]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
FILS: Set EAPOL-Key Key Descriptor Version to 0 with FILS AKMs (AP)
[thirdparty/hostap.git] / src / ap / wpa_auth.c
1 /*
2 * IEEE 802.11 RSN / WPA Authenticator
3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "utils/state_machine.h"
14 #include "utils/bitfield.h"
15 #include "common/ieee802_11_defs.h"
16 #include "crypto/aes_wrap.h"
17 #include "crypto/crypto.h"
18 #include "crypto/sha1.h"
19 #include "crypto/sha256.h"
20 #include "crypto/random.h"
21 #include "eapol_auth/eapol_auth_sm.h"
22 #include "ap_config.h"
23 #include "ieee802_11.h"
24 #include "wpa_auth.h"
25 #include "pmksa_cache_auth.h"
26 #include "wpa_auth_i.h"
27 #include "wpa_auth_ie.h"
28
29 #define STATE_MACHINE_DATA struct wpa_state_machine
30 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
31 #define STATE_MACHINE_ADDR sm->addr
32
33
34 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
35 static int wpa_sm_step(struct wpa_state_machine *sm);
36 static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
37 size_t data_len);
38 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
39 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
40 struct wpa_group *group);
41 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
42 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
43 struct wpa_group *group);
44 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
45 struct wpa_group *group);
46 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
47 const u8 *pmk, unsigned int pmk_len,
48 struct wpa_ptk *ptk);
49 static void wpa_group_free(struct wpa_authenticator *wpa_auth,
50 struct wpa_group *group);
51 static void wpa_group_get(struct wpa_authenticator *wpa_auth,
52 struct wpa_group *group);
53 static void wpa_group_put(struct wpa_authenticator *wpa_auth,
54 struct wpa_group *group);
55
56 static const u32 dot11RSNAConfigGroupUpdateCount = 4;
57 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
58 static const u32 eapol_key_timeout_first = 100; /* ms */
59 static const u32 eapol_key_timeout_subseq = 1000; /* ms */
60 static const u32 eapol_key_timeout_first_group = 500; /* ms */
61
62 /* TODO: make these configurable */
63 static const int dot11RSNAConfigPMKLifetime = 43200;
64 static const int dot11RSNAConfigPMKReauthThreshold = 70;
65 static const int dot11RSNAConfigSATimeout = 60;
66
67
68 static inline int wpa_auth_mic_failure_report(
69 struct wpa_authenticator *wpa_auth, const u8 *addr)
70 {
71 if (wpa_auth->cb.mic_failure_report)
72 return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
73 return 0;
74 }
75
76
77 static inline void wpa_auth_psk_failure_report(
78 struct wpa_authenticator *wpa_auth, const u8 *addr)
79 {
80 if (wpa_auth->cb.psk_failure_report)
81 wpa_auth->cb.psk_failure_report(wpa_auth->cb.ctx, addr);
82 }
83
84
85 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
86 const u8 *addr, wpa_eapol_variable var,
87 int value)
88 {
89 if (wpa_auth->cb.set_eapol)
90 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
91 }
92
93
94 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
95 const u8 *addr, wpa_eapol_variable var)
96 {
97 if (wpa_auth->cb.get_eapol == NULL)
98 return -1;
99 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
100 }
101
102
103 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
104 const u8 *addr,
105 const u8 *p2p_dev_addr,
106 const u8 *prev_psk)
107 {
108 if (wpa_auth->cb.get_psk == NULL)
109 return NULL;
110 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr,
111 prev_psk);
112 }
113
114
115 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
116 const u8 *addr, u8 *msk, size_t *len)
117 {
118 if (wpa_auth->cb.get_msk == NULL)
119 return -1;
120 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
121 }
122
123
124 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
125 int vlan_id,
126 enum wpa_alg alg, const u8 *addr, int idx,
127 u8 *key, size_t key_len)
128 {
129 if (wpa_auth->cb.set_key == NULL)
130 return -1;
131 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
132 key, key_len);
133 }
134
135
136 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
137 const u8 *addr, int idx, u8 *seq)
138 {
139 if (wpa_auth->cb.get_seqnum == NULL)
140 return -1;
141 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
142 }
143
144
145 static inline int
146 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
147 const u8 *data, size_t data_len, int encrypt)
148 {
149 if (wpa_auth->cb.send_eapol == NULL)
150 return -1;
151 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
152 encrypt);
153 }
154
155
156 #ifdef CONFIG_MESH
157 static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
158 const u8 *addr)
159 {
160 if (wpa_auth->cb.start_ampe == NULL)
161 return -1;
162 return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr);
163 }
164 #endif /* CONFIG_MESH */
165
166
167 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
168 int (*cb)(struct wpa_state_machine *sm, void *ctx),
169 void *cb_ctx)
170 {
171 if (wpa_auth->cb.for_each_sta == NULL)
172 return 0;
173 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
174 }
175
176
177 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
178 int (*cb)(struct wpa_authenticator *a, void *ctx),
179 void *cb_ctx)
180 {
181 if (wpa_auth->cb.for_each_auth == NULL)
182 return 0;
183 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
184 }
185
186
187 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
188 logger_level level, const char *txt)
189 {
190 if (wpa_auth->cb.logger == NULL)
191 return;
192 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
193 }
194
195
196 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
197 logger_level level, const char *fmt, ...)
198 {
199 char *format;
200 int maxlen;
201 va_list ap;
202
203 if (wpa_auth->cb.logger == NULL)
204 return;
205
206 maxlen = os_strlen(fmt) + 100;
207 format = os_malloc(maxlen);
208 if (!format)
209 return;
210
211 va_start(ap, fmt);
212 vsnprintf(format, maxlen, fmt, ap);
213 va_end(ap);
214
215 wpa_auth_logger(wpa_auth, addr, level, format);
216
217 os_free(format);
218 }
219
220
221 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
222 const u8 *addr)
223 {
224 if (wpa_auth->cb.disconnect == NULL)
225 return;
226 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
227 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
228 WLAN_REASON_PREV_AUTH_NOT_VALID);
229 }
230
231
232 static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
233 {
234 int ret = 0;
235 #ifdef CONFIG_IEEE80211R
236 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
237 ret = 1;
238 #endif /* CONFIG_IEEE80211R */
239 #ifdef CONFIG_IEEE80211W
240 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
241 ret = 1;
242 #endif /* CONFIG_IEEE80211W */
243 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN)
244 ret = 1;
245 return ret;
246 }
247
248
249 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
250 {
251 struct wpa_authenticator *wpa_auth = eloop_ctx;
252
253 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
254 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
255 "initialization.");
256 } else {
257 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
258 wpa_hexdump_key(MSG_DEBUG, "GMK",
259 wpa_auth->group->GMK, WPA_GMK_LEN);
260 }
261
262 if (wpa_auth->conf.wpa_gmk_rekey) {
263 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
264 wpa_rekey_gmk, wpa_auth, NULL);
265 }
266 }
267
268
269 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
270 {
271 struct wpa_authenticator *wpa_auth = eloop_ctx;
272 struct wpa_group *group, *next;
273
274 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
275 group = wpa_auth->group;
276 while (group) {
277 wpa_group_get(wpa_auth, group);
278
279 group->GTKReKey = TRUE;
280 do {
281 group->changed = FALSE;
282 wpa_group_sm_step(wpa_auth, group);
283 } while (group->changed);
284
285 next = group->next;
286 wpa_group_put(wpa_auth, group);
287 group = next;
288 }
289
290 if (wpa_auth->conf.wpa_group_rekey) {
291 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
292 0, wpa_rekey_gtk, wpa_auth, NULL);
293 }
294 }
295
296
297 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
298 {
299 struct wpa_authenticator *wpa_auth = eloop_ctx;
300 struct wpa_state_machine *sm = timeout_ctx;
301
302 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
303 wpa_request_new_ptk(sm);
304 wpa_sm_step(sm);
305 }
306
307
308 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
309 {
310 if (sm->pmksa == ctx)
311 sm->pmksa = NULL;
312 return 0;
313 }
314
315
316 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
317 void *ctx)
318 {
319 struct wpa_authenticator *wpa_auth = ctx;
320 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
321 }
322
323
324 static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
325 struct wpa_group *group)
326 {
327 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
328 u8 rkey[32];
329 unsigned long ptr;
330
331 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
332 return -1;
333 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
334
335 /*
336 * Counter = PRF-256(Random number, "Init Counter",
337 * Local MAC Address || Time)
338 */
339 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
340 wpa_get_ntp_timestamp(buf + ETH_ALEN);
341 ptr = (unsigned long) group;
342 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
343 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
344 return -1;
345
346 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
347 group->Counter, WPA_NONCE_LEN) < 0)
348 return -1;
349 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
350 group->Counter, WPA_NONCE_LEN);
351
352 return 0;
353 }
354
355
356 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
357 int vlan_id, int delay_init)
358 {
359 struct wpa_group *group;
360
361 group = os_zalloc(sizeof(struct wpa_group));
362 if (group == NULL)
363 return NULL;
364
365 group->GTKAuthenticator = TRUE;
366 group->vlan_id = vlan_id;
367 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
368
369 if (random_pool_ready() != 1) {
370 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
371 "for secure operations - update keys later when "
372 "the first station connects");
373 }
374
375 /*
376 * Set initial GMK/Counter value here. The actual values that will be
377 * used in negotiations will be set once the first station tries to
378 * connect. This allows more time for collecting additional randomness
379 * on embedded devices.
380 */
381 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
382 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
383 "initialization.");
384 os_free(group);
385 return NULL;
386 }
387
388 group->GInit = TRUE;
389 if (delay_init) {
390 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
391 "until Beacon frames have been configured");
392 /* Initialization is completed in wpa_init_keys(). */
393 } else {
394 wpa_group_sm_step(wpa_auth, group);
395 group->GInit = FALSE;
396 wpa_group_sm_step(wpa_auth, group);
397 }
398
399 return group;
400 }
401
402
403 /**
404 * wpa_init - Initialize WPA authenticator
405 * @addr: Authenticator address
406 * @conf: Configuration for WPA authenticator
407 * @cb: Callback functions for WPA authenticator
408 * Returns: Pointer to WPA authenticator data or %NULL on failure
409 */
410 struct wpa_authenticator * wpa_init(const u8 *addr,
411 struct wpa_auth_config *conf,
412 struct wpa_auth_callbacks *cb)
413 {
414 struct wpa_authenticator *wpa_auth;
415
416 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
417 if (wpa_auth == NULL)
418 return NULL;
419 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
420 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
421 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
422
423 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
424 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
425 os_free(wpa_auth);
426 return NULL;
427 }
428
429 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
430 if (wpa_auth->group == NULL) {
431 os_free(wpa_auth->wpa_ie);
432 os_free(wpa_auth);
433 return NULL;
434 }
435
436 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
437 wpa_auth);
438 if (wpa_auth->pmksa == NULL) {
439 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
440 os_free(wpa_auth->group);
441 os_free(wpa_auth->wpa_ie);
442 os_free(wpa_auth);
443 return NULL;
444 }
445
446 #ifdef CONFIG_IEEE80211R
447 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
448 if (wpa_auth->ft_pmk_cache == NULL) {
449 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
450 os_free(wpa_auth->group);
451 os_free(wpa_auth->wpa_ie);
452 pmksa_cache_auth_deinit(wpa_auth->pmksa);
453 os_free(wpa_auth);
454 return NULL;
455 }
456 #endif /* CONFIG_IEEE80211R */
457
458 if (wpa_auth->conf.wpa_gmk_rekey) {
459 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
460 wpa_rekey_gmk, wpa_auth, NULL);
461 }
462
463 if (wpa_auth->conf.wpa_group_rekey) {
464 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
465 wpa_rekey_gtk, wpa_auth, NULL);
466 }
467
468 #ifdef CONFIG_P2P
469 if (WPA_GET_BE32(conf->ip_addr_start)) {
470 int count = WPA_GET_BE32(conf->ip_addr_end) -
471 WPA_GET_BE32(conf->ip_addr_start) + 1;
472 if (count > 1000)
473 count = 1000;
474 if (count > 0)
475 wpa_auth->ip_pool = bitfield_alloc(count);
476 }
477 #endif /* CONFIG_P2P */
478
479 return wpa_auth;
480 }
481
482
483 int wpa_init_keys(struct wpa_authenticator *wpa_auth)
484 {
485 struct wpa_group *group = wpa_auth->group;
486
487 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
488 "keys");
489 wpa_group_sm_step(wpa_auth, group);
490 group->GInit = FALSE;
491 wpa_group_sm_step(wpa_auth, group);
492 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
493 return -1;
494 return 0;
495 }
496
497
498 /**
499 * wpa_deinit - Deinitialize WPA authenticator
500 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
501 */
502 void wpa_deinit(struct wpa_authenticator *wpa_auth)
503 {
504 struct wpa_group *group, *prev;
505
506 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
507 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
508
509 #ifdef CONFIG_PEERKEY
510 while (wpa_auth->stsl_negotiations)
511 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
512 #endif /* CONFIG_PEERKEY */
513
514 pmksa_cache_auth_deinit(wpa_auth->pmksa);
515
516 #ifdef CONFIG_IEEE80211R
517 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
518 wpa_auth->ft_pmk_cache = NULL;
519 #endif /* CONFIG_IEEE80211R */
520
521 #ifdef CONFIG_P2P
522 bitfield_free(wpa_auth->ip_pool);
523 #endif /* CONFIG_P2P */
524
525
526 os_free(wpa_auth->wpa_ie);
527
528 group = wpa_auth->group;
529 while (group) {
530 prev = group;
531 group = group->next;
532 os_free(prev);
533 }
534
535 os_free(wpa_auth);
536 }
537
538
539 /**
540 * wpa_reconfig - Update WPA authenticator configuration
541 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
542 * @conf: Configuration for WPA authenticator
543 */
544 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
545 struct wpa_auth_config *conf)
546 {
547 struct wpa_group *group;
548 if (wpa_auth == NULL)
549 return 0;
550
551 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
552 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
553 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
554 return -1;
555 }
556
557 /*
558 * Reinitialize GTK to make sure it is suitable for the new
559 * configuration.
560 */
561 group = wpa_auth->group;
562 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
563 group->GInit = TRUE;
564 wpa_group_sm_step(wpa_auth, group);
565 group->GInit = FALSE;
566 wpa_group_sm_step(wpa_auth, group);
567
568 return 0;
569 }
570
571
572 struct wpa_state_machine *
573 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
574 const u8 *p2p_dev_addr)
575 {
576 struct wpa_state_machine *sm;
577
578 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
579 return NULL;
580
581 sm = os_zalloc(sizeof(struct wpa_state_machine));
582 if (sm == NULL)
583 return NULL;
584 os_memcpy(sm->addr, addr, ETH_ALEN);
585 if (p2p_dev_addr)
586 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
587
588 sm->wpa_auth = wpa_auth;
589 sm->group = wpa_auth->group;
590 wpa_group_get(sm->wpa_auth, sm->group);
591
592 return sm;
593 }
594
595
596 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
597 struct wpa_state_machine *sm)
598 {
599 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
600 return -1;
601
602 #ifdef CONFIG_IEEE80211R
603 if (sm->ft_completed) {
604 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
605 "FT authentication already completed - do not "
606 "start 4-way handshake");
607 /* Go to PTKINITDONE state to allow GTK rekeying */
608 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
609 return 0;
610 }
611 #endif /* CONFIG_IEEE80211R */
612
613 if (sm->started) {
614 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
615 sm->ReAuthenticationRequest = TRUE;
616 return wpa_sm_step(sm);
617 }
618
619 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
620 "start authentication");
621 sm->started = 1;
622
623 sm->Init = TRUE;
624 if (wpa_sm_step(sm) == 1)
625 return 1; /* should not really happen */
626 sm->Init = FALSE;
627 sm->AuthenticationRequest = TRUE;
628 return wpa_sm_step(sm);
629 }
630
631
632 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
633 {
634 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
635 * reassociates back to the same AP while the previous entry for the
636 * STA has not yet been removed. */
637 if (sm == NULL)
638 return;
639
640 sm->wpa_key_mgmt = 0;
641 }
642
643
644 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
645 {
646 #ifdef CONFIG_P2P
647 if (WPA_GET_BE32(sm->ip_addr)) {
648 u32 start;
649 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
650 "address %u.%u.%u.%u from " MACSTR,
651 sm->ip_addr[0], sm->ip_addr[1],
652 sm->ip_addr[2], sm->ip_addr[3],
653 MAC2STR(sm->addr));
654 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
655 bitfield_clear(sm->wpa_auth->ip_pool,
656 WPA_GET_BE32(sm->ip_addr) - start);
657 }
658 #endif /* CONFIG_P2P */
659 if (sm->GUpdateStationKeys) {
660 sm->group->GKeyDoneStations--;
661 sm->GUpdateStationKeys = FALSE;
662 }
663 #ifdef CONFIG_IEEE80211R
664 os_free(sm->assoc_resp_ftie);
665 wpabuf_free(sm->ft_pending_req_ies);
666 #endif /* CONFIG_IEEE80211R */
667 os_free(sm->last_rx_eapol_key);
668 os_free(sm->wpa_ie);
669 wpa_group_put(sm->wpa_auth, sm->group);
670 os_free(sm);
671 }
672
673
674 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
675 {
676 if (sm == NULL)
677 return;
678
679 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
680 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
681 "strict rekeying - force GTK rekey since STA "
682 "is leaving");
683 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
684 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
685 NULL);
686 }
687
688 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
689 sm->pending_1_of_4_timeout = 0;
690 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
691 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
692 if (sm->in_step_loop) {
693 /* Must not free state machine while wpa_sm_step() is running.
694 * Freeing will be completed in the end of wpa_sm_step(). */
695 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
696 "machine deinit for " MACSTR, MAC2STR(sm->addr));
697 sm->pending_deinit = 1;
698 } else
699 wpa_free_sta_sm(sm);
700 }
701
702
703 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
704 {
705 if (sm == NULL)
706 return;
707
708 sm->PTKRequest = TRUE;
709 sm->PTK_valid = 0;
710 }
711
712
713 static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
714 const u8 *replay_counter)
715 {
716 int i;
717 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
718 if (!ctr[i].valid)
719 break;
720 if (os_memcmp(replay_counter, ctr[i].counter,
721 WPA_REPLAY_COUNTER_LEN) == 0)
722 return 1;
723 }
724 return 0;
725 }
726
727
728 static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
729 const u8 *replay_counter)
730 {
731 int i;
732 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
733 if (ctr[i].valid &&
734 (replay_counter == NULL ||
735 os_memcmp(replay_counter, ctr[i].counter,
736 WPA_REPLAY_COUNTER_LEN) == 0))
737 ctr[i].valid = FALSE;
738 }
739 }
740
741
742 #ifdef CONFIG_IEEE80211R
743 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
744 struct wpa_state_machine *sm,
745 struct wpa_eapol_ie_parse *kde)
746 {
747 struct wpa_ie_data ie;
748 struct rsn_mdie *mdie;
749
750 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
751 ie.num_pmkid != 1 || ie.pmkid == NULL) {
752 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
753 "FT 4-way handshake message 2/4");
754 return -1;
755 }
756
757 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
758 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
759 sm->sup_pmk_r1_name, PMKID_LEN);
760
761 if (!kde->mdie || !kde->ftie) {
762 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
763 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
764 return -1;
765 }
766
767 mdie = (struct rsn_mdie *) (kde->mdie + 2);
768 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
769 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
770 MOBILITY_DOMAIN_ID_LEN) != 0) {
771 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
772 return -1;
773 }
774
775 if (sm->assoc_resp_ftie &&
776 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
777 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
778 2 + sm->assoc_resp_ftie[1]) != 0)) {
779 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
780 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
781 kde->ftie, kde->ftie_len);
782 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
783 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
784 return -1;
785 }
786
787 return 0;
788 }
789 #endif /* CONFIG_IEEE80211R */
790
791
792 static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
793 struct wpa_state_machine *sm, int group)
794 {
795 /* Supplicant reported a Michael MIC error */
796 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
797 "received EAPOL-Key Error Request "
798 "(STA detected Michael MIC failure (group=%d))",
799 group);
800
801 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
802 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
803 "ignore Michael MIC failure report since "
804 "group cipher is not TKIP");
805 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
806 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
807 "ignore Michael MIC failure report since "
808 "pairwise cipher is not TKIP");
809 } else {
810 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
811 return 1; /* STA entry was removed */
812 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
813 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
814 }
815
816 /*
817 * Error report is not a request for a new key handshake, but since
818 * Authenticator may do it, let's change the keys now anyway.
819 */
820 wpa_request_new_ptk(sm);
821 return 0;
822 }
823
824
825 static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
826 size_t data_len)
827 {
828 struct wpa_ptk PTK;
829 int ok = 0;
830 const u8 *pmk = NULL;
831 unsigned int pmk_len;
832
833 for (;;) {
834 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
835 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
836 sm->p2p_dev_addr, pmk);
837 if (pmk == NULL)
838 break;
839 pmk_len = PMK_LEN;
840 } else {
841 pmk = sm->PMK;
842 pmk_len = sm->pmk_len;
843 }
844
845 wpa_derive_ptk(sm, sm->alt_SNonce, pmk, pmk_len, &PTK);
846
847 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len)
848 == 0) {
849 ok = 1;
850 break;
851 }
852
853 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
854 break;
855 }
856
857 if (!ok) {
858 wpa_printf(MSG_DEBUG,
859 "WPA: Earlier SNonce did not result in matching MIC");
860 return -1;
861 }
862
863 wpa_printf(MSG_DEBUG,
864 "WPA: Earlier SNonce resulted in matching MIC");
865 sm->alt_snonce_valid = 0;
866 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
867 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
868 sm->PTK_valid = TRUE;
869
870 return 0;
871 }
872
873
874 void wpa_receive(struct wpa_authenticator *wpa_auth,
875 struct wpa_state_machine *sm,
876 u8 *data, size_t data_len)
877 {
878 struct ieee802_1x_hdr *hdr;
879 struct wpa_eapol_key *key;
880 u16 key_info, key_data_length;
881 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
882 SMK_M1, SMK_M3, SMK_ERROR } msg;
883 char *msgtxt;
884 struct wpa_eapol_ie_parse kde;
885 int ft;
886 const u8 *eapol_key_ie, *key_data;
887 size_t eapol_key_ie_len, keyhdrlen, mic_len;
888 u8 *mic;
889
890 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
891 return;
892 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL data", data, data_len);
893
894 mic_len = wpa_mic_len(sm->wpa_key_mgmt);
895 keyhdrlen = sizeof(*key) + mic_len + 2;
896
897 if (data_len < sizeof(*hdr) + keyhdrlen) {
898 wpa_printf(MSG_DEBUG, "WPA: Ignore too short EAPOL-Key frame");
899 return;
900 }
901
902 hdr = (struct ieee802_1x_hdr *) data;
903 key = (struct wpa_eapol_key *) (hdr + 1);
904 mic = (u8 *) (key + 1);
905 key_info = WPA_GET_BE16(key->key_info);
906 key_data = mic + mic_len + 2;
907 key_data_length = WPA_GET_BE16(mic + mic_len);
908 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
909 " key_info=0x%x type=%u mic_len=%u key_data_length=%u",
910 MAC2STR(sm->addr), key_info, key->type,
911 (unsigned int) mic_len, key_data_length);
912 wpa_hexdump(MSG_MSGDUMP,
913 "WPA: EAPOL-Key header (ending before Key MIC)",
914 key, sizeof(*key));
915 wpa_hexdump(MSG_MSGDUMP, "WPA: EAPOL-Key Key MIC",
916 mic, mic_len);
917 if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
918 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
919 "key_data overflow (%d > %lu)",
920 key_data_length,
921 (unsigned long) (data_len - sizeof(*hdr) -
922 keyhdrlen));
923 return;
924 }
925
926 if (sm->wpa == WPA_VERSION_WPA2) {
927 if (key->type == EAPOL_KEY_TYPE_WPA) {
928 /*
929 * Some deployed station implementations seem to send
930 * msg 4/4 with incorrect type value in WPA2 mode.
931 */
932 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
933 "with unexpected WPA type in RSN mode");
934 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
935 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
936 "unexpected type %d in RSN mode",
937 key->type);
938 return;
939 }
940 } else {
941 if (key->type != EAPOL_KEY_TYPE_WPA) {
942 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
943 "unexpected type %d in WPA mode",
944 key->type);
945 return;
946 }
947 }
948
949 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
950 WPA_NONCE_LEN);
951 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
952 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
953
954 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
955 * are set */
956
957 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
958 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
959 if (key_info & WPA_KEY_INFO_ERROR) {
960 msg = SMK_ERROR;
961 msgtxt = "SMK Error";
962 } else {
963 msg = SMK_M1;
964 msgtxt = "SMK M1";
965 }
966 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
967 msg = SMK_M3;
968 msgtxt = "SMK M3";
969 } else if (key_info & WPA_KEY_INFO_REQUEST) {
970 msg = REQUEST;
971 msgtxt = "Request";
972 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
973 msg = GROUP_2;
974 msgtxt = "2/2 Group";
975 } else if (key_data_length == 0) {
976 msg = PAIRWISE_4;
977 msgtxt = "4/4 Pairwise";
978 } else {
979 msg = PAIRWISE_2;
980 msgtxt = "2/4 Pairwise";
981 }
982
983 /* TODO: key_info type validation for PeerKey */
984 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
985 msg == GROUP_2) {
986 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
987 if (sm->pairwise == WPA_CIPHER_CCMP ||
988 sm->pairwise == WPA_CIPHER_GCMP) {
989 if (wpa_use_aes_cmac(sm) &&
990 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
991 !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
992 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
993 wpa_auth_logger(wpa_auth, sm->addr,
994 LOGGER_WARNING,
995 "advertised support for "
996 "AES-128-CMAC, but did not "
997 "use it");
998 return;
999 }
1000
1001 if (!wpa_use_aes_cmac(sm) &&
1002 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1003 wpa_auth_logger(wpa_auth, sm->addr,
1004 LOGGER_WARNING,
1005 "did not use HMAC-SHA1-AES "
1006 "with CCMP/GCMP");
1007 return;
1008 }
1009 }
1010
1011 if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
1012 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1013 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1014 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
1015 return;
1016 }
1017 }
1018
1019 if (key_info & WPA_KEY_INFO_REQUEST) {
1020 if (sm->req_replay_counter_used &&
1021 os_memcmp(key->replay_counter, sm->req_replay_counter,
1022 WPA_REPLAY_COUNTER_LEN) <= 0) {
1023 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1024 "received EAPOL-Key request with "
1025 "replayed counter");
1026 return;
1027 }
1028 }
1029
1030 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
1031 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
1032 int i;
1033
1034 if (msg == PAIRWISE_2 &&
1035 wpa_replay_counter_valid(sm->prev_key_replay,
1036 key->replay_counter) &&
1037 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1038 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
1039 {
1040 /*
1041 * Some supplicant implementations (e.g., Windows XP
1042 * WZC) update SNonce for each EAPOL-Key 2/4. This
1043 * breaks the workaround on accepting any of the
1044 * pending requests, so allow the SNonce to be updated
1045 * even if we have already sent out EAPOL-Key 3/4.
1046 */
1047 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1048 "Process SNonce update from STA "
1049 "based on retransmitted EAPOL-Key "
1050 "1/4");
1051 sm->update_snonce = 1;
1052 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1053 sm->alt_snonce_valid = TRUE;
1054 os_memcpy(sm->alt_replay_counter,
1055 sm->key_replay[0].counter,
1056 WPA_REPLAY_COUNTER_LEN);
1057 goto continue_processing;
1058 }
1059
1060 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1061 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1062 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1063 WPA_REPLAY_COUNTER_LEN) == 0) {
1064 /*
1065 * Supplicant may still be using the old SNonce since
1066 * there was two EAPOL-Key 2/4 messages and they had
1067 * different SNonce values.
1068 */
1069 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1070 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
1071 goto continue_processing;
1072 }
1073
1074 if (msg == PAIRWISE_2 &&
1075 wpa_replay_counter_valid(sm->prev_key_replay,
1076 key->replay_counter) &&
1077 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1078 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1079 "ignore retransmitted EAPOL-Key %s - "
1080 "SNonce did not change", msgtxt);
1081 } else {
1082 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1083 "received EAPOL-Key %s with "
1084 "unexpected replay counter", msgtxt);
1085 }
1086 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
1087 if (!sm->key_replay[i].valid)
1088 break;
1089 wpa_hexdump(MSG_DEBUG, "pending replay counter",
1090 sm->key_replay[i].counter,
1091 WPA_REPLAY_COUNTER_LEN);
1092 }
1093 wpa_hexdump(MSG_DEBUG, "received replay counter",
1094 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1095 return;
1096 }
1097
1098 continue_processing:
1099 switch (msg) {
1100 case PAIRWISE_2:
1101 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
1102 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1103 (!sm->update_snonce ||
1104 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
1105 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1106 "received EAPOL-Key msg 2/4 in "
1107 "invalid state (%d) - dropped",
1108 sm->wpa_ptk_state);
1109 return;
1110 }
1111 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
1112 if (sm->group->reject_4way_hs_for_entropy) {
1113 /*
1114 * The system did not have enough entropy to generate
1115 * strong random numbers. Reject the first 4-way
1116 * handshake(s) and collect some entropy based on the
1117 * information from it. Once enough entropy is
1118 * available, the next atempt will trigger GMK/Key
1119 * Counter update and the station will be allowed to
1120 * continue.
1121 */
1122 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
1123 "collect more entropy for random number "
1124 "generation");
1125 random_mark_pool_ready();
1126 wpa_sta_disconnect(wpa_auth, sm->addr);
1127 return;
1128 }
1129 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
1130 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1131 "received EAPOL-Key msg 2/4 with "
1132 "invalid Key Data contents");
1133 return;
1134 }
1135 if (kde.rsn_ie) {
1136 eapol_key_ie = kde.rsn_ie;
1137 eapol_key_ie_len = kde.rsn_ie_len;
1138 } else if (kde.osen) {
1139 eapol_key_ie = kde.osen;
1140 eapol_key_ie_len = kde.osen_len;
1141 } else {
1142 eapol_key_ie = kde.wpa_ie;
1143 eapol_key_ie_len = kde.wpa_ie_len;
1144 }
1145 ft = sm->wpa == WPA_VERSION_WPA2 &&
1146 wpa_key_mgmt_ft(sm->wpa_key_mgmt);
1147 if (sm->wpa_ie == NULL ||
1148 wpa_compare_rsn_ie(ft,
1149 sm->wpa_ie, sm->wpa_ie_len,
1150 eapol_key_ie, eapol_key_ie_len)) {
1151 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1152 "WPA IE from (Re)AssocReq did not "
1153 "match with msg 2/4");
1154 if (sm->wpa_ie) {
1155 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
1156 sm->wpa_ie, sm->wpa_ie_len);
1157 }
1158 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
1159 eapol_key_ie, eapol_key_ie_len);
1160 /* MLME-DEAUTHENTICATE.request */
1161 wpa_sta_disconnect(wpa_auth, sm->addr);
1162 return;
1163 }
1164 #ifdef CONFIG_IEEE80211R
1165 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
1166 wpa_sta_disconnect(wpa_auth, sm->addr);
1167 return;
1168 }
1169 #endif /* CONFIG_IEEE80211R */
1170 #ifdef CONFIG_P2P
1171 if (kde.ip_addr_req && kde.ip_addr_req[0] &&
1172 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
1173 int idx;
1174 wpa_printf(MSG_DEBUG, "P2P: IP address requested in "
1175 "EAPOL-Key exchange");
1176 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
1177 if (idx >= 0) {
1178 u32 start = WPA_GET_BE32(wpa_auth->conf.
1179 ip_addr_start);
1180 bitfield_set(wpa_auth->ip_pool, idx);
1181 WPA_PUT_BE32(sm->ip_addr, start + idx);
1182 wpa_printf(MSG_DEBUG, "P2P: Assigned IP "
1183 "address %u.%u.%u.%u to " MACSTR,
1184 sm->ip_addr[0], sm->ip_addr[1],
1185 sm->ip_addr[2], sm->ip_addr[3],
1186 MAC2STR(sm->addr));
1187 }
1188 }
1189 #endif /* CONFIG_P2P */
1190 break;
1191 case PAIRWISE_4:
1192 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1193 !sm->PTK_valid) {
1194 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1195 "received EAPOL-Key msg 4/4 in "
1196 "invalid state (%d) - dropped",
1197 sm->wpa_ptk_state);
1198 return;
1199 }
1200 break;
1201 case GROUP_2:
1202 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1203 || !sm->PTK_valid) {
1204 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1205 "received EAPOL-Key msg 2/2 in "
1206 "invalid state (%d) - dropped",
1207 sm->wpa_ptk_group_state);
1208 return;
1209 }
1210 break;
1211 #ifdef CONFIG_PEERKEY
1212 case SMK_M1:
1213 case SMK_M3:
1214 case SMK_ERROR:
1215 if (!wpa_auth->conf.peerkey) {
1216 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
1217 "PeerKey use disabled - ignoring message");
1218 return;
1219 }
1220 if (!sm->PTK_valid) {
1221 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1222 "received EAPOL-Key msg SMK in "
1223 "invalid state - dropped");
1224 return;
1225 }
1226 break;
1227 #else /* CONFIG_PEERKEY */
1228 case SMK_M1:
1229 case SMK_M3:
1230 case SMK_ERROR:
1231 return; /* STSL disabled - ignore SMK messages */
1232 #endif /* CONFIG_PEERKEY */
1233 case REQUEST:
1234 break;
1235 }
1236
1237 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1238 "received EAPOL-Key frame (%s)", msgtxt);
1239
1240 if (key_info & WPA_KEY_INFO_ACK) {
1241 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1242 "received invalid EAPOL-Key: Key Ack set");
1243 return;
1244 }
1245
1246 if (!(key_info & WPA_KEY_INFO_MIC)) {
1247 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1248 "received invalid EAPOL-Key: Key MIC not set");
1249 return;
1250 }
1251
1252 sm->MICVerified = FALSE;
1253 if (sm->PTK_valid && !sm->update_snonce) {
1254 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,
1255 data_len) &&
1256 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1257 wpa_try_alt_snonce(sm, data, data_len))) {
1258 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1259 "received EAPOL-Key with invalid MIC");
1260 return;
1261 }
1262 sm->MICVerified = TRUE;
1263 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
1264 sm->pending_1_of_4_timeout = 0;
1265 }
1266
1267 if (key_info & WPA_KEY_INFO_REQUEST) {
1268 if (sm->MICVerified) {
1269 sm->req_replay_counter_used = 1;
1270 os_memcpy(sm->req_replay_counter, key->replay_counter,
1271 WPA_REPLAY_COUNTER_LEN);
1272 } else {
1273 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1274 "received EAPOL-Key request with "
1275 "invalid MIC");
1276 return;
1277 }
1278
1279 /*
1280 * TODO: should decrypt key data field if encryption was used;
1281 * even though MAC address KDE is not normally encrypted,
1282 * supplicant is allowed to encrypt it.
1283 */
1284 if (msg == SMK_ERROR) {
1285 #ifdef CONFIG_PEERKEY
1286 wpa_smk_error(wpa_auth, sm, key_data, key_data_length);
1287 #endif /* CONFIG_PEERKEY */
1288 return;
1289 } else if (key_info & WPA_KEY_INFO_ERROR) {
1290 if (wpa_receive_error_report(
1291 wpa_auth, sm,
1292 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1293 return; /* STA entry was removed */
1294 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1295 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1296 "received EAPOL-Key Request for new "
1297 "4-Way Handshake");
1298 wpa_request_new_ptk(sm);
1299 #ifdef CONFIG_PEERKEY
1300 } else if (msg == SMK_M1) {
1301 wpa_smk_m1(wpa_auth, sm, key, key_data,
1302 key_data_length);
1303 #endif /* CONFIG_PEERKEY */
1304 } else if (key_data_length > 0 &&
1305 wpa_parse_kde_ies(key_data, key_data_length,
1306 &kde) == 0 &&
1307 kde.mac_addr) {
1308 } else {
1309 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1310 "received EAPOL-Key Request for GTK "
1311 "rekeying");
1312 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1313 wpa_rekey_gtk(wpa_auth, NULL);
1314 }
1315 } else {
1316 /* Do not allow the same key replay counter to be reused. */
1317 wpa_replay_counter_mark_invalid(sm->key_replay,
1318 key->replay_counter);
1319
1320 if (msg == PAIRWISE_2) {
1321 /*
1322 * Maintain a copy of the pending EAPOL-Key frames in
1323 * case the EAPOL-Key frame was retransmitted. This is
1324 * needed to allow EAPOL-Key msg 2/4 reply to another
1325 * pending msg 1/4 to update the SNonce to work around
1326 * unexpected supplicant behavior.
1327 */
1328 os_memcpy(sm->prev_key_replay, sm->key_replay,
1329 sizeof(sm->key_replay));
1330 } else {
1331 os_memset(sm->prev_key_replay, 0,
1332 sizeof(sm->prev_key_replay));
1333 }
1334
1335 /*
1336 * Make sure old valid counters are not accepted anymore and
1337 * do not get copied again.
1338 */
1339 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
1340 }
1341
1342 #ifdef CONFIG_PEERKEY
1343 if (msg == SMK_M3) {
1344 wpa_smk_m3(wpa_auth, sm, key, key_data, key_data_length);
1345 return;
1346 }
1347 #endif /* CONFIG_PEERKEY */
1348
1349 os_free(sm->last_rx_eapol_key);
1350 sm->last_rx_eapol_key = os_malloc(data_len);
1351 if (sm->last_rx_eapol_key == NULL)
1352 return;
1353 os_memcpy(sm->last_rx_eapol_key, data, data_len);
1354 sm->last_rx_eapol_key_len = data_len;
1355
1356 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
1357 sm->EAPOLKeyReceived = TRUE;
1358 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1359 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1360 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1361 wpa_sm_step(sm);
1362 }
1363
1364
1365 static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1366 const u8 *gnonce, u8 *gtk, size_t gtk_len)
1367 {
1368 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1369 u8 *pos;
1370 int ret = 0;
1371
1372 /* GTK = PRF-X(GMK, "Group key expansion",
1373 * AA || GNonce || Time || random data)
1374 * The example described in the IEEE 802.11 standard uses only AA and
1375 * GNonce as inputs here. Add some more entropy since this derivation
1376 * is done only at the Authenticator and as such, does not need to be
1377 * exactly same.
1378 */
1379 os_memcpy(data, addr, ETH_ALEN);
1380 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
1381 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1382 wpa_get_ntp_timestamp(pos);
1383 pos += 8;
1384 if (random_get_bytes(pos, 16) < 0)
1385 ret = -1;
1386
1387 #ifdef CONFIG_IEEE80211W
1388 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
1389 #else /* CONFIG_IEEE80211W */
1390 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1391 < 0)
1392 ret = -1;
1393 #endif /* CONFIG_IEEE80211W */
1394
1395 return ret;
1396 }
1397
1398
1399 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1400 {
1401 struct wpa_authenticator *wpa_auth = eloop_ctx;
1402 struct wpa_state_machine *sm = timeout_ctx;
1403
1404 sm->pending_1_of_4_timeout = 0;
1405 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1406 sm->TimeoutEvt = TRUE;
1407 wpa_sm_step(sm);
1408 }
1409
1410
1411 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1412 struct wpa_state_machine *sm, int key_info,
1413 const u8 *key_rsc, const u8 *nonce,
1414 const u8 *kde, size_t kde_len,
1415 int keyidx, int encr, int force_version)
1416 {
1417 struct ieee802_1x_hdr *hdr;
1418 struct wpa_eapol_key *key;
1419 size_t len, mic_len, keyhdrlen;
1420 int alg;
1421 int key_data_len, pad_len = 0;
1422 u8 *buf, *pos;
1423 int version, pairwise;
1424 int i;
1425 u8 *key_mic, *key_data;
1426
1427 mic_len = wpa_mic_len(sm->wpa_key_mgmt);
1428 keyhdrlen = sizeof(*key) + mic_len + 2;
1429
1430 len = sizeof(struct ieee802_1x_hdr) + keyhdrlen;
1431
1432 if (force_version)
1433 version = force_version;
1434 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
1435 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
1436 wpa_key_mgmt_fils(sm->wpa_key_mgmt))
1437 version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
1438 else if (wpa_use_aes_cmac(sm))
1439 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
1440 else if (sm->pairwise != WPA_CIPHER_TKIP)
1441 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1442 else
1443 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1444
1445 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1446
1447 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1448 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1449 "encr=%d)",
1450 version,
1451 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1452 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1453 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1454 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1455 pairwise, (unsigned long) kde_len, keyidx, encr);
1456
1457 key_data_len = kde_len;
1458
1459 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1460 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
1461 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
1462 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1463 pad_len = key_data_len % 8;
1464 if (pad_len)
1465 pad_len = 8 - pad_len;
1466 key_data_len += pad_len + 8;
1467 }
1468
1469 len += key_data_len;
1470
1471 hdr = os_zalloc(len);
1472 if (hdr == NULL)
1473 return;
1474 hdr->version = wpa_auth->conf.eapol_version;
1475 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1476 hdr->length = host_to_be16(len - sizeof(*hdr));
1477 key = (struct wpa_eapol_key *) (hdr + 1);
1478 key_mic = (u8 *) (key + 1);
1479 key_data = ((u8 *) (hdr + 1)) + keyhdrlen;
1480
1481 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1482 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1483 key_info |= version;
1484 if (encr && sm->wpa == WPA_VERSION_WPA2)
1485 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1486 if (sm->wpa != WPA_VERSION_WPA2)
1487 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1488 WPA_PUT_BE16(key->key_info, key_info);
1489
1490 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1491 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
1492 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1493 WPA_PUT_BE16(key->key_length, 0);
1494
1495 /* FIX: STSL: what to use as key_replay_counter? */
1496 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1497 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1498 os_memcpy(sm->key_replay[i].counter,
1499 sm->key_replay[i - 1].counter,
1500 WPA_REPLAY_COUNTER_LEN);
1501 }
1502 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1503 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
1504 WPA_REPLAY_COUNTER_LEN);
1505 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
1506 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1507 sm->key_replay[0].valid = TRUE;
1508
1509 if (nonce)
1510 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1511
1512 if (key_rsc)
1513 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1514
1515 if (kde && !encr) {
1516 os_memcpy(key_data, kde, kde_len);
1517 WPA_PUT_BE16(key_mic + mic_len, kde_len);
1518 } else if (encr && kde) {
1519 buf = os_zalloc(key_data_len);
1520 if (buf == NULL) {
1521 os_free(hdr);
1522 return;
1523 }
1524 pos = buf;
1525 os_memcpy(pos, kde, kde_len);
1526 pos += kde_len;
1527
1528 if (pad_len)
1529 *pos++ = 0xdd;
1530
1531 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1532 buf, key_data_len);
1533 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1534 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
1535 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
1536 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1537 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
1538 (key_data_len - 8) / 8, buf, key_data)) {
1539 os_free(hdr);
1540 os_free(buf);
1541 return;
1542 }
1543 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
1544 #ifndef CONFIG_NO_RC4
1545 } else if (sm->PTK.kek_len == 16) {
1546 u8 ek[32];
1547 os_memcpy(key->key_iv,
1548 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1549 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1550 os_memcpy(ek, key->key_iv, 16);
1551 os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len);
1552 os_memcpy(key_data, buf, key_data_len);
1553 rc4_skip(ek, 32, 256, key_data, key_data_len);
1554 WPA_PUT_BE16(key_mic + mic_len, key_data_len);
1555 #endif /* CONFIG_NO_RC4 */
1556 } else {
1557 os_free(hdr);
1558 os_free(buf);
1559 return;
1560 }
1561 os_free(buf);
1562 }
1563
1564 if (key_info & WPA_KEY_INFO_MIC) {
1565 if (!sm->PTK_valid) {
1566 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1567 "PTK not valid when sending EAPOL-Key "
1568 "frame");
1569 os_free(hdr);
1570 return;
1571 }
1572
1573 wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len,
1574 sm->wpa_key_mgmt, version,
1575 (u8 *) hdr, len, key_mic);
1576 #ifdef CONFIG_TESTING_OPTIONS
1577 if (!pairwise &&
1578 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
1579 drand48() <
1580 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1581 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1582 "Corrupting group EAPOL-Key Key MIC");
1583 key_mic[0]++;
1584 }
1585 #endif /* CONFIG_TESTING_OPTIONS */
1586 }
1587
1588 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1589 1);
1590 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1591 sm->pairwise_set);
1592 os_free(hdr);
1593 }
1594
1595
1596 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1597 struct wpa_state_machine *sm, int key_info,
1598 const u8 *key_rsc, const u8 *nonce,
1599 const u8 *kde, size_t kde_len,
1600 int keyidx, int encr)
1601 {
1602 int timeout_ms;
1603 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1604 int ctr;
1605
1606 if (sm == NULL)
1607 return;
1608
1609 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1610 keyidx, encr, 0);
1611
1612 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1613 if (ctr == 1 && wpa_auth->conf.tx_status)
1614 timeout_ms = pairwise ? eapol_key_timeout_first :
1615 eapol_key_timeout_first_group;
1616 else
1617 timeout_ms = eapol_key_timeout_subseq;
1618 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1619 sm->pending_1_of_4_timeout = 1;
1620 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1621 "counter %d)", timeout_ms, ctr);
1622 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1623 wpa_send_eapol_timeout, wpa_auth, sm);
1624 }
1625
1626
1627 static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
1628 size_t data_len)
1629 {
1630 struct ieee802_1x_hdr *hdr;
1631 struct wpa_eapol_key *key;
1632 u16 key_info;
1633 int ret = 0;
1634 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN], *mic_pos;
1635 size_t mic_len = wpa_mic_len(akmp);
1636
1637 if (data_len < sizeof(*hdr) + sizeof(*key))
1638 return -1;
1639
1640 hdr = (struct ieee802_1x_hdr *) data;
1641 key = (struct wpa_eapol_key *) (hdr + 1);
1642 mic_pos = (u8 *) (key + 1);
1643 key_info = WPA_GET_BE16(key->key_info);
1644 os_memcpy(mic, mic_pos, mic_len);
1645 os_memset(mic_pos, 0, mic_len);
1646 if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp,
1647 key_info & WPA_KEY_INFO_TYPE_MASK,
1648 data, data_len, mic_pos) ||
1649 os_memcmp_const(mic, mic_pos, mic_len) != 0)
1650 ret = -1;
1651 os_memcpy(mic_pos, mic, mic_len);
1652 return ret;
1653 }
1654
1655
1656 void wpa_remove_ptk(struct wpa_state_machine *sm)
1657 {
1658 sm->PTK_valid = FALSE;
1659 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1660 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
1661 sm->pairwise_set = FALSE;
1662 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1663 }
1664
1665
1666 int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
1667 {
1668 int remove_ptk = 1;
1669
1670 if (sm == NULL)
1671 return -1;
1672
1673 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1674 "event %d notification", event);
1675
1676 switch (event) {
1677 case WPA_AUTH:
1678 #ifdef CONFIG_MESH
1679 /* PTKs are derived through AMPE */
1680 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1681 /* not mesh */
1682 break;
1683 }
1684 return 0;
1685 #endif /* CONFIG_MESH */
1686 case WPA_ASSOC:
1687 break;
1688 case WPA_DEAUTH:
1689 case WPA_DISASSOC:
1690 sm->DeauthenticationRequest = TRUE;
1691 break;
1692 case WPA_REAUTH:
1693 case WPA_REAUTH_EAPOL:
1694 if (!sm->started) {
1695 /*
1696 * When using WPS, we may end up here if the STA
1697 * manages to re-associate without the previous STA
1698 * entry getting removed. Consequently, we need to make
1699 * sure that the WPA state machines gets initialized
1700 * properly at this point.
1701 */
1702 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1703 "started - initialize now");
1704 sm->started = 1;
1705 sm->Init = TRUE;
1706 if (wpa_sm_step(sm) == 1)
1707 return 1; /* should not really happen */
1708 sm->Init = FALSE;
1709 sm->AuthenticationRequest = TRUE;
1710 break;
1711 }
1712 if (sm->GUpdateStationKeys) {
1713 /*
1714 * Reauthentication cancels the pending group key
1715 * update for this STA.
1716 */
1717 sm->group->GKeyDoneStations--;
1718 sm->GUpdateStationKeys = FALSE;
1719 sm->PtkGroupInit = TRUE;
1720 }
1721 sm->ReAuthenticationRequest = TRUE;
1722 break;
1723 case WPA_ASSOC_FT:
1724 #ifdef CONFIG_IEEE80211R
1725 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1726 "after association");
1727 wpa_ft_install_ptk(sm);
1728
1729 /* Using FT protocol, not WPA auth state machine */
1730 sm->ft_completed = 1;
1731 return 0;
1732 #else /* CONFIG_IEEE80211R */
1733 break;
1734 #endif /* CONFIG_IEEE80211R */
1735 }
1736
1737 #ifdef CONFIG_IEEE80211R
1738 sm->ft_completed = 0;
1739 #endif /* CONFIG_IEEE80211R */
1740
1741 #ifdef CONFIG_IEEE80211W
1742 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1743 remove_ptk = 0;
1744 #endif /* CONFIG_IEEE80211W */
1745
1746 if (remove_ptk) {
1747 sm->PTK_valid = FALSE;
1748 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1749
1750 if (event != WPA_REAUTH_EAPOL)
1751 wpa_remove_ptk(sm);
1752 }
1753
1754 if (sm->in_step_loop) {
1755 /*
1756 * wpa_sm_step() is already running - avoid recursive call to
1757 * it by making the existing loop process the new update.
1758 */
1759 sm->changed = TRUE;
1760 return 0;
1761 }
1762 return wpa_sm_step(sm);
1763 }
1764
1765
1766 SM_STATE(WPA_PTK, INITIALIZE)
1767 {
1768 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1769 if (sm->Init) {
1770 /* Init flag is not cleared here, so avoid busy
1771 * loop by claiming nothing changed. */
1772 sm->changed = FALSE;
1773 }
1774
1775 sm->keycount = 0;
1776 if (sm->GUpdateStationKeys)
1777 sm->group->GKeyDoneStations--;
1778 sm->GUpdateStationKeys = FALSE;
1779 if (sm->wpa == WPA_VERSION_WPA)
1780 sm->PInitAKeys = FALSE;
1781 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1782 * Local AA > Remote AA)) */) {
1783 sm->Pair = TRUE;
1784 }
1785 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1786 wpa_remove_ptk(sm);
1787 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1788 sm->TimeoutCtr = 0;
1789 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1790 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1791 WPA_EAPOL_authorized, 0);
1792 }
1793 }
1794
1795
1796 SM_STATE(WPA_PTK, DISCONNECT)
1797 {
1798 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1799 sm->Disconnect = FALSE;
1800 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1801 }
1802
1803
1804 SM_STATE(WPA_PTK, DISCONNECTED)
1805 {
1806 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1807 sm->DeauthenticationRequest = FALSE;
1808 }
1809
1810
1811 SM_STATE(WPA_PTK, AUTHENTICATION)
1812 {
1813 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1814 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1815 sm->PTK_valid = FALSE;
1816 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1817 1);
1818 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1819 sm->AuthenticationRequest = FALSE;
1820 }
1821
1822
1823 static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1824 struct wpa_group *group)
1825 {
1826 if (group->first_sta_seen)
1827 return;
1828 /*
1829 * System has run bit further than at the time hostapd was started
1830 * potentially very early during boot up. This provides better chances
1831 * of collecting more randomness on embedded systems. Re-initialize the
1832 * GMK and Counter here to improve their strength if there was not
1833 * enough entropy available immediately after system startup.
1834 */
1835 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1836 "station");
1837 if (random_pool_ready() != 1) {
1838 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1839 "to proceed - reject first 4-way handshake");
1840 group->reject_4way_hs_for_entropy = TRUE;
1841 } else {
1842 group->first_sta_seen = TRUE;
1843 group->reject_4way_hs_for_entropy = FALSE;
1844 }
1845
1846 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
1847 wpa_gtk_update(wpa_auth, group) < 0 ||
1848 wpa_group_config_group_keys(wpa_auth, group) < 0) {
1849 wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed");
1850 group->first_sta_seen = FALSE;
1851 group->reject_4way_hs_for_entropy = TRUE;
1852 }
1853 }
1854
1855
1856 SM_STATE(WPA_PTK, AUTHENTICATION2)
1857 {
1858 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1859
1860 wpa_group_ensure_init(sm->wpa_auth, sm->group);
1861 sm->ReAuthenticationRequest = FALSE;
1862
1863 /*
1864 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
1865 * ambiguous. The Authenticator state machine uses a counter that is
1866 * incremented by one for each 4-way handshake. However, the security
1867 * analysis of 4-way handshake points out that unpredictable nonces
1868 * help in preventing precomputation attacks. Instead of the state
1869 * machine definition, use an unpredictable nonce value here to provide
1870 * stronger protection against potential precomputation attacks.
1871 */
1872 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1873 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
1874 "ANonce.");
1875 sm->Disconnect = TRUE;
1876 return;
1877 }
1878 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1879 WPA_NONCE_LEN);
1880 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1881 * logical place than INITIALIZE since AUTHENTICATION2 can be
1882 * re-entered on ReAuthenticationRequest without going through
1883 * INITIALIZE. */
1884 sm->TimeoutCtr = 0;
1885 }
1886
1887
1888 SM_STATE(WPA_PTK, INITPMK)
1889 {
1890 u8 msk[2 * PMK_LEN];
1891 size_t len = 2 * PMK_LEN;
1892
1893 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1894 #ifdef CONFIG_IEEE80211R
1895 sm->xxkey_len = 0;
1896 #endif /* CONFIG_IEEE80211R */
1897 if (sm->pmksa) {
1898 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1899 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
1900 sm->pmk_len = sm->pmksa->pmk_len;
1901 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1902 unsigned int pmk_len;
1903
1904 if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
1905 pmk_len = PMK_LEN_SUITE_B_192;
1906 else
1907 pmk_len = PMK_LEN;
1908 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1909 "(MSK len=%lu PMK len=%u)", (unsigned long) len,
1910 pmk_len);
1911 if (len < pmk_len) {
1912 wpa_printf(MSG_DEBUG,
1913 "WPA: MSK not long enough (%u) to create PMK (%u)",
1914 (unsigned int) len, (unsigned int) pmk_len);
1915 sm->Disconnect = TRUE;
1916 return;
1917 }
1918 os_memcpy(sm->PMK, msk, pmk_len);
1919 sm->pmk_len = pmk_len;
1920 #ifdef CONFIG_IEEE80211R
1921 if (len >= 2 * PMK_LEN) {
1922 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1923 sm->xxkey_len = PMK_LEN;
1924 }
1925 #endif /* CONFIG_IEEE80211R */
1926 } else {
1927 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
1928 sm->wpa_auth->cb.get_msk);
1929 sm->Disconnect = TRUE;
1930 return;
1931 }
1932 os_memset(msk, 0, sizeof(msk));
1933
1934 sm->req_replay_counter_used = 0;
1935 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1936 * will break reauthentication since EAPOL state machines may not be
1937 * get into AUTHENTICATING state that clears keyRun before WPA state
1938 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1939 * state and takes PMK from the previously used AAA Key. This will
1940 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1941 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1942 * be good workaround for this issue. */
1943 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1944 }
1945
1946
1947 SM_STATE(WPA_PTK, INITPSK)
1948 {
1949 const u8 *psk;
1950 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1951 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL);
1952 if (psk) {
1953 os_memcpy(sm->PMK, psk, PMK_LEN);
1954 sm->pmk_len = PMK_LEN;
1955 #ifdef CONFIG_IEEE80211R
1956 os_memcpy(sm->xxkey, psk, PMK_LEN);
1957 sm->xxkey_len = PMK_LEN;
1958 #endif /* CONFIG_IEEE80211R */
1959 }
1960 sm->req_replay_counter_used = 0;
1961 }
1962
1963
1964 SM_STATE(WPA_PTK, PTKSTART)
1965 {
1966 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1967 size_t pmkid_len = 0;
1968
1969 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1970 sm->PTKRequest = FALSE;
1971 sm->TimeoutEvt = FALSE;
1972 sm->alt_snonce_valid = FALSE;
1973
1974 sm->TimeoutCtr++;
1975 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1976 /* No point in sending the EAPOL-Key - we will disconnect
1977 * immediately following this. */
1978 return;
1979 }
1980
1981 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1982 "sending 1/4 msg of 4-Way Handshake");
1983 /*
1984 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1985 * one possible PSK for this STA.
1986 */
1987 if (sm->wpa == WPA_VERSION_WPA2 &&
1988 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1989 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
1990 pmkid = buf;
1991 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1992 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1993 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1994 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1995 if (sm->pmksa) {
1996 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1997 sm->pmksa->pmkid, PMKID_LEN);
1998 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
1999 /* No KCK available to derive PMKID */
2000 pmkid = NULL;
2001 } else {
2002 /*
2003 * Calculate PMKID since no PMKSA cache entry was
2004 * available with pre-calculated PMKID.
2005 */
2006 rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr,
2007 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
2008 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
2009 }
2010 }
2011 wpa_send_eapol(sm->wpa_auth, sm,
2012 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
2013 sm->ANonce, pmkid, pmkid_len, 0, 0);
2014 }
2015
2016
2017 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
2018 const u8 *pmk, unsigned int pmk_len,
2019 struct wpa_ptk *ptk)
2020 {
2021 #ifdef CONFIG_IEEE80211R
2022 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
2023 return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
2024 #endif /* CONFIG_IEEE80211R */
2025
2026 return wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
2027 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
2028 ptk, sm->wpa_key_mgmt, sm->pairwise);
2029 }
2030
2031
2032 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
2033 {
2034 struct wpa_ptk PTK;
2035 int ok = 0, psk_found = 0;
2036 const u8 *pmk = NULL;
2037 unsigned int pmk_len;
2038
2039 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
2040 sm->EAPOLKeyReceived = FALSE;
2041 sm->update_snonce = FALSE;
2042
2043 /* WPA with IEEE 802.1X: use the derived PMK from EAP
2044 * WPA-PSK: iterate through possible PSKs and select the one matching
2045 * the packet */
2046 for (;;) {
2047 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
2048 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
2049 sm->p2p_dev_addr, pmk);
2050 if (pmk == NULL)
2051 break;
2052 psk_found = 1;
2053 pmk_len = PMK_LEN;
2054 } else {
2055 pmk = sm->PMK;
2056 pmk_len = sm->pmk_len;
2057 }
2058
2059 wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK);
2060
2061 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
2062 sm->last_rx_eapol_key,
2063 sm->last_rx_eapol_key_len) == 0) {
2064 ok = 1;
2065 break;
2066 }
2067
2068 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
2069 break;
2070 }
2071
2072 if (!ok) {
2073 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2074 "invalid MIC in msg 2/4 of 4-Way Handshake");
2075 if (psk_found)
2076 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
2077 return;
2078 }
2079
2080 #ifdef CONFIG_IEEE80211R
2081 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2082 /*
2083 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
2084 * with the value we derived.
2085 */
2086 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
2087 WPA_PMK_NAME_LEN) != 0) {
2088 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2089 "PMKR1Name mismatch in FT 4-way "
2090 "handshake");
2091 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
2092 "Supplicant",
2093 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
2094 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
2095 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2096 return;
2097 }
2098 }
2099 #endif /* CONFIG_IEEE80211R */
2100
2101 sm->pending_1_of_4_timeout = 0;
2102 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2103
2104 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
2105 /* PSK may have changed from the previous choice, so update
2106 * state machine data based on whatever PSK was selected here.
2107 */
2108 os_memcpy(sm->PMK, pmk, PMK_LEN);
2109 sm->pmk_len = PMK_LEN;
2110 }
2111
2112 sm->MICVerified = TRUE;
2113
2114 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
2115 sm->PTK_valid = TRUE;
2116 }
2117
2118
2119 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2120 {
2121 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2122 sm->TimeoutCtr = 0;
2123 }
2124
2125
2126 #ifdef CONFIG_IEEE80211W
2127
2128 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2129 {
2130 if (sm->mgmt_frame_prot) {
2131 size_t len;
2132 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2133 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
2134 }
2135
2136 return 0;
2137 }
2138
2139
2140 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2141 {
2142 struct wpa_igtk_kde igtk;
2143 struct wpa_group *gsm = sm->group;
2144 u8 rsc[WPA_KEY_RSC_LEN];
2145 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2146
2147 if (!sm->mgmt_frame_prot)
2148 return pos;
2149
2150 igtk.keyid[0] = gsm->GN_igtk;
2151 igtk.keyid[1] = 0;
2152 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
2153 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
2154 os_memset(igtk.pn, 0, sizeof(igtk.pn));
2155 else
2156 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
2157 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
2158 if (sm->wpa_auth->conf.disable_gtk) {
2159 /*
2160 * Provide unique random IGTK to each STA to prevent use of
2161 * IGTK in the BSS.
2162 */
2163 if (random_get_bytes(igtk.igtk, len) < 0)
2164 return pos;
2165 }
2166 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
2167 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
2168 NULL, 0);
2169
2170 return pos;
2171 }
2172
2173 #else /* CONFIG_IEEE80211W */
2174
2175 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2176 {
2177 return 0;
2178 }
2179
2180
2181 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2182 {
2183 return pos;
2184 }
2185
2186 #endif /* CONFIG_IEEE80211W */
2187
2188
2189 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
2190 {
2191 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
2192 size_t gtk_len, kde_len;
2193 struct wpa_group *gsm = sm->group;
2194 u8 *wpa_ie;
2195 int wpa_ie_len, secure, keyidx, encr = 0;
2196
2197 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
2198 sm->TimeoutEvt = FALSE;
2199
2200 sm->TimeoutCtr++;
2201 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
2202 /* No point in sending the EAPOL-Key - we will disconnect
2203 * immediately following this. */
2204 return;
2205 }
2206
2207 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
2208 GTK[GN], IGTK, [FTIE], [TIE * 2])
2209 */
2210 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2211 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2212 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
2213 wpa_ie = sm->wpa_auth->wpa_ie;
2214 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
2215 if (sm->wpa == WPA_VERSION_WPA &&
2216 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
2217 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
2218 /* WPA-only STA, remove RSN IE and possible MDIE */
2219 wpa_ie = wpa_ie + wpa_ie[1] + 2;
2220 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
2221 wpa_ie = wpa_ie + wpa_ie[1] + 2;
2222 wpa_ie_len = wpa_ie[1] + 2;
2223 }
2224 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2225 "sending 3/4 msg of 4-Way Handshake");
2226 if (sm->wpa == WPA_VERSION_WPA2) {
2227 /* WPA2 send GTK in the 4-way handshake */
2228 secure = 1;
2229 gtk = gsm->GTK[gsm->GN - 1];
2230 gtk_len = gsm->GTK_len;
2231 if (sm->wpa_auth->conf.disable_gtk) {
2232 /*
2233 * Provide unique random GTK to each STA to prevent use
2234 * of GTK in the BSS.
2235 */
2236 if (random_get_bytes(dummy_gtk, gtk_len) < 0)
2237 return;
2238 gtk = dummy_gtk;
2239 }
2240 keyidx = gsm->GN;
2241 _rsc = rsc;
2242 encr = 1;
2243 } else {
2244 /* WPA does not include GTK in msg 3/4 */
2245 secure = 0;
2246 gtk = NULL;
2247 gtk_len = 0;
2248 keyidx = 0;
2249 _rsc = NULL;
2250 if (sm->rx_eapol_key_secure) {
2251 /*
2252 * It looks like Windows 7 supplicant tries to use
2253 * Secure bit in msg 2/4 after having reported Michael
2254 * MIC failure and it then rejects the 4-way handshake
2255 * if msg 3/4 does not set Secure bit. Work around this
2256 * by setting the Secure bit here even in the case of
2257 * WPA if the supplicant used it first.
2258 */
2259 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2260 "STA used Secure bit in WPA msg 2/4 - "
2261 "set Secure for 3/4 as workaround");
2262 secure = 1;
2263 }
2264 }
2265
2266 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
2267 if (gtk)
2268 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
2269 #ifdef CONFIG_IEEE80211R
2270 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2271 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
2272 kde_len += 300; /* FTIE + 2 * TIE */
2273 }
2274 #endif /* CONFIG_IEEE80211R */
2275 #ifdef CONFIG_P2P
2276 if (WPA_GET_BE32(sm->ip_addr) > 0)
2277 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
2278 #endif /* CONFIG_P2P */
2279 kde = os_malloc(kde_len);
2280 if (kde == NULL)
2281 return;
2282
2283 pos = kde;
2284 os_memcpy(pos, wpa_ie, wpa_ie_len);
2285 pos += wpa_ie_len;
2286 #ifdef CONFIG_IEEE80211R
2287 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2288 int res;
2289 size_t elen;
2290
2291 elen = pos - kde;
2292 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
2293 if (res < 0) {
2294 wpa_printf(MSG_ERROR, "FT: Failed to insert "
2295 "PMKR1Name into RSN IE in EAPOL-Key data");
2296 os_free(kde);
2297 return;
2298 }
2299 pos -= wpa_ie_len;
2300 pos += elen;
2301 }
2302 #endif /* CONFIG_IEEE80211R */
2303 if (gtk) {
2304 u8 hdr[2];
2305 hdr[0] = keyidx & 0x03;
2306 hdr[1] = 0;
2307 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2308 gtk, gtk_len);
2309 }
2310 pos = ieee80211w_kde_add(sm, pos);
2311
2312 #ifdef CONFIG_IEEE80211R
2313 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2314 int res;
2315 struct wpa_auth_config *conf;
2316
2317 conf = &sm->wpa_auth->conf;
2318 if (sm->assoc_resp_ftie &&
2319 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
2320 os_memcpy(pos, sm->assoc_resp_ftie,
2321 2 + sm->assoc_resp_ftie[1]);
2322 res = 2 + sm->assoc_resp_ftie[1];
2323 } else {
2324 res = wpa_write_ftie(conf, conf->r0_key_holder,
2325 conf->r0_key_holder_len,
2326 NULL, NULL, pos,
2327 kde + kde_len - pos,
2328 NULL, 0);
2329 }
2330 if (res < 0) {
2331 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
2332 "into EAPOL-Key Key Data");
2333 os_free(kde);
2334 return;
2335 }
2336 pos += res;
2337
2338 /* TIE[ReassociationDeadline] (TU) */
2339 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2340 *pos++ = 5;
2341 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
2342 WPA_PUT_LE32(pos, conf->reassociation_deadline);
2343 pos += 4;
2344
2345 /* TIE[KeyLifetime] (seconds) */
2346 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2347 *pos++ = 5;
2348 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
2349 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
2350 pos += 4;
2351 }
2352 #endif /* CONFIG_IEEE80211R */
2353 #ifdef CONFIG_P2P
2354 if (WPA_GET_BE32(sm->ip_addr) > 0) {
2355 u8 addr[3 * 4];
2356 os_memcpy(addr, sm->ip_addr, 4);
2357 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
2358 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
2359 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
2360 addr, sizeof(addr), NULL, 0);
2361 }
2362 #endif /* CONFIG_P2P */
2363
2364 wpa_send_eapol(sm->wpa_auth, sm,
2365 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
2366 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
2367 WPA_KEY_INFO_KEY_TYPE,
2368 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
2369 os_free(kde);
2370 }
2371
2372
2373 SM_STATE(WPA_PTK, PTKINITDONE)
2374 {
2375 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
2376 sm->EAPOLKeyReceived = FALSE;
2377 if (sm->Pair) {
2378 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
2379 int klen = wpa_cipher_key_len(sm->pairwise);
2380 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2381 sm->PTK.tk, klen)) {
2382 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2383 return;
2384 }
2385 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2386 sm->pairwise_set = TRUE;
2387
2388 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
2389 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2390 eloop_register_timeout(sm->wpa_auth->conf.
2391 wpa_ptk_rekey, 0, wpa_rekey_ptk,
2392 sm->wpa_auth, sm);
2393 }
2394
2395 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
2396 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2397 WPA_EAPOL_authorized, 1);
2398 }
2399 }
2400
2401 if (0 /* IBSS == TRUE */) {
2402 sm->keycount++;
2403 if (sm->keycount == 2) {
2404 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2405 WPA_EAPOL_portValid, 1);
2406 }
2407 } else {
2408 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
2409 1);
2410 }
2411 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
2412 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
2413 if (sm->wpa == WPA_VERSION_WPA)
2414 sm->PInitAKeys = TRUE;
2415 else
2416 sm->has_GTK = TRUE;
2417 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2418 "pairwise key handshake completed (%s)",
2419 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2420
2421 #ifdef CONFIG_IEEE80211R
2422 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
2423 #endif /* CONFIG_IEEE80211R */
2424 }
2425
2426
2427 SM_STEP(WPA_PTK)
2428 {
2429 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2430
2431 if (sm->Init)
2432 SM_ENTER(WPA_PTK, INITIALIZE);
2433 else if (sm->Disconnect
2434 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
2435 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2436 "WPA_PTK: sm->Disconnect");
2437 SM_ENTER(WPA_PTK, DISCONNECT);
2438 }
2439 else if (sm->DeauthenticationRequest)
2440 SM_ENTER(WPA_PTK, DISCONNECTED);
2441 else if (sm->AuthenticationRequest)
2442 SM_ENTER(WPA_PTK, AUTHENTICATION);
2443 else if (sm->ReAuthenticationRequest)
2444 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2445 else if (sm->PTKRequest)
2446 SM_ENTER(WPA_PTK, PTKSTART);
2447 else switch (sm->wpa_ptk_state) {
2448 case WPA_PTK_INITIALIZE:
2449 break;
2450 case WPA_PTK_DISCONNECT:
2451 SM_ENTER(WPA_PTK, DISCONNECTED);
2452 break;
2453 case WPA_PTK_DISCONNECTED:
2454 SM_ENTER(WPA_PTK, INITIALIZE);
2455 break;
2456 case WPA_PTK_AUTHENTICATION:
2457 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2458 break;
2459 case WPA_PTK_AUTHENTICATION2:
2460 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
2461 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2462 WPA_EAPOL_keyRun) > 0)
2463 SM_ENTER(WPA_PTK, INITPMK);
2464 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
2465 /* FIX: && 802.1X::keyRun */)
2466 SM_ENTER(WPA_PTK, INITPSK);
2467 break;
2468 case WPA_PTK_INITPMK:
2469 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2470 WPA_EAPOL_keyAvailable) > 0)
2471 SM_ENTER(WPA_PTK, PTKSTART);
2472 else {
2473 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2474 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2475 "INITPMK - keyAvailable = false");
2476 SM_ENTER(WPA_PTK, DISCONNECT);
2477 }
2478 break;
2479 case WPA_PTK_INITPSK:
2480 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
2481 NULL))
2482 SM_ENTER(WPA_PTK, PTKSTART);
2483 else {
2484 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2485 "no PSK configured for the STA");
2486 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2487 SM_ENTER(WPA_PTK, DISCONNECT);
2488 }
2489 break;
2490 case WPA_PTK_PTKSTART:
2491 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2492 sm->EAPOLKeyPairwise)
2493 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2494 else if (sm->TimeoutCtr >
2495 (int) dot11RSNAConfigPairwiseUpdateCount) {
2496 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2497 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2498 "PTKSTART: Retry limit %d reached",
2499 dot11RSNAConfigPairwiseUpdateCount);
2500 SM_ENTER(WPA_PTK, DISCONNECT);
2501 } else if (sm->TimeoutEvt)
2502 SM_ENTER(WPA_PTK, PTKSTART);
2503 break;
2504 case WPA_PTK_PTKCALCNEGOTIATING:
2505 if (sm->MICVerified)
2506 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2507 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2508 sm->EAPOLKeyPairwise)
2509 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2510 else if (sm->TimeoutEvt)
2511 SM_ENTER(WPA_PTK, PTKSTART);
2512 break;
2513 case WPA_PTK_PTKCALCNEGOTIATING2:
2514 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2515 break;
2516 case WPA_PTK_PTKINITNEGOTIATING:
2517 if (sm->update_snonce)
2518 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2519 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2520 sm->EAPOLKeyPairwise && sm->MICVerified)
2521 SM_ENTER(WPA_PTK, PTKINITDONE);
2522 else if (sm->TimeoutCtr >
2523 (int) dot11RSNAConfigPairwiseUpdateCount) {
2524 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2525 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2526 "PTKINITNEGOTIATING: Retry limit %d "
2527 "reached",
2528 dot11RSNAConfigPairwiseUpdateCount);
2529 SM_ENTER(WPA_PTK, DISCONNECT);
2530 } else if (sm->TimeoutEvt)
2531 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2532 break;
2533 case WPA_PTK_PTKINITDONE:
2534 break;
2535 }
2536 }
2537
2538
2539 SM_STATE(WPA_PTK_GROUP, IDLE)
2540 {
2541 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2542 if (sm->Init) {
2543 /* Init flag is not cleared here, so avoid busy
2544 * loop by claiming nothing changed. */
2545 sm->changed = FALSE;
2546 }
2547 sm->GTimeoutCtr = 0;
2548 }
2549
2550
2551 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2552 {
2553 u8 rsc[WPA_KEY_RSC_LEN];
2554 struct wpa_group *gsm = sm->group;
2555 const u8 *kde;
2556 u8 *kde_buf = NULL, *pos, hdr[2];
2557 size_t kde_len;
2558 u8 *gtk, dummy_gtk[32];
2559
2560 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
2561
2562 sm->GTimeoutCtr++;
2563 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2564 /* No point in sending the EAPOL-Key - we will disconnect
2565 * immediately following this. */
2566 return;
2567 }
2568
2569 if (sm->wpa == WPA_VERSION_WPA)
2570 sm->PInitAKeys = FALSE;
2571 sm->TimeoutEvt = FALSE;
2572 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2573 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2574 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2575 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2576 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2577 "sending 1/2 msg of Group Key Handshake");
2578
2579 gtk = gsm->GTK[gsm->GN - 1];
2580 if (sm->wpa_auth->conf.disable_gtk) {
2581 /*
2582 * Provide unique random GTK to each STA to prevent use
2583 * of GTK in the BSS.
2584 */
2585 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
2586 return;
2587 gtk = dummy_gtk;
2588 }
2589 if (sm->wpa == WPA_VERSION_WPA2) {
2590 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2591 ieee80211w_kde_len(sm);
2592 kde_buf = os_malloc(kde_len);
2593 if (kde_buf == NULL)
2594 return;
2595
2596 kde = pos = kde_buf;
2597 hdr[0] = gsm->GN & 0x03;
2598 hdr[1] = 0;
2599 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2600 gtk, gsm->GTK_len);
2601 pos = ieee80211w_kde_add(sm, pos);
2602 kde_len = pos - kde;
2603 } else {
2604 kde = gtk;
2605 kde_len = gsm->GTK_len;
2606 }
2607
2608 wpa_send_eapol(sm->wpa_auth, sm,
2609 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
2610 WPA_KEY_INFO_ACK |
2611 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
2612 rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1);
2613
2614 os_free(kde_buf);
2615 }
2616
2617
2618 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2619 {
2620 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2621 sm->EAPOLKeyReceived = FALSE;
2622 if (sm->GUpdateStationKeys)
2623 sm->group->GKeyDoneStations--;
2624 sm->GUpdateStationKeys = FALSE;
2625 sm->GTimeoutCtr = 0;
2626 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2627 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2628 "group key handshake completed (%s)",
2629 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2630 sm->has_GTK = TRUE;
2631 }
2632
2633
2634 SM_STATE(WPA_PTK_GROUP, KEYERROR)
2635 {
2636 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2637 if (sm->GUpdateStationKeys)
2638 sm->group->GKeyDoneStations--;
2639 sm->GUpdateStationKeys = FALSE;
2640 sm->Disconnect = TRUE;
2641 }
2642
2643
2644 SM_STEP(WPA_PTK_GROUP)
2645 {
2646 if (sm->Init || sm->PtkGroupInit) {
2647 SM_ENTER(WPA_PTK_GROUP, IDLE);
2648 sm->PtkGroupInit = FALSE;
2649 } else switch (sm->wpa_ptk_group_state) {
2650 case WPA_PTK_GROUP_IDLE:
2651 if (sm->GUpdateStationKeys ||
2652 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2653 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2654 break;
2655 case WPA_PTK_GROUP_REKEYNEGOTIATING:
2656 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2657 !sm->EAPOLKeyPairwise && sm->MICVerified)
2658 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2659 else if (sm->GTimeoutCtr >
2660 (int) dot11RSNAConfigGroupUpdateCount)
2661 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2662 else if (sm->TimeoutEvt)
2663 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2664 break;
2665 case WPA_PTK_GROUP_KEYERROR:
2666 SM_ENTER(WPA_PTK_GROUP, IDLE);
2667 break;
2668 case WPA_PTK_GROUP_REKEYESTABLISHED:
2669 SM_ENTER(WPA_PTK_GROUP, IDLE);
2670 break;
2671 }
2672 }
2673
2674
2675 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2676 struct wpa_group *group)
2677 {
2678 int ret = 0;
2679
2680 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2681 inc_byte_array(group->Counter, WPA_NONCE_LEN);
2682 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2683 wpa_auth->addr, group->GNonce,
2684 group->GTK[group->GN - 1], group->GTK_len) < 0)
2685 ret = -1;
2686 wpa_hexdump_key(MSG_DEBUG, "GTK",
2687 group->GTK[group->GN - 1], group->GTK_len);
2688
2689 #ifdef CONFIG_IEEE80211W
2690 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2691 size_t len;
2692 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2693 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2694 inc_byte_array(group->Counter, WPA_NONCE_LEN);
2695 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2696 wpa_auth->addr, group->GNonce,
2697 group->IGTK[group->GN_igtk - 4], len) < 0)
2698 ret = -1;
2699 wpa_hexdump_key(MSG_DEBUG, "IGTK",
2700 group->IGTK[group->GN_igtk - 4], len);
2701 }
2702 #endif /* CONFIG_IEEE80211W */
2703
2704 return ret;
2705 }
2706
2707
2708 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2709 struct wpa_group *group)
2710 {
2711 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2712 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2713 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2714 group->wpa_group_state = WPA_GROUP_GTK_INIT;
2715
2716 /* GTK[0..N] = 0 */
2717 os_memset(group->GTK, 0, sizeof(group->GTK));
2718 group->GN = 1;
2719 group->GM = 2;
2720 #ifdef CONFIG_IEEE80211W
2721 group->GN_igtk = 4;
2722 group->GM_igtk = 5;
2723 #endif /* CONFIG_IEEE80211W */
2724 /* GTK[GN] = CalcGTK() */
2725 wpa_gtk_update(wpa_auth, group);
2726 }
2727
2728
2729 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2730 {
2731 if (ctx != NULL && ctx != sm->group)
2732 return 0;
2733
2734 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2735 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2736 "Not in PTKINITDONE; skip Group Key update");
2737 sm->GUpdateStationKeys = FALSE;
2738 return 0;
2739 }
2740 if (sm->GUpdateStationKeys) {
2741 /*
2742 * This should not really happen, so add a debug log entry.
2743 * Since we clear the GKeyDoneStations before the loop, the
2744 * station needs to be counted here anyway.
2745 */
2746 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2747 "GUpdateStationKeys was already set when "
2748 "marking station for GTK rekeying");
2749 }
2750
2751 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
2752 if (sm->is_wnmsleep)
2753 return 0;
2754
2755 sm->group->GKeyDoneStations++;
2756 sm->GUpdateStationKeys = TRUE;
2757
2758 wpa_sm_step(sm);
2759 return 0;
2760 }
2761
2762
2763 #ifdef CONFIG_WNM
2764 /* update GTK when exiting WNM-Sleep Mode */
2765 void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
2766 {
2767 if (sm == NULL || sm->is_wnmsleep)
2768 return;
2769
2770 wpa_group_update_sta(sm, NULL);
2771 }
2772
2773
2774 void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
2775 {
2776 if (sm)
2777 sm->is_wnmsleep = !!flag;
2778 }
2779
2780
2781 int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2782 {
2783 struct wpa_group *gsm = sm->group;
2784 u8 *start = pos;
2785
2786 /*
2787 * GTK subelement:
2788 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
2789 * Key[5..32]
2790 */
2791 *pos++ = WNM_SLEEP_SUBELEM_GTK;
2792 *pos++ = 11 + gsm->GTK_len;
2793 /* Key ID in B0-B1 of Key Info */
2794 WPA_PUT_LE16(pos, gsm->GN & 0x03);
2795 pos += 2;
2796 *pos++ = gsm->GTK_len;
2797 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
2798 return 0;
2799 pos += 8;
2800 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2801 pos += gsm->GTK_len;
2802
2803 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
2804 gsm->GN);
2805 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
2806 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2807
2808 return pos - start;
2809 }
2810
2811
2812 #ifdef CONFIG_IEEE80211W
2813 int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2814 {
2815 struct wpa_group *gsm = sm->group;
2816 u8 *start = pos;
2817 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2818
2819 /*
2820 * IGTK subelement:
2821 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
2822 */
2823 *pos++ = WNM_SLEEP_SUBELEM_IGTK;
2824 *pos++ = 2 + 6 + len;
2825 WPA_PUT_LE16(pos, gsm->GN_igtk);
2826 pos += 2;
2827 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
2828 return 0;
2829 pos += 6;
2830
2831 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
2832 pos += len;
2833
2834 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
2835 gsm->GN_igtk);
2836 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
2837 gsm->IGTK[gsm->GN_igtk - 4], len);
2838
2839 return pos - start;
2840 }
2841 #endif /* CONFIG_IEEE80211W */
2842 #endif /* CONFIG_WNM */
2843
2844
2845 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2846 struct wpa_group *group)
2847 {
2848 int tmp;
2849
2850 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2851 "SETKEYS (VLAN-ID %d)", group->vlan_id);
2852 group->changed = TRUE;
2853 group->wpa_group_state = WPA_GROUP_SETKEYS;
2854 group->GTKReKey = FALSE;
2855 tmp = group->GM;
2856 group->GM = group->GN;
2857 group->GN = tmp;
2858 #ifdef CONFIG_IEEE80211W
2859 tmp = group->GM_igtk;
2860 group->GM_igtk = group->GN_igtk;
2861 group->GN_igtk = tmp;
2862 #endif /* CONFIG_IEEE80211W */
2863 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2864 * counting the STAs that are marked with GUpdateStationKeys instead of
2865 * including all STAs that could be in not-yet-completed state. */
2866 wpa_gtk_update(wpa_auth, group);
2867
2868 if (group->GKeyDoneStations) {
2869 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
2870 "GKeyDoneStations=%d when starting new GTK rekey",
2871 group->GKeyDoneStations);
2872 group->GKeyDoneStations = 0;
2873 }
2874 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
2875 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2876 group->GKeyDoneStations);
2877 }
2878
2879
2880 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
2881 struct wpa_group *group)
2882 {
2883 int ret = 0;
2884
2885 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
2886 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
2887 broadcast_ether_addr, group->GN,
2888 group->GTK[group->GN - 1], group->GTK_len) < 0)
2889 ret = -1;
2890
2891 #ifdef CONFIG_IEEE80211W
2892 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2893 enum wpa_alg alg;
2894 size_t len;
2895
2896 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
2897 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2898
2899 if (ret == 0 &&
2900 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
2901 broadcast_ether_addr, group->GN_igtk,
2902 group->IGTK[group->GN_igtk - 4], len) < 0)
2903 ret = -1;
2904 }
2905 #endif /* CONFIG_IEEE80211W */
2906
2907 return ret;
2908 }
2909
2910
2911 static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
2912 {
2913 if (sm->group == ctx) {
2914 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
2915 " for discconnection due to fatal failure",
2916 MAC2STR(sm->addr));
2917 sm->Disconnect = TRUE;
2918 }
2919
2920 return 0;
2921 }
2922
2923
2924 static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
2925 struct wpa_group *group)
2926 {
2927 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
2928 group->changed = TRUE;
2929 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
2930 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
2931 }
2932
2933
2934 static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2935 struct wpa_group *group)
2936 {
2937 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2938 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2939 group->changed = TRUE;
2940 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2941
2942 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
2943 wpa_group_fatal_failure(wpa_auth, group);
2944 return -1;
2945 }
2946
2947 return 0;
2948 }
2949
2950
2951 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2952 struct wpa_group *group)
2953 {
2954 if (group->GInit) {
2955 wpa_group_gtk_init(wpa_auth, group);
2956 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
2957 /* Do not allow group operations */
2958 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2959 group->GTKAuthenticator) {
2960 wpa_group_setkeysdone(wpa_auth, group);
2961 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2962 group->GTKReKey) {
2963 wpa_group_setkeys(wpa_auth, group);
2964 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2965 if (group->GKeyDoneStations == 0)
2966 wpa_group_setkeysdone(wpa_auth, group);
2967 else if (group->GTKReKey)
2968 wpa_group_setkeys(wpa_auth, group);
2969 }
2970 }
2971
2972
2973 static int wpa_sm_step(struct wpa_state_machine *sm)
2974 {
2975 if (sm == NULL)
2976 return 0;
2977
2978 if (sm->in_step_loop) {
2979 /* This should not happen, but if it does, make sure we do not
2980 * end up freeing the state machine too early by exiting the
2981 * recursive call. */
2982 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
2983 return 0;
2984 }
2985
2986 sm->in_step_loop = 1;
2987 do {
2988 if (sm->pending_deinit)
2989 break;
2990
2991 sm->changed = FALSE;
2992 sm->wpa_auth->group->changed = FALSE;
2993
2994 SM_STEP_RUN(WPA_PTK);
2995 if (sm->pending_deinit)
2996 break;
2997 SM_STEP_RUN(WPA_PTK_GROUP);
2998 if (sm->pending_deinit)
2999 break;
3000 wpa_group_sm_step(sm->wpa_auth, sm->group);
3001 } while (sm->changed || sm->wpa_auth->group->changed);
3002 sm->in_step_loop = 0;
3003
3004 if (sm->pending_deinit) {
3005 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
3006 "machine deinit for " MACSTR, MAC2STR(sm->addr));
3007 wpa_free_sta_sm(sm);
3008 return 1;
3009 }
3010 return 0;
3011 }
3012
3013
3014 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
3015 {
3016 struct wpa_state_machine *sm = eloop_ctx;
3017 wpa_sm_step(sm);
3018 }
3019
3020
3021 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
3022 {
3023 if (sm == NULL)
3024 return;
3025 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
3026 }
3027
3028
3029 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
3030 {
3031 int tmp, i;
3032 struct wpa_group *group;
3033
3034 if (wpa_auth == NULL)
3035 return;
3036
3037 group = wpa_auth->group;
3038
3039 for (i = 0; i < 2; i++) {
3040 tmp = group->GM;
3041 group->GM = group->GN;
3042 group->GN = tmp;
3043 #ifdef CONFIG_IEEE80211W
3044 tmp = group->GM_igtk;
3045 group->GM_igtk = group->GN_igtk;
3046 group->GN_igtk = tmp;
3047 #endif /* CONFIG_IEEE80211W */
3048 wpa_gtk_update(wpa_auth, group);
3049 wpa_group_config_group_keys(wpa_auth, group);
3050 }
3051 }
3052
3053
3054 static const char * wpa_bool_txt(int val)
3055 {
3056 return val ? "TRUE" : "FALSE";
3057 }
3058
3059
3060 #define RSN_SUITE "%02x-%02x-%02x-%d"
3061 #define RSN_SUITE_ARG(s) \
3062 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
3063
3064 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
3065 {
3066 int len = 0, ret;
3067 char pmkid_txt[PMKID_LEN * 2 + 1];
3068 #ifdef CONFIG_RSN_PREAUTH
3069 const int preauth = 1;
3070 #else /* CONFIG_RSN_PREAUTH */
3071 const int preauth = 0;
3072 #endif /* CONFIG_RSN_PREAUTH */
3073
3074 if (wpa_auth == NULL)
3075 return len;
3076
3077 ret = os_snprintf(buf + len, buflen - len,
3078 "dot11RSNAOptionImplemented=TRUE\n"
3079 "dot11RSNAPreauthenticationImplemented=%s\n"
3080 "dot11RSNAEnabled=%s\n"
3081 "dot11RSNAPreauthenticationEnabled=%s\n",
3082 wpa_bool_txt(preauth),
3083 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
3084 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
3085 if (os_snprintf_error(buflen - len, ret))
3086 return len;
3087 len += ret;
3088
3089 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
3090 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
3091
3092 ret = os_snprintf(
3093 buf + len, buflen - len,
3094 "dot11RSNAConfigVersion=%u\n"
3095 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
3096 /* FIX: dot11RSNAConfigGroupCipher */
3097 /* FIX: dot11RSNAConfigGroupRekeyMethod */
3098 /* FIX: dot11RSNAConfigGroupRekeyTime */
3099 /* FIX: dot11RSNAConfigGroupRekeyPackets */
3100 "dot11RSNAConfigGroupRekeyStrict=%u\n"
3101 "dot11RSNAConfigGroupUpdateCount=%u\n"
3102 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
3103 "dot11RSNAConfigGroupCipherSize=%u\n"
3104 "dot11RSNAConfigPMKLifetime=%u\n"
3105 "dot11RSNAConfigPMKReauthThreshold=%u\n"
3106 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
3107 "dot11RSNAConfigSATimeout=%u\n"
3108 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3109 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3110 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3111 "dot11RSNAPMKIDUsed=%s\n"
3112 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3113 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3114 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3115 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
3116 "dot11RSNA4WayHandshakeFailures=%u\n"
3117 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
3118 RSN_VERSION,
3119 !!wpa_auth->conf.wpa_strict_rekey,
3120 dot11RSNAConfigGroupUpdateCount,
3121 dot11RSNAConfigPairwiseUpdateCount,
3122 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
3123 dot11RSNAConfigPMKLifetime,
3124 dot11RSNAConfigPMKReauthThreshold,
3125 dot11RSNAConfigSATimeout,
3126 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
3127 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
3128 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
3129 pmkid_txt,
3130 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
3131 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
3132 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
3133 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
3134 wpa_auth->dot11RSNA4WayHandshakeFailures);
3135 if (os_snprintf_error(buflen - len, ret))
3136 return len;
3137 len += ret;
3138
3139 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
3140 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
3141
3142 /* Private MIB */
3143 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
3144 wpa_auth->group->wpa_group_state);
3145 if (os_snprintf_error(buflen - len, ret))
3146 return len;
3147 len += ret;
3148
3149 return len;
3150 }
3151
3152
3153 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
3154 {
3155 int len = 0, ret;
3156 u32 pairwise = 0;
3157
3158 if (sm == NULL)
3159 return 0;
3160
3161 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
3162
3163 /* dot11RSNAStatsEntry */
3164
3165 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
3166 WPA_PROTO_RSN : WPA_PROTO_WPA,
3167 sm->pairwise);
3168 if (pairwise == 0)
3169 return 0;
3170
3171 ret = os_snprintf(
3172 buf + len, buflen - len,
3173 /* TODO: dot11RSNAStatsIndex */
3174 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
3175 "dot11RSNAStatsVersion=1\n"
3176 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
3177 /* TODO: dot11RSNAStatsTKIPICVErrors */
3178 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
3179 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
3180 /* TODO: dot11RSNAStatsCCMPReplays */
3181 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
3182 /* TODO: dot11RSNAStatsTKIPReplays */,
3183 MAC2STR(sm->addr),
3184 RSN_SUITE_ARG(pairwise),
3185 sm->dot11RSNAStatsTKIPLocalMICFailures,
3186 sm->dot11RSNAStatsTKIPRemoteMICFailures);
3187 if (os_snprintf_error(buflen - len, ret))
3188 return len;
3189 len += ret;
3190
3191 /* Private MIB */
3192 ret = os_snprintf(buf + len, buflen - len,
3193 "hostapdWPAPTKState=%d\n"
3194 "hostapdWPAPTKGroupState=%d\n",
3195 sm->wpa_ptk_state,
3196 sm->wpa_ptk_group_state);
3197 if (os_snprintf_error(buflen - len, ret))
3198 return len;
3199 len += ret;
3200
3201 return len;
3202 }
3203
3204
3205 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
3206 {
3207 if (wpa_auth)
3208 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
3209 }
3210
3211
3212 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
3213 {
3214 return sm && sm->pairwise_set;
3215 }
3216
3217
3218 int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
3219 {
3220 return sm->pairwise;
3221 }
3222
3223
3224 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
3225 {
3226 if (sm == NULL)
3227 return -1;
3228 return sm->wpa_key_mgmt;
3229 }
3230
3231
3232 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3233 {
3234 if (sm == NULL)
3235 return 0;
3236 return sm->wpa;
3237 }
3238
3239
3240 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3241 struct rsn_pmksa_cache_entry *entry)
3242 {
3243 if (sm == NULL || sm->pmksa != entry)
3244 return -1;
3245 sm->pmksa = NULL;
3246 return 0;
3247 }
3248
3249
3250 struct rsn_pmksa_cache_entry *
3251 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3252 {
3253 return sm ? sm->pmksa : NULL;
3254 }
3255
3256
3257 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
3258 {
3259 if (sm)
3260 sm->dot11RSNAStatsTKIPLocalMICFailures++;
3261 }
3262
3263
3264 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
3265 {
3266 if (wpa_auth == NULL)
3267 return NULL;
3268 *len = wpa_auth->wpa_ie_len;
3269 return wpa_auth->wpa_ie;
3270 }
3271
3272
3273 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
3274 unsigned int pmk_len,
3275 int session_timeout, struct eapol_state_machine *eapol)
3276 {
3277 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
3278 sm->wpa_auth->conf.disable_pmksa_caching)
3279 return -1;
3280
3281 if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
3282 if (pmk_len > PMK_LEN_SUITE_B_192)
3283 pmk_len = PMK_LEN_SUITE_B_192;
3284 } else if (pmk_len > PMK_LEN) {
3285 pmk_len = PMK_LEN;
3286 }
3287
3288 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
3289 sm->PTK.kck, sm->PTK.kck_len,
3290 sm->wpa_auth->addr, sm->addr, session_timeout,
3291 eapol, sm->wpa_key_mgmt))
3292 return 0;
3293
3294 return -1;
3295 }
3296
3297
3298 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
3299 const u8 *pmk, size_t len, const u8 *sta_addr,
3300 int session_timeout,
3301 struct eapol_state_machine *eapol)
3302 {
3303 if (wpa_auth == NULL)
3304 return -1;
3305
3306 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, NULL,
3307 NULL, 0,
3308 wpa_auth->addr,
3309 sta_addr, session_timeout, eapol,
3310 WPA_KEY_MGMT_IEEE8021X))
3311 return 0;
3312
3313 return -1;
3314 }
3315
3316
3317 int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
3318 const u8 *pmk, const u8 *pmkid)
3319 {
3320 if (wpa_auth->conf.disable_pmksa_caching)
3321 return -1;
3322
3323 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, pmkid,
3324 NULL, 0,
3325 wpa_auth->addr, addr, 0, NULL,
3326 WPA_KEY_MGMT_SAE))
3327 return 0;
3328
3329 return -1;
3330 }
3331
3332
3333 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
3334 const u8 *sta_addr)
3335 {
3336 struct rsn_pmksa_cache_entry *pmksa;
3337
3338 if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
3339 return;
3340 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3341 if (pmksa) {
3342 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
3343 MACSTR " based on request", MAC2STR(sta_addr));
3344 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
3345 }
3346 }
3347
3348
3349 int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
3350 size_t len)
3351 {
3352 if (!wpa_auth || !wpa_auth->pmksa)
3353 return 0;
3354 return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
3355 }
3356
3357
3358 void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
3359 {
3360 if (wpa_auth && wpa_auth->pmksa)
3361 pmksa_cache_auth_flush(wpa_auth->pmksa);
3362 }
3363
3364
3365 struct rsn_pmksa_cache_entry *
3366 wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
3367 {
3368 if (!wpa_auth || !wpa_auth->pmksa)
3369 return NULL;
3370 return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3371 }
3372
3373
3374 void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
3375 struct wpa_state_machine *sm,
3376 struct wpa_authenticator *wpa_auth,
3377 u8 *pmkid, u8 *pmk)
3378 {
3379 if (!sm)
3380 return;
3381
3382 sm->pmksa = pmksa;
3383 os_memcpy(pmk, pmksa->pmk, PMK_LEN);
3384 os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN);
3385 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
3386 }
3387
3388
3389 /*
3390 * Remove and free the group from wpa_authenticator. This is triggered by a
3391 * callback to make sure nobody is currently iterating the group list while it
3392 * gets modified.
3393 */
3394 static void wpa_group_free(struct wpa_authenticator *wpa_auth,
3395 struct wpa_group *group)
3396 {
3397 struct wpa_group *prev = wpa_auth->group;
3398
3399 wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
3400 group->vlan_id);
3401
3402 while (prev) {
3403 if (prev->next == group) {
3404 /* This never frees the special first group as needed */
3405 prev->next = group->next;
3406 os_free(group);
3407 break;
3408 }
3409 prev = prev->next;
3410 }
3411
3412 }
3413
3414
3415 /* Increase the reference counter for group */
3416 static void wpa_group_get(struct wpa_authenticator *wpa_auth,
3417 struct wpa_group *group)
3418 {
3419 /* Skip the special first group */
3420 if (wpa_auth->group == group)
3421 return;
3422
3423 group->references++;
3424 }
3425
3426
3427 /* Decrease the reference counter and maybe free the group */
3428 static void wpa_group_put(struct wpa_authenticator *wpa_auth,
3429 struct wpa_group *group)
3430 {
3431 /* Skip the special first group */
3432 if (wpa_auth->group == group)
3433 return;
3434
3435 group->references--;
3436 if (group->references)
3437 return;
3438 wpa_group_free(wpa_auth, group);
3439 }
3440
3441
3442 /*
3443 * Add a group that has its references counter set to zero. Caller needs to
3444 * call wpa_group_get() on the return value to mark the entry in use.
3445 */
3446 static struct wpa_group *
3447 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3448 {
3449 struct wpa_group *group;
3450
3451 if (wpa_auth == NULL || wpa_auth->group == NULL)
3452 return NULL;
3453
3454 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
3455 vlan_id);
3456 group = wpa_group_init(wpa_auth, vlan_id, 0);
3457 if (group == NULL)
3458 return NULL;
3459
3460 group->next = wpa_auth->group->next;
3461 wpa_auth->group->next = group;
3462
3463 return group;
3464 }
3465
3466
3467 /*
3468 * Enforce that the group state machine for the VLAN is running, increase
3469 * reference counter as interface is up. References might have been increased
3470 * even if a negative value is returned.
3471 * Returns: -1 on error (group missing, group already failed); otherwise, 0
3472 */
3473 int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3474 {
3475 struct wpa_group *group;
3476
3477 if (wpa_auth == NULL)
3478 return 0;
3479
3480 group = wpa_auth->group;
3481 while (group) {
3482 if (group->vlan_id == vlan_id)
3483 break;
3484 group = group->next;
3485 }
3486
3487 if (group == NULL) {
3488 group = wpa_auth_add_group(wpa_auth, vlan_id);
3489 if (group == NULL)
3490 return -1;
3491 }
3492
3493 wpa_printf(MSG_DEBUG,
3494 "WPA: Ensure group state machine running for VLAN ID %d",
3495 vlan_id);
3496
3497 wpa_group_get(wpa_auth, group);
3498 group->num_setup_iface++;
3499
3500 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3501 return -1;
3502
3503 return 0;
3504 }
3505
3506
3507 /*
3508 * Decrease reference counter, expected to be zero afterwards.
3509 * returns: -1 on error (group not found, group in fail state)
3510 * -2 if wpa_group is still referenced
3511 * 0 else
3512 */
3513 int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3514 {
3515 struct wpa_group *group;
3516 int ret = 0;
3517
3518 if (wpa_auth == NULL)
3519 return 0;
3520
3521 group = wpa_auth->group;
3522 while (group) {
3523 if (group->vlan_id == vlan_id)
3524 break;
3525 group = group->next;
3526 }
3527
3528 if (group == NULL)
3529 return -1;
3530
3531 wpa_printf(MSG_DEBUG,
3532 "WPA: Try stopping group state machine for VLAN ID %d",
3533 vlan_id);
3534
3535 if (group->num_setup_iface <= 0) {
3536 wpa_printf(MSG_ERROR,
3537 "WPA: wpa_auth_release_group called more often than wpa_auth_ensure_group for VLAN ID %d, skipping.",
3538 vlan_id);
3539 return -1;
3540 }
3541 group->num_setup_iface--;
3542
3543 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3544 ret = -1;
3545
3546 if (group->references > 1) {
3547 wpa_printf(MSG_DEBUG,
3548 "WPA: Cannot stop group state machine for VLAN ID %d as references are still hold",
3549 vlan_id);
3550 ret = -2;
3551 }
3552
3553 wpa_group_put(wpa_auth, group);
3554
3555 return ret;
3556 }
3557
3558
3559 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
3560 {
3561 struct wpa_group *group;
3562
3563 if (sm == NULL || sm->wpa_auth == NULL)
3564 return 0;
3565
3566 group = sm->wpa_auth->group;
3567 while (group) {
3568 if (group->vlan_id == vlan_id)
3569 break;
3570 group = group->next;
3571 }
3572
3573 if (group == NULL) {
3574 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
3575 if (group == NULL)
3576 return -1;
3577 }
3578
3579 if (sm->group == group)
3580 return 0;
3581
3582 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3583 return -1;
3584
3585 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
3586 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
3587
3588 wpa_group_get(sm->wpa_auth, group);
3589 wpa_group_put(sm->wpa_auth, sm->group);
3590 sm->group = group;
3591
3592 return 0;
3593 }
3594
3595
3596 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
3597 struct wpa_state_machine *sm, int ack)
3598 {
3599 if (wpa_auth == NULL || sm == NULL)
3600 return;
3601 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
3602 " ack=%d", MAC2STR(sm->addr), ack);
3603 if (sm->pending_1_of_4_timeout && ack) {
3604 /*
3605 * Some deployed supplicant implementations update their SNonce
3606 * for each EAPOL-Key 2/4 message even within the same 4-way
3607 * handshake and then fail to use the first SNonce when
3608 * deriving the PTK. This results in unsuccessful 4-way
3609 * handshake whenever the relatively short initial timeout is
3610 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
3611 * around this by increasing the timeout now that we know that
3612 * the station has received the frame.
3613 */
3614 int timeout_ms = eapol_key_timeout_subseq;
3615 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
3616 "timeout by %u ms because of acknowledged frame",
3617 timeout_ms);
3618 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
3619 eloop_register_timeout(timeout_ms / 1000,
3620 (timeout_ms % 1000) * 1000,
3621 wpa_send_eapol_timeout, wpa_auth, sm);
3622 }
3623 }
3624
3625
3626 int wpa_auth_uses_sae(struct wpa_state_machine *sm)
3627 {
3628 if (sm == NULL)
3629 return 0;
3630 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
3631 }
3632
3633
3634 int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
3635 {
3636 if (sm == NULL)
3637 return 0;
3638 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
3639 }
3640
3641
3642 #ifdef CONFIG_P2P
3643 int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
3644 {
3645 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
3646 return -1;
3647 os_memcpy(addr, sm->ip_addr, 4);
3648 return 0;
3649 }
3650 #endif /* CONFIG_P2P */
3651
3652
3653 int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
3654 struct radius_das_attrs *attr)
3655 {
3656 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
3657 }
3658
3659
3660 void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth)
3661 {
3662 struct wpa_group *group;
3663
3664 if (!wpa_auth)
3665 return;
3666 for (group = wpa_auth->group; group; group = group->next)
3667 wpa_group_config_group_keys(wpa_auth, group);
3668 }
Unnamed repository; edit this file 'description' to name the repository.