "FILS: %s: Could not find FILS Session element in STA entry - reject",
2328 __func__);
2329 return NULL;
2330 }
2331
2332 if (os_memcmp(fils_session, session + 3, FILS_SESSION_LEN) != 0) {
2333 wpa_printf(MSG_DEBUG, "FILS: Session mismatch");
2334 wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session",
2335 fils_session, FILS_SESSION_LEN);
2336 wpa_hexdump(MSG_DEBUG, "FILS: Received FILS Session",
2337 session + 3, FILS_SESSION_LEN);
2338 return NULL;
2339 }
2340 return session;
2341}
2342
2343
bd599353
JM		 2344int wpa_fils_validate_key_confirm(struct wpa_state_machine *sm, const u8 *ies,
2345 size_t ies_len)
2346{
2347 struct ieee802_11_elems elems;
2348
2349 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
2350 wpa_printf(MSG_DEBUG,
2351 "FILS: Failed to parse decrypted elements");
2352 return -1;
2353 }
2354
8b5ddda5
JM		 2355 if (!elems.fils_session) {
2356 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
2357 return -1;
2358 }
2359
bd599353
JM		 2360 if (!elems.fils_key_confirm) {
2361 wpa_printf(MSG_DEBUG, "FILS: No FILS Key Confirm element");
2362 return -1;
2363 }
2364
2365 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) {
2366 wpa_printf(MSG_DEBUG,
2367 "FILS: Unexpected Key-Auth length %d (expected %d)",
2368 elems.fils_key_confirm_len,
2369 (int) sm->fils_key_auth_len);
2370 return -1;
2371 }
2372
2373 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_sta,
2374 sm->fils_key_auth_len) != 0) {
2375 wpa_printf(MSG_DEBUG, "FILS: Key-Auth mismatch");
2376 wpa_hexdump(MSG_DEBUG, "FILS: Received Key-Auth",
2377 elems.fils_key_confirm, elems.fils_key_confirm_len);
2378 wpa_hexdump(MSG_DEBUG, "FILS: Expected Key-Auth",
2379 sm->fils_key_auth_sta, sm->fils_key_auth_len);
2380 return -1;
2381 }
2382
2383 return 0;
2384}
2385
2386
78815f3d
JM		 2387int fils_decrypt_assoc(struct wpa_state_machine *sm, const u8 *fils_session,
2388 const struct ieee80211_mgmt *mgmt, size_t frame_len,
2389 u8 *pos, size_t left)
2390{
2391 u16 fc, stype;
2392 const u8 *end, *ie_start, *ie, *session, *crypt;
78815f3d
JM		 2393 const u8 *aad[5];
2394 size_t aad_len[5];
2395
2396 if (!sm || !sm->PTK_valid) {
2397 wpa_printf(MSG_DEBUG,
2398 "FILS: No KEK to decrypt Assocication Request frame");
2399 return -1;
2400 }
2401
2402 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2403 wpa_printf(MSG_DEBUG,
2404 "FILS: Not a FILS AKM - reject association");
2405 return -1;
2406 }
2407
2408 end = ((const u8 *) mgmt) + frame_len;
2409 fc = le_to_host16(mgmt->frame_control);
2410 stype = WLAN_FC_GET_STYPE(fc);
2411 if (stype == WLAN_FC_STYPE_REASSOC_REQ)
2412 ie_start = mgmt->u.reassoc_req.variable;
2413 else
2414 ie_start = mgmt->u.assoc_req.variable;
2415 ie = ie_start;
2416
2417 /*
2418 * Find FILS Session element which is the last unencrypted element in
2419 * the frame.
2420 */
087631b9
JM		 2421 session = wpa_fils_validate_fils_session(sm, ie, end - ie,
2422 fils_session);
78815f3d 2423 if (!session) {
087631b9 2424 wpa_printf(MSG_DEBUG, "FILS: Session validation failed");
78815f3d
JM		 2425 return -1;
2426 }
087631b9 2427
78815f3d
JM		 2428 crypt = session + 2 + session[1];
2429
2430 if (end - crypt < AES_BLOCK_SIZE) {
2431 wpa_printf(MSG_DEBUG,
2432 "FILS: Too short frame to include AES-SIV data");
2433 return -1;
2434 }
2435
2436 /* AES-SIV AAD vectors */
2437
2438 /* The STA's MAC address */
2439 aad[0] = mgmt->sa;
2440 aad_len[0] = ETH_ALEN;
2441 /* The AP's BSSID */
2442 aad[1] = mgmt->da;
2443 aad_len[1] = ETH_ALEN;
2444 /* The STA's nonce */
2445 aad[2] = sm->SNonce;
2446 aad_len[2] = FILS_NONCE_LEN;
2447 /* The AP's nonce */
2448 aad[3] = sm->ANonce;
2449 aad_len[3] = FILS_NONCE_LEN;
2450 /*
2451 * The (Re)Association Request frame from the Capability Information
2452 * field to the FILS Session element (both inclusive).
2453 */
2454 aad[4] = (const u8 *) &mgmt->u.assoc_req.capab_info;
d77f3304 2455 aad_len[4] = crypt - aad[4];
78815f3d
JM		 2456
2457 if (aes_siv_decrypt(sm->PTK.kek, sm->PTK.kek_len, crypt, end - crypt,
d77f3304 2458 5, aad, aad_len, pos + (crypt - ie_start)) < 0) {
78815f3d
JM		 2459 wpa_printf(MSG_DEBUG,
2460 "FILS: Invalid AES-SIV data in the frame");
2461 return -1;
2462 }
2463 wpa_hexdump(MSG_DEBUG, "FILS: Decrypted Association Request elements",
2464 pos, left - AES_BLOCK_SIZE);
2465
bd599353
JM		 2466 if (wpa_fils_validate_key_confirm(sm, pos, left - AES_BLOCK_SIZE) < 0) {
2467 wpa_printf(MSG_DEBUG, "FILS: Key Confirm validation failed");
78815f3d
JM		 2468 return -1;
2469 }
2470
2471 return left - AES_BLOCK_SIZE;
2472}
2473
e73ffa09
JM		 2474
2475int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf,
91d91abf
JM		 2476 size_t current_len, size_t max_len,
2477 const struct wpabuf *hlp)
e73ffa09
JM		 2478{
2479 u8 *end = buf + max_len;
2480 u8 *pos = buf + current_len;
2481 struct ieee80211_mgmt *mgmt;
2482 struct wpabuf *plain;
e73ffa09
JM		 2483 const u8 *aad[5];
2484 size_t aad_len[5];
2485
2486 if (!sm || !sm->PTK_valid)
2487 return -1;
2488
2489 wpa_hexdump(MSG_DEBUG,
2490 "FILS: Association Response frame before FILS processing",
2491 buf, current_len);
2492
2493 mgmt = (struct ieee80211_mgmt *) buf;
2494
2495 /* AES-SIV AAD vectors */
2496
2497 /* The AP's BSSID */
2498 aad[0] = mgmt->sa;
2499 aad_len[0] = ETH_ALEN;
2500 /* The STA's MAC address */
2501 aad[1] = mgmt->da;
2502 aad_len[1] = ETH_ALEN;
2503 /* The AP's nonce */
2504 aad[2] = sm->ANonce;
2505 aad_len[2] = FILS_NONCE_LEN;
2506 /* The STA's nonce */
2507 aad[3] = sm->SNonce;
2508 aad_len[3] = FILS_NONCE_LEN;
2509 /*
2510 * The (Re)Association Response frame from the Capability Information
2511 * field (the same offset in both Association and Reassociation
2512 * Response frames) to the FILS Session element (both inclusive).
2513 */
2514 aad[4] = (const u8 *) &mgmt->u.assoc_resp.capab_info;
2515 aad_len[4] = pos - aad[4];
2516
2517 /* The following elements will be encrypted with AES-SIV */
9392859d
JM		 2518 plain = fils_prepare_plainbuf(sm, hlp);
2519 if (!plain) {
2520 wpa_printf(MSG_DEBUG, "FILS: Plain buffer prep failed");
2521 return -1;
2522 }
2523
2524 if (pos + wpabuf_len(plain) + AES_BLOCK_SIZE > end) {
2525 wpa_printf(MSG_DEBUG,
2526 "FILS: Not enough room for FILS elements");
2527 wpabuf_free(plain);
2528 return -1;
2529 }
2530
2531 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: Association Response plaintext",
2532 plain);
2533
2534 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len,
2535 wpabuf_head(plain), wpabuf_len(plain),
2536 5, aad, aad_len, pos) < 0) {
2537 wpabuf_free(plain);
2538 return -1;
2539 }
2540
2541 wpa_hexdump(MSG_DEBUG,
2542 "FILS: Encrypted Association Response elements",
2543 pos, AES_BLOCK_SIZE + wpabuf_len(plain));
2544 current_len += wpabuf_len(plain) + AES_BLOCK_SIZE;
2545 wpabuf_free(plain);
2546
2547 sm->fils_completed = 1;
2548
2549 return current_len;
2550}
2551
2552
2553static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm,
2554 const struct wpabuf *hlp)
2555{
2556 struct wpabuf *plain;
2557 u8 *len, *tmp, *tmp2;
2558 u8 hdr[2];
2559 u8 *gtk, dummy_gtk[32];
2560 size_t gtk_len;
2561 struct wpa_group *gsm;
e73ffa09
JM		 2562
2563 plain = wpabuf_alloc(1000);
2564 if (!plain)
9392859d 2565 return NULL;
e73ffa09
JM		 2566
2567 /* TODO: FILS Public Key */
2568
2569 /* FILS Key Confirmation */
2570 wpabuf_put_u8(plain, WLAN_EID_EXTENSION); /* Element ID */
2571 wpabuf_put_u8(plain, 1 + sm->fils_key_auth_len); /* Length */
2572 /* Element ID Extension */
2573 wpabuf_put_u8(plain, WLAN_EID_EXT_FILS_KEY_CONFIRM);
2574 wpabuf_put_data(plain, sm->fils_key_auth_ap, sm->fils_key_auth_len);
2575
91d91abf
JM		 2576 /* FILS HLP Container */
2577 if (hlp)
2578 wpabuf_put_buf(plain, hlp);
e73ffa09
JM		 2579
2580 /* TODO: FILS IP Address Assignment */
2581
2582 /* Key Delivery */
2583 gsm = sm->group;
2584 wpabuf_put_u8(plain, WLAN_EID_EXTENSION); /* Element ID */
2585 len = wpabuf_put(plain, 1);
2586 wpabuf_put_u8(plain, WLAN_EID_EXT_KEY_DELIVERY);
2587 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN,
2588 wpabuf_put(plain, WPA_KEY_RSC_LEN));
2589 /* GTK KDE */
2590 gtk = gsm->GTK[gsm->GN - 1];
2591 gtk_len = gsm->GTK_len;
8d660a4b
JM		 2592 if (sm->wpa_auth->conf.disable_gtk ||
2593 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
e73ffa09
JM		 2594 /*
2595 * Provide unique random GTK to each STA to prevent use
2596 * of GTK in the BSS.
2597 */
2598 if (random_get_bytes(dummy_gtk, gtk_len) < 0) {
2599 wpabuf_free(plain);
9392859d 2600 return NULL;
e73ffa09
JM		 2601 }
2602 gtk = dummy_gtk;
2603 }
2604 hdr[0] = gsm->GN & 0x03;
2605 hdr[1] = 0;
2606 tmp = wpabuf_put(plain, 0);
2607 tmp2 = wpa_add_kde(tmp, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2608 gtk, gtk_len);
2609 wpabuf_put(plain, tmp2 - tmp);
2610
2611 /* IGTK KDE */
2612 tmp = wpabuf_put(plain, 0);
2613 tmp2 = ieee80211w_kde_add(sm, tmp);
2614 wpabuf_put(plain, tmp2 - tmp);
2615
2616 *len = (u8 *) wpabuf_put(plain, 0) - len - 1;
99621dc1
MV		 2617
2618#ifdef CONFIG_OCV
2619 if (wpa_auth_uses_ocv(sm)) {
2620 struct wpa_channel_info ci;
2621 u8 *pos;
2622
2623 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
2624 wpa_printf(MSG_WARNING,
2625 "FILS: Failed to get channel info for OCI element");
2626 wpabuf_free(plain);
2627 return NULL;
2628 }
2629
2630 pos = wpabuf_put(plain, OCV_OCI_EXTENDED_LEN);
2631 if (ocv_insert_extended_oci(&ci, pos) < 0) {
2632 wpabuf_free(plain);
2633 return NULL;
2634 }
2635 }
2636#endif /* CONFIG_OCV */
2637
9392859d 2638 return plain;
e73ffa09
JM		 2639}
2640
da24c5aa
JM		 2641
2642int fils_set_tk(struct wpa_state_machine *sm)
2643{
2644 enum wpa_alg alg;
2645 int klen;
2646
2f1357fb
JM		 2647 if (!sm || !sm->PTK_valid) {
2648 wpa_printf(MSG_DEBUG, "FILS: No valid PTK available to set TK");
2649 return -1;
2650 }
2651 if (sm->tk_already_set) {
2652 wpa_printf(MSG_DEBUG, "FILS: TK already set to the driver");
da24c5aa 2653 return -1;
2f1357fb 2654 }
da24c5aa
JM		 2655
2656 alg = wpa_cipher_to_alg(sm->pairwise);
2657 klen = wpa_cipher_key_len(sm->pairwise);
2658
2659 wpa_printf(MSG_DEBUG, "FILS: Configure TK to the driver");
2660 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2661 sm->PTK.tk, klen)) {
2662 wpa_printf(MSG_DEBUG, "FILS: Failed to set TK to the driver");
2663 return -1;
2664 }
2f1357fb 2665 sm->tk_already_set = TRUE;
da24c5aa
JM		 2666
2667 return 0;
2668}
2669
fa61bff6
JM		 2670
2671u8 * hostapd_eid_assoc_fils_session(struct wpa_state_machine *sm, u8 *buf,
8b5ddda5 2672 const u8 *fils_session, struct wpabuf *hlp)
fa61bff6
JM		 2673{
2674 struct wpabuf *plain;
2675 u8 *pos = buf;
2676
2677 /* FILS Session */
2678 *pos++ = WLAN_EID_EXTENSION; /* Element ID */
2679 *pos++ = 1 + FILS_SESSION_LEN; /* Length */
2680 *pos++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
2681 os_memcpy(pos, fils_session, FILS_SESSION_LEN);
2682 pos += FILS_SESSION_LEN;
2683
8b5ddda5 2684 plain = fils_prepare_plainbuf(sm, hlp);
fa61bff6
JM		 2685 if (!plain) {
2686 wpa_printf(MSG_DEBUG, "FILS: Plain buffer prep failed");
2687 return NULL;
2688 }
2689
2690 os_memcpy(pos, wpabuf_head(plain), wpabuf_len(plain));
2691 pos += wpabuf_len(plain);
2692
2693 wpa_printf(MSG_DEBUG, "%s: plain buf_len: %u", __func__,
2694 (unsigned int) wpabuf_len(plain));
2695 wpabuf_free(plain);
2696 sm->fils_completed = 1;
2697 return pos;
2698}
2699
3b5b7aa8
JM		 2700#endif /* CONFIG_FILS */
2701
2702
1034f67b
MV		 2703#ifdef CONFIG_OCV
2704int get_sta_tx_parameters(struct wpa_state_machine *sm, int ap_max_chanwidth,
2705 int ap_seg1_idx, int *bandwidth, int *seg1_idx)
2706{
2707 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2708
2709 if (!wpa_auth->cb->get_sta_tx_params)
2710 return -1;
2711 return wpa_auth->cb->get_sta_tx_params(wpa_auth->cb_ctx, sm->addr,
2712 ap_max_chanwidth, ap_seg1_idx,
2713 bandwidth, seg1_idx);
2714}
2715#endif /* CONFIG_OCV */
2716
2717
6fc6879b
JM		 2718SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
2719{
3b5b7aa8 2720 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
6fc6879b 2721 struct wpa_ptk PTK;
2c502460 2722 int ok = 0, psk_found = 0;
6fc6879b 2723 const u8 *pmk = NULL;
7a12edd1 2724 size_t pmk_len;
3b5b7aa8
JM		 2725 int ft;
2726 const u8 *eapol_key_ie, *key_data, *mic;
2727 u16 key_data_length;
2728 size_t mic_len, eapol_key_ie_len;
2729 struct ieee802_1x_hdr *hdr;
2730 struct wpa_eapol_key *key;
2731 struct wpa_eapol_ie_parse kde;
bb05d036 2732 int vlan_id = 0;
6fc6879b
JM		 2733
2734 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
2735 sm->EAPOLKeyReceived = FALSE;
68921e24 2736 sm->update_snonce = FALSE;
b729fd8d 2737 os_memset(&PTK, 0, sizeof(PTK));
6fc6879b 2738
567da5bb 2739 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
3b5b7aa8 2740
6fc6879b
JM		 2741 /* WPA with IEEE 802.1X: use the derived PMK from EAP
2742 * WPA-PSK: iterate through possible PSKs and select the one matching
2743 * the packet */
2744 for (;;) {
e61fea6b
JM		 2745 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
2746 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
759fd76b 2747 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
dbfa691d
JM		 2748 sm->p2p_dev_addr, pmk, &pmk_len,
2749 &vlan_id);
6fc6879b
JM		 2750 if (pmk == NULL)
2751 break;
2c502460 2752 psk_found = 1;
f9854c18
MK		 2753#ifdef CONFIG_IEEE80211R_AP
2754 if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
2755 os_memcpy(sm->xxkey, pmk, pmk_len);
2756 sm->xxkey_len = pmk_len;
2757 }
2758#endif /* CONFIG_IEEE80211R_AP */
207976f0 2759 } else {
6fc6879b 2760 pmk = sm->PMK;
207976f0
JM		 2761 pmk_len = sm->pmk_len;
2762 }
6fc6879b 2763
364c064a
JM		 2764 if (wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK) < 0)
2765 break;
6fc6879b 2766
3b5b7aa8 2767 if (mic_len &&
567da5bb 2768 wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
929a2ea5 2769 sm->last_rx_eapol_key,
6fc6879b 2770 sm->last_rx_eapol_key_len) == 0) {
b08c9ad0
MK		 2771 os_memcpy(sm->PMK, pmk, pmk_len);
2772 sm->pmk_len = pmk_len;
6fc6879b
JM		 2773 ok = 1;
2774 break;
2775 }
2776
3b5b7aa8 2777#ifdef CONFIG_FILS
75c8563e
JM		 2778 if (!mic_len &&
2779 wpa_aead_decrypt(sm, &PTK, sm->last_rx_eapol_key,
2780 sm->last_rx_eapol_key_len, NULL) == 0) {
3b5b7aa8
JM		 2781 ok = 1;
2782 break;
2783 }
2784#endif /* CONFIG_FILS */
2785
f5e0a332
JM		 2786 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
2787 wpa_key_mgmt_sae(sm->wpa_key_mgmt))
6fc6879b
JM		 2788 break;
2789 }
2790
2791 if (!ok) {
2792 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2793 "invalid MIC in msg 2/4 of 4-Way Handshake");
2c502460
JM		 2794 if (psk_found)
2795 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
6fc6879b
JM		 2796 return;
2797 }
2798
3b5b7aa8
JM		 2799 /*
2800 * Note: last_rx_eapol_key length fields have already been validated in
2801 * wpa_receive().
2802 */
2803 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
2804 key = (struct wpa_eapol_key *) (hdr + 1);
2805 mic = (u8 *) (key + 1);
2806 key_data = mic + mic_len + 2;
2807 key_data_length = WPA_GET_BE16(mic + mic_len);
2808 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
2809 sizeof(*key) - mic_len - 2)
2810 return;
2811
2812 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
2813 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2814 "received EAPOL-Key msg 2/4 with invalid Key Data contents");
2815 return;
2816 }
2817 if (kde.rsn_ie) {
2818 eapol_key_ie = kde.rsn_ie;
2819 eapol_key_ie_len = kde.rsn_ie_len;
2820 } else if (kde.osen) {
2821 eapol_key_ie = kde.osen;
2822 eapol_key_ie_len = kde.osen_len;
2823 } else {
2824 eapol_key_ie = kde.wpa_ie;
2825 eapol_key_ie_len = kde.wpa_ie_len;
2826 }
2827 ft = sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt);
2828 if (sm->wpa_ie == NULL ||
2829 wpa_compare_rsn_ie(ft, sm->wpa_ie, sm->wpa_ie_len,
2830 eapol_key_ie, eapol_key_ie_len)) {
2831 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2832 "WPA IE from (Re)AssocReq did not match with msg 2/4");
2833 if (sm->wpa_ie) {
2834 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
2835 sm->wpa_ie, sm->wpa_ie_len);
2836 }
2837 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
2838 eapol_key_ie, eapol_key_ie_len);
2839 /* MLME-DEAUTHENTICATE.request */
567da5bb
JM		 2840 wpa_sta_disconnect(wpa_auth, sm->addr,
2841 WLAN_REASON_PREV_AUTH_NOT_VALID);
3b5b7aa8
JM		 2842 return;
2843 }
aed61c4e
MV		 2844#ifdef CONFIG_OCV
2845 if (wpa_auth_uses_ocv(sm)) {
2846 struct wpa_channel_info ci;
2847 int tx_chanwidth;
2848 int tx_seg1_idx;
2849
2850 if (wpa_channel_info(wpa_auth, &ci) != 0) {
2851 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2852 "Failed to get channel info to validate received OCI in EAPOL-Key 2/4");
2853 return;
2854 }
2855
2856 if (get_sta_tx_parameters(sm,
2857 channel_width_to_int(ci.chanwidth),
2858 ci.seg1_idx, &tx_chanwidth,
2859 &tx_seg1_idx) < 0)
2860 return;
2861
2862 if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci,
2863 tx_chanwidth, tx_seg1_idx) != 0) {
2864 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2865 ocv_errorstr);
2866 return;
2867 }
2868 }
2869#endif /* CONFIG_OCV */
4ec1fd8e 2870#ifdef CONFIG_IEEE80211R_AP
3b5b7aa8 2871 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
567da5bb
JM		 2872 wpa_sta_disconnect(wpa_auth, sm->addr,
2873 WLAN_REASON_PREV_AUTH_NOT_VALID);
3b5b7aa8
JM		 2874 return;
2875 }
4ec1fd8e 2876#endif /* CONFIG_IEEE80211R_AP */
3b5b7aa8
JM		 2877#ifdef CONFIG_P2P
2878 if (kde.ip_addr_req && kde.ip_addr_req[0] &&
2879 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
2880 int idx;
2881 wpa_printf(MSG_DEBUG,
2882 "P2P: IP address requested in EAPOL-Key exchange");
2883 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
2884 if (idx >= 0) {
2885 u32 start = WPA_GET_BE32(wpa_auth->conf.ip_addr_start);
2886 bitfield_set(wpa_auth->ip_pool, idx);
2887 WPA_PUT_BE32(sm->ip_addr, start + idx);
2888 wpa_printf(MSG_DEBUG,
2889 "P2P: Assigned IP address %u.%u.%u.%u to "
2890 MACSTR, sm->ip_addr[0], sm->ip_addr[1],
2891 sm->ip_addr[2], sm->ip_addr[3],
2892 MAC2STR(sm->addr));
2893 }
2894 }
2895#endif /* CONFIG_P2P */
2896
4ec1fd8e 2897#ifdef CONFIG_IEEE80211R_AP
26e23750
JM		 2898 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2899 /*
2900 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
2901 * with the value we derived.
2902 */
870834a1
JM		 2903 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
2904 WPA_PMK_NAME_LEN) != 0) {
26e23750
JM		 2905 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2906 "PMKR1Name mismatch in FT 4-way "
2907 "handshake");
2908 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
2909 "Supplicant",
2910 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
2911 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
2912 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2913 return;
2914 }
2915 }
4ec1fd8e 2916#endif /* CONFIG_IEEE80211R_AP */
26e23750 2917
dbfa691d
JM		 2918 if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
2919 wpa_auth_update_vlan(wpa_auth, sm->addr, vlan_id) < 0) {
2920 wpa_sta_disconnect(wpa_auth, sm->addr,
2921 WLAN_REASON_PREV_AUTH_NOT_VALID);
2922 return;
2923 }
2924
e4bf4db9 2925 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 2926 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2927
56586197 2928 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2929 /* PSK may have changed from the previous choice, so update
2930 * state machine data based on whatever PSK was selected here.
2931 */
2932 os_memcpy(sm->PMK, pmk, PMK_LEN);
207976f0 2933 sm->pmk_len = PMK_LEN;
6fc6879b
JM		 2934 }
2935
2936 sm->MICVerified = TRUE;
2937
2938 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
2939 sm->PTK_valid = TRUE;
2940}
2941
2942
2943SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2944{
2945 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2946 sm->TimeoutCtr = 0;
2947}
2948
2949
2950#ifdef CONFIG_IEEE80211W
2951
2952static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2953{
2954 if (sm->mgmt_frame_prot) {
8dd9f9cd
JM		 2955 size_t len;
2956 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2957 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
6fc6879b
JM		 2958 }
2959
2960 return 0;
2961}
2962
2963
2964static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2965{
2966 struct wpa_igtk_kde igtk;
2967 struct wpa_group *gsm = sm->group;
03610ad2 2968 u8 rsc[WPA_KEY_RSC_LEN];
8dd9f9cd 2969 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
6fc6879b
JM		 2970
2971 if (!sm->mgmt_frame_prot)
2972 return pos;
2973
2974 igtk.keyid[0] = gsm->GN_igtk;
2975 igtk.keyid[1] = 0;
7b1080da 2976 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
03610ad2 2977 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
6fc6879b 2978 os_memset(igtk.pn, 0, sizeof(igtk.pn));
03610ad2
JM		 2979 else
2980 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
8dd9f9cd 2981 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
8d660a4b
JM		 2982 if (sm->wpa_auth->conf.disable_gtk ||
2983 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
83421850
JM		 2984 /*
2985 * Provide unique random IGTK to each STA to prevent use of
2986 * IGTK in the BSS.
2987 */
8dd9f9cd 2988 if (random_get_bytes(igtk.igtk, len) < 0)
83421850
JM		 2989 return pos;
2990 }
6fc6879b 2991 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
8dd9f9cd
JM		 2992 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
2993 NULL, 0);
6fc6879b
JM		 2994
2995 return pos;
2996}
2997
2998#else /* CONFIG_IEEE80211W */
2999
3000static int ieee80211w_kde_len(struct wpa_state_machine *sm)
3001{
3002 return 0;
3003}
3004
3005
3006static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
3007{
3008 return pos;
3009}
3010
3011#endif /* CONFIG_IEEE80211W */
3012
3013
17c2559c
MV		 3014static int ocv_oci_len(struct wpa_state_machine *sm)
3015{
3016#ifdef CONFIG_OCV
3017 if (wpa_auth_uses_ocv(sm))
3018 return OCV_OCI_KDE_LEN;
3019#endif /* CONFIG_OCV */
3020 return 0;
3021}
3022
3023static int ocv_oci_add(struct wpa_state_machine *sm, u8 **argpos)
3024{
3025#ifdef CONFIG_OCV
3026 struct wpa_channel_info ci;
3027
3028 if (!wpa_auth_uses_ocv(sm))
3029 return 0;
3030
3031 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3032 wpa_printf(MSG_WARNING,
3033 "Failed to get channel info for OCI element");
3034 return -1;
3035 }
3036
3037 return ocv_insert_oci_kde(&ci, argpos);
3038#else /* CONFIG_OCV */
3039 return 0;
3040#endif /* CONFIG_OCV */
3041}
3042
3043
6fc6879b
JM		 3044SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
3045{
83421850 3046 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
6fc6879b
JM		 3047 size_t gtk_len, kde_len;
3048 struct wpa_group *gsm = sm->group;
3049 u8 *wpa_ie;
3050 int wpa_ie_len, secure, keyidx, encr = 0;
3051
3052 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
3053 sm->TimeoutEvt = FALSE;
bae61562
JM		 3054
3055 sm->TimeoutCtr++;
6f234c1e
JM		 3056 if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3057 sm->TimeoutCtr > 1) {
3058 /* Do not allow retransmission of EAPOL-Key msg 3/4 */
3059 return;
3060 }
41f140d3 3061 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
bae61562
JM		 3062 /* No point in sending the EAPOL-Key - we will disconnect
3063 * immediately following this. */
3064 return;
3065 }
3066
86dfabb8
JM		 3067 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
3068 GTK[GN], IGTK, [FTIE], [TIE * 2])
6fc6879b
JM		 3069 */
3070 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
3071 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
86dfabb8 3072 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6fc6879b
JM		 3073 wpa_ie = sm->wpa_auth->wpa_ie;
3074 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
3075 if (sm->wpa == WPA_VERSION_WPA &&
3076 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
3077 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
774d4145 3078 /* WPA-only STA, remove RSN IE and possible MDIE */
6fc6879b 3079 wpa_ie = wpa_ie + wpa_ie[1] + 2;
774d4145
JM		 3080 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
3081 wpa_ie = wpa_ie + wpa_ie[1] + 2;
6fc6879b
JM		 3082 wpa_ie_len = wpa_ie[1] + 2;
3083 }
3084 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3085 "sending 3/4 msg of 4-Way Handshake");
3086 if (sm->wpa == WPA_VERSION_WPA2) {
3087 /* WPA2 send GTK in the 4-way handshake */
3088 secure = 1;
3089 gtk = gsm->GTK[gsm->GN - 1];
3090 gtk_len = gsm->GTK_len;
8d660a4b
JM		 3091 if (sm->wpa_auth->conf.disable_gtk ||
3092 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
83421850
JM		 3093 /*
3094 * Provide unique random GTK to each STA to prevent use
3095 * of GTK in the BSS.
3096 */
3097 if (random_get_bytes(dummy_gtk, gtk_len) < 0)
3098 return;
3099 gtk = dummy_gtk;
3100 }
6fc6879b
JM		 3101 keyidx = gsm->GN;
3102 _rsc = rsc;
3103 encr = 1;
3104 } else {
3105 /* WPA does not include GTK in msg 3/4 */
3106 secure = 0;
3107 gtk = NULL;
3108 gtk_len = 0;
3109 keyidx = 0;
3110 _rsc = NULL;
0d442aff
JM		 3111 if (sm->rx_eapol_key_secure) {
3112 /*
3113 * It looks like Windows 7 supplicant tries to use
3114 * Secure bit in msg 2/4 after having reported Michael
3115 * MIC failure and it then rejects the 4-way handshake
3116 * if msg 3/4 does not set Secure bit. Work around this
3117 * by setting the Secure bit here even in the case of
3118 * WPA if the supplicant used it first.
3119 */
3120 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4740d5b9
JM		 3121 "STA used Secure bit in WPA msg 2/4 - "
3122 "set Secure for 3/4 as workaround");
0d442aff
JM		 3123 secure = 1;
3124 }
6fc6879b
JM		 3125 }
3126
17c2559c 3127 kde_len = wpa_ie_len + ieee80211w_kde_len(sm) + ocv_oci_len(sm);
6fc6879b
JM		 3128 if (gtk)
3129 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
4ec1fd8e 3130#ifdef CONFIG_IEEE80211R_AP
86dfabb8
JM		 3131 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
3132 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
3133 kde_len += 300; /* FTIE + 2 * TIE */
3134 }
4ec1fd8e 3135#endif /* CONFIG_IEEE80211R_AP */
25ef8529
JM		 3136#ifdef CONFIG_P2P
3137 if (WPA_GET_BE32(sm->ip_addr) > 0)
3138 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
3139#endif /* CONFIG_P2P */
6fc6879b
JM		 3140 kde = os_malloc(kde_len);
3141 if (kde == NULL)
3142 return;
3143
3144 pos = kde;
3145 os_memcpy(pos, wpa_ie, wpa_ie_len);
3146 pos += wpa_ie_len;
4ec1fd8e 3147#ifdef CONFIG_IEEE80211R_AP
26e23750 3148 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
59e78c24
JM		 3149 int res;
3150 size_t elen;
3151
3152 elen = pos - kde;
3153 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
26e23750
JM		 3154 if (res < 0) {
3155 wpa_printf(MSG_ERROR, "FT: Failed to insert "
3156 "PMKR1Name into RSN IE in EAPOL-Key data");
3157 os_free(kde);
3158 return;
3159 }
59e78c24
JM		 3160 pos -= wpa_ie_len;
3161 pos += elen;
26e23750 3162 }
4ec1fd8e 3163#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 3164 if (gtk) {
3165 u8 hdr[2];
3166 hdr[0] = keyidx & 0x03;
3167 hdr[1] = 0;
3168 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
3169 gtk, gtk_len);
3170 }
3171 pos = ieee80211w_kde_add(sm, pos);
17c2559c
MV		 3172 if (ocv_oci_add(sm, &pos) < 0) {
3173 os_free(kde);
3174 return;
3175 }
6fc6879b 3176
4ec1fd8e 3177#ifdef CONFIG_IEEE80211R_AP
86dfabb8
JM		 3178 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
3179 int res;
3180 struct wpa_auth_config *conf;
3181
3182 conf = &sm->wpa_auth->conf;
9257610a
JM		 3183 if (sm->assoc_resp_ftie &&
3184 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
3185 os_memcpy(pos, sm->assoc_resp_ftie,
3186 2 + sm->assoc_resp_ftie[1]);
3187 res = 2 + sm->assoc_resp_ftie[1];
3188 } else {
a7968ea5
JM		 3189 int use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
3190
3191 res = wpa_write_ftie(conf, use_sha384,
3192 conf->r0_key_holder,
9257610a
JM		 3193 conf->r0_key_holder_len,
3194 NULL, NULL, pos,
3195 kde + kde_len - pos,
3196 NULL, 0);
3197 }
86dfabb8
JM		 3198 if (res < 0) {
3199 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
3200 "into EAPOL-Key Key Data");
3201 os_free(kde);
3202 return;
3203 }
3204 pos += res;
3205
3206 /* TIE[ReassociationDeadline] (TU) */
3207 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
3208 *pos++ = 5;
3209 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
3210 WPA_PUT_LE32(pos, conf->reassociation_deadline);
3211 pos += 4;
3212
3213 /* TIE[KeyLifetime] (seconds) */
3214 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
3215 *pos++ = 5;
3216 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
83fe4bd3 3217 WPA_PUT_LE32(pos, conf->r0_key_lifetime);
86dfabb8
JM		 3218 pos += 4;
3219 }
4ec1fd8e 3220#endif /* CONFIG_IEEE80211R_AP */
25ef8529
JM		 3221#ifdef CONFIG_P2P
3222 if (WPA_GET_BE32(sm->ip_addr) > 0) {
3223 u8 addr[3 * 4];
3224 os_memcpy(addr, sm->ip_addr, 4);
3225 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
3226 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
3227 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
3228 addr, sizeof(addr), NULL, 0);
3229 }
3230#endif /* CONFIG_P2P */
86dfabb8 3231
6fc6879b 3232 wpa_send_eapol(sm->wpa_auth, sm,
b729fd8d 3233 (secure ? WPA_KEY_INFO_SECURE : 0) |
567da5bb
JM		 3234 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
3235 WPA_KEY_INFO_MIC : 0) |
6fc6879b
JM		 3236 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
3237 WPA_KEY_INFO_KEY_TYPE,
3238 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
3239 os_free(kde);
6fc6879b
JM		 3240}
3241
3242
3243SM_STATE(WPA_PTK, PTKINITDONE)
3244{
3245 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
3246 sm->EAPOLKeyReceived = FALSE;
3247 if (sm->Pair) {
c3550295
JM		 3248 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
3249 int klen = wpa_cipher_key_len(sm->pairwise);
6fc6879b 3250 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
98cd3d1c 3251 sm->PTK.tk, klen)) {
567da5bb
JM		 3252 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
3253 WLAN_REASON_PREV_AUTH_NOT_VALID);
6fc6879b
JM		 3254 return;
3255 }
3256 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
3257 sm->pairwise_set = TRUE;
3258
581a8cde
JM		 3259 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
3260 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
3261 eloop_register_timeout(sm->wpa_auth->conf.
3262 wpa_ptk_rekey, 0, wpa_rekey_ptk,
3263 sm->wpa_auth, sm);
3264 }
3265
a1ea1b45 3266 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
567da5bb 3267 sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP ||
a1ea1b45 3268 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) {
6fc6879b
JM		 3269 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3270 WPA_EAPOL_authorized, 1);
3271 }
3272 }
3273
3274 if (0 /* IBSS == TRUE */) {
3275 sm->keycount++;
3276 if (sm->keycount == 2) {
3277 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3278 WPA_EAPOL_portValid, 1);
3279 }
3280 } else {
3281 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
3282 1);
3283 }
3284 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
3285 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
3286 if (sm->wpa == WPA_VERSION_WPA)
3287 sm->PInitAKeys = TRUE;
3288 else
3289 sm->has_GTK = TRUE;
3290 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3291 "pairwise key handshake completed (%s)",
3292 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
3293
4ec1fd8e 3294#ifdef CONFIG_IEEE80211R_AP
6fc6879b 3295 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
4ec1fd8e 3296#endif /* CONFIG_IEEE80211R_AP */
6fc6879b
JM		 3297}
3298
3299
3300SM_STEP(WPA_PTK)
3301{
3302 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3303
3304 if (sm->Init)
3305 SM_ENTER(WPA_PTK, INITIALIZE);
3306 else if (sm->Disconnect
1aae01fc
BG		 3307 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
3308 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
3309 "WPA_PTK: sm->Disconnect");
6fc6879b 3310 SM_ENTER(WPA_PTK, DISCONNECT);
1aae01fc 3311 }
6fc6879b
JM		 3312 else if (sm->DeauthenticationRequest)
3313 SM_ENTER(WPA_PTK, DISCONNECTED);
3314 else if (sm->AuthenticationRequest)
3315 SM_ENTER(WPA_PTK, AUTHENTICATION);
3316 else if (sm->ReAuthenticationRequest)
3317 SM_ENTER(WPA_PTK, AUTHENTICATION2);
0adc9b28
JM		 3318 else if (sm->PTKRequest) {
3319 if (wpa_auth_sm_ptk_update(sm) < 0)
3320 SM_ENTER(WPA_PTK, DISCONNECTED);
3321 else
3322 SM_ENTER(WPA_PTK, PTKSTART);
3323 } else switch (sm->wpa_ptk_state) {
6fc6879b
JM		 3324 case WPA_PTK_INITIALIZE:
3325 break;
3326 case WPA_PTK_DISCONNECT:
3327 SM_ENTER(WPA_PTK, DISCONNECTED);
3328 break;
3329 case WPA_PTK_DISCONNECTED:
3330 SM_ENTER(WPA_PTK, INITIALIZE);
3331 break;
3332 case WPA_PTK_AUTHENTICATION:
3333 SM_ENTER(WPA_PTK, AUTHENTICATION2);
3334 break;
3335 case WPA_PTK_AUTHENTICATION2:
56586197 3336 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6fc6879b
JM		 3337 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
3338 WPA_EAPOL_keyRun) > 0)
3339 SM_ENTER(WPA_PTK, INITPMK);
a1ea1b45
JM		 3340 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
3341 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE
6fc6879b
JM		 3342 /* FIX: && 802.1X::keyRun */)
3343 SM_ENTER(WPA_PTK, INITPSK);
567da5bb
JM		 3344 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP)
3345 SM_ENTER(WPA_PTK, INITPMK);
6fc6879b
JM		 3346 break;
3347 case WPA_PTK_INITPMK:
3348 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
567da5bb 3349 WPA_EAPOL_keyAvailable) > 0) {
6fc6879b 3350 SM_ENTER(WPA_PTK, PTKSTART);
567da5bb
JM		 3351#ifdef CONFIG_DPP
3352 } else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && sm->pmksa) {
3353 SM_ENTER(WPA_PTK, PTKSTART);
3354#endif /* CONFIG_DPP */
3355 } else {
6fc6879b 3356 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 3357 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3358 "INITPMK - keyAvailable = false");
6fc6879b
JM		 3359 SM_ENTER(WPA_PTK, DISCONNECT);
3360 }
3361 break;
3362 case WPA_PTK_INITPSK:
759fd76b 3363 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
dbfa691d 3364 NULL, NULL, NULL)) {
6fc6879b 3365 SM_ENTER(WPA_PTK, PTKSTART);
e61fea6b
JM		 3366#ifdef CONFIG_SAE
3367 } else if (wpa_auth_uses_sae(sm) && sm->pmksa) {
3368 SM_ENTER(WPA_PTK, PTKSTART);
3369#endif /* CONFIG_SAE */
3370 } else {
6fc6879b
JM		 3371 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3372 "no PSK configured for the STA");
3373 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3374 SM_ENTER(WPA_PTK, DISCONNECT);
3375 }
3376 break;
3377 case WPA_PTK_PTKSTART:
3378 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3379 sm->EAPOLKeyPairwise)
3380 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3381 else if (sm->TimeoutCtr >
41f140d3 3382 sm->wpa_auth->conf.wpa_pairwise_update_count) {
6fc6879b 3383 wpa_auth->dot11RSNA4WayHandshakeFailures++;
41f140d3
GK		 3384 wpa_auth_vlogger(
3385 sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3386 "PTKSTART: Retry limit %u reached",
3387 sm->wpa_auth->conf.wpa_pairwise_update_count);
6fc6879b
JM		 3388 SM_ENTER(WPA_PTK, DISCONNECT);
3389 } else if (sm->TimeoutEvt)
3390 SM_ENTER(WPA_PTK, PTKSTART);
3391 break;
3392 case WPA_PTK_PTKCALCNEGOTIATING:
3393 if (sm->MICVerified)
3394 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
3395 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3396 sm->EAPOLKeyPairwise)
3397 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3398 else if (sm->TimeoutEvt)
3399 SM_ENTER(WPA_PTK, PTKSTART);
3400 break;
3401 case WPA_PTK_PTKCALCNEGOTIATING2:
3402 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
3403 break;
3404 case WPA_PTK_PTKINITNEGOTIATING:
68921e24
JM		 3405 if (sm->update_snonce)
3406 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3407 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3408 sm->EAPOLKeyPairwise && sm->MICVerified)
6fc6879b
JM		 3409 SM_ENTER(WPA_PTK, PTKINITDONE);
3410 else if (sm->TimeoutCtr >
6f234c1e
JM		 3411 sm->wpa_auth->conf.wpa_pairwise_update_count ||
3412 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3413 sm->TimeoutCtr > 1)) {
6fc6879b 3414 wpa_auth->dot11RSNA4WayHandshakeFailures++;
41f140d3
GK		 3415 wpa_auth_vlogger(
3416 sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3417 "PTKINITNEGOTIATING: Retry limit %u reached",
3418 sm->wpa_auth->conf.wpa_pairwise_update_count);
6fc6879b
JM		 3419 SM_ENTER(WPA_PTK, DISCONNECT);
3420 } else if (sm->TimeoutEvt)
3421 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
3422 break;
3423 case WPA_PTK_PTKINITDONE:
3424 break;
3425 }
3426}
3427
3428
3429SM_STATE(WPA_PTK_GROUP, IDLE)
3430{
3431 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
3432 if (sm->Init) {
3433 /* Init flag is not cleared here, so avoid busy
3434 * loop by claiming nothing changed. */
3435 sm->changed = FALSE;
3436 }
3437 sm->GTimeoutCtr = 0;
3438}
3439
3440
3441SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
3442{
3443 u8 rsc[WPA_KEY_RSC_LEN];
3444 struct wpa_group *gsm = sm->group;
e41e4f9e
JM		 3445 const u8 *kde;
3446 u8 *kde_buf = NULL, *pos, hdr[2];
6fc6879b 3447 size_t kde_len;
83421850 3448 u8 *gtk, dummy_gtk[32];
6fc6879b
JM		 3449
3450 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
bae61562
JM		 3451
3452 sm->GTimeoutCtr++;
6f234c1e
JM		 3453 if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3454 sm->GTimeoutCtr > 1) {
3455 /* Do not allow retransmission of EAPOL-Key group msg 1/2 */
3456 return;
3457 }
41f140d3 3458 if (sm->GTimeoutCtr > sm->wpa_auth->conf.wpa_group_update_count) {
bae61562
JM		 3459 /* No point in sending the EAPOL-Key - we will disconnect
3460 * immediately following this. */
3461 return;
3462 }
3463
6fc6879b
JM		 3464 if (sm->wpa == WPA_VERSION_WPA)
3465 sm->PInitAKeys = FALSE;
3466 sm->TimeoutEvt = FALSE;
3467 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
3468 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
3469 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
3470 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
3471 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3472 "sending 1/2 msg of Group Key Handshake");
3473
83421850 3474 gtk = gsm->GTK[gsm->GN - 1];
8d660a4b
JM		 3475 if (sm->wpa_auth->conf.disable_gtk ||
3476 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
83421850
JM		 3477 /*
3478 * Provide unique random GTK to each STA to prevent use
3479 * of GTK in the BSS.
3480 */
3481 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
3482 return;
3483 gtk = dummy_gtk;
3484 }
6fc6879b
JM		 3485 if (sm->wpa == WPA_VERSION_WPA2) {
3486 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
17c2559c 3487 ieee80211w_kde_len(sm) + ocv_oci_len(sm);
e41e4f9e
JM		 3488 kde_buf = os_malloc(kde_len);
3489 if (kde_buf == NULL)
6fc6879b
JM		 3490 return;
3491
e41e4f9e 3492 kde = pos = kde_buf;
6fc6879b
JM		 3493 hdr[0] = gsm->GN & 0x03;
3494 hdr[1] = 0;
3495 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
83421850 3496 gtk, gsm->GTK_len);
6fc6879b 3497 pos = ieee80211w_kde_add(sm, pos);
17c2559c
MV		 3498 if (ocv_oci_add(sm, &pos) < 0) {
3499 os_free(kde_buf);
3500 return;
3501 }
e41e4f9e 3502 kde_len = pos - kde;
6fc6879b 3503 } else {
83421850 3504 kde = gtk;
e41e4f9e 3505 kde_len = gsm->GTK_len;
6fc6879b
JM		 3506 }
3507
3508 wpa_send_eapol(sm->wpa_auth, sm,
b729fd8d 3509 WPA_KEY_INFO_SECURE |
567da5bb
JM		 3510 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
3511 WPA_KEY_INFO_MIC : 0) |
6fc6879b
JM		 3512 WPA_KEY_INFO_ACK |
3513 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
b0fb2be7 3514 rsc, NULL, kde, kde_len, gsm->GN, 1);
e41e4f9e
JM		 3515
3516 os_free(kde_buf);
6fc6879b
JM		 3517}
3518
3519
3520SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
3521{
aed61c4e
MV		 3522#ifdef CONFIG_OCV
3523 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3524 const u8 *key_data, *mic;
3525 struct ieee802_1x_hdr *hdr;
3526 struct wpa_eapol_key *key;
3527 struct wpa_eapol_ie_parse kde;
3528 size_t mic_len;
3529 u16 key_data_length;
3530#endif /* CONFIG_OCV */
3531
6fc6879b
JM		 3532 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
3533 sm->EAPOLKeyReceived = FALSE;
aed61c4e
MV		 3534
3535#ifdef CONFIG_OCV
3536 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
3537
3538 /*
3539 * Note: last_rx_eapol_key length fields have already been validated in
3540 * wpa_receive().
3541 */
3542 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
3543 key = (struct wpa_eapol_key *) (hdr + 1);
3544 mic = (u8 *) (key + 1);
3545 key_data = mic + mic_len + 2;
3546 key_data_length = WPA_GET_BE16(mic + mic_len);
3547 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
3548 sizeof(*key) - mic_len - 2)
3549 return;
3550
3551 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
3552 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
3553 "received EAPOL-Key group msg 2/2 with invalid Key Data contents");
3554 return;
3555 }
3556
3557 if (wpa_auth_uses_ocv(sm)) {
3558 struct wpa_channel_info ci;
3559 int tx_chanwidth;
3560 int tx_seg1_idx;
3561
3562 if (wpa_channel_info(wpa_auth, &ci) != 0) {
3563 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3564 "Failed to get channel info to validate received OCI in EAPOL-Key group 1/2");
3565 return;
3566 }
3567
3568 if (get_sta_tx_parameters(sm,
3569 channel_width_to_int(ci.chanwidth),
3570 ci.seg1_idx, &tx_chanwidth,
3571 &tx_seg1_idx) < 0)
3572 return;
3573
3574 if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci,
3575 tx_chanwidth, tx_seg1_idx) != 0) {
3576 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3577 ocv_errorstr);
3578 return;
3579 }
3580 }
3581#endif /* CONFIG_OCV */
3582
6fc6879b
JM		 3583 if (sm->GUpdateStationKeys)
3584 sm->group->GKeyDoneStations--;
3585 sm->GUpdateStationKeys = FALSE;
3586 sm->GTimeoutCtr = 0;
3587 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
3588 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3589 "group key handshake completed (%s)",
3590 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
3591 sm->has_GTK = TRUE;
3592}
3593
3594
3595SM_STATE(WPA_PTK_GROUP, KEYERROR)
3596{
3597 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
3598 if (sm->GUpdateStationKeys)
3599 sm->group->GKeyDoneStations--;
3600 sm->GUpdateStationKeys = FALSE;
3601 sm->Disconnect = TRUE;
4bb9b674
GK		 3602 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3603 "group key handshake failed (%s) after %u tries",
3604 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN",
3605 sm->wpa_auth->conf.wpa_group_update_count);
6fc6879b
JM		 3606}
3607
3608
3609SM_STEP(WPA_PTK_GROUP)
3610{
9663596f 3611 if (sm->Init || sm->PtkGroupInit) {
6fc6879b 3612 SM_ENTER(WPA_PTK_GROUP, IDLE);
9663596f
JM		 3613 sm->PtkGroupInit = FALSE;
3614 } else switch (sm->wpa_ptk_group_state) {
6fc6879b
JM		 3615 case WPA_PTK_GROUP_IDLE:
3616 if (sm->GUpdateStationKeys ||
3617 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
3618 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
3619 break;
3620 case WPA_PTK_GROUP_REKEYNEGOTIATING:
3621 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3622 !sm->EAPOLKeyPairwise && sm->MICVerified)
3623 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
3624 else if (sm->GTimeoutCtr >
6f234c1e
JM		 3625 sm->wpa_auth->conf.wpa_group_update_count ||
3626 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3627 sm->GTimeoutCtr > 1))
6fc6879b
JM		 3628 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
3629 else if (sm->TimeoutEvt)
3630 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
3631 break;
3632 case WPA_PTK_GROUP_KEYERROR:
3633 SM_ENTER(WPA_PTK_GROUP, IDLE);
3634 break;
3635 case WPA_PTK_GROUP_REKEYESTABLISHED:
3636 SM_ENTER(WPA_PTK_GROUP, IDLE);
3637 break;
3638 }
3639}
3640
3641
3642static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
3643 struct wpa_group *group)
3644{
3645 int ret = 0;
3646
6fc6879b
JM		 3647 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
3648 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 3649 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
3650 wpa_auth->addr, group->GNonce,
3651 group->GTK[group->GN - 1], group->GTK_len) < 0)
3652 ret = -1;
5cb9d5c3
JM		 3653 wpa_hexdump_key(MSG_DEBUG, "GTK",
3654 group->GTK[group->GN - 1], group->GTK_len);
6fc6879b
JM		 3655
3656#ifdef CONFIG_IEEE80211W
70f8cc8e 3657 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
8dd9f9cd
JM		 3658 size_t len;
3659 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
5cb9d5c3
JM		 3660 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
3661 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 3662 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
3663 wpa_auth->addr, group->GNonce,
8dd9f9cd 3664 group->IGTK[group->GN_igtk - 4], len) < 0)
3c7302c2 3665 ret = -1;
6fc6879b 3666 wpa_hexdump_key(MSG_DEBUG, "IGTK",
8dd9f9cd 3667 group->IGTK[group->GN_igtk - 4], len);
6fc6879b
JM		 3668 }
3669#endif /* CONFIG_IEEE80211W */
3670
3671 return ret;
3672}
3673
3674
3675static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
3676 struct wpa_group *group)
3677{
3678 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3679 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
3680 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
3681 group->wpa_group_state = WPA_GROUP_GTK_INIT;
3682
3683 /* GTK[0..N] = 0 */
3684 os_memset(group->GTK, 0, sizeof(group->GTK));
3685 group->GN = 1;
3686 group->GM = 2;
3687#ifdef CONFIG_IEEE80211W
3688 group->GN_igtk = 4;
3689 group->GM_igtk = 5;
3690#endif /* CONFIG_IEEE80211W */
3691 /* GTK[GN] = CalcGTK() */
3692 wpa_gtk_update(wpa_auth, group);
3693}
3694
3695
3696static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
3697{
473b6f22
MB		 3698 if (ctx != NULL && ctx != sm->group)
3699 return 0;
3700
6fc6879b
JM		 3701 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
3702 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3703 "Not in PTKINITDONE; skip Group Key update");
3c183894 3704 sm->GUpdateStationKeys = FALSE;
6fc6879b
JM		 3705 return 0;
3706 }
9663596f
JM		 3707 if (sm->GUpdateStationKeys) {
3708 /*
3c183894
JM		 3709 * This should not really happen, so add a debug log entry.
3710 * Since we clear the GKeyDoneStations before the loop, the
3711 * station needs to be counted here anyway.
9663596f
JM		 3712 */
3713 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3c183894
JM		 3714 "GUpdateStationKeys was already set when "
3715 "marking station for GTK rekeying");
9663596f 3716 }
3c183894 3717
ad3872a3 3718 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
d32d94db
XC		 3719 if (sm->is_wnmsleep)
3720 return 0;
d32d94db 3721
3c183894
JM		 3722 sm->group->GKeyDoneStations++;
3723 sm->GUpdateStationKeys = TRUE;
3724
6fc6879b
JM		 3725 wpa_sm_step(sm);
3726 return 0;
3727}
3728
3729
b5bf84ba 3730#ifdef CONFIG_WNM_AP
ad3872a3 3731/* update GTK when exiting WNM-Sleep Mode */
d32d94db
XC		 3732void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
3733{
629edfef 3734 if (sm == NULL || sm->is_wnmsleep)
d32d94db
XC		 3735 return;
3736
3737 wpa_group_update_sta(sm, NULL);
3738}
3739
3740
3741void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
3742{
629edfef
JM		 3743 if (sm)
3744 sm->is_wnmsleep = !!flag;
d32d94db
XC		 3745}
3746
3747
3748int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
3749{
d32d94db 3750 struct wpa_group *gsm = sm->group;
835822d4 3751 u8 *start = pos;
d32d94db
XC		 3752
3753 /*
835822d4 3754 * GTK subelement:
d32d94db 3755 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
835822d4 3756 * Key[5..32]
d32d94db 3757 */
835822d4
JM		 3758 *pos++ = WNM_SLEEP_SUBELEM_GTK;
3759 *pos++ = 11 + gsm->GTK_len;
d32d94db 3760 /* Key ID in B0-B1 of Key Info */
835822d4
JM		 3761 WPA_PUT_LE16(pos, gsm->GN & 0x03);
3762 pos += 2;
3763 *pos++ = gsm->GTK_len;
3764 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
d32d94db 3765 return 0;
835822d4
JM		 3766 pos += 8;
3767 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
3768 pos += gsm->GTK_len;
d32d94db 3769
835822d4
JM		 3770 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
3771 gsm->GN);
3772 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
d32d94db 3773 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
d32d94db 3774
835822d4 3775 return pos - start;
d32d94db
XC		 3776}
3777
3778
3779#ifdef CONFIG_IEEE80211W
3780int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
3781{
d32d94db 3782 struct wpa_group *gsm = sm->group;
835822d4 3783 u8 *start = pos;
8dd9f9cd 3784 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
d32d94db 3785
835822d4
JM		 3786 /*
3787 * IGTK subelement:
3788 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
3789 */
3790 *pos++ = WNM_SLEEP_SUBELEM_IGTK;
8dd9f9cd 3791 *pos++ = 2 + 6 + len;
835822d4
JM		 3792 WPA_PUT_LE16(pos, gsm->GN_igtk);
3793 pos += 2;
3794 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
d32d94db 3795 return 0;
835822d4 3796 pos += 6;
d32d94db 3797
8dd9f9cd
JM		 3798 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
3799 pos += len;
d32d94db 3800
835822d4
JM		 3801 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
3802 gsm->GN_igtk);
3803 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
8dd9f9cd 3804 gsm->IGTK[gsm->GN_igtk - 4], len);
d32d94db 3805
835822d4 3806 return pos - start;
d32d94db
XC		 3807}
3808#endif /* CONFIG_IEEE80211W */
b5bf84ba 3809#endif /* CONFIG_WNM_AP */
d32d94db
XC		 3810
3811
6fc6879b
JM		 3812static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
3813 struct wpa_group *group)
3814{
3815 int tmp;
3816
3817 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3818 "SETKEYS (VLAN-ID %d)", group->vlan_id);
3819 group->changed = TRUE;
3820 group->wpa_group_state = WPA_GROUP_SETKEYS;
3821 group->GTKReKey = FALSE;
3822 tmp = group->GM;
3823 group->GM = group->GN;
3824 group->GN = tmp;
3825#ifdef CONFIG_IEEE80211W
3826 tmp = group->GM_igtk;
3827 group->GM_igtk = group->GN_igtk;
3828 group->GN_igtk = tmp;
3829#endif /* CONFIG_IEEE80211W */
3830 /* "GKeyDoneStations = GNoStations" is done in more robust way by
3831 * counting the STAs that are marked with GUpdateStationKeys instead of
3832 * including all STAs that could be in not-yet-completed state. */
3833 wpa_gtk_update(wpa_auth, group);
3834
3c183894
JM		 3835 if (group->GKeyDoneStations) {
3836 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
3837 "GKeyDoneStations=%d when starting new GTK rekey",
3838 group->GKeyDoneStations);
3839 group->GKeyDoneStations = 0;
3840 }
473b6f22 3841 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
6fc6879b
JM		 3842 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
3843 group->GKeyDoneStations);
3844}
3845
3846
1bdb7ab3
JM		 3847static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
3848 struct wpa_group *group)
6fc6879b 3849{
3c7302c2
JM		 3850 int ret = 0;
3851
3c7302c2 3852 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
c3550295 3853 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
0382097e
JM		 3854 broadcast_ether_addr, group->GN,
3855 group->GTK[group->GN - 1], group->GTK_len) < 0)
3c7302c2 3856 ret = -1;
6fc6879b
JM		 3857
3858#ifdef CONFIG_IEEE80211W
8dd9f9cd
JM		 3859 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
3860 enum wpa_alg alg;
3861 size_t len;
3862
3863 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
3864 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
3865
3866 if (ret == 0 &&
3867 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
3868 broadcast_ether_addr, group->GN_igtk,
3869 group->IGTK[group->GN_igtk - 4], len) < 0)
3870 ret = -1;
3871 }
6fc6879b 3872#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 3873
3874 return ret;
6fc6879b
JM		 3875}
3876
3877
7d7f7be2
JM		 3878static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
3879{
3880 if (sm->group == ctx) {
3881 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
3882 " for discconnection due to fatal failure",
3883 MAC2STR(sm->addr));
3884 sm->Disconnect = TRUE;
3885 }
3886
3887 return 0;
3888}
3889
3890
3891static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
3892 struct wpa_group *group)
3893{
3894 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
3895 group->changed = TRUE;
3896 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
3897 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
3898}
3899
3900
1bdb7ab3
JM		 3901static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
3902 struct wpa_group *group)
3903{
3904 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3905 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
3906 group->changed = TRUE;
3907 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
3908
7d7f7be2
JM		 3909 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
3910 wpa_group_fatal_failure(wpa_auth, group);
1bdb7ab3 3911 return -1;
7d7f7be2 3912 }
1bdb7ab3
JM		 3913
3914 return 0;
3915}
3916
3917
6fc6879b
JM		 3918static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
3919 struct wpa_group *group)
3920{
3921 if (group->GInit) {
3922 wpa_group_gtk_init(wpa_auth, group);
7d7f7be2
JM		 3923 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
3924 /* Do not allow group operations */
6fc6879b
JM		 3925 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
3926 group->GTKAuthenticator) {
3927 wpa_group_setkeysdone(wpa_auth, group);
3928 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
3929 group->GTKReKey) {
3930 wpa_group_setkeys(wpa_auth, group);
3931 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
3932 if (group->GKeyDoneStations == 0)
3933 wpa_group_setkeysdone(wpa_auth, group);
3934 else if (group->GTKReKey)
3935 wpa_group_setkeys(wpa_auth, group);
3936 }
3937}
3938
3939
e4a6ea1d 3940static int wpa_sm_step(struct wpa_state_machine *sm)
6fc6879b
JM		 3941{
3942 if (sm == NULL)
e4a6ea1d 3943 return 0;
6fc6879b
JM		 3944
3945 if (sm->in_step_loop) {
3946 /* This should not happen, but if it does, make sure we do not
3947 * end up freeing the state machine too early by exiting the
3948 * recursive call. */
3949 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
e4a6ea1d 3950 return 0;
6fc6879b
JM		 3951 }
3952
3953 sm->in_step_loop = 1;
3954 do {
3955 if (sm->pending_deinit)
3956 break;
3957
3958 sm->changed = FALSE;
3959 sm->wpa_auth->group->changed = FALSE;
3960
3961 SM_STEP_RUN(WPA_PTK);
3962 if (sm->pending_deinit)
3963 break;
3964 SM_STEP_RUN(WPA_PTK_GROUP);
3965 if (sm->pending_deinit)
3966 break;
3967 wpa_group_sm_step(sm->wpa_auth, sm->group);
3968 } while (sm->changed || sm->wpa_auth->group->changed);
3969 sm->in_step_loop = 0;
3970
3971 if (sm->pending_deinit) {
3972 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
3973 "machine deinit for " MACSTR, MAC2STR(sm->addr));
3974 wpa_free_sta_sm(sm);
e4a6ea1d 3975 return 1;
6fc6879b 3976 }
e4a6ea1d 3977 return 0;
6fc6879b
JM		 3978}
3979
3980
3981static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
3982{
3983 struct wpa_state_machine *sm = eloop_ctx;
3984 wpa_sm_step(sm);
3985}
3986
3987
3988void wpa_auth_sm_notify(struct wpa_state_machine *sm)
3989{
3990 if (sm == NULL)
3991 return;
3992 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
3993}
3994
3995
3996void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
3997{
3998 int tmp, i;
3999 struct wpa_group *group;
4000
4001 if (wpa_auth == NULL)
4002 return;
4003
4004 group = wpa_auth->group;
4005
4006 for (i = 0; i < 2; i++) {
4007 tmp = group->GM;
4008 group->GM = group->GN;
4009 group->GN = tmp;
4010#ifdef CONFIG_IEEE80211W
4011 tmp = group->GM_igtk;
4012 group->GM_igtk = group->GN_igtk;
4013 group->GN_igtk = tmp;
4014#endif /* CONFIG_IEEE80211W */
4015 wpa_gtk_update(wpa_auth, group);
9354e594 4016 wpa_group_config_group_keys(wpa_auth, group);
6fc6879b
JM		 4017 }
4018}
4019
4020
a6da824b 4021static const char * wpa_bool_txt(int val)
6fc6879b 4022{
a6da824b 4023 return val ? "TRUE" : "FALSE";
6fc6879b
JM		 4024}
4025
4026
6fc6879b
JM		 4027#define RSN_SUITE "%02x-%02x-%02x-%d"
4028#define RSN_SUITE_ARG(s) \
4029((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
4030
4031int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
4032{
4033 int len = 0, ret;
4034 char pmkid_txt[PMKID_LEN * 2 + 1];
8ce58ceb
IH		 4035#ifdef CONFIG_RSN_PREAUTH
4036 const int preauth = 1;
4037#else /* CONFIG_RSN_PREAUTH */
4038 const int preauth = 0;
4039#endif /* CONFIG_RSN_PREAUTH */
6fc6879b
JM		 4040
4041 if (wpa_auth == NULL)
4042 return len;
4043
4044 ret = os_snprintf(buf + len, buflen - len,
4045 "dot11RSNAOptionImplemented=TRUE\n"
8ce58ceb 4046 "dot11RSNAPreauthenticationImplemented=%s\n"
6fc6879b
JM		 4047 "dot11RSNAEnabled=%s\n"
4048 "dot11RSNAPreauthenticationEnabled=%s\n",
8ce58ceb 4049 wpa_bool_txt(preauth),
6fc6879b
JM		 4050 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
4051 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
d85e1fc8 4052 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 4053 return len;
4054 len += ret;
4055
4056 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
4057 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
4058
4059 ret = os_snprintf(
4060 buf + len, buflen - len,
4061 "dot11RSNAConfigVersion=%u\n"
4062 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
4063 /* FIX: dot11RSNAConfigGroupCipher */
4064 /* FIX: dot11RSNAConfigGroupRekeyMethod */
4065 /* FIX: dot11RSNAConfigGroupRekeyTime */
4066 /* FIX: dot11RSNAConfigGroupRekeyPackets */
4067 "dot11RSNAConfigGroupRekeyStrict=%u\n"
4068 "dot11RSNAConfigGroupUpdateCount=%u\n"
4069 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
4070 "dot11RSNAConfigGroupCipherSize=%u\n"
4071 "dot11RSNAConfigPMKLifetime=%u\n"
4072 "dot11RSNAConfigPMKReauthThreshold=%u\n"
4073 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
4074 "dot11RSNAConfigSATimeout=%u\n"
4075 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
4076 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
4077 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
4078 "dot11RSNAPMKIDUsed=%s\n"
4079 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
4080 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
4081 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
4082 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
4083 "dot11RSNA4WayHandshakeFailures=%u\n"
4084 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
4085 RSN_VERSION,
4086 !!wpa_auth->conf.wpa_strict_rekey,
41f140d3
GK		 4087 wpa_auth->conf.wpa_group_update_count,
4088 wpa_auth->conf.wpa_pairwise_update_count,
c3550295 4089 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
6fc6879b
JM		 4090 dot11RSNAConfigPMKLifetime,
4091 dot11RSNAConfigPMKReauthThreshold,
4092 dot11RSNAConfigSATimeout,
4093 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
4094 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
4095 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
4096 pmkid_txt,
4097 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
4098 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
4099 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
4100 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
4101 wpa_auth->dot11RSNA4WayHandshakeFailures);
d85e1fc8 4102 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 4103 return len;
4104 len += ret;
4105
4106 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
4107 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
4108
4109 /* Private MIB */
4110 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
4111 wpa_auth->group->wpa_group_state);
d85e1fc8 4112 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 4113 return len;
4114 len += ret;
4115
4116 return len;
4117}
4118
4119
4120int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
4121{
4122 int len = 0, ret;
4123 u32 pairwise = 0;
4124
4125 if (sm == NULL)
4126 return 0;
4127
4128 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
4129
4130 /* dot11RSNAStatsEntry */
4131
c3550295
JM		 4132 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
4133 WPA_PROTO_RSN : WPA_PROTO_WPA,
4134 sm->pairwise);
4135 if (pairwise == 0)
6fc6879b
JM		 4136 return 0;
4137
4138 ret = os_snprintf(
4139 buf + len, buflen - len,
4140 /* TODO: dot11RSNAStatsIndex */
4141 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
4142 "dot11RSNAStatsVersion=1\n"
4143 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
4144 /* TODO: dot11RSNAStatsTKIPICVErrors */
4145 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
d9040cdb 4146 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
6fc6879b
JM		 4147 /* TODO: dot11RSNAStatsCCMPReplays */
4148 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
4149 /* TODO: dot11RSNAStatsTKIPReplays */,
4150 MAC2STR(sm->addr),
4151 RSN_SUITE_ARG(pairwise),
4152 sm->dot11RSNAStatsTKIPLocalMICFailures,
4153 sm->dot11RSNAStatsTKIPRemoteMICFailures);
d85e1fc8 4154 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 4155 return len;
4156 len += ret;
4157
4158 /* Private MIB */
4159 ret = os_snprintf(buf + len, buflen - len,
4160 "hostapdWPAPTKState=%d\n"
4161 "hostapdWPAPTKGroupState=%d\n",
4162 sm->wpa_ptk_state,
4163 sm->wpa_ptk_group_state);
d85e1fc8 4164 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 4165 return len;
4166 len += ret;
4167
4168 return len;
4169}
4170
4171
4172void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
4173{
4174 if (wpa_auth)
4175 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
4176}
4177
4178
4179int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
4180{
4181 return sm && sm->pairwise_set;
4182}
4183
4184
ff36ff00
JM		 4185int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
4186{
4187 return sm->pairwise;
4188}
4189
4190
b08c9ad0
MK		 4191const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len)
4192{
4193 if (!sm)
4194 return NULL;
4195 *len = sm->pmk_len;
4196 return sm->PMK;
4197}
4198
4199
6fc6879b
JM		 4200int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
4201{
4202 if (sm == NULL)
4203 return -1;
4204 return sm->wpa_key_mgmt;
4205}
4206
4207
4208int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
4209{
4210 if (sm == NULL)
4211 return 0;
4212 return sm->wpa;
4213}
4214
4215
0e3bd7ac
MV		 4216int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
4217{
4218 if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
4219 return 0;
4220 return sm->tk_already_set;
4221}
4222
4223
2f1357fb
JM		 4224int wpa_auth_sta_fils_tk_already_set(struct wpa_state_machine *sm)
4225{
4226 if (!sm || !wpa_key_mgmt_fils(sm->wpa_key_mgmt))
4227 return 0;
4228 return sm->tk_already_set;
4229}
4230
4231
6fc6879b
JM		 4232int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
4233 struct rsn_pmksa_cache_entry *entry)
4234{
4235 if (sm == NULL || sm->pmksa != entry)
4236 return -1;
4237 sm->pmksa = NULL;
4238 return 0;
4239}
4240
4241
4242struct rsn_pmksa_cache_entry *
4243wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
4244{
4245 return sm ? sm->pmksa : NULL;
4246}
4247
4248
4249void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
4250{
4251 if (sm)
4252 sm->dot11RSNAStatsTKIPLocalMICFailures++;
4253}
4254
4255
4256const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
4257{
4258 if (wpa_auth == NULL)
4259 return NULL;
4260 *len = wpa_auth->wpa_ie_len;
4261 return wpa_auth->wpa_ie;
4262}
4263
4264
4265int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
207976f0 4266 unsigned int pmk_len,
6fc6879b
JM		 4267 int session_timeout, struct eapol_state_machine *eapol)
4268{
cb465555
JM		 4269 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
4270 sm->wpa_auth->conf.disable_pmksa_caching)
6fc6879b
JM		 4271 return -1;
4272
834c5d68 4273 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
207976f0
JM		 4274 if (pmk_len > PMK_LEN_SUITE_B_192)
4275 pmk_len = PMK_LEN_SUITE_B_192;
4276 } else if (pmk_len > PMK_LEN) {
4277 pmk_len = PMK_LEN;
4278 }
4279
70c93963 4280 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
98cd3d1c 4281 sm->PTK.kck, sm->PTK.kck_len,
4bb081f1
JM		 4282 sm->wpa_auth->addr, sm->addr, session_timeout,
4283 eapol, sm->wpa_key_mgmt))
6fc6879b
JM		 4284 return 0;
4285
4286 return -1;
4287}
4288
4289
4290int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
4291 const u8 *pmk, size_t len, const u8 *sta_addr,
4292 int session_timeout,
4293 struct eapol_state_machine *eapol)
4294{
4295 if (wpa_auth == NULL)
4296 return -1;
4297
70c93963 4298 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, NULL,
087a1f4e
JM		 4299 NULL, 0,
4300 wpa_auth->addr,
4bb081f1
JM		 4301 sta_addr, session_timeout, eapol,
4302 WPA_KEY_MGMT_IEEE8021X))
6fc6879b
JM		 4303 return 0;
4304
4305 return -1;
4306}
4307
4308
f2991170 4309int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
70c93963 4310 const u8 *pmk, const u8 *pmkid)
f2991170
JM		 4311{
4312 if (wpa_auth->conf.disable_pmksa_caching)
4313 return -1;
4314
70c93963 4315 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, pmkid,
087a1f4e 4316 NULL, 0,
f2991170
JM		 4317 wpa_auth->addr, addr, 0, NULL,
4318 WPA_KEY_MGMT_SAE))
4319 return 0;
4320
4321 return -1;
4322}
4323
4324
9d94e4bb
JM		 4325void wpa_auth_add_sae_pmkid(struct wpa_state_machine *sm, const u8 *pmkid)
4326{
4327 os_memcpy(sm->pmkid, pmkid, PMKID_LEN);
4328 sm->pmkid_set = 1;
4329}
4330
4331
0c52953b
JM		 4332int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr,
4333 const u8 *pmk, size_t pmk_len, const u8 *pmkid,
4334 int session_timeout, int akmp)
4335{
4336 if (wpa_auth->conf.disable_pmksa_caching)
4337 return -1;
4338
4339 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
4340 NULL, 0, wpa_auth->addr, addr, session_timeout,
4341 NULL, akmp))
4342 return 0;
4343
4344 return -1;
4345}
4346
4347
901d1fe1
JM		 4348void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
4349 const u8 *sta_addr)
4350{
4351 struct rsn_pmksa_cache_entry *pmksa;
4352
4353 if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
4354 return;
4355 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
4356 if (pmksa) {
4357 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
4358 MACSTR " based on request", MAC2STR(sta_addr));
4359 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
4360 }
4361}
4362
4363
b8daac18
MH		 4364int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
4365 size_t len)
4366{
4367 if (!wpa_auth || !wpa_auth->pmksa)
4368 return 0;
4369 return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
4370}
4371
4372
4c522c77
MH		 4373void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
4374{
4375 if (wpa_auth && wpa_auth->pmksa)
4376 pmksa_cache_auth_flush(wpa_auth->pmksa);
4377}
4378
4379
4d77d80e
MH		 4380#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
4381#ifdef CONFIG_MESH
4382
4383int wpa_auth_pmksa_list_mesh(struct wpa_authenticator *wpa_auth, const u8 *addr,
4384 char *buf, size_t len)
4385{
4386 if (!wpa_auth || !wpa_auth->pmksa)
4387 return 0;
4388
4389 return pmksa_cache_auth_list_mesh(wpa_auth->pmksa, addr, buf, len);
4390}
4391
4392
4393struct rsn_pmksa_cache_entry *
4394wpa_auth_pmksa_create_entry(const u8 *aa, const u8 *spa, const u8 *pmk,
4395 const u8 *pmkid, int expiration)
4396{
4397 struct rsn_pmksa_cache_entry *entry;
4398 struct os_reltime now;
4399
4400 entry = pmksa_cache_auth_create_entry(pmk, PMK_LEN, pmkid, NULL, 0, aa,
4401 spa, 0, NULL, WPA_KEY_MGMT_SAE);
4402 if (!entry)
4403 return NULL;
4404
4405 os_get_reltime(&now);
4406 entry->expiration = now.sec + expiration;
4407 return entry;
4408}
4409
4410
4411int wpa_auth_pmksa_add_entry(struct wpa_authenticator *wpa_auth,
4412 struct rsn_pmksa_cache_entry *entry)
4413{
4414 int ret;
4415
4416 if (!wpa_auth || !wpa_auth->pmksa)
4417 return -1;
4418
4419 ret = pmksa_cache_auth_add_entry(wpa_auth->pmksa, entry);
4420 if (ret < 0)
4421 wpa_printf(MSG_DEBUG,
4422 "RSN: Failed to store external PMKSA cache for "
4423 MACSTR, MAC2STR(entry->spa));
4424
4425 return ret;
4426}
4427
4428#endif /* CONFIG_MESH */
4429#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
4430
4431
9f2cf23e 4432struct rsn_pmksa_cache_entry *
c1bd4bac
JM		 4433wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
4434 const u8 *pmkid)
9f2cf23e
MH		 4435{
4436 if (!wpa_auth || !wpa_auth->pmksa)
4437 return NULL;
c1bd4bac 4438 return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, pmkid);
9f2cf23e
MH		 4439}
4440
4441
4442void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
4443 struct wpa_state_machine *sm,
4444 struct wpa_authenticator *wpa_auth,
4445 u8 *pmkid, u8 *pmk)
4446{
4447 if (!sm)
4448 return;
4449
4450 sm->pmksa = pmksa;
8854f90b
JM		 4451 os_memcpy(pmk, pmksa->pmk, PMK_LEN);
4452 os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN);
4453 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
9f2cf23e
MH		 4454}
4455
4456
a0ad9e8c
MB		 4457/*
4458 * Remove and free the group from wpa_authenticator. This is triggered by a
4459 * callback to make sure nobody is currently iterating the group list while it
4460 * gets modified.
4461 */
4462static void wpa_group_free(struct wpa_authenticator *wpa_auth,
4463 struct wpa_group *group)
4464{
4465 struct wpa_group *prev = wpa_auth->group;
4466
4467 wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
4468 group->vlan_id);
4469
4470 while (prev) {
4471 if (prev->next == group) {
4472 /* This never frees the special first group as needed */
4473 prev->next = group->next;
4474 os_free(group);
4475 break;
4476 }
4477 prev = prev->next;
4478 }
4479
4480}
4481
4482
4483/* Increase the reference counter for group */
4484static void wpa_group_get(struct wpa_authenticator *wpa_auth,
4485 struct wpa_group *group)
4486{
4487 /* Skip the special first group */
4488 if (wpa_auth->group == group)
4489 return;
4490
4491 group->references++;
4492}
4493
4494
4495/* Decrease the reference counter and maybe free the group */
4496static void wpa_group_put(struct wpa_authenticator *wpa_auth,
4497 struct wpa_group *group)
4498{
4499 /* Skip the special first group */
4500 if (wpa_auth->group == group)
4501 return;
4502
4503 group->references--;
4504 if (group->references)
4505 return;
4506 wpa_group_free(wpa_auth, group);
4507}
4508
4509
4510/*
4511 * Add a group that has its references counter set to zero. Caller needs to
4512 * call wpa_group_get() on the return value to mark the entry in use.
4513 */
6fc6879b
JM		 4514static struct wpa_group *
4515wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4516{
4517 struct wpa_group *group;
4518
4519 if (wpa_auth == NULL || wpa_auth->group == NULL)
4520 return NULL;
4521
4522 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
4523 vlan_id);
bdffdc5d 4524 group = wpa_group_init(wpa_auth, vlan_id, 0);
6fc6879b
JM		 4525 if (group == NULL)
4526 return NULL;
4527
4528 group->next = wpa_auth->group->next;
4529 wpa_auth->group->next = group;
4530
4531 return group;
4532}
4533
4534
7cebc8e2
MB		 4535/*
4536 * Enforce that the group state machine for the VLAN is running, increase
4537 * reference counter as interface is up. References might have been increased
4538 * even if a negative value is returned.
4539 * Returns: -1 on error (group missing, group already failed); otherwise, 0
4540 */
4541int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4542{
4543 struct wpa_group *group;
4544
4545 if (wpa_auth == NULL)
4546 return 0;
4547
4548 group = wpa_auth->group;
4549 while (group) {
4550 if (group->vlan_id == vlan_id)
4551 break;
4552 group = group->next;
4553 }
4554
4555 if (group == NULL) {
4556 group = wpa_auth_add_group(wpa_auth, vlan_id);
4557 if (group == NULL)
4558 return -1;
4559 }
4560
4561 wpa_printf(MSG_DEBUG,
4562 "WPA: Ensure group state machine running for VLAN ID %d",
4563 vlan_id);
4564
4565 wpa_group_get(wpa_auth, group);
4566 group->num_setup_iface++;
4567
4568 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
4569 return -1;
4570
4571 return 0;
4572}
4573
4574
4575/*
4576 * Decrease reference counter, expected to be zero afterwards.
4577 * returns: -1 on error (group not found, group in fail state)
4578 * -2 if wpa_group is still referenced
4579 * 0 else
4580 */
4581int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4582{
4583 struct wpa_group *group;
4584 int ret = 0;
4585
4586 if (wpa_auth == NULL)
4587 return 0;
4588
4589 group = wpa_auth->group;
4590 while (group) {
4591 if (group->vlan_id == vlan_id)
4592 break;
4593 group = group->next;
4594 }
4595
4596 if (group == NULL)
4597 return -1;
4598
4599 wpa_printf(MSG_DEBUG,
4600 "WPA: Try stopping group state machine for VLAN ID %d",
4601 vlan_id);
4602
4603 if (group->num_setup_iface <= 0) {
4604 wpa_printf(MSG_ERROR,
4605 "WPA: wpa_auth_release_group called more often than wpa_auth_ensure_group for VLAN ID %d, skipping.",
4606 vlan_id);
4607 return -1;
4608 }
4609 group->num_setup_iface--;
4610
4611 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
4612 ret = -1;
4613
4614 if (group->references > 1) {
4615 wpa_printf(MSG_DEBUG,
4616 "WPA: Cannot stop group state machine for VLAN ID %d as references are still hold",
4617 vlan_id);
4618 ret = -2;
4619 }
4620
4621 wpa_group_put(wpa_auth, group);
4622
4623 return ret;
4624}
4625
4626
6fc6879b
JM		 4627int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
4628{
4629 struct wpa_group *group;
4630
4631 if (sm == NULL || sm->wpa_auth == NULL)
4632 return 0;
4633
4634 group = sm->wpa_auth->group;
4635 while (group) {
4636 if (group->vlan_id == vlan_id)
4637 break;
4638 group = group->next;
4639 }
4640
4641 if (group == NULL) {
4642 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
4643 if (group == NULL)
4644 return -1;
4645 }
4646
4647 if (sm->group == group)
4648 return 0;
4649
7d7f7be2
JM		 4650 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
4651 return -1;
4652
6fc6879b
JM		 4653 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
4654 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
4655
a0ad9e8c
MB		 4656 wpa_group_get(sm->wpa_auth, group);
4657 wpa_group_put(sm->wpa_auth, sm->group);
6fc6879b 4658 sm->group = group;
a0ad9e8c 4659
6fc6879b
JM		 4660 return 0;
4661}
e4bf4db9
JM		 4662
4663
4664void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
4665 struct wpa_state_machine *sm, int ack)
4666{
4667 if (wpa_auth == NULL || sm == NULL)
4668 return;
4669 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
4670 " ack=%d", MAC2STR(sm->addr), ack);
4671 if (sm->pending_1_of_4_timeout && ack) {
4672 /*
4673 * Some deployed supplicant implementations update their SNonce
4674 * for each EAPOL-Key 2/4 message even within the same 4-way
4675 * handshake and then fail to use the first SNonce when
4676 * deriving the PTK. This results in unsuccessful 4-way
4677 * handshake whenever the relatively short initial timeout is
4678 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
4679 * around this by increasing the timeout now that we know that
4680 * the station has received the frame.
4681 */
4682 int timeout_ms = eapol_key_timeout_subseq;
4683 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
4684 "timeout by %u ms because of acknowledged frame",
4685 timeout_ms);
4686 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
4687 eloop_register_timeout(timeout_ms / 1000,
4688 (timeout_ms % 1000) * 1000,
4689 wpa_send_eapol_timeout, wpa_auth, sm);
4690 }
3d695328
JM		 4691
4692#ifdef CONFIG_TESTING_OPTIONS
4693 if (sm->eapol_status_cb) {
4694 sm->eapol_status_cb(sm->eapol_status_cb_ctx1,
4695 sm->eapol_status_cb_ctx2);
4696 sm->eapol_status_cb = NULL;
4697 }
4698#endif /* CONFIG_TESTING_OPTIONS */
e4bf4db9 4699}
c10347f2
JM		 4700
4701
4702int wpa_auth_uses_sae(struct wpa_state_machine *sm)
4703{
4704 if (sm == NULL)
4705 return 0;
4706 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
4707}
aa189ac9
JM		 4708
4709
4710int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
4711{
4712 if (sm == NULL)
4713 return 0;
4714 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
4715}
25ef8529
JM		 4716
4717
4718#ifdef CONFIG_P2P
4719int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
4720{
4721 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
4722 return -1;
4723 os_memcpy(addr, sm->ip_addr, 4);
4724 return 0;
4725}
4726#endif /* CONFIG_P2P */
cbc210de
JM		 4727
4728
4729int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
4730 struct radius_das_attrs *attr)
4731{
4732 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
4733}
34782730
JM		 4734
4735
4736void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth)
4737{
4738 struct wpa_group *group;
4739
4740 if (!wpa_auth)
4741 return;
4742 for (group = wpa_auth->group; group; group = group->next)
4743 wpa_group_config_group_keys(wpa_auth, group);
4744}
7eace378
JM		 4745
4746
4747#ifdef CONFIG_FILS
4748
4749struct wpa_auth_fils_iter_data {
4750 struct wpa_authenticator *auth;
4751 const u8 *cache_id;
4752 struct rsn_pmksa_cache_entry *pmksa;
4753 const u8 *spa;
4754 const u8 *pmkid;
4755};
4756
4757
4758static int wpa_auth_fils_iter(struct wpa_authenticator *a, void *ctx)
4759{
4760 struct wpa_auth_fils_iter_data *data = ctx;
4761
4cc6574d 4762 if (a == data->auth || !a->conf.fils_cache_id_set ||
7eace378
JM		 4763 os_memcmp(a->conf.fils_cache_id, data->cache_id,
4764 FILS_CACHE_ID_LEN) != 0)
4765 return 0;
4766 data->pmksa = pmksa_cache_auth_get(a->pmksa, data->spa, data->pmkid);
4767 return data->pmksa != NULL;
4768}
4769
4770
4771struct rsn_pmksa_cache_entry *
4772wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
4773 const u8 *sta_addr, const u8 *pmkid)
4774{
4775 struct wpa_auth_fils_iter_data idata;
4776
4777 if (!wpa_auth->conf.fils_cache_id_set)
4778 return NULL;
4779 idata.auth = wpa_auth;
4780 idata.cache_id = wpa_auth->conf.fils_cache_id;
4781 idata.pmksa = NULL;
4782 idata.spa = sta_addr;
4783 idata.pmkid = pmkid;
4784 wpa_auth_for_each_auth(wpa_auth, wpa_auth_fils_iter, &idata);
4785 return idata.pmksa;
4786}
4787
5db997e3
JM		 4788
4789#ifdef CONFIG_IEEE80211R_AP
a7968ea5
JM		 4790int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, int use_sha384,
4791 u8 *buf, size_t len)
5db997e3
JM		 4792{
4793 struct wpa_auth_config *conf = &wpa_auth->conf;
4794
a7968ea5 4795 return wpa_write_ftie(conf, use_sha384, conf->r0_key_holder,
5db997e3
JM		 4796 conf->r0_key_holder_len,
4797 NULL, NULL, buf, len, NULL, 0);
4798}
4799#endif /* CONFIG_IEEE80211R_AP */
4800
8acbf85f
JM		 4801
4802void wpa_auth_get_fils_aead_params(struct wpa_state_machine *sm,
4803 u8 *fils_anonce, u8 *fils_snonce,
4804 u8 *fils_kek, size_t *fils_kek_len)
4805{
4806 os_memcpy(fils_anonce, sm->ANonce, WPA_NONCE_LEN);
4807 os_memcpy(fils_snonce, sm->SNonce, WPA_NONCE_LEN);
4808 os_memcpy(fils_kek, sm->PTK.kek, WPA_KEK_MAX_LEN);
4809 *fils_kek_len = sm->PTK.kek_len;
4810}
4811
7eace378 4812#endif /* CONFIG_FILS */
6bc2f00f
JM		 4813
4814
82424732 4815#ifdef CONFIG_TESTING_OPTIONS
d8afdb21 4816
3d695328
JM		 4817int wpa_auth_resend_m1(struct wpa_state_machine *sm, int change_anonce,
4818 void (*cb)(void *ctx1, void *ctx2),
4819 void *ctx1, void *ctx2)
d8afdb21
JM		 4820{
4821 const u8 *anonce = sm->ANonce;
4822 u8 anonce_buf[WPA_NONCE_LEN];
4823
4824 if (change_anonce) {
4825 if (random_get_bytes(anonce_buf, WPA_NONCE_LEN))
4826 return -1;
4827 anonce = anonce_buf;
4828 }
4829
4830 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4831 "sending 1/4 msg of 4-Way Handshake (TESTING)");
4832 wpa_send_eapol(sm->wpa_auth, sm,
4833 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
4834 anonce, NULL, 0, 0, 0);
4835 return 0;
4836}
4837
4838
3d695328
JM		 4839int wpa_auth_resend_m3(struct wpa_state_machine *sm,
4840 void (*cb)(void *ctx1, void *ctx2),
4841 void *ctx1, void *ctx2)
d8afdb21 4842{
0c3bc1be
LD		 4843 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
4844#ifdef CONFIG_IEEE80211W
4845 u8 *opos;
4846#endif /* CONFIG_IEEE80211W */
d8afdb21
JM		 4847 size_t gtk_len, kde_len;
4848 struct wpa_group *gsm = sm->group;
4849 u8 *wpa_ie;
4850 int wpa_ie_len, secure, keyidx, encr = 0;
4851
4852 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
4853 GTK[GN], IGTK, [FTIE], [TIE * 2])
4854 */
4855
4856 /* Use 0 RSC */
4857 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
4858 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
4859 wpa_ie = sm->wpa_auth->wpa_ie;
4860 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
4861 if (sm->wpa == WPA_VERSION_WPA &&
4862 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
4863 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
4864 /* WPA-only STA, remove RSN IE and possible MDIE */
4865 wpa_ie = wpa_ie + wpa_ie[1] + 2;
4866 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
4867 wpa_ie = wpa_ie + wpa_ie[1] + 2;
4868 wpa_ie_len = wpa_ie[1] + 2;
4869 }
4870 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4871 "sending 3/4 msg of 4-Way Handshake (TESTING)");
4872 if (sm->wpa == WPA_VERSION_WPA2) {
4873 /* WPA2 send GTK in the 4-way handshake */
4874 secure = 1;
4875 gtk = gsm->GTK[gsm->GN - 1];
4876 gtk_len = gsm->GTK_len;
4877 keyidx = gsm->GN;
4878 _rsc = rsc;
4879 encr = 1;
4880 } else {
4881 /* WPA does not include GTK in msg 3/4 */
4882 secure = 0;
4883 gtk = NULL;
4884 gtk_len = 0;
4885 keyidx = 0;
4886 _rsc = NULL;
4887 if (sm->rx_eapol_key_secure) {
4888 /*
4889 * It looks like Windows 7 supplicant tries to use
4890 * Secure bit in msg 2/4 after having reported Michael
4891 * MIC failure and it then rejects the 4-way handshake
4892 * if msg 3/4 does not set Secure bit. Work around this
4893 * by setting the Secure bit here even in the case of
4894 * WPA if the supplicant used it first.
4895 */
4896 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4897 "STA used Secure bit in WPA msg 2/4 - "
4898 "set Secure for 3/4 as workaround");
4899 secure = 1;
4900 }
4901 }
4902
17c2559c 4903 kde_len = wpa_ie_len + ieee80211w_kde_len(sm) + ocv_oci_len(sm);
d8afdb21
JM		 4904 if (gtk)
4905 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
4906#ifdef CONFIG_IEEE80211R_AP
4907 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4908 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
4909 kde_len += 300; /* FTIE + 2 * TIE */
4910 }
4911#endif /* CONFIG_IEEE80211R_AP */
4912 kde = os_malloc(kde_len);
4913 if (kde == NULL)
4914 return -1;
4915
4916 pos = kde;
4917 os_memcpy(pos, wpa_ie, wpa_ie_len);
4918 pos += wpa_ie_len;
4919#ifdef CONFIG_IEEE80211R_AP
4920 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4921 int res;
4922 size_t elen;
4923
4924 elen = pos - kde;
4925 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
4926 if (res < 0) {
4927 wpa_printf(MSG_ERROR, "FT: Failed to insert "
4928 "PMKR1Name into RSN IE in EAPOL-Key data");
4929 os_free(kde);
4930 return -1;
4931 }
4932 pos -= wpa_ie_len;
4933 pos += elen;
4934 }
4935#endif /* CONFIG_IEEE80211R_AP */
4936 if (gtk) {
4937 u8 hdr[2];
4938 hdr[0] = keyidx & 0x03;
4939 hdr[1] = 0;
4940 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
4941 gtk, gtk_len);
4942 }
0c3bc1be 4943#ifdef CONFIG_IEEE80211W
d8afdb21
JM		 4944 opos = pos;
4945 pos = ieee80211w_kde_add(sm, pos);
9f917339
MV		 4946 if (pos - opos >= 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) {
4947 /* skip KDE header and keyid */
4948 opos += 2 + RSN_SELECTOR_LEN + 2;
d8afdb21
JM		 4949 os_memset(opos, 0, 6); /* clear PN */
4950 }
0c3bc1be 4951#endif /* CONFIG_IEEE80211W */
17c2559c
MV		 4952 if (ocv_oci_add(sm, &pos) < 0) {
4953 os_free(kde);
4954 return -1;
4955 }
d8afdb21
JM		 4956
4957#ifdef CONFIG_IEEE80211R_AP
4958 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4959 int res;
4960 struct wpa_auth_config *conf;
4961
4962 conf = &sm->wpa_auth->conf;
4963 if (sm->assoc_resp_ftie &&
4964 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
4965 os_memcpy(pos, sm->assoc_resp_ftie,
4966 2 + sm->assoc_resp_ftie[1]);
4967 res = 2 + sm->assoc_resp_ftie[1];
4968 } else {
a7968ea5
JM		 4969 int use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
4970
4971 res = wpa_write_ftie(conf, use_sha384,
4972 conf->r0_key_holder,
d8afdb21
JM		 4973 conf->r0_key_holder_len,
4974 NULL, NULL, pos,
4975 kde + kde_len - pos,
4976 NULL, 0);
4977 }
4978 if (res < 0) {
4979 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
4980 "into EAPOL-Key Key Data");
4981 os_free(kde);
4982 return -1;
4983 }
4984 pos += res;
4985
4986 /* TIE[ReassociationDeadline] (TU) */
4987 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
4988 *pos++ = 5;
4989 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
4990 WPA_PUT_LE32(pos, conf->reassociation_deadline);
4991 pos += 4;
4992
4993 /* TIE[KeyLifetime] (seconds) */
4994 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
4995 *pos++ = 5;
4996 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
83fe4bd3 4997 WPA_PUT_LE32(pos, conf->r0_key_lifetime);
d8afdb21
JM		 4998 pos += 4;
4999 }
5000#endif /* CONFIG_IEEE80211R_AP */
5001
5002 wpa_send_eapol(sm->wpa_auth, sm,
5003 (secure ? WPA_KEY_INFO_SECURE : 0) |
5004 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
5005 WPA_KEY_INFO_MIC : 0) |
5006 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
5007 WPA_KEY_INFO_KEY_TYPE,
5008 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
5009 os_free(kde);
5010 return 0;
5011}
5012
5013
3d695328
JM		 5014int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
5015 void (*cb)(void *ctx1, void *ctx2),
5016 void *ctx1, void *ctx2)
6bc2f00f
JM		 5017{
5018 u8 rsc[WPA_KEY_RSC_LEN];
5019 struct wpa_group *gsm = sm->group;
5020 const u8 *kde;
0c3bc1be
LD		 5021 u8 *kde_buf = NULL, *pos, hdr[2];
5022#ifdef CONFIG_IEEE80211W
5023 u8 *opos;
5024#endif /* CONFIG_IEEE80211W */
6bc2f00f
JM		 5025 size_t kde_len;
5026 u8 *gtk;
5027
5028 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
5029 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
5030 /* Use 0 RSC */
5031 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
5032 "sending 1/2 msg of Group Key Handshake (TESTING)");
5033
5034 gtk = gsm->GTK[gsm->GN - 1];
5035 if (sm->wpa == WPA_VERSION_WPA2) {
5036 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
17c2559c 5037 ieee80211w_kde_len(sm) + ocv_oci_len(sm);
6bc2f00f
JM		 5038 kde_buf = os_malloc(kde_len);
5039 if (kde_buf == NULL)
5040 return -1;
5041
5042 kde = pos = kde_buf;
5043 hdr[0] = gsm->GN & 0x03;
5044 hdr[1] = 0;
5045 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
5046 gtk, gsm->GTK_len);
0c3bc1be 5047#ifdef CONFIG_IEEE80211W
6bc2f00f
JM		 5048 opos = pos;
5049 pos = ieee80211w_kde_add(sm, pos);
9f917339
MV		 5050 if (pos - opos >=
5051 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) {
5052 /* skip KDE header and keyid */
5053 opos += 2 + RSN_SELECTOR_LEN + 2;
6bc2f00f
JM		 5054 os_memset(opos, 0, 6); /* clear PN */
5055 }
0c3bc1be 5056#endif /* CONFIG_IEEE80211W */
17c2559c
MV		 5057 if (ocv_oci_add(sm, &pos) < 0) {
5058 os_free(kde_buf);
5059 return -1;
5060 }
6bc2f00f
JM		 5061 kde_len = pos - kde;
5062 } else {
5063 kde = gtk;
5064 kde_len = gsm->GTK_len;
5065 }
5066
3d695328
JM		 5067 sm->eapol_status_cb = cb;
5068 sm->eapol_status_cb_ctx1 = ctx1;
5069 sm->eapol_status_cb_ctx2 = ctx2;
5070
6bc2f00f
JM		 5071 wpa_send_eapol(sm->wpa_auth, sm,
5072 WPA_KEY_INFO_SECURE |
5073 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
5074 WPA_KEY_INFO_MIC : 0) |
5075 WPA_KEY_INFO_ACK |
5076 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
5077 rsc, NULL, kde, kde_len, gsm->GN, 1);
5078
5079 os_free(kde_buf);
5080 return 0;
5081}
d8afdb21 5082
92662fb2
JB		 5083
5084int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth)
5085{
5086 if (!wpa_auth)
5087 return -1;
5088 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
5089 return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL);
5090}
5091
6bc2f00f 5092#endif /* CONFIG_TESTING_OPTIONS */
Unnamed repository; edit this file 'description' to name the repository.