]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
FILS: Export IEEE 802.1X helper functions
[thirdparty/hostap.git] / src / ap / wpa_auth.c
CommitLineData
6fc6879b 1/*
00338a4f 2 * IEEE 802.11 RSN / WPA Authenticator
98cd3d1c 3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
6fc6879b 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
6fc6879b
JM		 7 */
8
6226e38d 9#include "utils/includes.h"
6fc6879b 10
6226e38d
JM		 11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/state_machine.h"
25ef8529 14#include "utils/bitfield.h"
81f4f619 15#include "common/ieee802_11_defs.h"
3b5b7aa8 16#include "crypto/aes.h"
03da66bd 17#include "crypto/aes_wrap.h"
3b5b7aa8 18#include "crypto/aes_siv.h"
03da66bd
JM		 19#include "crypto/crypto.h"
20#include "crypto/sha1.h"
21#include "crypto/sha256.h"
3642c431 22#include "crypto/random.h"
281c950b 23#include "eapol_auth/eapol_auth_sm.h"
6226e38d 24#include "ap_config.h"
6fc6879b 25#include "ieee802_11.h"
6226e38d
JM		 26#include "wpa_auth.h"
27#include "pmksa_cache_auth.h"
6fc6879b
JM		 28#include "wpa_auth_i.h"
29#include "wpa_auth_ie.h"
30
31#define STATE_MACHINE_DATA struct wpa_state_machine
32#define STATE_MACHINE_DEBUG_PREFIX "WPA"
33#define STATE_MACHINE_ADDR sm->addr
34
35
36static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
e4a6ea1d 37static int wpa_sm_step(struct wpa_state_machine *sm);
929a2ea5
JM		 38static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
39 size_t data_len);
75c8563e
JM		 40#ifdef CONFIG_FILS
41static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
42 u8 *buf, size_t buf_len, u16 *_key_data_len);
43#endif /* CONFIG_FILS */
6fc6879b
JM		 44static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
45static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
46 struct wpa_group *group);
581a8cde 47static void wpa_request_new_ptk(struct wpa_state_machine *sm);
e6965d4e
JM		 48static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
49 struct wpa_group *group);
1bdb7ab3
JM		 50static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
51 struct wpa_group *group);
f23c5b17 52static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
207976f0
JM		 53 const u8 *pmk, unsigned int pmk_len,
54 struct wpa_ptk *ptk);
a0ad9e8c
MB		 55static void wpa_group_free(struct wpa_authenticator *wpa_auth,
56 struct wpa_group *group);
57static void wpa_group_get(struct wpa_authenticator *wpa_auth,
58 struct wpa_group *group);
59static void wpa_group_put(struct wpa_authenticator *wpa_auth,
60 struct wpa_group *group);
6fc6879b 61
bae61562
JM		 62static const u32 dot11RSNAConfigGroupUpdateCount = 4;
63static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
64static const u32 eapol_key_timeout_first = 100; /* ms */
65static const u32 eapol_key_timeout_subseq = 1000; /* ms */
00338a4f 66static const u32 eapol_key_timeout_first_group = 500; /* ms */
6fc6879b
JM		 67
68/* TODO: make these configurable */
69static const int dot11RSNAConfigPMKLifetime = 43200;
70static const int dot11RSNAConfigPMKReauthThreshold = 70;
71static const int dot11RSNAConfigSATimeout = 60;
72
73
c772d054 74static inline int wpa_auth_mic_failure_report(
6fc6879b
JM		 75 struct wpa_authenticator *wpa_auth, const u8 *addr)
76{
77 if (wpa_auth->cb.mic_failure_report)
c772d054
JM		 78 return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
79 return 0;
6fc6879b
JM		 80}
81
82
2c502460
JM		 83static inline void wpa_auth_psk_failure_report(
84 struct wpa_authenticator *wpa_auth, const u8 *addr)
85{
86 if (wpa_auth->cb.psk_failure_report)
87 wpa_auth->cb.psk_failure_report(wpa_auth->cb.ctx, addr);
88}
89
90
6fc6879b
JM		 91static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
92 const u8 *addr, wpa_eapol_variable var,
93 int value)
94{
95 if (wpa_auth->cb.set_eapol)
96 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
97}
98
99
100static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
101 const u8 *addr, wpa_eapol_variable var)
102{
103 if (wpa_auth->cb.get_eapol == NULL)
104 return -1;
105 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
106}
107
108
109static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
759fd76b
JM		 110 const u8 *addr,
111 const u8 *p2p_dev_addr,
112 const u8 *prev_psk)
6fc6879b
JM		 113{
114 if (wpa_auth->cb.get_psk == NULL)
115 return NULL;
759fd76b
JM		 116 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr,
117 prev_psk);
6fc6879b
JM		 118}
119
120
121static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
122 const u8 *addr, u8 *msk, size_t *len)
123{
124 if (wpa_auth->cb.get_msk == NULL)
125 return -1;
126 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
127}
128
129
130static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
131 int vlan_id,
71934751 132 enum wpa_alg alg, const u8 *addr, int idx,
6fc6879b
JM		 133 u8 *key, size_t key_len)
134{
135 if (wpa_auth->cb.set_key == NULL)
136 return -1;
137 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
138 key, key_len);
139}
140
141
142static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
143 const u8 *addr, int idx, u8 *seq)
144{
145 if (wpa_auth->cb.get_seqnum == NULL)
146 return -1;
147 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
148}
149
150
6fc6879b
JM		 151static inline int
152wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
153 const u8 *data, size_t data_len, int encrypt)
154{
155 if (wpa_auth->cb.send_eapol == NULL)
156 return -1;
157 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
158 encrypt);
159}
160
161
c50d94f1
BC		 162#ifdef CONFIG_MESH
163static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
164 const u8 *addr)
165{
166 if (wpa_auth->cb.start_ampe == NULL)
167 return -1;
168 return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr);
169}
170#endif /* CONFIG_MESH */
171
172
6fc6879b
JM		 173int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
174 int (*cb)(struct wpa_state_machine *sm, void *ctx),
175 void *cb_ctx)
176{
177 if (wpa_auth->cb.for_each_sta == NULL)
178 return 0;
179 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
180}
181
182
bf98f7f3
JM		 183int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
184 int (*cb)(struct wpa_authenticator *a, void *ctx),
185 void *cb_ctx)
186{
187 if (wpa_auth->cb.for_each_auth == NULL)
188 return 0;
189 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
190}
191
192
6fc6879b
JM		 193void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
194 logger_level level, const char *txt)
195{
196 if (wpa_auth->cb.logger == NULL)
197 return;
198 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
199}
200
201
202void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
203 logger_level level, const char *fmt, ...)
204{
205 char *format;
206 int maxlen;
207 va_list ap;
208
209 if (wpa_auth->cb.logger == NULL)
210 return;
211
212 maxlen = os_strlen(fmt) + 100;
213 format = os_malloc(maxlen);
214 if (!format)
215 return;
216
217 va_start(ap, fmt);
218 vsnprintf(format, maxlen, fmt, ap);
219 va_end(ap);
220
221 wpa_auth_logger(wpa_auth, addr, level, format);
222
223 os_free(format);
224}
225
226
227static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
228 const u8 *addr)
229{
230 if (wpa_auth->cb.disconnect == NULL)
231 return;
afcc9ea1 232 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
6fc6879b
JM		 233 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
234 WLAN_REASON_PREV_AUTH_NOT_VALID);
235}
236
237
238static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
239{
56586197 240 int ret = 0;
6fc6879b 241#ifdef CONFIG_IEEE80211R
56586197
JM		 242 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
243 ret = 1;
6fc6879b 244#endif /* CONFIG_IEEE80211R */
56586197
JM		 245#ifdef CONFIG_IEEE80211W
246 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
247 ret = 1;
248#endif /* CONFIG_IEEE80211W */
a14896e8
JM		 249 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN)
250 ret = 1;
56586197 251 return ret;
6fc6879b
JM		 252}
253
254
255static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
256{
257 struct wpa_authenticator *wpa_auth = eloop_ctx;
258
3642c431 259 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
6fc6879b
JM		 260 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
261 "initialization.");
262 } else {
263 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
5cb9d5c3
JM		 264 wpa_hexdump_key(MSG_DEBUG, "GMK",
265 wpa_auth->group->GMK, WPA_GMK_LEN);
6fc6879b
JM		 266 }
267
268 if (wpa_auth->conf.wpa_gmk_rekey) {
269 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
270 wpa_rekey_gmk, wpa_auth, NULL);
271 }
272}
273
274
275static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
276{
277 struct wpa_authenticator *wpa_auth = eloop_ctx;
a0ad9e8c 278 struct wpa_group *group, *next;
6fc6879b
JM		 279
280 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
a0ad9e8c
MB		 281 group = wpa_auth->group;
282 while (group) {
283 wpa_group_get(wpa_auth, group);
284
6fc6879b
JM		 285 group->GTKReKey = TRUE;
286 do {
287 group->changed = FALSE;
288 wpa_group_sm_step(wpa_auth, group);
289 } while (group->changed);
a0ad9e8c
MB		 290
291 next = group->next;
292 wpa_group_put(wpa_auth, group);
293 group = next;
6fc6879b
JM		 294 }
295
296 if (wpa_auth->conf.wpa_group_rekey) {
297 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
298 0, wpa_rekey_gtk, wpa_auth, NULL);
299 }
300}
301
302
581a8cde
JM		 303static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
304{
305 struct wpa_authenticator *wpa_auth = eloop_ctx;
306 struct wpa_state_machine *sm = timeout_ctx;
307
308 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
309 wpa_request_new_ptk(sm);
310 wpa_sm_step(sm);
311}
312
313
6fc6879b
JM		 314static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
315{
316 if (sm->pmksa == ctx)
317 sm->pmksa = NULL;
318 return 0;
319}
320
321
322static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
323 void *ctx)
324{
325 struct wpa_authenticator *wpa_auth = ctx;
326 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
327}
328
329
1bdb7ab3
JM		 330static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
331 struct wpa_group *group)
332{
559cdabb 333 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
1bdb7ab3 334 u8 rkey[32];
559cdabb 335 unsigned long ptr;
1bdb7ab3 336
3642c431 337 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
1bdb7ab3
JM		 338 return -1;
339 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
340
341 /*
342 * Counter = PRF-256(Random number, "Init Counter",
343 * Local MAC Address || Time)
344 */
345 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
346 wpa_get_ntp_timestamp(buf + ETH_ALEN);
559cdabb
JM		 347 ptr = (unsigned long) group;
348 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
3642c431 349 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
1bdb7ab3
JM		 350 return -1;
351
352 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
353 group->Counter, WPA_NONCE_LEN) < 0)
354 return -1;
355 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
356 group->Counter, WPA_NONCE_LEN);
357
358 return 0;
359}
360
361
e6965d4e 362static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
bdffdc5d 363 int vlan_id, int delay_init)
e6965d4e
JM		 364{
365 struct wpa_group *group;
e6965d4e
JM		 366
367 group = os_zalloc(sizeof(struct wpa_group));
368 if (group == NULL)
369 return NULL;
370
371 group->GTKAuthenticator = TRUE;
372 group->vlan_id = vlan_id;
c3550295 373 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
6fc6879b 374
08704cd8
JM		 375 if (random_pool_ready() != 1) {
376 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
377 "for secure operations - update keys later when "
378 "the first station connects");
379 }
380
1bdb7ab3
JM		 381 /*
382 * Set initial GMK/Counter value here. The actual values that will be
383 * used in negotiations will be set once the first station tries to
384 * connect. This allows more time for collecting additional randomness
385 * on embedded devices.
6fc6879b 386 */
1bdb7ab3 387 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
6fc6879b
JM		 388 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
389 "initialization.");
390 os_free(group);
391 return NULL;
392 }
6fc6879b
JM		 393
394 group->GInit = TRUE;
bdffdc5d
JM		 395 if (delay_init) {
396 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
397 "until Beacon frames have been configured");
398 /* Initialization is completed in wpa_init_keys(). */
399 } else {
400 wpa_group_sm_step(wpa_auth, group);
401 group->GInit = FALSE;
402 wpa_group_sm_step(wpa_auth, group);
403 }
6fc6879b
JM		 404
405 return group;
406}
407
408
409/**
410 * wpa_init - Initialize WPA authenticator
411 * @addr: Authenticator address
412 * @conf: Configuration for WPA authenticator
a17df5fb 413 * @cb: Callback functions for WPA authenticator
6fc6879b
JM		 414 * Returns: Pointer to WPA authenticator data or %NULL on failure
415 */
416struct wpa_authenticator * wpa_init(const u8 *addr,
417 struct wpa_auth_config *conf,
418 struct wpa_auth_callbacks *cb)
419{
420 struct wpa_authenticator *wpa_auth;
421
422 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
423 if (wpa_auth == NULL)
424 return NULL;
425 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
426 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
427 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
428
429 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
430 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
431 os_free(wpa_auth);
432 return NULL;
433 }
434
bdffdc5d 435 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
6fc6879b
JM		 436 if (wpa_auth->group == NULL) {
437 os_free(wpa_auth->wpa_ie);
438 os_free(wpa_auth);
439 return NULL;
440 }
441
4bb081f1
JM		 442 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
443 wpa_auth);
6fc6879b
JM		 444 if (wpa_auth->pmksa == NULL) {
445 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
27d9701d 446 os_free(wpa_auth->group);
6fc6879b
JM		 447 os_free(wpa_auth->wpa_ie);
448 os_free(wpa_auth);
449 return NULL;
450 }
451
452#ifdef CONFIG_IEEE80211R
453 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
454 if (wpa_auth->ft_pmk_cache == NULL) {
455 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
27d9701d 456 os_free(wpa_auth->group);
6fc6879b 457 os_free(wpa_auth->wpa_ie);
4bb081f1 458 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 459 os_free(wpa_auth);
460 return NULL;
461 }
462#endif /* CONFIG_IEEE80211R */
463
464 if (wpa_auth->conf.wpa_gmk_rekey) {
465 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
466 wpa_rekey_gmk, wpa_auth, NULL);
467 }
468
469 if (wpa_auth->conf.wpa_group_rekey) {
470 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
471 wpa_rekey_gtk, wpa_auth, NULL);
472 }
473
25ef8529
JM		 474#ifdef CONFIG_P2P
475 if (WPA_GET_BE32(conf->ip_addr_start)) {
476 int count = WPA_GET_BE32(conf->ip_addr_end) -
477 WPA_GET_BE32(conf->ip_addr_start) + 1;
478 if (count > 1000)
479 count = 1000;
480 if (count > 0)
481 wpa_auth->ip_pool = bitfield_alloc(count);
482 }
483#endif /* CONFIG_P2P */
484
6fc6879b
JM		 485 return wpa_auth;
486}
487
488
bdffdc5d
JM		 489int wpa_init_keys(struct wpa_authenticator *wpa_auth)
490{
491 struct wpa_group *group = wpa_auth->group;
492
493 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
494 "keys");
495 wpa_group_sm_step(wpa_auth, group);
496 group->GInit = FALSE;
497 wpa_group_sm_step(wpa_auth, group);
7d7f7be2
JM		 498 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
499 return -1;
bdffdc5d
JM		 500 return 0;
501}
502
503
6fc6879b
JM		 504/**
505 * wpa_deinit - Deinitialize WPA authenticator
506 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
507 */
508void wpa_deinit(struct wpa_authenticator *wpa_auth)
509{
510 struct wpa_group *group, *prev;
511
512 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
513 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
514
515#ifdef CONFIG_PEERKEY
516 while (wpa_auth->stsl_negotiations)
517 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
518#endif /* CONFIG_PEERKEY */
519
4bb081f1 520 pmksa_cache_auth_deinit(wpa_auth->pmksa);
6fc6879b
JM		 521
522#ifdef CONFIG_IEEE80211R
523 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
524 wpa_auth->ft_pmk_cache = NULL;
525#endif /* CONFIG_IEEE80211R */
526
25ef8529
JM		 527#ifdef CONFIG_P2P
528 bitfield_free(wpa_auth->ip_pool);
529#endif /* CONFIG_P2P */
530
531
6fc6879b
JM		 532 os_free(wpa_auth->wpa_ie);
533
534 group = wpa_auth->group;
535 while (group) {
536 prev = group;
537 group = group->next;
538 os_free(prev);
539 }
540
541 os_free(wpa_auth);
542}
543
544
545/**
546 * wpa_reconfig - Update WPA authenticator configuration
547 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
548 * @conf: Configuration for WPA authenticator
549 */
550int wpa_reconfig(struct wpa_authenticator *wpa_auth,
551 struct wpa_auth_config *conf)
552{
e6965d4e 553 struct wpa_group *group;
6fc6879b
JM		 554 if (wpa_auth == NULL)
555 return 0;
556
557 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
ad08c363
JM		 558 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
559 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
560 return -1;
561 }
562
e6965d4e
JM		 563 /*
564 * Reinitialize GTK to make sure it is suitable for the new
565 * configuration.
566 */
567 group = wpa_auth->group;
c3550295 568 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
e6965d4e
JM		 569 group->GInit = TRUE;
570 wpa_group_sm_step(wpa_auth, group);
571 group->GInit = FALSE;
572 wpa_group_sm_step(wpa_auth, group);
573
6fc6879b
JM		 574 return 0;
575}
576
577
578struct wpa_state_machine *
94ddef3e
JM		 579wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
580 const u8 *p2p_dev_addr)
6fc6879b
JM		 581{
582 struct wpa_state_machine *sm;
583
7d7f7be2
JM		 584 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
585 return NULL;
586
6fc6879b
JM		 587 sm = os_zalloc(sizeof(struct wpa_state_machine));
588 if (sm == NULL)
589 return NULL;
590 os_memcpy(sm->addr, addr, ETH_ALEN);
94ddef3e
JM		 591 if (p2p_dev_addr)
592 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
6fc6879b
JM		 593
594 sm->wpa_auth = wpa_auth;
595 sm->group = wpa_auth->group;
a0ad9e8c 596 wpa_group_get(sm->wpa_auth, sm->group);
6fc6879b
JM		 597
598 return sm;
599}
600
601
6f9b5d16
JM		 602int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
603 struct wpa_state_machine *sm)
6fc6879b
JM		 604{
605 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
6f9b5d16 606 return -1;
6fc6879b
JM		 607
608#ifdef CONFIG_IEEE80211R
609 if (sm->ft_completed) {
610 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
611 "FT authentication already completed - do not "
612 "start 4-way handshake");
3d4d2348
JM		 613 /* Go to PTKINITDONE state to allow GTK rekeying */
614 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
6f9b5d16 615 return 0;
6fc6879b
JM		 616 }
617#endif /* CONFIG_IEEE80211R */
618
619 if (sm->started) {
22a299ee 620 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
6fc6879b 621 sm->ReAuthenticationRequest = TRUE;
6f9b5d16 622 return wpa_sm_step(sm);
6fc6879b
JM		 623 }
624
625 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
626 "start authentication");
627 sm->started = 1;
628
629 sm->Init = TRUE;
e4a6ea1d 630 if (wpa_sm_step(sm) == 1)
6f9b5d16 631 return 1; /* should not really happen */
6fc6879b
JM		 632 sm->Init = FALSE;
633 sm->AuthenticationRequest = TRUE;
6f9b5d16 634 return wpa_sm_step(sm);
6fc6879b
JM		 635}
636
637
a8d05fca
JM		 638void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
639{
640 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
641 * reassociates back to the same AP while the previous entry for the
642 * STA has not yet been removed. */
643 if (sm == NULL)
644 return;
645
646 sm->wpa_key_mgmt = 0;
647}
648
649
6fc6879b
JM		 650static void wpa_free_sta_sm(struct wpa_state_machine *sm)
651{
25ef8529
JM		 652#ifdef CONFIG_P2P
653 if (WPA_GET_BE32(sm->ip_addr)) {
654 u32 start;
655 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
656 "address %u.%u.%u.%u from " MACSTR,
657 sm->ip_addr[0], sm->ip_addr[1],
658 sm->ip_addr[2], sm->ip_addr[3],
659 MAC2STR(sm->addr));
660 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
661 bitfield_clear(sm->wpa_auth->ip_pool,
662 WPA_GET_BE32(sm->ip_addr) - start);
663 }
664#endif /* CONFIG_P2P */
2ade8ef2
JM		 665 if (sm->GUpdateStationKeys) {
666 sm->group->GKeyDoneStations--;
667 sm->GUpdateStationKeys = FALSE;
668 }
0f857f43
JM		 669#ifdef CONFIG_IEEE80211R
670 os_free(sm->assoc_resp_ftie);
692ec305 671 wpabuf_free(sm->ft_pending_req_ies);
0f857f43 672#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 673 os_free(sm->last_rx_eapol_key);
674 os_free(sm->wpa_ie);
a0ad9e8c 675 wpa_group_put(sm->wpa_auth, sm->group);
6fc6879b
JM		 676 os_free(sm);
677}
678
679
680void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
681{
682 if (sm == NULL)
683 return;
684
685 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
686 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
687 "strict rekeying - force GTK rekey since STA "
688 "is leaving");
689 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
690 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
691 NULL);
692 }
693
694 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
e4bf4db9 695 sm->pending_1_of_4_timeout = 0;
6fc6879b 696 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
581a8cde 697 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 698 if (sm->in_step_loop) {
699 /* Must not free state machine while wpa_sm_step() is running.
700 * Freeing will be completed in the end of wpa_sm_step(). */
701 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
702 "machine deinit for " MACSTR, MAC2STR(sm->addr));
703 sm->pending_deinit = 1;
704 } else
705 wpa_free_sta_sm(sm);
706}
707
708
709static void wpa_request_new_ptk(struct wpa_state_machine *sm)
710{
711 if (sm == NULL)
712 return;
713
714 sm->PTKRequest = TRUE;
715 sm->PTK_valid = 0;
716}
717
718
68921e24 719static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
22a299ee
JM		 720 const u8 *replay_counter)
721{
722 int i;
723 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
68921e24 724 if (!ctr[i].valid)
22a299ee 725 break;
68921e24 726 if (os_memcmp(replay_counter, ctr[i].counter,
22a299ee
JM		 727 WPA_REPLAY_COUNTER_LEN) == 0)
728 return 1;
729 }
730 return 0;
731}
732
733
68921e24
JM		 734static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
735 const u8 *replay_counter)
736{
737 int i;
738 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
739 if (ctr[i].valid &&
740 (replay_counter == NULL ||
741 os_memcmp(replay_counter, ctr[i].counter,
742 WPA_REPLAY_COUNTER_LEN) == 0))
743 ctr[i].valid = FALSE;
744 }
745}
746
747
0f857f43
JM		 748#ifdef CONFIG_IEEE80211R
749static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
750 struct wpa_state_machine *sm,
751 struct wpa_eapol_ie_parse *kde)
752{
753 struct wpa_ie_data ie;
754 struct rsn_mdie *mdie;
755
756 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
757 ie.num_pmkid != 1 || ie.pmkid == NULL) {
758 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
759 "FT 4-way handshake message 2/4");
760 return -1;
761 }
762
763 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
764 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
765 sm->sup_pmk_r1_name, PMKID_LEN);
766
767 if (!kde->mdie || !kde->ftie) {
768 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
769 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
770 return -1;
771 }
772
773 mdie = (struct rsn_mdie *) (kde->mdie + 2);
774 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
775 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
776 MOBILITY_DOMAIN_ID_LEN) != 0) {
777 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
778 return -1;
779 }
780
781 if (sm->assoc_resp_ftie &&
782 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
783 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
784 2 + sm->assoc_resp_ftie[1]) != 0)) {
785 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
786 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
787 kde->ftie, kde->ftie_len);
788 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
789 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
790 return -1;
791 }
792
793 return 0;
794}
795#endif /* CONFIG_IEEE80211R */
796
797
c772d054
JM		 798static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
799 struct wpa_state_machine *sm, int group)
ec027805
JM		 800{
801 /* Supplicant reported a Michael MIC error */
802 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
803 "received EAPOL-Key Error Request "
804 "(STA detected Michael MIC failure (group=%d))",
805 group);
fbc72d32
JM		 806
807 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
808 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
809 "ignore Michael MIC failure report since "
810 "group cipher is not TKIP");
811 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
812 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
813 "ignore Michael MIC failure report since "
814 "pairwise cipher is not TKIP");
815 } else {
c772d054
JM		 816 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
817 return 1; /* STA entry was removed */
fbc72d32
JM		 818 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
819 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
820 }
ec027805
JM		 821
822 /*
823 * Error report is not a request for a new key handshake, but since
824 * Authenticator may do it, let's change the keys now anyway.
825 */
826 wpa_request_new_ptk(sm);
c772d054 827 return 0;
ec027805
JM		 828}
829
830
f23c5b17
JM		 831static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
832 size_t data_len)
833{
834 struct wpa_ptk PTK;
835 int ok = 0;
836 const u8 *pmk = NULL;
207976f0 837 unsigned int pmk_len;
f23c5b17 838
b729fd8d 839 os_memset(&PTK, 0, sizeof(PTK));
f23c5b17
JM		 840 for (;;) {
841 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
842 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
843 sm->p2p_dev_addr, pmk);
844 if (pmk == NULL)
845 break;
207976f0
JM		 846 pmk_len = PMK_LEN;
847 } else {
f23c5b17 848 pmk = sm->PMK;
207976f0
JM		 849 pmk_len = sm->pmk_len;
850 }
f23c5b17 851
207976f0 852 wpa_derive_ptk(sm, sm->alt_SNonce, pmk, pmk_len, &PTK);
f23c5b17
JM		 853
854 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len)
855 == 0) {
856 ok = 1;
857 break;
858 }
859
860 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
861 break;
862 }
863
864 if (!ok) {
865 wpa_printf(MSG_DEBUG,
866 "WPA: Earlier SNonce did not result in matching MIC");
867 return -1;
868 }
869
870 wpa_printf(MSG_DEBUG,
871 "WPA: Earlier SNonce resulted in matching MIC");
872 sm->alt_snonce_valid = 0;
873 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
874 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
875 sm->PTK_valid = TRUE;
876
877 return 0;
878}
879
880
6fc6879b
JM		 881void wpa_receive(struct wpa_authenticator *wpa_auth,
882 struct wpa_state_machine *sm,
883 u8 *data, size_t data_len)
884{
885 struct ieee802_1x_hdr *hdr;
886 struct wpa_eapol_key *key;
887 u16 key_info, key_data_length;
888 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
889 SMK_M1, SMK_M3, SMK_ERROR } msg;
890 char *msgtxt;
891 struct wpa_eapol_ie_parse kde;
3b5b7aa8
JM		 892 const u8 *key_data;
893 size_t keyhdrlen, mic_len;
6d014ffc 894 u8 *mic;
6fc6879b
JM		 895
896 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
897 return;
dc5bad48 898 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL data", data, data_len);
6fc6879b 899
5e3b5197 900 mic_len = wpa_mic_len(sm->wpa_key_mgmt);
6d014ffc 901 keyhdrlen = sizeof(*key) + mic_len + 2;
5e3b5197 902
dc5bad48
JM		 903 if (data_len < sizeof(*hdr) + keyhdrlen) {
904 wpa_printf(MSG_DEBUG, "WPA: Ignore too short EAPOL-Key frame");
6fc6879b 905 return;
dc5bad48 906 }
6fc6879b
JM		 907
908 hdr = (struct ieee802_1x_hdr *) data;
909 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 910 mic = (u8 *) (key + 1);
6fc6879b 911 key_info = WPA_GET_BE16(key->key_info);
6d014ffc
JM		 912 key_data = mic + mic_len + 2;
913 key_data_length = WPA_GET_BE16(mic + mic_len);
0d442aff 914 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
dc5bad48
JM		 915 " key_info=0x%x type=%u mic_len=%u key_data_length=%u",
916 MAC2STR(sm->addr), key_info, key->type,
917 (unsigned int) mic_len, key_data_length);
918 wpa_hexdump(MSG_MSGDUMP,
919 "WPA: EAPOL-Key header (ending before Key MIC)",
920 key, sizeof(*key));
921 wpa_hexdump(MSG_MSGDUMP, "WPA: EAPOL-Key Key MIC",
922 mic, mic_len);
5e3b5197 923 if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
6fc6879b
JM		 924 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
925 "key_data overflow (%d > %lu)",
926 key_data_length,
927 (unsigned long) (data_len - sizeof(*hdr) -
5e3b5197 928 keyhdrlen));
6fc6879b
JM		 929 return;
930 }
931
f8e96eb6 932 if (sm->wpa == WPA_VERSION_WPA2) {
74590e71
JM		 933 if (key->type == EAPOL_KEY_TYPE_WPA) {
934 /*
935 * Some deployed station implementations seem to send
936 * msg 4/4 with incorrect type value in WPA2 mode.
937 */
938 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
939 "with unexpected WPA type in RSN mode");
940 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
f8e96eb6
JM		 941 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
942 "unexpected type %d in RSN mode",
943 key->type);
944 return;
945 }
946 } else {
947 if (key->type != EAPOL_KEY_TYPE_WPA) {
948 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
949 "unexpected type %d in WPA mode",
950 key->type);
951 return;
952 }
953 }
954
bc8318ac
JM		 955 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
956 WPA_NONCE_LEN);
957 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
958 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
959
6fc6879b
JM		 960 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
961 * are set */
962
963 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
964 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
965 if (key_info & WPA_KEY_INFO_ERROR) {
966 msg = SMK_ERROR;
967 msgtxt = "SMK Error";
968 } else {
969 msg = SMK_M1;
970 msgtxt = "SMK M1";
971 }
972 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
973 msg = SMK_M3;
974 msgtxt = "SMK M3";
975 } else if (key_info & WPA_KEY_INFO_REQUEST) {
976 msg = REQUEST;
977 msgtxt = "Request";
978 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
979 msg = GROUP_2;
980 msgtxt = "2/2 Group";
3b5b7aa8
JM		 981 } else if (key_data_length == 0 ||
982 (mic_len == 0 && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) &&
983 key_data_length == AES_BLOCK_SIZE)) {
6fc6879b
JM		 984 msg = PAIRWISE_4;
985 msgtxt = "4/4 Pairwise";
986 } else {
987 msg = PAIRWISE_2;
988 msgtxt = "2/4 Pairwise";
989 }
990
991 /* TODO: key_info type validation for PeerKey */
992 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
993 msg == GROUP_2) {
994 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
eb7719ff
JM		 995 if (sm->pairwise == WPA_CIPHER_CCMP ||
996 sm->pairwise == WPA_CIPHER_GCMP) {
6fc6879b 997 if (wpa_use_aes_cmac(sm) &&
a14896e8 998 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
929a2ea5 999 !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
b9866483 1000 !wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
6fc6879b
JM		 1001 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1002 wpa_auth_logger(wpa_auth, sm->addr,
1003 LOGGER_WARNING,
1004 "advertised support for "
1005 "AES-128-CMAC, but did not "
1006 "use it");
1007 return;
1008 }
1009
1010 if (!wpa_use_aes_cmac(sm) &&
2449791b 1011 !wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
6fc6879b
JM		 1012 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1013 wpa_auth_logger(wpa_auth, sm->addr,
1014 LOGGER_WARNING,
1015 "did not use HMAC-SHA1-AES "
eb7719ff 1016 "with CCMP/GCMP");
6fc6879b
JM		 1017 return;
1018 }
1019 }
929a2ea5 1020
2449791b
JM		 1021 if ((wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
1022 wpa_key_mgmt_fils(sm->wpa_key_mgmt)) &&
929a2ea5
JM		 1023 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1024 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1025 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
1026 return;
1027 }
6fc6879b
JM		 1028 }
1029
1030 if (key_info & WPA_KEY_INFO_REQUEST) {
1031 if (sm->req_replay_counter_used &&
1032 os_memcmp(key->replay_counter, sm->req_replay_counter,
1033 WPA_REPLAY_COUNTER_LEN) <= 0) {
1034 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1035 "received EAPOL-Key request with "
1036 "replayed counter");
1037 return;
1038 }
1039 }
1040
1041 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
68921e24 1042 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
22a299ee 1043 int i;
68921e24
JM		 1044
1045 if (msg == PAIRWISE_2 &&
1046 wpa_replay_counter_valid(sm->prev_key_replay,
1047 key->replay_counter) &&
1048 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1049 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
1050 {
1051 /*
1052 * Some supplicant implementations (e.g., Windows XP
1053 * WZC) update SNonce for each EAPOL-Key 2/4. This
1054 * breaks the workaround on accepting any of the
1055 * pending requests, so allow the SNonce to be updated
1056 * even if we have already sent out EAPOL-Key 3/4.
1057 */
1058 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1059 "Process SNonce update from STA "
1060 "based on retransmitted EAPOL-Key "
1061 "1/4");
1062 sm->update_snonce = 1;
f23c5b17
JM		 1063 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1064 sm->alt_snonce_valid = TRUE;
1065 os_memcpy(sm->alt_replay_counter,
1066 sm->key_replay[0].counter,
1067 WPA_REPLAY_COUNTER_LEN);
1068 goto continue_processing;
1069 }
1070
1071 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1072 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1073 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1074 WPA_REPLAY_COUNTER_LEN) == 0) {
1075 /*
1076 * Supplicant may still be using the old SNonce since
1077 * there was two EAPOL-Key 2/4 messages and they had
1078 * different SNonce values.
1079 */
1080 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1081 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
68921e24
JM		 1082 goto continue_processing;
1083 }
1084
1085 if (msg == PAIRWISE_2 &&
1086 wpa_replay_counter_valid(sm->prev_key_replay,
1087 key->replay_counter) &&
1088 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1089 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1090 "ignore retransmitted EAPOL-Key %s - "
1091 "SNonce did not change", msgtxt);
1092 } else {
1093 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1094 "received EAPOL-Key %s with "
1095 "unexpected replay counter", msgtxt);
1096 }
22a299ee
JM		 1097 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
1098 if (!sm->key_replay[i].valid)
1099 break;
1100 wpa_hexdump(MSG_DEBUG, "pending replay counter",
1101 sm->key_replay[i].counter,
1102 WPA_REPLAY_COUNTER_LEN);
1103 }
6fc6879b
JM		 1104 wpa_hexdump(MSG_DEBUG, "received replay counter",
1105 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1106 return;
1107 }
1108
68921e24 1109continue_processing:
3b5b7aa8
JM		 1110#ifdef CONFIG_FILS
1111 if (sm->wpa == WPA_VERSION_WPA2 && mic_len == 0 &&
1112 !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1113 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1114 "WPA: Encr Key Data bit not set even though AEAD cipher is supposed to be used - drop frame");
1115 return;
1116 }
1117#endif /* CONFIG_FILS */
1118
6fc6879b
JM		 1119 switch (msg) {
1120 case PAIRWISE_2:
1121 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
68921e24
JM		 1122 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1123 (!sm->update_snonce ||
1124 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
6fc6879b
JM		 1125 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1126 "received EAPOL-Key msg 2/4 in "
1127 "invalid state (%d) - dropped",
1128 sm->wpa_ptk_state);
1129 return;
1130 }
bbb921da 1131 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
08704cd8
JM		 1132 if (sm->group->reject_4way_hs_for_entropy) {
1133 /*
1134 * The system did not have enough entropy to generate
1135 * strong random numbers. Reject the first 4-way
1136 * handshake(s) and collect some entropy based on the
1137 * information from it. Once enough entropy is
1138 * available, the next atempt will trigger GMK/Key
1139 * Counter update and the station will be allowed to
1140 * continue.
1141 */
1142 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
1143 "collect more entropy for random number "
1144 "generation");
08704cd8 1145 random_mark_pool_ready();
08704cd8
JM		 1146 wpa_sta_disconnect(wpa_auth, sm->addr);
1147 return;
1148 }
6fc6879b
JM		 1149 break;
1150 case PAIRWISE_4:
1151 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1152 !sm->PTK_valid) {
1153 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1154 "received EAPOL-Key msg 4/4 in "
1155 "invalid state (%d) - dropped",
1156 sm->wpa_ptk_state);
1157 return;
1158 }
1159 break;
1160 case GROUP_2:
1161 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1162 || !sm->PTK_valid) {
1163 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1164 "received EAPOL-Key msg 2/2 in "
1165 "invalid state (%d) - dropped",
1166 sm->wpa_ptk_group_state);
1167 return;
1168 }
1169 break;
1170#ifdef CONFIG_PEERKEY
1171 case SMK_M1:
1172 case SMK_M3:
1173 case SMK_ERROR:
1174 if (!wpa_auth->conf.peerkey) {
1175 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
1176 "PeerKey use disabled - ignoring message");
1177 return;
1178 }
1179 if (!sm->PTK_valid) {
1180 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1181 "received EAPOL-Key msg SMK in "
1182 "invalid state - dropped");
1183 return;
1184 }
1185 break;
1186#else /* CONFIG_PEERKEY */
1187 case SMK_M1:
1188 case SMK_M3:
1189 case SMK_ERROR:
1190 return; /* STSL disabled - ignore SMK messages */
1191#endif /* CONFIG_PEERKEY */
1192 case REQUEST:
1193 break;
1194 }
1195
1196 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1197 "received EAPOL-Key frame (%s)", msgtxt);
1198
1199 if (key_info & WPA_KEY_INFO_ACK) {
1200 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1201 "received invalid EAPOL-Key: Key Ack set");
1202 return;
1203 }
1204
b9866483
JM		 1205 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1206 !(key_info & WPA_KEY_INFO_MIC)) {
6fc6879b
JM		 1207 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1208 "received invalid EAPOL-Key: Key MIC not set");
1209 return;
1210 }
1211
b9866483
JM		 1212#ifdef CONFIG_FILS
1213 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1214 (key_info & WPA_KEY_INFO_MIC)) {
1215 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1216 "received invalid EAPOL-Key: Key MIC set");
1217 return;
1218 }
1219#endif /* CONFIG_FILS */
1220
6fc6879b 1221 sm->MICVerified = FALSE;
68921e24 1222 if (sm->PTK_valid && !sm->update_snonce) {
3b5b7aa8
JM		 1223 if (mic_len &&
1224 wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,
f23c5b17
JM		 1225 data_len) &&
1226 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1227 wpa_try_alt_snonce(sm, data, data_len))) {
6fc6879b
JM		 1228 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1229 "received EAPOL-Key with invalid MIC");
1230 return;
1231 }
75c8563e
JM		 1232#ifdef CONFIG_FILS
1233 if (!mic_len &&
1234 wpa_aead_decrypt(sm, &sm->PTK, data, data_len,
1235 &key_data_length) < 0) {
1236 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1237 "received EAPOL-Key with invalid MIC");
1238 return;
1239 }
1240#endif /* CONFIG_FILS */
6fc6879b
JM		 1241 sm->MICVerified = TRUE;
1242 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
e4bf4db9 1243 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1244 }
1245
1246 if (key_info & WPA_KEY_INFO_REQUEST) {
1247 if (sm->MICVerified) {
1248 sm->req_replay_counter_used = 1;
1249 os_memcpy(sm->req_replay_counter, key->replay_counter,
1250 WPA_REPLAY_COUNTER_LEN);
1251 } else {
1252 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1253 "received EAPOL-Key request with "
1254 "invalid MIC");
1255 return;
1256 }
1257
1258 /*
1259 * TODO: should decrypt key data field if encryption was used;
1260 * even though MAC address KDE is not normally encrypted,
1261 * supplicant is allowed to encrypt it.
1262 */
1263 if (msg == SMK_ERROR) {
1264#ifdef CONFIG_PEERKEY
5e3b5197 1265 wpa_smk_error(wpa_auth, sm, key_data, key_data_length);
6fc6879b
JM		 1266#endif /* CONFIG_PEERKEY */
1267 return;
1268 } else if (key_info & WPA_KEY_INFO_ERROR) {
c772d054
JM		 1269 if (wpa_receive_error_report(
1270 wpa_auth, sm,
1271 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1272 return; /* STA entry was removed */
6fc6879b
JM		 1273 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1274 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1275 "received EAPOL-Key Request for new "
1276 "4-Way Handshake");
1277 wpa_request_new_ptk(sm);
1278#ifdef CONFIG_PEERKEY
1279 } else if (msg == SMK_M1) {
5e3b5197 1280 wpa_smk_m1(wpa_auth, sm, key, key_data,
5c6787a6 1281 key_data_length);
6fc6879b
JM		 1282#endif /* CONFIG_PEERKEY */
1283 } else if (key_data_length > 0 &&
5e3b5197
JM		 1284 wpa_parse_kde_ies(key_data, key_data_length,
1285 &kde) == 0 &&
6fc6879b
JM		 1286 kde.mac_addr) {
1287 } else {
1288 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1289 "received EAPOL-Key Request for GTK "
1290 "rekeying");
6fc6879b
JM		 1291 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1292 wpa_rekey_gtk(wpa_auth, NULL);
1293 }
1294 } else {
68921e24
JM		 1295 /* Do not allow the same key replay counter to be reused. */
1296 wpa_replay_counter_mark_invalid(sm->key_replay,
1297 key->replay_counter);
1298
1299 if (msg == PAIRWISE_2) {
1300 /*
1301 * Maintain a copy of the pending EAPOL-Key frames in
1302 * case the EAPOL-Key frame was retransmitted. This is
1303 * needed to allow EAPOL-Key msg 2/4 reply to another
1304 * pending msg 1/4 to update the SNonce to work around
1305 * unexpected supplicant behavior.
1306 */
1307 os_memcpy(sm->prev_key_replay, sm->key_replay,
1308 sizeof(sm->key_replay));
1309 } else {
1310 os_memset(sm->prev_key_replay, 0,
1311 sizeof(sm->prev_key_replay));
1312 }
1313
1314 /*
1315 * Make sure old valid counters are not accepted anymore and
1316 * do not get copied again.
1317 */
1318 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
6fc6879b
JM		 1319 }
1320
1321#ifdef CONFIG_PEERKEY
1322 if (msg == SMK_M3) {
5e3b5197 1323 wpa_smk_m3(wpa_auth, sm, key, key_data, key_data_length);
6fc6879b
JM		 1324 return;
1325 }
1326#endif /* CONFIG_PEERKEY */
1327
1328 os_free(sm->last_rx_eapol_key);
1329 sm->last_rx_eapol_key = os_malloc(data_len);
1330 if (sm->last_rx_eapol_key == NULL)
1331 return;
1332 os_memcpy(sm->last_rx_eapol_key, data, data_len);
1333 sm->last_rx_eapol_key_len = data_len;
1334
0d442aff 1335 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
6fc6879b
JM		 1336 sm->EAPOLKeyReceived = TRUE;
1337 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1338 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1339 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1340 wpa_sm_step(sm);
1341}
1342
1343
3c7302c2
JM		 1344static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1345 const u8 *gnonce, u8 *gtk, size_t gtk_len)
6fc6879b 1346{
5cb9d5c3
JM		 1347 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1348 u8 *pos;
3c7302c2 1349 int ret = 0;
6fc6879b 1350
5cb9d5c3
JM		 1351 /* GTK = PRF-X(GMK, "Group key expansion",
1352 * AA || GNonce || Time || random data)
1353 * The example described in the IEEE 802.11 standard uses only AA and
1354 * GNonce as inputs here. Add some more entropy since this derivation
1355 * is done only at the Authenticator and as such, does not need to be
1356 * exactly same.
1357 */
6fc6879b
JM		 1358 os_memcpy(data, addr, ETH_ALEN);
1359 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
5cb9d5c3
JM		 1360 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1361 wpa_get_ntp_timestamp(pos);
1362 pos += 8;
3642c431 1363 if (random_get_bytes(pos, 16) < 0)
3c7302c2 1364 ret = -1;
6fc6879b 1365
56586197 1366#ifdef CONFIG_IEEE80211W
5cb9d5c3 1367 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
56586197 1368#else /* CONFIG_IEEE80211W */
3c7302c2
JM		 1369 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1370 < 0)
1371 ret = -1;
56586197 1372#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 1373
1374 return ret;
6fc6879b
JM		 1375}
1376
1377
1378static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1379{
1380 struct wpa_authenticator *wpa_auth = eloop_ctx;
1381 struct wpa_state_machine *sm = timeout_ctx;
1382
e4bf4db9 1383 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 1384 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1385 sm->TimeoutEvt = TRUE;
1386 wpa_sm_step(sm);
1387}
1388
1389
1390void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1391 struct wpa_state_machine *sm, int key_info,
1392 const u8 *key_rsc, const u8 *nonce,
1393 const u8 *kde, size_t kde_len,
1394 int keyidx, int encr, int force_version)
1395{
1396 struct ieee802_1x_hdr *hdr;
1397 struct wpa_eapol_key *key;
5e3b5197 1398 size_t len, mic_len, keyhdrlen;
6fc6879b
JM		 1399 int alg;
1400 int key_data_len, pad_len = 0;
1401 u8 *buf, *pos;
1402 int version, pairwise;
22a299ee 1403 int i;
6d014ffc 1404 u8 *key_mic, *key_data;
6fc6879b 1405
5e3b5197 1406 mic_len = wpa_mic_len(sm->wpa_key_mgmt);
6d014ffc 1407 keyhdrlen = sizeof(*key) + mic_len + 2;
5e3b5197
JM		 1408
1409 len = sizeof(struct ieee802_1x_hdr) + keyhdrlen;
6fc6879b
JM		 1410
1411 if (force_version)
1412 version = force_version;
929a2ea5 1413 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
36a50fd4
JM		 1414 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
1415 wpa_key_mgmt_fils(sm->wpa_key_mgmt))
a14896e8 1416 version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
6fc6879b
JM		 1417 else if (wpa_use_aes_cmac(sm))
1418 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
eb7719ff 1419 else if (sm->pairwise != WPA_CIPHER_TKIP)
6fc6879b
JM		 1420 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1421 else
1422 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1423
8543ed8a 1424 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
6fc6879b
JM		 1425
1426 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1427 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1428 "encr=%d)",
1429 version,
1430 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1431 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1432 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1433 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1434 pairwise, (unsigned long) kde_len, keyidx, encr);
1435
1436 key_data_len = kde_len;
1437
1438 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
a14896e8 1439 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
929a2ea5 1440 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
6fc6879b
JM		 1441 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1442 pad_len = key_data_len % 8;
1443 if (pad_len)
1444 pad_len = 8 - pad_len;
1445 key_data_len += pad_len + 8;
1446 }
1447
1448 len += key_data_len;
b729fd8d
JM		 1449 if (!mic_len && encr)
1450 len += AES_BLOCK_SIZE;
6fc6879b
JM		 1451
1452 hdr = os_zalloc(len);
1453 if (hdr == NULL)
1454 return;
1455 hdr->version = wpa_auth->conf.eapol_version;
1456 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1457 hdr->length = host_to_be16(len - sizeof(*hdr));
1458 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 1459 key_mic = (u8 *) (key + 1);
5e3b5197 1460 key_data = ((u8 *) (hdr + 1)) + keyhdrlen;
6fc6879b
JM		 1461
1462 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1463 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1464 key_info |= version;
1465 if (encr && sm->wpa == WPA_VERSION_WPA2)
1466 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1467 if (sm->wpa != WPA_VERSION_WPA2)
1468 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1469 WPA_PUT_BE16(key->key_info, key_info);
1470
1471 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
c3550295 1472 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
6fc6879b
JM		 1473 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1474 WPA_PUT_BE16(key->key_length, 0);
1475
1476 /* FIX: STSL: what to use as key_replay_counter? */
22a299ee
JM		 1477 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1478 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1479 os_memcpy(sm->key_replay[i].counter,
1480 sm->key_replay[i - 1].counter,
1481 WPA_REPLAY_COUNTER_LEN);
1482 }
1483 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1484 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
6fc6879b 1485 WPA_REPLAY_COUNTER_LEN);
db099951
JM		 1486 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
1487 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
22a299ee 1488 sm->key_replay[0].valid = TRUE;
6fc6879b
JM		 1489
1490 if (nonce)
1491 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1492
1493 if (key_rsc)
1494 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1495
1496 if (kde && !encr) {
5e3b5197 1497 os_memcpy(key_data, kde, kde_len);
6d014ffc 1498 WPA_PUT_BE16(key_mic + mic_len, kde_len);
b729fd8d
JM		 1499#ifdef CONFIG_FILS
1500 } else if (!mic_len) {
1501 const u8 *aad[1];
1502 size_t aad_len[1];
1503
1504 WPA_PUT_BE16(key_mic, AES_BLOCK_SIZE + kde_len);
1505 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1506 kde, kde_len);
1507
1508 wpa_hexdump_key(MSG_DEBUG, "WPA: KEK",
1509 sm->PTK.kek, sm->PTK.kek_len);
1510 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
1511 * to Key Data (exclusive). */
1512 aad[0] = (u8 *) hdr;
1513 aad_len[0] = key_mic + 2 - (u8 *) hdr;
1514 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len, kde, kde_len,
1515 1, aad, aad_len, key_mic + 2) < 0) {
1516 wpa_printf(MSG_DEBUG, "WPA: AES-SIV encryption failed");
1517 return;
1518 }
1519
1520 wpa_hexdump(MSG_DEBUG, "WPA: Encrypted Key Data from SIV",
1521 key_mic + 2, AES_BLOCK_SIZE + kde_len);
1522#endif /* CONFIG_FILS */
6fc6879b
JM		 1523 } else if (encr && kde) {
1524 buf = os_zalloc(key_data_len);
1525 if (buf == NULL) {
1526 os_free(hdr);
1527 return;
1528 }
1529 pos = buf;
1530 os_memcpy(pos, kde, kde_len);
1531 pos += kde_len;
1532
1533 if (pad_len)
1534 *pos++ = 0xdd;
1535
1536 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1537 buf, key_data_len);
1538 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
a14896e8 1539 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
929a2ea5 1540 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
6fc6879b 1541 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
98cd3d1c 1542 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
5e3b5197 1543 (key_data_len - 8) / 8, buf, key_data)) {
6fc6879b
JM		 1544 os_free(hdr);
1545 os_free(buf);
1546 return;
1547 }
6d014ffc 1548 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
7cb53ded 1549#ifndef CONFIG_NO_RC4
98cd3d1c 1550 } else if (sm->PTK.kek_len == 16) {
6fc6879b
JM		 1551 u8 ek[32];
1552 os_memcpy(key->key_iv,
1553 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1554 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1555 os_memcpy(ek, key->key_iv, 16);
98cd3d1c 1556 os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len);
5e3b5197
JM		 1557 os_memcpy(key_data, buf, key_data_len);
1558 rc4_skip(ek, 32, 256, key_data, key_data_len);
6d014ffc 1559 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
7cb53ded 1560#endif /* CONFIG_NO_RC4 */
98cd3d1c
JM		 1561 } else {
1562 os_free(hdr);
1563 os_free(buf);
1564 return;
6fc6879b
JM		 1565 }
1566 os_free(buf);
1567 }
1568
1569 if (key_info & WPA_KEY_INFO_MIC) {
b729fd8d 1570 if (!sm->PTK_valid || !mic_len) {
6fc6879b
JM		 1571 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1572 "PTK not valid when sending EAPOL-Key "
1573 "frame");
1574 os_free(hdr);
1575 return;
1576 }
5e3b5197 1577
98cd3d1c
JM		 1578 wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len,
1579 sm->wpa_key_mgmt, version,
5e3b5197 1580 (u8 *) hdr, len, key_mic);
7af092a0
JB		 1581#ifdef CONFIG_TESTING_OPTIONS
1582 if (!pairwise &&
06df2aa6 1583 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
7af092a0
JB		 1584 drand48() <
1585 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1586 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1587 "Corrupting group EAPOL-Key Key MIC");
5e3b5197 1588 key_mic[0]++;
7af092a0
JB		 1589 }
1590#endif /* CONFIG_TESTING_OPTIONS */
6fc6879b
JM		 1591 }
1592
1593 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1594 1);
1595 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1596 sm->pairwise_set);
1597 os_free(hdr);
1598}
1599
1600
1601static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1602 struct wpa_state_machine *sm, int key_info,
1603 const u8 *key_rsc, const u8 *nonce,
1604 const u8 *kde, size_t kde_len,
1605 int keyidx, int encr)
1606{
1607 int timeout_ms;
1608 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
bae61562 1609 int ctr;
6fc6879b
JM		 1610
1611 if (sm == NULL)
1612 return;
1613
1614 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1615 keyidx, encr, 0);
1616
bae61562 1617 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
e4bf4db9 1618 if (ctr == 1 && wpa_auth->conf.tx_status)
00338a4f
JM		 1619 timeout_ms = pairwise ? eapol_key_timeout_first :
1620 eapol_key_timeout_first_group;
bae61562
JM		 1621 else
1622 timeout_ms = eapol_key_timeout_subseq;
e4bf4db9
JM		 1623 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1624 sm->pending_1_of_4_timeout = 1;
1625 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1626 "counter %d)", timeout_ms, ctr);
6fc6879b
JM		 1627 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1628 wpa_send_eapol_timeout, wpa_auth, sm);
1629}
1630
1631
929a2ea5
JM		 1632static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
1633 size_t data_len)
6fc6879b
JM		 1634{
1635 struct ieee802_1x_hdr *hdr;
1636 struct wpa_eapol_key *key;
1637 u16 key_info;
1638 int ret = 0;
6d014ffc 1639 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN], *mic_pos;
5e3b5197 1640 size_t mic_len = wpa_mic_len(akmp);
6fc6879b
JM		 1641
1642 if (data_len < sizeof(*hdr) + sizeof(*key))
1643 return -1;
1644
1645 hdr = (struct ieee802_1x_hdr *) data;
1646 key = (struct wpa_eapol_key *) (hdr + 1);
6d014ffc 1647 mic_pos = (u8 *) (key + 1);
6fc6879b 1648 key_info = WPA_GET_BE16(key->key_info);
6d014ffc
JM		 1649 os_memcpy(mic, mic_pos, mic_len);
1650 os_memset(mic_pos, 0, mic_len);
98cd3d1c
JM		 1651 if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp,
1652 key_info & WPA_KEY_INFO_TYPE_MASK,
6d014ffc
JM		 1653 data, data_len, mic_pos) ||
1654 os_memcmp_const(mic, mic_pos, mic_len) != 0)
6fc6879b 1655 ret = -1;
6d014ffc 1656 os_memcpy(mic_pos, mic, mic_len);
6fc6879b
JM		 1657 return ret;
1658}
1659
1660
1661void wpa_remove_ptk(struct wpa_state_machine *sm)
1662{
1663 sm->PTK_valid = FALSE;
1664 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
26083221 1665 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
6fc6879b 1666 sm->pairwise_set = FALSE;
581a8cde 1667 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
6fc6879b
JM		 1668}
1669
1670
bb119228 1671int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
6fc6879b 1672{
5d22a1d5
JM		 1673 int remove_ptk = 1;
1674
6fc6879b 1675 if (sm == NULL)
6f9b5d16 1676 return -1;
6fc6879b
JM		 1677
1678 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1679 "event %d notification", event);
1680
1681 switch (event) {
1682 case WPA_AUTH:
c50d94f1
BC		 1683#ifdef CONFIG_MESH
1684 /* PTKs are derived through AMPE */
1685 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1686 /* not mesh */
1687 break;
1688 }
1689 return 0;
1690#endif /* CONFIG_MESH */
6fc6879b
JM		 1691 case WPA_ASSOC:
1692 break;
1693 case WPA_DEAUTH:
1694 case WPA_DISASSOC:
1695 sm->DeauthenticationRequest = TRUE;
1696 break;
1697 case WPA_REAUTH:
1698 case WPA_REAUTH_EAPOL:
3ab72b62
JM		 1699 if (!sm->started) {
1700 /*
1701 * When using WPS, we may end up here if the STA
1702 * manages to re-associate without the previous STA
1703 * entry getting removed. Consequently, we need to make
1704 * sure that the WPA state machines gets initialized
1705 * properly at this point.
1706 */
1707 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1708 "started - initialize now");
1709 sm->started = 1;
1710 sm->Init = TRUE;
1711 if (wpa_sm_step(sm) == 1)
1712 return 1; /* should not really happen */
1713 sm->Init = FALSE;
1714 sm->AuthenticationRequest = TRUE;
1715 break;
1716 }
9663596f
JM		 1717 if (sm->GUpdateStationKeys) {
1718 /*
1719 * Reauthentication cancels the pending group key
1720 * update for this STA.
1721 */
1722 sm->group->GKeyDoneStations--;
1723 sm->GUpdateStationKeys = FALSE;
1724 sm->PtkGroupInit = TRUE;
1725 }
6fc6879b
JM		 1726 sm->ReAuthenticationRequest = TRUE;
1727 break;
1728 case WPA_ASSOC_FT:
1729#ifdef CONFIG_IEEE80211R
81a658d7
JM		 1730 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1731 "after association");
1732 wpa_ft_install_ptk(sm);
1733
6fc6879b
JM		 1734 /* Using FT protocol, not WPA auth state machine */
1735 sm->ft_completed = 1;
6f9b5d16 1736 return 0;
6fc6879b
JM		 1737#else /* CONFIG_IEEE80211R */
1738 break;
1739#endif /* CONFIG_IEEE80211R */
1740 }
1741
1742#ifdef CONFIG_IEEE80211R
1743 sm->ft_completed = 0;
1744#endif /* CONFIG_IEEE80211R */
1745
5d22a1d5
JM		 1746#ifdef CONFIG_IEEE80211W
1747 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1748 remove_ptk = 0;
1749#endif /* CONFIG_IEEE80211W */
6fc6879b 1750
5d22a1d5
JM		 1751 if (remove_ptk) {
1752 sm->PTK_valid = FALSE;
1753 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1754
1755 if (event != WPA_REAUTH_EAPOL)
1756 wpa_remove_ptk(sm);
1757 }
6fc6879b 1758
43f49c37
JM		 1759 if (sm->in_step_loop) {
1760 /*
1761 * wpa_sm_step() is already running - avoid recursive call to
1762 * it by making the existing loop process the new update.
1763 */
1764 sm->changed = TRUE;
1765 return 0;
1766 }
6f9b5d16 1767 return wpa_sm_step(sm);
6fc6879b
JM		 1768}
1769
1770
6fc6879b
JM		 1771SM_STATE(WPA_PTK, INITIALIZE)
1772{
1773 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1774 if (sm->Init) {
1775 /* Init flag is not cleared here, so avoid busy
1776 * loop by claiming nothing changed. */
1777 sm->changed = FALSE;
1778 }
1779
1780 sm->keycount = 0;
1781 if (sm->GUpdateStationKeys)
1782 sm->group->GKeyDoneStations--;
1783 sm->GUpdateStationKeys = FALSE;
1784 if (sm->wpa == WPA_VERSION_WPA)
1785 sm->PInitAKeys = FALSE;
1786 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1787 * Local AA > Remote AA)) */) {
1788 sm->Pair = TRUE;
1789 }
1790 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1791 wpa_remove_ptk(sm);
1792 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1793 sm->TimeoutCtr = 0;
56586197 1794 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 1795 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1796 WPA_EAPOL_authorized, 0);
1797 }
1798}
1799
1800
1801SM_STATE(WPA_PTK, DISCONNECT)
1802{
1803 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1804 sm->Disconnect = FALSE;
1805 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1806}
1807
1808
1809SM_STATE(WPA_PTK, DISCONNECTED)
1810{
1811 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1812 sm->DeauthenticationRequest = FALSE;
1813}
1814
1815
1816SM_STATE(WPA_PTK, AUTHENTICATION)
1817{
1818 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1819 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1820 sm->PTK_valid = FALSE;
1821 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1822 1);
1823 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1824 sm->AuthenticationRequest = FALSE;
1825}
1826
1827
40d00d2b
NC		 1828static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1829 struct wpa_group *group)
1bdb7ab3 1830{
40d00d2b
NC		 1831 if (group->first_sta_seen)
1832 return;
1bdb7ab3
JM		 1833 /*
1834 * System has run bit further than at the time hostapd was started
1835 * potentially very early during boot up. This provides better chances
1836 * of collecting more randomness on embedded systems. Re-initialize the
1837 * GMK and Counter here to improve their strength if there was not
1838 * enough entropy available immediately after system startup.
1839 */
1840 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1841 "station");
08704cd8
JM		 1842 if (random_pool_ready() != 1) {
1843 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1844 "to proceed - reject first 4-way handshake");
1845 group->reject_4way_hs_for_entropy = TRUE;
40d00d2b
NC		 1846 } else {
1847 group->first_sta_seen = TRUE;
1848 group->reject_4way_hs_for_entropy = FALSE;
08704cd8 1849 }
40d00d2b 1850
aac1efec
JM		 1851 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
1852 wpa_gtk_update(wpa_auth, group) < 0 ||
1853 wpa_group_config_group_keys(wpa_auth, group) < 0) {
1854 wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed");
1855 group->first_sta_seen = FALSE;
1856 group->reject_4way_hs_for_entropy = TRUE;
1857 }
1bdb7ab3
JM		 1858}
1859
1860
6fc6879b
JM		 1861SM_STATE(WPA_PTK, AUTHENTICATION2)
1862{
1863 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1bdb7ab3 1864
40d00d2b 1865 wpa_group_ensure_init(sm->wpa_auth, sm->group);
65a32cdb 1866 sm->ReAuthenticationRequest = FALSE;
1bdb7ab3 1867
3825a19b
JM		 1868 /*
1869 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
1870 * ambiguous. The Authenticator state machine uses a counter that is
1871 * incremented by one for each 4-way handshake. However, the security
1872 * analysis of 4-way handshake points out that unpredictable nonces
1873 * help in preventing precomputation attacks. Instead of the state
1874 * machine definition, use an unpredictable nonce value here to provide
1875 * stronger protection against potential precomputation attacks.
1876 */
1877 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1878 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
1879 "ANonce.");
65a32cdb 1880 sm->Disconnect = TRUE;
3825a19b
JM		 1881 return;
1882 }
bc8318ac
JM		 1883 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1884 WPA_NONCE_LEN);
6fc6879b
JM		 1885 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1886 * logical place than INITIALIZE since AUTHENTICATION2 can be
1887 * re-entered on ReAuthenticationRequest without going through
1888 * INITIALIZE. */
1889 sm->TimeoutCtr = 0;
1890}
1891
1892
1893SM_STATE(WPA_PTK, INITPMK)
1894{
1895 u8 msk[2 * PMK_LEN];
1896 size_t len = 2 * PMK_LEN;
1897
1898 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1899#ifdef CONFIG_IEEE80211R
1900 sm->xxkey_len = 0;
1901#endif /* CONFIG_IEEE80211R */
1902 if (sm->pmksa) {
1903 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
207976f0
JM		 1904 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
1905 sm->pmk_len = sm->pmksa->pmk_len;
6fc6879b 1906 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
207976f0
JM		 1907 unsigned int pmk_len;
1908
1909 if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
1910 pmk_len = PMK_LEN_SUITE_B_192;
1911 else
1912 pmk_len = PMK_LEN;
6fc6879b 1913 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
207976f0
JM		 1914 "(MSK len=%lu PMK len=%u)", (unsigned long) len,
1915 pmk_len);
1916 if (len < pmk_len) {
1917 wpa_printf(MSG_DEBUG,
1918 "WPA: MSK not long enough (%u) to create PMK (%u)",
1919 (unsigned int) len, (unsigned int) pmk_len);
1920 sm->Disconnect = TRUE;
1921 return;
1922 }
1923 os_memcpy(sm->PMK, msk, pmk_len);
1924 sm->pmk_len = pmk_len;
6fc6879b
JM		 1925#ifdef CONFIG_IEEE80211R
1926 if (len >= 2 * PMK_LEN) {
1927 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1928 sm->xxkey_len = PMK_LEN;
1929 }
1930#endif /* CONFIG_IEEE80211R */
1931 } else {
400de9b1
BG		 1932 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
1933 sm->wpa_auth->cb.get_msk);
1180dd66
JM		 1934 sm->Disconnect = TRUE;
1935 return;
6fc6879b 1936 }
40aaa64f 1937 os_memset(msk, 0, sizeof(msk));
6fc6879b
JM		 1938
1939 sm->req_replay_counter_used = 0;
1940 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1941 * will break reauthentication since EAPOL state machines may not be
1942 * get into AUTHENTICATING state that clears keyRun before WPA state
1943 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1944 * state and takes PMK from the previously used AAA Key. This will
1945 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1946 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1947 * be good workaround for this issue. */
1948 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1949}
1950
1951
1952SM_STATE(WPA_PTK, INITPSK)
1953{
1954 const u8 *psk;
1955 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
759fd76b 1956 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL);
6fc6879b
JM		 1957 if (psk) {
1958 os_memcpy(sm->PMK, psk, PMK_LEN);
207976f0 1959 sm->pmk_len = PMK_LEN;
6fc6879b
JM		 1960#ifdef CONFIG_IEEE80211R
1961 os_memcpy(sm->xxkey, psk, PMK_LEN);
1962 sm->xxkey_len = PMK_LEN;
1963#endif /* CONFIG_IEEE80211R */
1964 }
1965 sm->req_replay_counter_used = 0;
1966}
1967
1968
1969SM_STATE(WPA_PTK, PTKSTART)
1970{
1971 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1972 size_t pmkid_len = 0;
1973
1974 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1975 sm->PTKRequest = FALSE;
1976 sm->TimeoutEvt = FALSE;
f23c5b17 1977 sm->alt_snonce_valid = FALSE;
bae61562
JM		 1978
1979 sm->TimeoutCtr++;
1980 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1981 /* No point in sending the EAPOL-Key - we will disconnect
1982 * immediately following this. */
1983 return;
1984 }
1985
6fc6879b
JM		 1986 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1987 "sending 1/4 msg of 4-Way Handshake");
1988 /*
1989 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1990 * one possible PSK for this STA.
1991 */
1992 if (sm->wpa == WPA_VERSION_WPA2 &&
a14896e8
JM		 1993 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1994 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
6fc6879b
JM		 1995 pmkid = buf;
1996 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1997 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1998 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1999 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
929a2ea5 2000 if (sm->pmksa) {
6fc6879b
JM		 2001 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
2002 sm->pmksa->pmkid, PMKID_LEN);
929a2ea5
JM		 2003 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
2004 /* No KCK available to derive PMKID */
2005 pmkid = NULL;
2006 } else {
6fc6879b
JM		 2007 /*
2008 * Calculate PMKID since no PMKSA cache entry was
2009 * available with pre-calculated PMKID.
2010 */
207976f0 2011 rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr,
56586197
JM		 2012 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
2013 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
6fc6879b
JM		 2014 }
2015 }
2016 wpa_send_eapol(sm->wpa_auth, sm,
2017 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
2018 sm->ANonce, pmkid, pmkid_len, 0, 0);
6fc6879b
JM		 2019}
2020
2021
f23c5b17 2022static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
207976f0
JM		 2023 const u8 *pmk, unsigned int pmk_len,
2024 struct wpa_ptk *ptk)
6fc6879b
JM		 2025{
2026#ifdef CONFIG_IEEE80211R
56586197 2027 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
98cd3d1c 2028 return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
6fc6879b
JM		 2029#endif /* CONFIG_IEEE80211R */
2030
207976f0 2031 return wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
98cd3d1c
JM		 2032 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
2033 ptk, sm->wpa_key_mgmt, sm->pairwise);
6fc6879b
JM		 2034}
2035
2036
3b5b7aa8
JM		 2037#ifdef CONFIG_FILS
2038static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
75c8563e 2039 u8 *buf, size_t buf_len, u16 *_key_data_len)
3b5b7aa8
JM		 2040{
2041 struct ieee802_1x_hdr *hdr;
2042 struct wpa_eapol_key *key;
2043 u8 *pos;
2044 u16 key_data_len;
2045 u8 *tmp;
2046 const u8 *aad[1];
2047 size_t aad_len[1];
2048
75c8563e 2049 hdr = (struct ieee802_1x_hdr *) buf;
3b5b7aa8
JM		 2050 key = (struct wpa_eapol_key *) (hdr + 1);
2051 pos = (u8 *) (key + 1);
2052 key_data_len = WPA_GET_BE16(pos);
2053 if (key_data_len < AES_BLOCK_SIZE ||
2054 key_data_len > buf_len - sizeof(*hdr) - sizeof(*key) - 2) {
2055 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2056 "No room for AES-SIV data in the frame");
2057 return -1;
2058 }
2059 pos += 2; /* Pointing at the Encrypted Key Data field */
2060
2061 tmp = os_malloc(key_data_len);
2062 if (!tmp)
2063 return -1;
2064
2065 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
2066 * to Key Data (exclusive). */
75c8563e
JM		 2067 aad[0] = buf;
2068 aad_len[0] = pos - buf;
3b5b7aa8
JM		 2069 if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, key_data_len,
2070 1, aad, aad_len, tmp) < 0) {
2071 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2072 "Invalid AES-SIV data in the frame");
2073 bin_clear_free(tmp, key_data_len);
2074 return -1;
2075 }
2076
2077 /* AEAD decryption and validation completed successfully */
2078 key_data_len -= AES_BLOCK_SIZE;
2079 wpa_hexdump_key(MSG_DEBUG, "WPA: Decrypted Key Data",
2080 tmp, key_data_len);
2081
2082 /* Replace Key Data field with the decrypted version */
2083 os_memcpy(pos, tmp, key_data_len);
2084 pos -= 2; /* Key Data Length field */
2085 WPA_PUT_BE16(pos, key_data_len);
2086 bin_clear_free(tmp, key_data_len);
2087 if (_key_data_len)
2088 *_key_data_len = key_data_len;
2089 return 0;
2090}
2091#endif /* CONFIG_FILS */
2092
2093
6fc6879b
JM		 2094SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
2095{
3b5b7aa8 2096 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
6fc6879b 2097 struct wpa_ptk PTK;
2c502460 2098 int ok = 0, psk_found = 0;
6fc6879b 2099 const u8 *pmk = NULL;
207976f0 2100 unsigned int pmk_len;
3b5b7aa8
JM		 2101 int ft;
2102 const u8 *eapol_key_ie, *key_data, *mic;
2103 u16 key_data_length;
2104 size_t mic_len, eapol_key_ie_len;
2105 struct ieee802_1x_hdr *hdr;
2106 struct wpa_eapol_key *key;
2107 struct wpa_eapol_ie_parse kde;
6fc6879b
JM		 2108
2109 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
2110 sm->EAPOLKeyReceived = FALSE;
68921e24 2111 sm->update_snonce = FALSE;
b729fd8d 2112 os_memset(&PTK, 0, sizeof(PTK));
6fc6879b 2113
3b5b7aa8
JM		 2114 mic_len = wpa_mic_len(sm->wpa_key_mgmt);
2115
6fc6879b
JM		 2116 /* WPA with IEEE 802.1X: use the derived PMK from EAP
2117 * WPA-PSK: iterate through possible PSKs and select the one matching
2118 * the packet */
2119 for (;;) {
56586197 2120 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
759fd76b
JM		 2121 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
2122 sm->p2p_dev_addr, pmk);
6fc6879b
JM		 2123 if (pmk == NULL)
2124 break;
2c502460 2125 psk_found = 1;
207976f0
JM		 2126 pmk_len = PMK_LEN;
2127 } else {
6fc6879b 2128 pmk = sm->PMK;
207976f0
JM		 2129 pmk_len = sm->pmk_len;
2130 }
6fc6879b 2131
207976f0 2132 wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK);
6fc6879b 2133
3b5b7aa8
JM		 2134 if (mic_len &&
2135 wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
929a2ea5 2136 sm->last_rx_eapol_key,
6fc6879b
JM		 2137 sm->last_rx_eapol_key_len) == 0) {
2138 ok = 1;
2139 break;
2140 }
2141
3b5b7aa8 2142#ifdef CONFIG_FILS
75c8563e
JM		 2143 if (!mic_len &&
2144 wpa_aead_decrypt(sm, &PTK, sm->last_rx_eapol_key,
2145 sm->last_rx_eapol_key_len, NULL) == 0) {
3b5b7aa8
JM		 2146 ok = 1;
2147 break;
2148 }
2149#endif /* CONFIG_FILS */
2150
56586197 2151 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
6fc6879b
JM		 2152 break;
2153 }
2154
2155 if (!ok) {
2156 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2157 "invalid MIC in msg 2/4 of 4-Way Handshake");
2c502460
JM		 2158 if (psk_found)
2159 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
6fc6879b
JM		 2160 return;
2161 }
2162
3b5b7aa8
JM		 2163 /*
2164 * Note: last_rx_eapol_key length fields have already been validated in
2165 * wpa_receive().
2166 */
2167 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
2168 key = (struct wpa_eapol_key *) (hdr + 1);
2169 mic = (u8 *) (key + 1);
2170 key_data = mic + mic_len + 2;
2171 key_data_length = WPA_GET_BE16(mic + mic_len);
2172 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
2173 sizeof(*key) - mic_len - 2)
2174 return;
2175
2176 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
2177 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2178 "received EAPOL-Key msg 2/4 with invalid Key Data contents");
2179 return;
2180 }
2181 if (kde.rsn_ie) {
2182 eapol_key_ie = kde.rsn_ie;
2183 eapol_key_ie_len = kde.rsn_ie_len;
2184 } else if (kde.osen) {
2185 eapol_key_ie = kde.osen;
2186 eapol_key_ie_len = kde.osen_len;
2187 } else {
2188 eapol_key_ie = kde.wpa_ie;
2189 eapol_key_ie_len = kde.wpa_ie_len;
2190 }
2191 ft = sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt);
2192 if (sm->wpa_ie == NULL ||
2193 wpa_compare_rsn_ie(ft, sm->wpa_ie, sm->wpa_ie_len,
2194 eapol_key_ie, eapol_key_ie_len)) {
2195 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2196 "WPA IE from (Re)AssocReq did not match with msg 2/4");
2197 if (sm->wpa_ie) {
2198 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
2199 sm->wpa_ie, sm->wpa_ie_len);
2200 }
2201 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
2202 eapol_key_ie, eapol_key_ie_len);
2203 /* MLME-DEAUTHENTICATE.request */
2204 wpa_sta_disconnect(wpa_auth, sm->addr);
2205 return;
2206 }
2207#ifdef CONFIG_IEEE80211R
2208 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
2209 wpa_sta_disconnect(wpa_auth, sm->addr);
2210 return;
2211 }
2212#endif /* CONFIG_IEEE80211R */
2213#ifdef CONFIG_P2P
2214 if (kde.ip_addr_req && kde.ip_addr_req[0] &&
2215 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
2216 int idx;
2217 wpa_printf(MSG_DEBUG,
2218 "P2P: IP address requested in EAPOL-Key exchange");
2219 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
2220 if (idx >= 0) {
2221 u32 start = WPA_GET_BE32(wpa_auth->conf.ip_addr_start);
2222 bitfield_set(wpa_auth->ip_pool, idx);
2223 WPA_PUT_BE32(sm->ip_addr, start + idx);
2224 wpa_printf(MSG_DEBUG,
2225 "P2P: Assigned IP address %u.%u.%u.%u to "
2226 MACSTR, sm->ip_addr[0], sm->ip_addr[1],
2227 sm->ip_addr[2], sm->ip_addr[3],
2228 MAC2STR(sm->addr));
2229 }
2230 }
2231#endif /* CONFIG_P2P */
2232
26e23750
JM		 2233#ifdef CONFIG_IEEE80211R
2234 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2235 /*
2236 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
2237 * with the value we derived.
2238 */
870834a1
JM		 2239 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
2240 WPA_PMK_NAME_LEN) != 0) {
26e23750
JM		 2241 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2242 "PMKR1Name mismatch in FT 4-way "
2243 "handshake");
2244 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
2245 "Supplicant",
2246 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
2247 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
2248 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2249 return;
2250 }
2251 }
2252#endif /* CONFIG_IEEE80211R */
2253
e4bf4db9 2254 sm->pending_1_of_4_timeout = 0;
6fc6879b
JM		 2255 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2256
56586197 2257 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2258 /* PSK may have changed from the previous choice, so update
2259 * state machine data based on whatever PSK was selected here.
2260 */
2261 os_memcpy(sm->PMK, pmk, PMK_LEN);
207976f0 2262 sm->pmk_len = PMK_LEN;
6fc6879b
JM		 2263 }
2264
2265 sm->MICVerified = TRUE;
2266
2267 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
2268 sm->PTK_valid = TRUE;
2269}
2270
2271
2272SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2273{
2274 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2275 sm->TimeoutCtr = 0;
2276}
2277
2278
2279#ifdef CONFIG_IEEE80211W
2280
2281static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2282{
2283 if (sm->mgmt_frame_prot) {
8dd9f9cd
JM		 2284 size_t len;
2285 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2286 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
6fc6879b
JM		 2287 }
2288
2289 return 0;
2290}
2291
2292
2293static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2294{
2295 struct wpa_igtk_kde igtk;
2296 struct wpa_group *gsm = sm->group;
03610ad2 2297 u8 rsc[WPA_KEY_RSC_LEN];
8dd9f9cd 2298 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
6fc6879b
JM		 2299
2300 if (!sm->mgmt_frame_prot)
2301 return pos;
2302
2303 igtk.keyid[0] = gsm->GN_igtk;
2304 igtk.keyid[1] = 0;
7b1080da 2305 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
03610ad2 2306 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
6fc6879b 2307 os_memset(igtk.pn, 0, sizeof(igtk.pn));
03610ad2
JM		 2308 else
2309 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
8dd9f9cd 2310 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
83421850
JM		 2311 if (sm->wpa_auth->conf.disable_gtk) {
2312 /*
2313 * Provide unique random IGTK to each STA to prevent use of
2314 * IGTK in the BSS.
2315 */
8dd9f9cd 2316 if (random_get_bytes(igtk.igtk, len) < 0)
83421850
JM		 2317 return pos;
2318 }
6fc6879b 2319 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
8dd9f9cd
JM		 2320 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
2321 NULL, 0);
6fc6879b
JM		 2322
2323 return pos;
2324}
2325
2326#else /* CONFIG_IEEE80211W */
2327
2328static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2329{
2330 return 0;
2331}
2332
2333
2334static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2335{
2336 return pos;
2337}
2338
2339#endif /* CONFIG_IEEE80211W */
2340
2341
2342SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
2343{
83421850 2344 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
6fc6879b
JM		 2345 size_t gtk_len, kde_len;
2346 struct wpa_group *gsm = sm->group;
2347 u8 *wpa_ie;
2348 int wpa_ie_len, secure, keyidx, encr = 0;
2349
2350 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
2351 sm->TimeoutEvt = FALSE;
bae61562
JM		 2352
2353 sm->TimeoutCtr++;
2354 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
2355 /* No point in sending the EAPOL-Key - we will disconnect
2356 * immediately following this. */
2357 return;
2358 }
2359
86dfabb8
JM		 2360 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
2361 GTK[GN], IGTK, [FTIE], [TIE * 2])
6fc6879b
JM		 2362 */
2363 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2364 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
86dfabb8 2365 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6fc6879b
JM		 2366 wpa_ie = sm->wpa_auth->wpa_ie;
2367 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
2368 if (sm->wpa == WPA_VERSION_WPA &&
2369 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
2370 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
774d4145 2371 /* WPA-only STA, remove RSN IE and possible MDIE */
6fc6879b 2372 wpa_ie = wpa_ie + wpa_ie[1] + 2;
774d4145
JM		 2373 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
2374 wpa_ie = wpa_ie + wpa_ie[1] + 2;
6fc6879b
JM		 2375 wpa_ie_len = wpa_ie[1] + 2;
2376 }
2377 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2378 "sending 3/4 msg of 4-Way Handshake");
2379 if (sm->wpa == WPA_VERSION_WPA2) {
2380 /* WPA2 send GTK in the 4-way handshake */
2381 secure = 1;
2382 gtk = gsm->GTK[gsm->GN - 1];
2383 gtk_len = gsm->GTK_len;
83421850
JM		 2384 if (sm->wpa_auth->conf.disable_gtk) {
2385 /*
2386 * Provide unique random GTK to each STA to prevent use
2387 * of GTK in the BSS.
2388 */
2389 if (random_get_bytes(dummy_gtk, gtk_len) < 0)
2390 return;
2391 gtk = dummy_gtk;
2392 }
6fc6879b
JM		 2393 keyidx = gsm->GN;
2394 _rsc = rsc;
2395 encr = 1;
2396 } else {
2397 /* WPA does not include GTK in msg 3/4 */
2398 secure = 0;
2399 gtk = NULL;
2400 gtk_len = 0;
2401 keyidx = 0;
2402 _rsc = NULL;
0d442aff
JM		 2403 if (sm->rx_eapol_key_secure) {
2404 /*
2405 * It looks like Windows 7 supplicant tries to use
2406 * Secure bit in msg 2/4 after having reported Michael
2407 * MIC failure and it then rejects the 4-way handshake
2408 * if msg 3/4 does not set Secure bit. Work around this
2409 * by setting the Secure bit here even in the case of
2410 * WPA if the supplicant used it first.
2411 */
2412 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4740d5b9
JM		 2413 "STA used Secure bit in WPA msg 2/4 - "
2414 "set Secure for 3/4 as workaround");
0d442aff
JM		 2415 secure = 1;
2416 }
6fc6879b
JM		 2417 }
2418
2419 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
2420 if (gtk)
2421 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
26e23750 2422#ifdef CONFIG_IEEE80211R
86dfabb8
JM		 2423 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2424 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
2425 kde_len += 300; /* FTIE + 2 * TIE */
2426 }
26e23750 2427#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 2428#ifdef CONFIG_P2P
2429 if (WPA_GET_BE32(sm->ip_addr) > 0)
2430 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
2431#endif /* CONFIG_P2P */
6fc6879b
JM		 2432 kde = os_malloc(kde_len);
2433 if (kde == NULL)
2434 return;
2435
2436 pos = kde;
2437 os_memcpy(pos, wpa_ie, wpa_ie_len);
2438 pos += wpa_ie_len;
26e23750
JM		 2439#ifdef CONFIG_IEEE80211R
2440 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
59e78c24
JM		 2441 int res;
2442 size_t elen;
2443
2444 elen = pos - kde;
2445 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
26e23750
JM		 2446 if (res < 0) {
2447 wpa_printf(MSG_ERROR, "FT: Failed to insert "
2448 "PMKR1Name into RSN IE in EAPOL-Key data");
2449 os_free(kde);
2450 return;
2451 }
59e78c24
JM		 2452 pos -= wpa_ie_len;
2453 pos += elen;
26e23750
JM		 2454 }
2455#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 2456 if (gtk) {
2457 u8 hdr[2];
2458 hdr[0] = keyidx & 0x03;
2459 hdr[1] = 0;
2460 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2461 gtk, gtk_len);
2462 }
2463 pos = ieee80211w_kde_add(sm, pos);
2464
86dfabb8
JM		 2465#ifdef CONFIG_IEEE80211R
2466 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2467 int res;
2468 struct wpa_auth_config *conf;
2469
2470 conf = &sm->wpa_auth->conf;
9257610a
JM		 2471 if (sm->assoc_resp_ftie &&
2472 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
2473 os_memcpy(pos, sm->assoc_resp_ftie,
2474 2 + sm->assoc_resp_ftie[1]);
2475 res = 2 + sm->assoc_resp_ftie[1];
2476 } else {
2477 res = wpa_write_ftie(conf, conf->r0_key_holder,
2478 conf->r0_key_holder_len,
2479 NULL, NULL, pos,
2480 kde + kde_len - pos,
2481 NULL, 0);
2482 }
86dfabb8
JM		 2483 if (res < 0) {
2484 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
2485 "into EAPOL-Key Key Data");
2486 os_free(kde);
2487 return;
2488 }
2489 pos += res;
2490
2491 /* TIE[ReassociationDeadline] (TU) */
2492 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2493 *pos++ = 5;
2494 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
2495 WPA_PUT_LE32(pos, conf->reassociation_deadline);
2496 pos += 4;
2497
2498 /* TIE[KeyLifetime] (seconds) */
2499 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2500 *pos++ = 5;
2501 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
2502 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
2503 pos += 4;
2504 }
2505#endif /* CONFIG_IEEE80211R */
25ef8529
JM		 2506#ifdef CONFIG_P2P
2507 if (WPA_GET_BE32(sm->ip_addr) > 0) {
2508 u8 addr[3 * 4];
2509 os_memcpy(addr, sm->ip_addr, 4);
2510 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
2511 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
2512 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
2513 addr, sizeof(addr), NULL, 0);
2514 }
2515#endif /* CONFIG_P2P */
86dfabb8 2516
6fc6879b 2517 wpa_send_eapol(sm->wpa_auth, sm,
b729fd8d
JM		 2518 (secure ? WPA_KEY_INFO_SECURE : 0) |
2519 (wpa_mic_len(sm->wpa_key_mgmt) ? WPA_KEY_INFO_MIC : 0) |
6fc6879b
JM		 2520 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
2521 WPA_KEY_INFO_KEY_TYPE,
2522 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
2523 os_free(kde);
6fc6879b
JM		 2524}
2525
2526
2527SM_STATE(WPA_PTK, PTKINITDONE)
2528{
2529 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
2530 sm->EAPOLKeyReceived = FALSE;
2531 if (sm->Pair) {
c3550295
JM		 2532 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
2533 int klen = wpa_cipher_key_len(sm->pairwise);
6fc6879b 2534 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
98cd3d1c 2535 sm->PTK.tk, klen)) {
6fc6879b
JM		 2536 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2537 return;
2538 }
2539 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2540 sm->pairwise_set = TRUE;
2541
581a8cde
JM		 2542 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
2543 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2544 eloop_register_timeout(sm->wpa_auth->conf.
2545 wpa_ptk_rekey, 0, wpa_rekey_ptk,
2546 sm->wpa_auth, sm);
2547 }
2548
56586197 2549 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
6fc6879b
JM		 2550 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2551 WPA_EAPOL_authorized, 1);
2552 }
2553 }
2554
2555 if (0 /* IBSS == TRUE */) {
2556 sm->keycount++;
2557 if (sm->keycount == 2) {
2558 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2559 WPA_EAPOL_portValid, 1);
2560 }
2561 } else {
2562 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
2563 1);
2564 }
2565 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
2566 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
2567 if (sm->wpa == WPA_VERSION_WPA)
2568 sm->PInitAKeys = TRUE;
2569 else
2570 sm->has_GTK = TRUE;
2571 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2572 "pairwise key handshake completed (%s)",
2573 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2574
2575#ifdef CONFIG_IEEE80211R
2576 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
2577#endif /* CONFIG_IEEE80211R */
2578}
2579
2580
2581SM_STEP(WPA_PTK)
2582{
2583 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2584
2585 if (sm->Init)
2586 SM_ENTER(WPA_PTK, INITIALIZE);
2587 else if (sm->Disconnect
1aae01fc
BG		 2588 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
2589 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2590 "WPA_PTK: sm->Disconnect");
6fc6879b 2591 SM_ENTER(WPA_PTK, DISCONNECT);
1aae01fc 2592 }
6fc6879b
JM		 2593 else if (sm->DeauthenticationRequest)
2594 SM_ENTER(WPA_PTK, DISCONNECTED);
2595 else if (sm->AuthenticationRequest)
2596 SM_ENTER(WPA_PTK, AUTHENTICATION);
2597 else if (sm->ReAuthenticationRequest)
2598 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2599 else if (sm->PTKRequest)
2600 SM_ENTER(WPA_PTK, PTKSTART);
2601 else switch (sm->wpa_ptk_state) {
2602 case WPA_PTK_INITIALIZE:
2603 break;
2604 case WPA_PTK_DISCONNECT:
2605 SM_ENTER(WPA_PTK, DISCONNECTED);
2606 break;
2607 case WPA_PTK_DISCONNECTED:
2608 SM_ENTER(WPA_PTK, INITIALIZE);
2609 break;
2610 case WPA_PTK_AUTHENTICATION:
2611 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2612 break;
2613 case WPA_PTK_AUTHENTICATION2:
56586197 2614 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6fc6879b
JM		 2615 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2616 WPA_EAPOL_keyRun) > 0)
2617 SM_ENTER(WPA_PTK, INITPMK);
56586197 2618 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
6fc6879b
JM		 2619 /* FIX: && 802.1X::keyRun */)
2620 SM_ENTER(WPA_PTK, INITPSK);
2621 break;
2622 case WPA_PTK_INITPMK:
2623 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2624 WPA_EAPOL_keyAvailable) > 0)
2625 SM_ENTER(WPA_PTK, PTKSTART);
2626 else {
2627 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2628 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2629 "INITPMK - keyAvailable = false");
6fc6879b
JM		 2630 SM_ENTER(WPA_PTK, DISCONNECT);
2631 }
2632 break;
2633 case WPA_PTK_INITPSK:
759fd76b
JM		 2634 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
2635 NULL))
6fc6879b
JM		 2636 SM_ENTER(WPA_PTK, PTKSTART);
2637 else {
2638 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2639 "no PSK configured for the STA");
2640 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2641 SM_ENTER(WPA_PTK, DISCONNECT);
2642 }
2643 break;
2644 case WPA_PTK_PTKSTART:
2645 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2646 sm->EAPOLKeyPairwise)
2647 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2648 else if (sm->TimeoutCtr >
2649 (int) dot11RSNAConfigPairwiseUpdateCount) {
2650 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2651 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2652 "PTKSTART: Retry limit %d reached",
2653 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2654 SM_ENTER(WPA_PTK, DISCONNECT);
2655 } else if (sm->TimeoutEvt)
2656 SM_ENTER(WPA_PTK, PTKSTART);
2657 break;
2658 case WPA_PTK_PTKCALCNEGOTIATING:
2659 if (sm->MICVerified)
2660 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2661 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2662 sm->EAPOLKeyPairwise)
2663 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2664 else if (sm->TimeoutEvt)
2665 SM_ENTER(WPA_PTK, PTKSTART);
2666 break;
2667 case WPA_PTK_PTKCALCNEGOTIATING2:
2668 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2669 break;
2670 case WPA_PTK_PTKINITNEGOTIATING:
68921e24
JM		 2671 if (sm->update_snonce)
2672 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2673 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2674 sm->EAPOLKeyPairwise && sm->MICVerified)
6fc6879b
JM		 2675 SM_ENTER(WPA_PTK, PTKINITDONE);
2676 else if (sm->TimeoutCtr >
2677 (int) dot11RSNAConfigPairwiseUpdateCount) {
2678 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1aae01fc
BG		 2679 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2680 "PTKINITNEGOTIATING: Retry limit %d "
2681 "reached",
2682 dot11RSNAConfigPairwiseUpdateCount);
6fc6879b
JM		 2683 SM_ENTER(WPA_PTK, DISCONNECT);
2684 } else if (sm->TimeoutEvt)
2685 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2686 break;
2687 case WPA_PTK_PTKINITDONE:
2688 break;
2689 }
2690}
2691
2692
2693SM_STATE(WPA_PTK_GROUP, IDLE)
2694{
2695 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2696 if (sm->Init) {
2697 /* Init flag is not cleared here, so avoid busy
2698 * loop by claiming nothing changed. */
2699 sm->changed = FALSE;
2700 }
2701 sm->GTimeoutCtr = 0;
2702}
2703
2704
2705SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2706{
2707 u8 rsc[WPA_KEY_RSC_LEN];
2708 struct wpa_group *gsm = sm->group;
e41e4f9e
JM		 2709 const u8 *kde;
2710 u8 *kde_buf = NULL, *pos, hdr[2];
6fc6879b 2711 size_t kde_len;
83421850 2712 u8 *gtk, dummy_gtk[32];
6fc6879b
JM		 2713
2714 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
bae61562
JM		 2715
2716 sm->GTimeoutCtr++;
2717 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2718 /* No point in sending the EAPOL-Key - we will disconnect
2719 * immediately following this. */
2720 return;
2721 }
2722
6fc6879b
JM		 2723 if (sm->wpa == WPA_VERSION_WPA)
2724 sm->PInitAKeys = FALSE;
2725 sm->TimeoutEvt = FALSE;
2726 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2727 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2728 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2729 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2730 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2731 "sending 1/2 msg of Group Key Handshake");
2732
83421850
JM		 2733 gtk = gsm->GTK[gsm->GN - 1];
2734 if (sm->wpa_auth->conf.disable_gtk) {
2735 /*
2736 * Provide unique random GTK to each STA to prevent use
2737 * of GTK in the BSS.
2738 */
2739 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
2740 return;
2741 gtk = dummy_gtk;
2742 }
6fc6879b
JM		 2743 if (sm->wpa == WPA_VERSION_WPA2) {
2744 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2745 ieee80211w_kde_len(sm);
e41e4f9e
JM		 2746 kde_buf = os_malloc(kde_len);
2747 if (kde_buf == NULL)
6fc6879b
JM		 2748 return;
2749
e41e4f9e 2750 kde = pos = kde_buf;
6fc6879b
JM		 2751 hdr[0] = gsm->GN & 0x03;
2752 hdr[1] = 0;
2753 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
83421850 2754 gtk, gsm->GTK_len);
6fc6879b 2755 pos = ieee80211w_kde_add(sm, pos);
e41e4f9e 2756 kde_len = pos - kde;
6fc6879b 2757 } else {
83421850 2758 kde = gtk;
e41e4f9e 2759 kde_len = gsm->GTK_len;
6fc6879b
JM		 2760 }
2761
2762 wpa_send_eapol(sm->wpa_auth, sm,
b729fd8d
JM		 2763 WPA_KEY_INFO_SECURE |
2764 (wpa_mic_len(sm->wpa_key_mgmt) ? WPA_KEY_INFO_MIC : 0) |
6fc6879b
JM		 2765 WPA_KEY_INFO_ACK |
2766 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
e41e4f9e
JM		 2767 rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1);
2768
2769 os_free(kde_buf);
6fc6879b
JM		 2770}
2771
2772
2773SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2774{
2775 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2776 sm->EAPOLKeyReceived = FALSE;
2777 if (sm->GUpdateStationKeys)
2778 sm->group->GKeyDoneStations--;
2779 sm->GUpdateStationKeys = FALSE;
2780 sm->GTimeoutCtr = 0;
2781 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2782 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2783 "group key handshake completed (%s)",
2784 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2785 sm->has_GTK = TRUE;
2786}
2787
2788
2789SM_STATE(WPA_PTK_GROUP, KEYERROR)
2790{
2791 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2792 if (sm->GUpdateStationKeys)
2793 sm->group->GKeyDoneStations--;
2794 sm->GUpdateStationKeys = FALSE;
2795 sm->Disconnect = TRUE;
2796}
2797
2798
2799SM_STEP(WPA_PTK_GROUP)
2800{
9663596f 2801 if (sm->Init || sm->PtkGroupInit) {
6fc6879b 2802 SM_ENTER(WPA_PTK_GROUP, IDLE);
9663596f
JM		 2803 sm->PtkGroupInit = FALSE;
2804 } else switch (sm->wpa_ptk_group_state) {
6fc6879b
JM		 2805 case WPA_PTK_GROUP_IDLE:
2806 if (sm->GUpdateStationKeys ||
2807 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2808 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2809 break;
2810 case WPA_PTK_GROUP_REKEYNEGOTIATING:
2811 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2812 !sm->EAPOLKeyPairwise && sm->MICVerified)
2813 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2814 else if (sm->GTimeoutCtr >
2815 (int) dot11RSNAConfigGroupUpdateCount)
2816 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2817 else if (sm->TimeoutEvt)
2818 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2819 break;
2820 case WPA_PTK_GROUP_KEYERROR:
2821 SM_ENTER(WPA_PTK_GROUP, IDLE);
2822 break;
2823 case WPA_PTK_GROUP_REKEYESTABLISHED:
2824 SM_ENTER(WPA_PTK_GROUP, IDLE);
2825 break;
2826 }
2827}
2828
2829
2830static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2831 struct wpa_group *group)
2832{
2833 int ret = 0;
2834
6fc6879b
JM		 2835 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2836 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2837 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2838 wpa_auth->addr, group->GNonce,
2839 group->GTK[group->GN - 1], group->GTK_len) < 0)
2840 ret = -1;
5cb9d5c3
JM		 2841 wpa_hexdump_key(MSG_DEBUG, "GTK",
2842 group->GTK[group->GN - 1], group->GTK_len);
6fc6879b
JM		 2843
2844#ifdef CONFIG_IEEE80211W
70f8cc8e 2845 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
8dd9f9cd
JM		 2846 size_t len;
2847 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
5cb9d5c3
JM		 2848 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2849 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3c7302c2
JM		 2850 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2851 wpa_auth->addr, group->GNonce,
8dd9f9cd 2852 group->IGTK[group->GN_igtk - 4], len) < 0)
3c7302c2 2853 ret = -1;
6fc6879b 2854 wpa_hexdump_key(MSG_DEBUG, "IGTK",
8dd9f9cd 2855 group->IGTK[group->GN_igtk - 4], len);
6fc6879b
JM		 2856 }
2857#endif /* CONFIG_IEEE80211W */
2858
2859 return ret;
2860}
2861
2862
2863static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2864 struct wpa_group *group)
2865{
2866 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2867 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2868 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2869 group->wpa_group_state = WPA_GROUP_GTK_INIT;
2870
2871 /* GTK[0..N] = 0 */
2872 os_memset(group->GTK, 0, sizeof(group->GTK));
2873 group->GN = 1;
2874 group->GM = 2;
2875#ifdef CONFIG_IEEE80211W
2876 group->GN_igtk = 4;
2877 group->GM_igtk = 5;
2878#endif /* CONFIG_IEEE80211W */
2879 /* GTK[GN] = CalcGTK() */
2880 wpa_gtk_update(wpa_auth, group);
2881}
2882
2883
2884static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2885{
473b6f22
MB		 2886 if (ctx != NULL && ctx != sm->group)
2887 return 0;
2888
6fc6879b
JM		 2889 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2890 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2891 "Not in PTKINITDONE; skip Group Key update");
3c183894 2892 sm->GUpdateStationKeys = FALSE;
6fc6879b
JM		 2893 return 0;
2894 }
9663596f
JM		 2895 if (sm->GUpdateStationKeys) {
2896 /*
3c183894
JM		 2897 * This should not really happen, so add a debug log entry.
2898 * Since we clear the GKeyDoneStations before the loop, the
2899 * station needs to be counted here anyway.
9663596f
JM		 2900 */
2901 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3c183894
JM		 2902 "GUpdateStationKeys was already set when "
2903 "marking station for GTK rekeying");
9663596f 2904 }
3c183894 2905
ad3872a3 2906 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
d32d94db
XC		 2907 if (sm->is_wnmsleep)
2908 return 0;
d32d94db 2909
3c183894
JM		 2910 sm->group->GKeyDoneStations++;
2911 sm->GUpdateStationKeys = TRUE;
2912
6fc6879b
JM		 2913 wpa_sm_step(sm);
2914 return 0;
2915}
2916
2917
ad3872a3
JM		 2918#ifdef CONFIG_WNM
2919/* update GTK when exiting WNM-Sleep Mode */
d32d94db
XC		 2920void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
2921{
629edfef 2922 if (sm == NULL || sm->is_wnmsleep)
d32d94db
XC		 2923 return;
2924
2925 wpa_group_update_sta(sm, NULL);
2926}
2927
2928
2929void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
2930{
629edfef
JM		 2931 if (sm)
2932 sm->is_wnmsleep = !!flag;
d32d94db
XC		 2933}
2934
2935
2936int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2937{
d32d94db 2938 struct wpa_group *gsm = sm->group;
835822d4 2939 u8 *start = pos;
d32d94db
XC		 2940
2941 /*
835822d4 2942 * GTK subelement:
d32d94db 2943 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
835822d4 2944 * Key[5..32]
d32d94db 2945 */
835822d4
JM		 2946 *pos++ = WNM_SLEEP_SUBELEM_GTK;
2947 *pos++ = 11 + gsm->GTK_len;
d32d94db 2948 /* Key ID in B0-B1 of Key Info */
835822d4
JM		 2949 WPA_PUT_LE16(pos, gsm->GN & 0x03);
2950 pos += 2;
2951 *pos++ = gsm->GTK_len;
2952 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
d32d94db 2953 return 0;
835822d4
JM		 2954 pos += 8;
2955 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2956 pos += gsm->GTK_len;
d32d94db 2957
835822d4
JM		 2958 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
2959 gsm->GN);
2960 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
d32d94db 2961 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
d32d94db 2962
835822d4 2963 return pos - start;
d32d94db
XC		 2964}
2965
2966
2967#ifdef CONFIG_IEEE80211W
2968int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2969{
d32d94db 2970 struct wpa_group *gsm = sm->group;
835822d4 2971 u8 *start = pos;
8dd9f9cd 2972 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
d32d94db 2973
835822d4
JM		 2974 /*
2975 * IGTK subelement:
2976 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
2977 */
2978 *pos++ = WNM_SLEEP_SUBELEM_IGTK;
8dd9f9cd 2979 *pos++ = 2 + 6 + len;
835822d4
JM		 2980 WPA_PUT_LE16(pos, gsm->GN_igtk);
2981 pos += 2;
2982 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
d32d94db 2983 return 0;
835822d4 2984 pos += 6;
d32d94db 2985
8dd9f9cd
JM		 2986 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
2987 pos += len;
d32d94db 2988
835822d4
JM		 2989 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
2990 gsm->GN_igtk);
2991 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
8dd9f9cd 2992 gsm->IGTK[gsm->GN_igtk - 4], len);
d32d94db 2993
835822d4 2994 return pos - start;
d32d94db
XC		 2995}
2996#endif /* CONFIG_IEEE80211W */
ad3872a3 2997#endif /* CONFIG_WNM */
d32d94db
XC		 2998
2999
6fc6879b
JM		 3000static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
3001 struct wpa_group *group)
3002{
3003 int tmp;
3004
3005 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3006 "SETKEYS (VLAN-ID %d)", group->vlan_id);
3007 group->changed = TRUE;
3008 group->wpa_group_state = WPA_GROUP_SETKEYS;
3009 group->GTKReKey = FALSE;
3010 tmp = group->GM;
3011 group->GM = group->GN;
3012 group->GN = tmp;
3013#ifdef CONFIG_IEEE80211W
3014 tmp = group->GM_igtk;
3015 group->GM_igtk = group->GN_igtk;
3016 group->GN_igtk = tmp;
3017#endif /* CONFIG_IEEE80211W */
3018 /* "GKeyDoneStations = GNoStations" is done in more robust way by
3019 * counting the STAs that are marked with GUpdateStationKeys instead of
3020 * including all STAs that could be in not-yet-completed state. */
3021 wpa_gtk_update(wpa_auth, group);
3022
3c183894
JM		 3023 if (group->GKeyDoneStations) {
3024 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
3025 "GKeyDoneStations=%d when starting new GTK rekey",
3026 group->GKeyDoneStations);
3027 group->GKeyDoneStations = 0;
3028 }
473b6f22 3029 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
6fc6879b
JM		 3030 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
3031 group->GKeyDoneStations);
3032}
3033
3034
1bdb7ab3
JM		 3035static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
3036 struct wpa_group *group)
6fc6879b 3037{
3c7302c2
JM		 3038 int ret = 0;
3039
3c7302c2 3040 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
c3550295 3041 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
0382097e
JM		 3042 broadcast_ether_addr, group->GN,
3043 group->GTK[group->GN - 1], group->GTK_len) < 0)
3c7302c2 3044 ret = -1;
6fc6879b
JM		 3045
3046#ifdef CONFIG_IEEE80211W
8dd9f9cd
JM		 3047 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
3048 enum wpa_alg alg;
3049 size_t len;
3050
3051 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
3052 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
3053
3054 if (ret == 0 &&
3055 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
3056 broadcast_ether_addr, group->GN_igtk,
3057 group->IGTK[group->GN_igtk - 4], len) < 0)
3058 ret = -1;
3059 }
6fc6879b 3060#endif /* CONFIG_IEEE80211W */
3c7302c2
JM		 3061
3062 return ret;
6fc6879b
JM		 3063}
3064
3065
7d7f7be2
JM		 3066static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
3067{
3068 if (sm->group == ctx) {
3069 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
3070 " for discconnection due to fatal failure",
3071 MAC2STR(sm->addr));
3072 sm->Disconnect = TRUE;
3073 }
3074
3075 return 0;
3076}
3077
3078
3079static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
3080 struct wpa_group *group)
3081{
3082 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
3083 group->changed = TRUE;
3084 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
3085 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
3086}
3087
3088
1bdb7ab3
JM		 3089static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
3090 struct wpa_group *group)
3091{
3092 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3093 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
3094 group->changed = TRUE;
3095 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
3096
7d7f7be2
JM		 3097 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
3098 wpa_group_fatal_failure(wpa_auth, group);
1bdb7ab3 3099 return -1;
7d7f7be2 3100 }
1bdb7ab3
JM		 3101
3102 return 0;
3103}
3104
3105
6fc6879b
JM		 3106static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
3107 struct wpa_group *group)
3108{
3109 if (group->GInit) {
3110 wpa_group_gtk_init(wpa_auth, group);
7d7f7be2
JM		 3111 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
3112 /* Do not allow group operations */
6fc6879b
JM		 3113 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
3114 group->GTKAuthenticator) {
3115 wpa_group_setkeysdone(wpa_auth, group);
3116 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
3117 group->GTKReKey) {
3118 wpa_group_setkeys(wpa_auth, group);
3119 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
3120 if (group->GKeyDoneStations == 0)
3121 wpa_group_setkeysdone(wpa_auth, group);
3122 else if (group->GTKReKey)
3123 wpa_group_setkeys(wpa_auth, group);
3124 }
3125}
3126
3127
e4a6ea1d 3128static int wpa_sm_step(struct wpa_state_machine *sm)
6fc6879b
JM		 3129{
3130 if (sm == NULL)
e4a6ea1d 3131 return 0;
6fc6879b
JM		 3132
3133 if (sm->in_step_loop) {
3134 /* This should not happen, but if it does, make sure we do not
3135 * end up freeing the state machine too early by exiting the
3136 * recursive call. */
3137 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
e4a6ea1d 3138 return 0;
6fc6879b
JM		 3139 }
3140
3141 sm->in_step_loop = 1;
3142 do {
3143 if (sm->pending_deinit)
3144 break;
3145
3146 sm->changed = FALSE;
3147 sm->wpa_auth->group->changed = FALSE;
3148
3149 SM_STEP_RUN(WPA_PTK);
3150 if (sm->pending_deinit)
3151 break;
3152 SM_STEP_RUN(WPA_PTK_GROUP);
3153 if (sm->pending_deinit)
3154 break;
3155 wpa_group_sm_step(sm->wpa_auth, sm->group);
3156 } while (sm->changed || sm->wpa_auth->group->changed);
3157 sm->in_step_loop = 0;
3158
3159 if (sm->pending_deinit) {
3160 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
3161 "machine deinit for " MACSTR, MAC2STR(sm->addr));
3162 wpa_free_sta_sm(sm);
e4a6ea1d 3163 return 1;
6fc6879b 3164 }
e4a6ea1d 3165 return 0;
6fc6879b
JM		 3166}
3167
3168
3169static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
3170{
3171 struct wpa_state_machine *sm = eloop_ctx;
3172 wpa_sm_step(sm);
3173}
3174
3175
3176void wpa_auth_sm_notify(struct wpa_state_machine *sm)
3177{
3178 if (sm == NULL)
3179 return;
3180 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
3181}
3182
3183
3184void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
3185{
3186 int tmp, i;
3187 struct wpa_group *group;
3188
3189 if (wpa_auth == NULL)
3190 return;
3191
3192 group = wpa_auth->group;
3193
3194 for (i = 0; i < 2; i++) {
3195 tmp = group->GM;
3196 group->GM = group->GN;
3197 group->GN = tmp;
3198#ifdef CONFIG_IEEE80211W
3199 tmp = group->GM_igtk;
3200 group->GM_igtk = group->GN_igtk;
3201 group->GN_igtk = tmp;
3202#endif /* CONFIG_IEEE80211W */
3203 wpa_gtk_update(wpa_auth, group);
9354e594 3204 wpa_group_config_group_keys(wpa_auth, group);
6fc6879b
JM		 3205 }
3206}
3207
3208
a6da824b 3209static const char * wpa_bool_txt(int val)
6fc6879b 3210{
a6da824b 3211 return val ? "TRUE" : "FALSE";
6fc6879b
JM		 3212}
3213
3214
6fc6879b
JM		 3215#define RSN_SUITE "%02x-%02x-%02x-%d"
3216#define RSN_SUITE_ARG(s) \
3217((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
3218
3219int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
3220{
3221 int len = 0, ret;
3222 char pmkid_txt[PMKID_LEN * 2 + 1];
8ce58ceb
IH		 3223#ifdef CONFIG_RSN_PREAUTH
3224 const int preauth = 1;
3225#else /* CONFIG_RSN_PREAUTH */
3226 const int preauth = 0;
3227#endif /* CONFIG_RSN_PREAUTH */
6fc6879b
JM		 3228
3229 if (wpa_auth == NULL)
3230 return len;
3231
3232 ret = os_snprintf(buf + len, buflen - len,
3233 "dot11RSNAOptionImplemented=TRUE\n"
8ce58ceb 3234 "dot11RSNAPreauthenticationImplemented=%s\n"
6fc6879b
JM		 3235 "dot11RSNAEnabled=%s\n"
3236 "dot11RSNAPreauthenticationEnabled=%s\n",
8ce58ceb 3237 wpa_bool_txt(preauth),
6fc6879b
JM		 3238 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
3239 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
d85e1fc8 3240 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3241 return len;
3242 len += ret;
3243
3244 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
3245 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
3246
3247 ret = os_snprintf(
3248 buf + len, buflen - len,
3249 "dot11RSNAConfigVersion=%u\n"
3250 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
3251 /* FIX: dot11RSNAConfigGroupCipher */
3252 /* FIX: dot11RSNAConfigGroupRekeyMethod */
3253 /* FIX: dot11RSNAConfigGroupRekeyTime */
3254 /* FIX: dot11RSNAConfigGroupRekeyPackets */
3255 "dot11RSNAConfigGroupRekeyStrict=%u\n"
3256 "dot11RSNAConfigGroupUpdateCount=%u\n"
3257 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
3258 "dot11RSNAConfigGroupCipherSize=%u\n"
3259 "dot11RSNAConfigPMKLifetime=%u\n"
3260 "dot11RSNAConfigPMKReauthThreshold=%u\n"
3261 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
3262 "dot11RSNAConfigSATimeout=%u\n"
3263 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3264 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3265 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3266 "dot11RSNAPMKIDUsed=%s\n"
3267 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3268 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3269 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3270 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
3271 "dot11RSNA4WayHandshakeFailures=%u\n"
3272 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
3273 RSN_VERSION,
3274 !!wpa_auth->conf.wpa_strict_rekey,
3275 dot11RSNAConfigGroupUpdateCount,
3276 dot11RSNAConfigPairwiseUpdateCount,
c3550295 3277 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
6fc6879b
JM		 3278 dot11RSNAConfigPMKLifetime,
3279 dot11RSNAConfigPMKReauthThreshold,
3280 dot11RSNAConfigSATimeout,
3281 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
3282 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
3283 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
3284 pmkid_txt,
3285 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
3286 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
3287 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
3288 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
3289 wpa_auth->dot11RSNA4WayHandshakeFailures);
d85e1fc8 3290 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3291 return len;
3292 len += ret;
3293
3294 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
3295 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
3296
3297 /* Private MIB */
3298 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
3299 wpa_auth->group->wpa_group_state);
d85e1fc8 3300 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3301 return len;
3302 len += ret;
3303
3304 return len;
3305}
3306
3307
3308int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
3309{
3310 int len = 0, ret;
3311 u32 pairwise = 0;
3312
3313 if (sm == NULL)
3314 return 0;
3315
3316 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
3317
3318 /* dot11RSNAStatsEntry */
3319
c3550295
JM		 3320 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
3321 WPA_PROTO_RSN : WPA_PROTO_WPA,
3322 sm->pairwise);
3323 if (pairwise == 0)
6fc6879b
JM		 3324 return 0;
3325
3326 ret = os_snprintf(
3327 buf + len, buflen - len,
3328 /* TODO: dot11RSNAStatsIndex */
3329 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
3330 "dot11RSNAStatsVersion=1\n"
3331 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
3332 /* TODO: dot11RSNAStatsTKIPICVErrors */
3333 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
d9040cdb 3334 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
6fc6879b
JM		 3335 /* TODO: dot11RSNAStatsCCMPReplays */
3336 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
3337 /* TODO: dot11RSNAStatsTKIPReplays */,
3338 MAC2STR(sm->addr),
3339 RSN_SUITE_ARG(pairwise),
3340 sm->dot11RSNAStatsTKIPLocalMICFailures,
3341 sm->dot11RSNAStatsTKIPRemoteMICFailures);
d85e1fc8 3342 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3343 return len;
3344 len += ret;
3345
3346 /* Private MIB */
3347 ret = os_snprintf(buf + len, buflen - len,
3348 "hostapdWPAPTKState=%d\n"
3349 "hostapdWPAPTKGroupState=%d\n",
3350 sm->wpa_ptk_state,
3351 sm->wpa_ptk_group_state);
d85e1fc8 3352 if (os_snprintf_error(buflen - len, ret))
6fc6879b
JM		 3353 return len;
3354 len += ret;
3355
3356 return len;
3357}
3358
3359
3360void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
3361{
3362 if (wpa_auth)
3363 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
3364}
3365
3366
3367int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
3368{
3369 return sm && sm->pairwise_set;
3370}
3371
3372
ff36ff00
JM		 3373int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
3374{
3375 return sm->pairwise;
3376}
3377
3378
6fc6879b
JM		 3379int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
3380{
3381 if (sm == NULL)
3382 return -1;
3383 return sm->wpa_key_mgmt;
3384}
3385
3386
3387int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3388{
3389 if (sm == NULL)
3390 return 0;
3391 return sm->wpa;
3392}
3393
3394
3395int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3396 struct rsn_pmksa_cache_entry *entry)
3397{
3398 if (sm == NULL || sm->pmksa != entry)
3399 return -1;
3400 sm->pmksa = NULL;
3401 return 0;
3402}
3403
3404
3405struct rsn_pmksa_cache_entry *
3406wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3407{
3408 return sm ? sm->pmksa : NULL;
3409}
3410
3411
3412void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
3413{
3414 if (sm)
3415 sm->dot11RSNAStatsTKIPLocalMICFailures++;
3416}
3417
3418
3419const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
3420{
3421 if (wpa_auth == NULL)
3422 return NULL;
3423 *len = wpa_auth->wpa_ie_len;
3424 return wpa_auth->wpa_ie;
3425}
3426
3427
3428int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
207976f0 3429 unsigned int pmk_len,
6fc6879b
JM		 3430 int session_timeout, struct eapol_state_machine *eapol)
3431{
cb465555
JM		 3432 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
3433 sm->wpa_auth->conf.disable_pmksa_caching)
6fc6879b
JM		 3434 return -1;
3435
207976f0
JM		 3436 if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
3437 if (pmk_len > PMK_LEN_SUITE_B_192)
3438 pmk_len = PMK_LEN_SUITE_B_192;
3439 } else if (pmk_len > PMK_LEN) {
3440 pmk_len = PMK_LEN;
3441 }
3442
70c93963 3443 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
98cd3d1c 3444 sm->PTK.kck, sm->PTK.kck_len,
4bb081f1
JM		 3445 sm->wpa_auth->addr, sm->addr, session_timeout,
3446 eapol, sm->wpa_key_mgmt))
6fc6879b
JM		 3447 return 0;
3448
3449 return -1;
3450}
3451
3452
3453int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
3454 const u8 *pmk, size_t len, const u8 *sta_addr,
3455 int session_timeout,
3456 struct eapol_state_machine *eapol)
3457{
3458 if (wpa_auth == NULL)
3459 return -1;
3460
70c93963 3461 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, NULL,
087a1f4e
JM		 3462 NULL, 0,
3463 wpa_auth->addr,
4bb081f1
JM		 3464 sta_addr, session_timeout, eapol,
3465 WPA_KEY_MGMT_IEEE8021X))
6fc6879b
JM		 3466 return 0;
3467
3468 return -1;
3469}
3470
3471
f2991170 3472int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
70c93963 3473 const u8 *pmk, const u8 *pmkid)
f2991170
JM		 3474{
3475 if (wpa_auth->conf.disable_pmksa_caching)
3476 return -1;
3477
70c93963 3478 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, pmkid,
087a1f4e 3479 NULL, 0,
f2991170
JM		 3480 wpa_auth->addr, addr, 0, NULL,
3481 WPA_KEY_MGMT_SAE))
3482 return 0;
3483
3484 return -1;
3485}
3486
3487
901d1fe1
JM		 3488void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
3489 const u8 *sta_addr)
3490{
3491 struct rsn_pmksa_cache_entry *pmksa;
3492
3493 if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
3494 return;
3495 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3496 if (pmksa) {
3497 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
3498 MACSTR " based on request", MAC2STR(sta_addr));
3499 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
3500 }
3501}
3502
3503
b8daac18
MH		 3504int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
3505 size_t len)
3506{
3507 if (!wpa_auth || !wpa_auth->pmksa)
3508 return 0;
3509 return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
3510}
3511
3512
4c522c77
MH		 3513void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
3514{
3515 if (wpa_auth && wpa_auth->pmksa)
3516 pmksa_cache_auth_flush(wpa_auth->pmksa);
3517}
3518
3519
9f2cf23e
MH		 3520struct rsn_pmksa_cache_entry *
3521wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
3522{
3523 if (!wpa_auth || !wpa_auth->pmksa)
3524 return NULL;
3525 return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3526}
3527
3528
3529void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
3530 struct wpa_state_machine *sm,
3531 struct wpa_authenticator *wpa_auth,
3532 u8 *pmkid, u8 *pmk)
3533{
3534 if (!sm)
3535 return;
3536
3537 sm->pmksa = pmksa;
8854f90b
JM		 3538 os_memcpy(pmk, pmksa->pmk, PMK_LEN);
3539 os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN);
3540 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
9f2cf23e
MH		 3541}
3542
3543
a0ad9e8c
MB		 3544/*
3545 * Remove and free the group from wpa_authenticator. This is triggered by a
3546 * callback to make sure nobody is currently iterating the group list while it
3547 * gets modified.
3548 */
3549static void wpa_group_free(struct wpa_authenticator *wpa_auth,
3550 struct wpa_group *group)
3551{
3552 struct wpa_group *prev = wpa_auth->group;
3553
3554 wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
3555 group->vlan_id);
3556
3557 while (prev) {
3558 if (prev->next == group) {
3559 /* This never frees the special first group as needed */
3560 prev->next = group->next;
3561 os_free(group);
3562 break;
3563 }
3564 prev = prev->next;
3565 }
3566
3567}
3568
3569
3570/* Increase the reference counter for group */
3571static void wpa_group_get(struct wpa_authenticator *wpa_auth,
3572 struct wpa_group *group)
3573{
3574 /* Skip the special first group */
3575 if (wpa_auth->group == group)
3576 return;
3577
3578 group->references++;
3579}
3580
3581
3582/* Decrease the reference counter and maybe free the group */
3583static void wpa_group_put(struct wpa_authenticator *wpa_auth,
3584 struct wpa_group *group)
3585{
3586 /* Skip the special first group */
3587 if (wpa_auth->group == group)
3588 return;
3589
3590 group->references--;
3591 if (group->references)
3592 return;
3593 wpa_group_free(wpa_auth, group);
3594}
3595
3596
3597/*
3598 * Add a group that has its references counter set to zero. Caller needs to
3599 * call wpa_group_get() on the return value to mark the entry in use.
3600 */
6fc6879b
JM		 3601static struct wpa_group *
3602wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3603{
3604 struct wpa_group *group;
3605
3606 if (wpa_auth == NULL || wpa_auth->group == NULL)
3607 return NULL;
3608
3609 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
3610 vlan_id);
bdffdc5d 3611 group = wpa_group_init(wpa_auth, vlan_id, 0);
6fc6879b
JM		 3612 if (group == NULL)
3613 return NULL;
3614
3615 group->next = wpa_auth->group->next;
3616 wpa_auth->group->next = group;
3617
3618 return group;
3619}
3620
3621
7cebc8e2
MB		 3622/*
3623 * Enforce that the group state machine for the VLAN is running, increase
3624 * reference counter as interface is up. References might have been increased
3625 * even if a negative value is returned.
3626 * Returns: -1 on error (group missing, group already failed); otherwise, 0
3627 */
3628int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3629{
3630 struct wpa_group *group;
3631
3632 if (wpa_auth == NULL)
3633 return 0;
3634
3635 group = wpa_auth->group;
3636 while (group) {
3637 if (group->vlan_id == vlan_id)
3638 break;
3639 group = group->next;
3640 }
3641
3642 if (group == NULL) {
3643 group = wpa_auth_add_group(wpa_auth, vlan_id);
3644 if (group == NULL)
3645 return -1;
3646 }
3647
3648 wpa_printf(MSG_DEBUG,
3649 "WPA: Ensure group state machine running for VLAN ID %d",
3650 vlan_id);
3651
3652 wpa_group_get(wpa_auth, group);
3653 group->num_setup_iface++;
3654
3655 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3656 return -1;
3657
3658 return 0;
3659}
3660
3661
3662/*
3663 * Decrease reference counter, expected to be zero afterwards.
3664 * returns: -1 on error (group not found, group in fail state)
3665 * -2 if wpa_group is still referenced
3666 * 0 else
3667 */
3668int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3669{
3670 struct wpa_group *group;
3671 int ret = 0;
3672
3673 if (wpa_auth == NULL)
3674 return 0;
3675
3676 group = wpa_auth->group;
3677 while (group) {
3678 if (group->vlan_id == vlan_id)
3679 break;
3680 group = group->next;
3681 }
3682
3683 if (group == NULL)
3684 return -1;
3685
3686 wpa_printf(MSG_DEBUG,
3687 "WPA: Try stopping group state machine for VLAN ID %d",
3688 vlan_id);
3689
3690 if (group->num_setup_iface <= 0) {
3691 wpa_printf(MSG_ERROR,
3692 "WPA: wpa_auth_release_group called more often than wpa_auth_ensure_group for VLAN ID %d, skipping.",
3693 vlan_id);
3694 return -1;
3695 }
3696 group->num_setup_iface--;
3697
3698 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3699 ret = -1;
3700
3701 if (group->references > 1) {
3702 wpa_printf(MSG_DEBUG,
3703 "WPA: Cannot stop group state machine for VLAN ID %d as references are still hold",
3704 vlan_id);
3705 ret = -2;
3706 }
3707
3708 wpa_group_put(wpa_auth, group);
3709
3710 return ret;
3711}
3712
3713
6fc6879b
JM		 3714int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
3715{
3716 struct wpa_group *group;
3717
3718 if (sm == NULL || sm->wpa_auth == NULL)
3719 return 0;
3720
3721 group = sm->wpa_auth->group;
3722 while (group) {
3723 if (group->vlan_id == vlan_id)
3724 break;
3725 group = group->next;
3726 }
3727
3728 if (group == NULL) {
3729 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
3730 if (group == NULL)
3731 return -1;
3732 }
3733
3734 if (sm->group == group)
3735 return 0;
3736
7d7f7be2
JM		 3737 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3738 return -1;
3739
6fc6879b
JM		 3740 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
3741 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
3742
a0ad9e8c
MB		 3743 wpa_group_get(sm->wpa_auth, group);
3744 wpa_group_put(sm->wpa_auth, sm->group);
6fc6879b 3745 sm->group = group;
a0ad9e8c 3746
6fc6879b
JM		 3747 return 0;
3748}
e4bf4db9
JM		 3749
3750
3751void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
3752 struct wpa_state_machine *sm, int ack)
3753{
3754 if (wpa_auth == NULL || sm == NULL)
3755 return;
3756 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
3757 " ack=%d", MAC2STR(sm->addr), ack);
3758 if (sm->pending_1_of_4_timeout && ack) {
3759 /*
3760 * Some deployed supplicant implementations update their SNonce
3761 * for each EAPOL-Key 2/4 message even within the same 4-way
3762 * handshake and then fail to use the first SNonce when
3763 * deriving the PTK. This results in unsuccessful 4-way
3764 * handshake whenever the relatively short initial timeout is
3765 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
3766 * around this by increasing the timeout now that we know that
3767 * the station has received the frame.
3768 */
3769 int timeout_ms = eapol_key_timeout_subseq;
3770 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
3771 "timeout by %u ms because of acknowledged frame",
3772 timeout_ms);
3773 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
3774 eloop_register_timeout(timeout_ms / 1000,
3775 (timeout_ms % 1000) * 1000,
3776 wpa_send_eapol_timeout, wpa_auth, sm);
3777 }
3778}
c10347f2
JM		 3779
3780
3781int wpa_auth_uses_sae(struct wpa_state_machine *sm)
3782{
3783 if (sm == NULL)
3784 return 0;
3785 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
3786}
aa189ac9
JM		 3787
3788
3789int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
3790{
3791 if (sm == NULL)
3792 return 0;
3793 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
3794}
25ef8529
JM		 3795
3796
3797#ifdef CONFIG_P2P
3798int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
3799{
3800 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
3801 return -1;
3802 os_memcpy(addr, sm->ip_addr, 4);
3803 return 0;
3804}
3805#endif /* CONFIG_P2P */
cbc210de
JM		 3806
3807
3808int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
3809 struct radius_das_attrs *attr)
3810{
3811 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
3812}
34782730
JM		 3813
3814
3815void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth)
3816{
3817 struct wpa_group *group;
3818
3819 if (!wpa_auth)
3820 return;
3821 for (group = wpa_auth->group; group; group = group->next)
3822 wpa_group_config_group_keys(wpa_auth, group);
3823}
Unnamed repository; edit this file 'description' to name the repository.