Lines Matching +full:mic +full:- +full:pos
3 * Copyright (c) 2004-2022, Jouni Malinen <j@w1.fi>
73 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos);
92 if (sm->mld_assoc_link_id >= 0) in wpa_auth_get_aa()
93 return sm->wpa_auth->mld_addr; in wpa_auth_get_aa()
95 return sm->wpa_auth->addr; in wpa_auth_get_aa()
102 if (sm->mld_assoc_link_id >= 0) in wpa_auth_get_spa()
103 return sm->peer_mld_addr; in wpa_auth_get_spa()
105 return sm->addr; in wpa_auth_get_spa()
115 if (!sm->wpa_auth) in wpa_gkeydone_sta()
118 sm->wpa_auth->group->GKeyDoneStations--; in wpa_gkeydone_sta()
119 sm->GUpdateStationKeys = false; in wpa_gkeydone_sta()
123 sm->mld_links[link_id].wpa_auth->group->GKeyDoneStations--; in wpa_gkeydone_sta()
140 wpa_group_put(sm->mld_links[link_id].wpa_auth, in wpa_release_link_auth_ref()
141 sm->mld_links[link_id].wpa_auth->group); in wpa_release_link_auth_ref()
142 sm->mld_links[link_id].wpa_auth = NULL; in wpa_release_link_auth_ref()
159 if (!wpa_auth->is_ml) in wpa_get_link_sta_auth()
162 if (ctx->mld_addr && in wpa_get_link_sta_auth()
163 !ether_addr_equal(wpa_auth->mld_addr, ctx->mld_addr)) in wpa_get_link_sta_auth()
166 if ((ctx->addr && ether_addr_equal(wpa_auth->addr, ctx->addr)) || in wpa_get_link_sta_auth()
167 (ctx->link_id > -1 && wpa_auth->is_ml && in wpa_get_link_sta_auth()
168 wpa_auth->link_id == ctx->link_id)) { in wpa_get_link_sta_auth()
169 ctx->wpa_auth = wpa_auth; in wpa_get_link_sta_auth()
183 ctx.mld_addr = wpa_auth->mld_addr; in wpa_get_link_auth()
196 if (!wpa_auth->is_ml || in wpa_get_primary_auth_cb()
197 !ether_addr_equal(wpa_auth->mld_addr, ctx->addr) || in wpa_get_primary_auth_cb()
198 !wpa_auth->primary_auth) in wpa_get_primary_auth_cb()
201 ctx->wpa_auth = wpa_auth; in wpa_get_primary_auth_cb()
214 if (!wpa_auth || !wpa_auth->is_ml || wpa_auth->primary_auth) in wpa_get_primary_auth()
217 ctx.addr = wpa_auth->mld_addr; in wpa_get_primary_auth()
231 if (wpa_auth->cb->mic_failure_report) in wpa_auth_mic_failure_report()
232 return wpa_auth->cb->mic_failure_report(wpa_auth->cb_ctx, addr); in wpa_auth_mic_failure_report()
240 if (wpa_auth->cb->psk_failure_report) in wpa_auth_psk_failure_report()
241 wpa_auth->cb->psk_failure_report(wpa_auth->cb_ctx, addr); in wpa_auth_psk_failure_report()
249 if (wpa_auth->cb->set_eapol) in wpa_auth_set_eapol()
250 wpa_auth->cb->set_eapol(wpa_auth->cb_ctx, addr, var, value); in wpa_auth_set_eapol()
257 if (!wpa_auth->cb->get_eapol) in wpa_auth_get_eapol()
258 return -1; in wpa_auth_get_eapol()
259 return wpa_auth->cb->get_eapol(wpa_auth->cb_ctx, addr, var); in wpa_auth_get_eapol()
269 if (!wpa_auth->cb->get_psk) in wpa_auth_get_psk()
271 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr, in wpa_auth_get_psk()
279 if (!wpa_auth->cb->get_msk) in wpa_auth_get_msk()
280 return -1; in wpa_auth_get_msk()
281 return wpa_auth->cb->get_msk(wpa_auth->cb_ctx, addr, msk, len); in wpa_auth_get_msk()
291 if (!wpa_auth->cb->set_key) in wpa_auth_set_key()
292 return -1; in wpa_auth_set_key()
293 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx, in wpa_auth_set_key()
304 if (!wpa_auth->cb->set_ltf_keyseed) in wpa_auth_set_ltf_keyseed()
305 return -1; in wpa_auth_set_ltf_keyseed()
306 return wpa_auth->cb->set_ltf_keyseed(wpa_auth->cb_ctx, peer_addr, in wpa_auth_set_ltf_keyseed()
317 if (!wpa_auth->cb->get_seqnum) in wpa_auth_get_seqnum()
318 return -1; in wpa_auth_get_seqnum()
322 res = wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq); in wpa_auth_get_seqnum()
324 if (!addr && idx < 4 && wpa_auth->conf.gtk_rsc_override_set) { in wpa_auth_get_seqnum()
326 "TESTING: Override GTK RSC %016llx --> %016llx", in wpa_auth_get_seqnum()
329 WPA_GET_LE64(wpa_auth->conf.gtk_rsc_override)); in wpa_auth_get_seqnum()
330 os_memcpy(seq, wpa_auth->conf.gtk_rsc_override, in wpa_auth_get_seqnum()
334 wpa_auth->conf.igtk_rsc_override_set) { in wpa_auth_get_seqnum()
336 "TESTING: Override IGTK RSC %016llx --> %016llx", in wpa_auth_get_seqnum()
339 WPA_GET_LE64(wpa_auth->conf.igtk_rsc_override)); in wpa_auth_get_seqnum()
340 os_memcpy(seq, wpa_auth->conf.igtk_rsc_override, in wpa_auth_get_seqnum()
352 if (!wpa_auth->cb->send_eapol) in wpa_auth_send_eapol()
353 return -1; in wpa_auth_send_eapol()
354 return wpa_auth->cb->send_eapol(wpa_auth->cb_ctx, addr, data, data_len, in wpa_auth_send_eapol()
363 if (!wpa_auth->cb->start_ampe) in wpa_auth_start_ampe()
364 return -1; in wpa_auth_start_ampe()
365 return wpa_auth->cb->start_ampe(wpa_auth->cb_ctx, addr); in wpa_auth_start_ampe()
374 if (!wpa_auth->cb->for_each_sta) in wpa_auth_for_each_sta()
376 return wpa_auth->cb->for_each_sta(wpa_auth->cb_ctx, cb, cb_ctx); in wpa_auth_for_each_sta()
384 if (!wpa_auth->cb->for_each_auth) in wpa_auth_for_each_auth()
386 return wpa_auth->cb->for_each_auth(wpa_auth->cb_ctx, cb, cb_ctx); in wpa_auth_for_each_auth()
394 if (wpa_auth->cb->store_ptksa) in wpa_auth_store_ptksa()
395 wpa_auth->cb->store_ptksa(wpa_auth->cb_ctx, addr, cipher, in wpa_auth_store_ptksa()
403 if (wpa_auth->cb->clear_ptksa) in wpa_auth_remove_ptksa()
404 wpa_auth->cb->clear_ptksa(wpa_auth->cb_ctx, addr, cipher); in wpa_auth_remove_ptksa()
411 if (!wpa_auth->cb->logger) in wpa_auth_logger()
413 wpa_auth->cb->logger(wpa_auth->cb_ctx, addr, level, txt); in wpa_auth_logger()
424 if (!wpa_auth->cb->logger) in wpa_auth_vlogger()
445 if (!wpa_auth->cb->disconnect) in wpa_sta_disconnect()
449 wpa_auth->cb->disconnect(wpa_auth->cb_ctx, addr, reason); in wpa_sta_disconnect()
457 if (!wpa_auth->cb->channel_info) in wpa_channel_info()
458 return -1; in wpa_channel_info()
459 return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci); in wpa_channel_info()
467 if (!wpa_auth->cb->update_vlan) in wpa_auth_update_vlan()
468 return -1; in wpa_auth_update_vlan()
469 return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_id); in wpa_auth_update_vlan()
477 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) { in wpa_rekey_gmk()
483 wpa_auth->group->GMK, WPA_GMK_LEN); in wpa_rekey_gmk()
486 if (wpa_auth->conf.wpa_gmk_rekey) { in wpa_rekey_gmk()
487 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, in wpa_rekey_gmk()
498 group = wpa_auth->group; in wpa_rekey_all_groups()
502 MAC2STR(wpa_auth->addr), group->vlan_id); in wpa_rekey_all_groups()
505 group->GTKReKey = true; in wpa_rekey_all_groups()
507 group->changed = false; in wpa_rekey_all_groups()
509 } while (group->changed); in wpa_rekey_all_groups()
511 next = group->next; in wpa_rekey_all_groups()
524 group = wpa_auth->group; in wpa_update_all_gtks()
529 next = group->next; in wpa_update_all_gtks()
540 if (!ether_addr_equal(wpa_auth->mld_addr, mld_addr)) in wpa_update_all_gtks_cb()
553 if (!ether_addr_equal(wpa_auth->mld_addr, mld_addr)) in wpa_rekey_all_groups_cb()
568 if (wpa_auth->is_ml) { in wpa_rekey_gtk()
569 /* Non-primary ML authenticator eloop timer for group rekey is in wpa_rekey_gtk()
572 if (!wpa_auth->primary_auth) { in wpa_rekey_gtk()
574 "RSN: Cannot start GTK rekey on non-primary ML authenticator"); in wpa_rekey_gtk()
580 wpa_auth->mld_addr); in wpa_rekey_gtk()
585 wpa_auth->mld_addr); in wpa_rekey_gtk()
593 if (wpa_auth->conf.wpa_group_rekey) { in wpa_rekey_gtk()
594 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, in wpa_rekey_gtk()
614 if (sm && sm->wpa_auth->conf.wpa_ptk_rekey) { in wpa_auth_set_ptk_rekey_timer()
618 sm->wpa_auth->conf.wpa_ptk_rekey); in wpa_auth_set_ptk_rekey_timer()
619 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); in wpa_auth_set_ptk_rekey_timer()
620 eloop_register_timeout(sm->wpa_auth->conf.wpa_ptk_rekey, 0, in wpa_auth_set_ptk_rekey_timer()
621 wpa_rekey_ptk, sm->wpa_auth, sm); in wpa_auth_set_ptk_rekey_timer()
628 if (sm->pmksa == ctx) in wpa_auth_pmksa_clear_cb()
629 sm->pmksa = NULL; in wpa_auth_pmksa_clear_cb()
649 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0) in wpa_group_init_gmk_and_counter()
650 return -1; in wpa_group_init_gmk_and_counter()
651 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN); in wpa_group_init_gmk_and_counter()
654 * Counter = PRF-256(Random number, "Init Counter", in wpa_group_init_gmk_and_counter()
657 os_memcpy(buf, wpa_auth->addr, ETH_ALEN); in wpa_group_init_gmk_and_counter()
666 return -1; in wpa_group_init_gmk_and_counter()
669 group->Counter, WPA_NONCE_LEN) < 0) in wpa_group_init_gmk_and_counter()
670 return -1; in wpa_group_init_gmk_and_counter()
672 group->Counter, WPA_NONCE_LEN); in wpa_group_init_gmk_and_counter()
687 group->GTKAuthenticator = true; in wpa_group_init()
688 group->vlan_id = vlan_id; in wpa_group_init()
689 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group); in wpa_group_init()
693 …"WPA: Not enough entropy in random pool for secure operations - update keys later when the first s… in wpa_group_init()
709 group->GInit = true; in wpa_group_init()
716 group->GInit = false; in wpa_group_init()
725 * wpa_init - Initialize WPA authenticator
742 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
743 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
746 if (conf->mld_addr) {
747 wpa_auth->is_ml = true;
748 wpa_auth->link_id = conf->link_id;
749 wpa_auth->primary_auth = !conf->first_link_auth;
750 os_memcpy(wpa_auth->mld_addr, conf->mld_addr, ETH_ALEN);
754 wpa_auth->cb = cb;
755 wpa_auth->cb_ctx = cb_ctx;
763 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
764 if (!wpa_auth->group) {
765 os_free(wpa_auth->wpa_ie);
770 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
772 if (!wpa_auth->pmksa) {
774 os_free(wpa_auth->group);
775 os_free(wpa_auth->wpa_ie);
781 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
782 if (!wpa_auth->ft_pmk_cache) {
784 os_free(wpa_auth->group);
785 os_free(wpa_auth->wpa_ie);
786 pmksa_cache_auth_deinit(wpa_auth->pmksa);
792 if (wpa_auth->conf.wpa_gmk_rekey) {
793 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
801 if ((!wpa_auth->is_ml || !conf->first_link_auth) &&
802 wpa_auth->conf.wpa_group_rekey) {
804 if (wpa_auth->conf.wpa_group_rekey) {
806 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
811 if (WPA_GET_BE32(conf->ip_addr_start)) {
812 int count = WPA_GET_BE32(conf->ip_addr_end) -
813 WPA_GET_BE32(conf->ip_addr_start) + 1;
817 wpa_auth->ip_pool = bitfield_alloc(count);
821 if (conf->tx_bss_auth && conf->beacon_prot) {
822 conf->tx_bss_auth->non_tx_beacon_prot = true;
823 if (!conf->tx_bss_auth->conf.beacon_prot)
824 conf->tx_bss_auth->conf.beacon_prot = true;
825 if (!conf->tx_bss_auth->conf.group_mgmt_cipher)
826 conf->tx_bss_auth->conf.group_mgmt_cipher =
827 conf->group_mgmt_cipher;
836 struct wpa_group *group = wpa_auth->group;
841 group->GInit = false;
843 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
844 return -1;
852 wpabuf_free(conf->eapol_m1_elements);
853 conf->eapol_m1_elements = NULL;
854 wpabuf_free(conf->eapol_m3_elements);
855 conf->eapol_m3_elements = NULL;
861 * wpa_deinit - Deinitialize WPA authenticator
874 pmksa_cache_auth_deinit(wpa_auth->pmksa);
877 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
878 wpa_auth->ft_pmk_cache = NULL;
883 bitfield_free(wpa_auth->ip_pool);
887 os_free(wpa_auth->wpa_ie);
889 group = wpa_auth->group;
892 group = group->next;
896 wpa_auth_free_conf(&wpa_auth->conf);
902 * wpa_reconfig - Update WPA authenticator configuration
914 wpa_auth_free_conf(&wpa_auth->conf);
915 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
918 return -1;
925 group = wpa_auth->group;
926 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
927 group->GInit = true;
929 group->GInit = false;
942 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
948 os_memcpy(sm->addr, addr, ETH_ALEN);
950 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
952 sm->wpa_auth = wpa_auth;
953 sm->group = wpa_auth->group;
954 wpa_group_get(sm->wpa_auth, sm->group);
956 sm->mld_assoc_link_id = -1;
966 if (!wpa_auth || !wpa_auth->conf.wpa || !sm)
967 return -1;
970 if (sm->ft_completed) {
972 "FT authentication already completed - do not start 4-way handshake");
974 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
975 sm->Pair = true;
981 if (sm->fils_completed) {
983 "FILS authentication already completed - do not start 4-way handshake");
985 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
986 sm->Pair = true;
991 if (sm->started) {
992 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
993 sm->ReAuthenticationRequest = true;
999 sm->started = 1;
1001 sm->Init = true;
1004 sm->Init = false;
1005 sm->AuthenticationRequest = true;
1012 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
1018 sm->wpa_key_mgmt = 0;
1029 if (WPA_GET_BE32(sm->ip_addr)) {
1033 sm->ip_addr[0], sm->ip_addr[1],
1034 sm->ip_addr[2], sm->ip_addr[3],
1036 sm->ip_addr_bit);
1037 bitfield_clear(sm->wpa_auth->ip_pool, sm->ip_addr_bit);
1040 if (sm->GUpdateStationKeys)
1043 os_free(sm->assoc_resp_ftie);
1044 wpabuf_free(sm->ft_pending_req_ies);
1046 os_free(sm->last_rx_eapol_key);
1047 os_free(sm->wpa_ie);
1048 os_free(sm->rsnxe);
1051 wpa_group_put(sm->mld_links[link_id].wpa_auth,
1052 sm->mld_links[link_id].wpa_auth->group);
1053 sm->mld_links[link_id].wpa_auth = NULL;
1056 wpa_group_put(sm->wpa_auth, sm->group);
1058 wpabuf_clear_free(sm->dpp_z);
1071 wpa_auth = sm->wpa_auth;
1072 if (wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
1076 "strict rekeying - force GTK rekey since STA is leaving");
1079 if (wpa_auth->is_ml && !wpa_auth->primary_auth)
1084 primary_auth, NULL) == -1)
1090 sm->pending_1_of_4_timeout = 0;
1096 if (sm->in_step_loop) {
1102 sm->pending_deinit = 1;
1113 if (!sm->use_ext_key_id && sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
1117 sm->Disconnect = true;
1119 sm->disconnect_reason =
1122 if (sm->use_ext_key_id)
1123 sm->keyidx_active ^= 1; /* flip Key ID */
1124 sm->PTKRequest = true;
1125 sm->PTK_valid = 0;
1169 /* Verify that PMKR1Name from EAPOL-Key message 2/4 matches the value
1172 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
1175 "FT: No PMKR1Name in FT 4-way handshake message 2/4");
1176 return -1;
1179 if (wpa_parse_wpa_ie_rsn(sm->wpa_ie, sm->wpa_ie_len, &assoc_ie) < 0) {
1190 if (os_memcmp_const(pmkid, sm->pmk_r1_name,
1218 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
1220 "PMKR1Name mismatch in FT 4-way handshake");
1225 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1226 return -1;
1229 if (!kde->mdie || !kde->ftie) {
1231 "FT: No %s in FT 4-way handshake message 2/4",
1232 kde->mdie ? "FTIE" : "MDIE");
1233 return -1;
1236 mdie = (struct rsn_mdie *) (kde->mdie + 2);
1237 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
1238 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
1241 return -1;
1244 if (sm->assoc_resp_ftie &&
1245 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
1246 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
1247 2 + sm->assoc_resp_ftie[1]) != 0)) {
1249 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
1250 kde->ftie, kde->ftie_len);
1252 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
1253 return -1;
1264 /* Supplicant reported a Michael MIC error */
1266 "received EAPOL-Key Error Request (STA detected Michael MIC failure (group=%d))",
1269 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
1271 "ignore Michael MIC failure report since group cipher is not TKIP");
1272 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
1274 "ignore Michael MIC failure report since pairwise cipher is not TKIP");
1279 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
1280 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
1303 int ret = -1;
1307 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
1308 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
1309 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
1310 sm->p2p_dev_addr, pmk, &pmk_len,
1315 if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
1316 os_memcpy(sm->xxkey, pmk, pmk_len);
1317 sm->xxkey_len = pmk_len;
1321 pmk = sm->PMK;
1322 pmk_len = sm->pmk_len;
1325 if (wpa_derive_ptk(sm, sm->alt_SNonce, pmk, pmk_len, &PTK, 0,
1330 if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
1332 if (sm->PMK != pmk) {
1333 os_memcpy(sm->PMK, pmk, pmk_len);
1334 sm->pmk_len = pmk_len;
1340 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
1341 wpa_key_mgmt_sae(sm->wpa_key_mgmt))
1347 "WPA: Earlier SNonce did not result in matching MIC");
1352 "WPA: Earlier SNonce resulted in matching MIC");
1353 sm->alt_snonce_valid = 0;
1355 if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
1356 wpa_auth_update_vlan(sm->wpa_auth, sm->addr, vlan_id) < 0)
1360 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt) && !sm->ft_completed) {
1361 wpa_printf(MSG_DEBUG, "FT: Store PMK-R0/PMK-R1");
1367 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
1368 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1370 sm->PTK_valid = true;
1384 for (group = wpa_auth->group; group; group = group->next) {
1385 if (group->GKeyDoneStations)
1404 if (!wpa_use_akm_defined(sm->wpa_key_mgmt) &&
1405 wpa_use_cmac(sm->wpa_key_mgmt) &&
1409 "advertised support for AES-128-CMAC, but did not use it");
1413 if (sm->pairwise != WPA_CIPHER_TKIP &&
1414 !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
1415 !wpa_use_cmac(sm->wpa_key_mgmt) &&
1419 "did not use HMAC-SHA1-AES with CCMP/GCMP");
1423 if (wpa_use_akm_defined(sm->wpa_key_mgmt) &&
1427 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
1440 if (sm->req_replay_counter_used &&
1441 os_memcmp(replay_counter, sm->req_replay_counter,
1445 "received EAPOL-Key request with replayed counter");
1463 key->replay_counter);
1465 if (wpa_replay_counter_valid(sm->key_replay, key->replay_counter))
1469 wpa_replay_counter_valid(sm->prev_key_replay,
1470 key->replay_counter) &&
1471 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1472 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1475 * WZC) update SNonce for each EAPOL-Key 2/4. This
1478 * even if we have already sent out EAPOL-Key 3/4.
1482 "Process SNonce update from STA based on retransmitted EAPOL-Key 1/4");
1483 sm->update_snonce = 1;
1484 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1485 sm->alt_snonce_valid = true;
1486 os_memcpy(sm->alt_replay_counter,
1487 sm->key_replay[0].counter,
1492 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1493 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1494 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1498 * there was two EAPOL-Key 2/4 messages and they had
1503 …"Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPO…
1508 wpa_replay_counter_valid(sm->prev_key_replay,
1509 key->replay_counter) &&
1510 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1513 "ignore retransmitted EAPOL-Key %s - SNonce did not change",
1518 "received EAPOL-Key %s with unexpected replay counter",
1522 if (!sm->key_replay[i].valid)
1525 sm->key_replay[i].counter,
1529 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1545 u8 *mic; local
1549 if (!wpa_auth || !wpa_auth->conf.wpa || !sm)
1554 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
1558 wpa_printf(MSG_DEBUG, "WPA: Ignore too short EAPOL-Key frame");
1564 mic = (u8 *) (key + 1);
1565 key_info = WPA_GET_BE16(key->key_info);
1566 key_data = mic + mic_len + 2;
1567 key_data_length = WPA_GET_BE16(mic + mic_len);
1568 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
1570 MAC2STR(wpa_auth_get_spa(sm)), key_info, key->type,
1573 "WPA: EAPOL-Key header (ending before Key MIC)",
1575 wpa_hexdump(MSG_MSGDUMP, "WPA: EAPOL-Key Key MIC",
1576 mic, mic_len);
1577 if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
1579 "WPA: Invalid EAPOL-Key frame - key_data overflow (%d > %zu)",
1581 data_len - sizeof(*hdr) - keyhdrlen);
1585 if (sm->wpa == WPA_VERSION_WPA2) {
1586 if (key->type == EAPOL_KEY_TYPE_WPA) {
1592 "Workaround: Allow EAPOL-Key with unexpected WPA type in RSN mode");
1593 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
1595 "Ignore EAPOL-Key with unexpected type %d in RSN mode",
1596 key->type);
1600 if (key->type != EAPOL_KEY_TYPE_WPA) {
1602 "Ignore EAPOL-Key with unexpected type %d in WPA mode",
1603 key->type);
1608 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
1611 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1613 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
1625 sm->PTK_valid &&
1628 wpa_use_aes_key_wrap(sm->wpa_key_mgmt)) &&
1630 key_data_length -= 8; /* AES-WRAP adds 8 bytes */
1635 if (aes_unwrap(sm->PTK.kek, sm->PTK.kek_len,
1638 "RSN: AES unwrap failed - could not decrypt EAPOL-Key key data");
1642 wpa_hexdump_key(MSG_DEBUG, "RSN: Decrypted EAPOL-Key Key Data",
1653 (sm->wpa == WPA_VERSION_WPA2 &&
1671 if (sm->wpa == WPA_VERSION_WPA2 && mic_len == 0 &&
1674 "WPA: Encr Key Data bit not set even though AEAD cipher is supposed to be used - drop frame");
1681 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
1682 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1683 (!sm->update_snonce ||
1684 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
1687 "received EAPOL-Key msg 2/4 in invalid state (%d) - dropped",
1688 sm->wpa_ptk_state);
1691 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
1692 if (sm->group->reject_4way_hs_for_entropy) {
1695 * strong random numbers. Reject the first 4-way
1703 "WPA: Reject 4-way handshake to collect more entropy for random number generation");
1705 wpa_sta_disconnect(wpa_auth, sm->addr,
1711 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1712 !sm->PTK_valid) {
1715 "received EAPOL-Key msg 4/4 in invalid state (%d) - dropped",
1716 sm->wpa_ptk_state);
1721 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1722 || !sm->PTK_valid) {
1725 "received EAPOL-Key msg 2/2 in invalid state (%d) - dropped",
1726 sm->wpa_ptk_group_state);
1731 if (sm->wpa_ptk_state == WPA_PTK_PTKSTART ||
1732 sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING ||
1733 sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING2 ||
1734 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1737 "received EAPOL-Key Request in invalid state (%d) - dropped",
1738 sm->wpa_ptk_state);
1745 "received EAPOL-Key frame (%s)", msgtxt);
1749 "received invalid EAPOL-Key: Key Ack set");
1753 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1756 "received invalid EAPOL-Key: Key MIC not set");
1761 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1764 "received invalid EAPOL-Key: Key MIC set");
1769 sm->MICVerified = false;
1770 if (sm->PTK_valid && !sm->update_snonce) {
1772 wpa_verify_key_mic(sm->wpa_key_mgmt, sm->pmk_len, &sm->PTK,
1774 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1778 "received EAPOL-Key with invalid MIC");
1781 "TEST: Ignore Key MIC failure for fuzz testing");
1788 wpa_aead_decrypt(sm, &sm->PTK, data, data_len,
1792 "received EAPOL-Key with invalid MIC");
1795 "TEST: Ignore Key MIC failure for fuzz testing");
1804 sm->MICVerified = true;
1806 sm->pending_1_of_4_timeout = 0;
1813 "received EAPOL-Key request without Secure=1");
1816 if (sm->MICVerified) {
1817 sm->req_replay_counter_used = 1;
1818 os_memcpy(sm->req_replay_counter, key->replay_counter,
1823 "received EAPOL-Key request with invalid MIC");
1835 "received EAPOL-Key Request for new 4-Way Handshake");
1840 "received EAPOL-Key Request for GTK rekeying");
1847 "skip new GTK rekey - already in process");
1854 wpa_replay_counter_mark_invalid(sm->key_replay,
1855 key->replay_counter);
1859 * Maintain a copy of the pending EAPOL-Key frames in
1860 * case the EAPOL-Key frame was retransmitted. This is
1861 * needed to allow EAPOL-Key msg 2/4 reply to another
1865 os_memcpy(sm->prev_key_replay, sm->key_replay,
1866 sizeof(sm->key_replay));
1868 os_memset(sm->prev_key_replay, 0,
1869 sizeof(sm->prev_key_replay));
1876 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
1879 os_free(sm->last_rx_eapol_key);
1880 sm->last_rx_eapol_key = os_memdup(data, data_len);
1881 if (!sm->last_rx_eapol_key)
1883 sm->last_rx_eapol_key_len = data_len;
1885 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
1886 sm->EAPOLKeyReceived = true;
1887 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1888 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1889 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1901 u8 *pos; local
1904 /* GTK = PRF-X(GMK, "Group key expansion",
1914 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1915 wpa_get_ntp_timestamp(pos);
1917 os_memset(pos, 0xef, 8);
1919 pos += 8;
1920 if (random_get_bytes(pos, gtk_len) < 0)
1921 ret = -1;
1926 ret = -1;
1931 ret = -1;
1935 ret = -1;
1950 if (sm->waiting_radius_psk) {
1951 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1952 "Ignore EAPOL-Key timeout while waiting for RADIUS PSK");
1956 sm->pending_1_of_4_timeout = 0;
1958 "EAPOL-Key timeout");
1959 sm->TimeoutEvt = true;
1970 struct wpa_auth_config *conf = &wpa_auth->conf;
1976 u8 *buf, *pos; local
1981 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
1988 else if (wpa_use_akm_defined(sm->wpa_key_mgmt))
1990 else if (wpa_use_cmac(sm->wpa_key_mgmt))
1992 else if (sm->pairwise != WPA_CIPHER_TKIP)
2000 …"WPA: Send EAPOL(version=%d secure=%d mic=%d ack=%d install=%d pairwise=%d kde_len=%zu keyidx=%d e…
2011 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) ||
2015 pad_len = 8 - pad_len;
2026 hdr->version = conf->eapol_version;
2027 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
2028 hdr->length = host_to_be16(len - sizeof(*hdr));
2033 key->type = sm->wpa == WPA_VERSION_WPA2 ?
2036 if (encr && sm->wpa == WPA_VERSION_WPA2)
2038 if (sm->wpa != WPA_VERSION_WPA2)
2040 WPA_PUT_BE16(key->key_info, key_info);
2042 alg = pairwise ? sm->pairwise : conf->wpa_group;
2043 if (sm->wpa == WPA_VERSION_WPA2 && !pairwise)
2044 WPA_PUT_BE16(key->key_length, 0);
2046 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
2048 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
2049 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
2050 os_memcpy(sm->key_replay[i].counter,
2051 sm->key_replay[i - 1].counter,
2054 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
2055 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
2058 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
2059 sm->key_replay[0].valid = true;
2062 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
2065 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
2076 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
2080 sm->PTK.kek, sm->PTK.kek_len);
2081 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
2084 aad_len[0] = key_mic + 2 - (u8 *) hdr;
2085 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len, kde, kde_len,
2087 wpa_printf(MSG_DEBUG, "WPA: AES-SIV encryption failed");
2100 pos = buf;
2101 os_memcpy(pos, kde, kde_len);
2102 pos += kde_len;
2105 *pos++ = 0xdd;
2108 "Plaintext EAPOL-Key Key Data (+ padding)",
2111 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) ||
2113 wpa_hexdump_key(MSG_DEBUG, "RSN: AES-WRAP using KEK",
2114 sm->PTK.kek, sm->PTK.kek_len);
2115 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
2116 (key_data_len - 8) / 8, buf, key_data)) {
2122 "RSN: Encrypted Key Data from AES-WRAP",
2126 } else if (sm->PTK.kek_len == 16) {
2131 os_memcpy(key->key_iv,
2132 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
2133 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
2134 os_memcpy(ek, key->key_iv, 16);
2135 os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len);
2149 if (!sm->PTK_valid || !mic_len) {
2152 "PTK not valid when sending EAPOL-Key frame");
2157 if (wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len,
2158 sm->wpa_key_mgmt, version,
2165 conf->corrupt_gtk_rekey_mic_probability > 0.0 &&
2166 drand48() < conf->corrupt_gtk_rekey_mic_probability) {
2169 "Corrupting group EAPOL-Key Key MIC");
2175 wpa_auth_set_eapol(wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, 1);
2176 wpa_hexdump(MSG_DEBUG, "Send EAPOL-Key msg", hdr, len);
2177 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
2178 sm->pairwise_set);
2185 if (!wpa_auth->cb->get_sta_count)
2186 return -1;
2188 return wpa_auth->cb->get_sta_count(wpa_auth->cb_ctx);
2205 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
2208 /* When delay_eapol_tx is true, delay the EAPOL-Key transmission by
2211 if (wpa_auth->conf.delay_eapol_tx &&
2212 ctr != wpa_auth->conf.wpa_pairwise_update_count) {
2213 wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO,
2214 "DELAY-EAPOL-TX-%d", ctr);
2224 if (ctr == 1 && wpa_auth->conf.tx_status) {
2234 if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
2238 sm->pending_1_of_4_timeout = 1;
2243 "WPA: Use EAPOL-Key timeout of %u ms (retry counter %u)",
2257 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN], *mic_pos; local
2261 return -1;
2266 key_info = WPA_GET_BE16(key->key_info);
2267 os_memcpy(mic, mic_pos, mic_len);
2269 if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp,
2272 os_memcmp_const(mic, mic_pos, mic_len) != 0)
2273 ret = -1;
2274 os_memcpy(mic_pos, mic, mic_len);
2281 sm->PTK_valid = false;
2282 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
2284 wpa_auth_remove_ptksa(sm->wpa_auth, sm->addr, sm->pairwise);
2286 if (wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL,
2290 if (sm->use_ext_key_id &&
2291 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 1, NULL,
2295 sm->pairwise_set = false;
2296 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2305 return -1;
2307 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
2314 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
2324 sm->DeauthenticationRequest = true;
2325 os_memset(sm->PMK, 0, sizeof(sm->PMK));
2326 sm->pmk_len = 0;
2328 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
2329 sm->xxkey_len = 0;
2330 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
2331 sm->pmk_r1_len = 0;
2336 if (!sm->started) {
2339 * manages to re-associate without the previous STA
2345 "WPA state machine had not been started - initialize now");
2346 sm->started = 1;
2347 sm->Init = true;
2350 sm->Init = false;
2351 sm->AuthenticationRequest = true;
2355 if (sm->ptkstart_without_success > 3) {
2357 "WPA: Multiple EAP reauth attempts without 4-way handshake completion, disconnect "
2358 MACSTR, MAC2STR(sm->addr));
2359 sm->Disconnect = true;
2363 if (!sm->use_ext_key_id &&
2364 sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
2368 sm->Disconnect = true;
2370 sm->disconnect_reason =
2375 if (sm->use_ext_key_id)
2376 sm->keyidx_active ^= 1; /* flip Key ID */
2378 if (sm->GUpdateStationKeys) {
2384 sm->PtkGroupInit = true;
2386 sm->ReAuthenticationRequest = true;
2395 sm->ft_completed = 1;
2406 sm->fils_completed = 1;
2412 sm->tk_already_set = false;
2417 sm->ft_completed = 0;
2420 if (sm->mgmt_frame_prot && event == WPA_AUTH)
2423 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
2429 sm->PTK_valid = false;
2430 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
2436 if (sm->in_step_loop) {
2438 * wpa_sm_step() is already running - avoid recursive call to
2441 sm->changed = true;
2451 if (sm->Init) {
2454 sm->changed = false;
2457 sm->keycount = 0;
2458 if (sm->GUpdateStationKeys)
2460 if (sm->wpa == WPA_VERSION_WPA)
2461 sm->PInitAKeys = false;
2464 sm->Pair = true;
2466 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
2468 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
2469 sm->TimeoutCtr = 0;
2470 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
2471 sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP ||
2472 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) {
2473 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2481 u16 reason = sm->disconnect_reason;
2484 sm->Disconnect = false;
2485 sm->disconnect_reason = 0;
2488 wpa_sta_disconnect(sm->wpa_auth, sm->addr, reason);
2495 sm->DeauthenticationRequest = false;
2502 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
2503 sm->PTK_valid = false;
2504 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
2506 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
2507 sm->AuthenticationRequest = false;
2514 if (group->first_sta_seen)
2519 * of collecting more randomness on embedded systems. Re-initialize the
2524 "WPA: Re-initialize GMK/Counter on first station");
2527 "WPA: Not enough entropy in random pool to proceed - reject first 4-way handshake");
2528 group->reject_4way_hs_for_entropy = true;
2530 group->first_sta_seen = true;
2531 group->reject_4way_hs_for_entropy = false;
2538 group->first_sta_seen = false;
2539 group->reject_4way_hs_for_entropy = true;
2548 wpa_group_ensure_init(sm->wpa_auth, sm->group);
2549 sm->ReAuthenticationRequest = false;
2552 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
2554 * incremented by one for each 4-way handshake. However, the security
2555 * analysis of 4-way handshake points out that unpredictable nonces
2560 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
2563 sm->Disconnect = true;
2566 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
2570 * re-entered on ReAuthenticationRequest without going through
2572 sm->TimeoutCtr = 0;
2578 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
2581 sm->Disconnect = true;
2582 return -1;
2584 wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
2586 sm->TimeoutCtr = 0;
2598 sm->xxkey_len = 0;
2600 if (sm->pmksa) {
2602 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
2603 sm->pmk_len = sm->pmksa->pmk_len;
2605 } else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP) {
2607 "DPP: No PMKSA cache entry for STA - reject connection");
2608 sm->Disconnect = true;
2609 sm->disconnect_reason = WLAN_REASON_INVALID_PMKID;
2612 } else if (wpa_auth_get_msk(sm->wpa_auth, wpa_auth_get_spa(sm),
2616 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
2627 sm->Disconnect = true;
2630 os_memcpy(sm->PMK, msk, pmk_len);
2631 sm->pmk_len = pmk_len;
2634 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
2635 os_memcpy(sm->xxkey, msk, SHA384_MAC_LEN);
2636 sm->xxkey_len = SHA384_MAC_LEN;
2638 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
2639 sm->xxkey_len = PMK_LEN;
2645 sm->wpa_auth->cb->get_msk);
2646 sm->Disconnect = true;
2651 sm->req_replay_counter_used = 0;
2657 * eventually fail in 4-Way Handshake because Supplicant uses PMK
2660 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, false);
2670 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL,
2673 os_memcpy(sm->PMK, psk, psk_len);
2674 sm->pmk_len = psk_len;
2676 sm->xxkey_len = PMK_LEN;
2678 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
2681 sm->xxkey_len = psk_len;
2683 os_memcpy(sm->xxkey, psk, sm->xxkey_len);
2687 if (wpa_auth_uses_sae(sm) && sm->pmksa) {
2689 sm->pmksa->pmk_len);
2690 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
2691 sm->pmk_len = sm->pmksa->pmk_len;
2693 os_memcpy(sm->xxkey, sm->pmksa->pmk, sm->pmksa->pmk_len);
2694 sm->xxkey_len = sm->pmksa->pmk_len;
2698 sm->req_replay_counter_used = 0;
2710 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
2714 sm->PTKRequest = false;
2715 sm->TimeoutEvt = false;
2716 sm->alt_snonce_valid = false;
2717 sm->ptkstart_without_success++;
2719 sm->TimeoutCtr++;
2720 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
2721 /* No point in sending the EAPOL-Key - we will disconnect
2727 if (sm->mld_assoc_link_id >= 0)
2731 if (conf->eapol_m1_elements)
2732 buf_len += wpabuf_len(conf->eapol_m1_elements);
2739 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
2740 "sending 1/4 msg of 4-Way Handshake");
2743 * the PMKID KDE in EAPOL-Key msg 1/4 since it could be used to initiate
2745 * capture a 4-way handshake from a STA that has access to the network.
2748 * WPA2-PSK cases that use multiple PSKs, but only if there is a single
2755 if (sm->wpa == WPA_VERSION_WPA2 &&
2756 (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) ||
2757 (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && sm->pmksa) ||
2758 wpa_key_mgmt_sae(sm->wpa_key_mgmt)) &&
2759 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
2765 if (sm->pmksa) {
2768 sm->pmksa->pmkid, PMKID_LEN);
2770 sm->pmksa->pmkid, PMKID_LEN);
2771 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
2777 } else if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2778 if (sm->pmkid_set) {
2781 sm->pmkid, PMKID_LEN);
2783 sm->pmkid, PMKID_LEN);
2792 } else if (wpa_key_mgmt_ft(sm->wpa_key_mgmt) &&
2793 sm->ft_completed) {
2799 } else if (wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
2800 if (sm->pmkid_set) {
2803 sm->pmkid, PMKID_LEN);
2805 sm->pmkid, PMKID_LEN);
2816 * available with pre-calculated PMKID.
2818 rsn_pmkid(sm->PMK, sm->pmk_len,
2822 sm->wpa_key_mgmt);
2832 if (sm->mld_assoc_link_id >= 0) {
2837 sm->wpa_auth->mld_addr, ETH_ALEN, NULL, 0);
2843 if (conf->eapol_m1_elements) {
2844 os_memcpy(buf + kde_len, wpabuf_head(conf->eapol_m1_elements),
2845 wpabuf_len(conf->eapol_m1_elements));
2846 kde_len += wpabuf_len(conf->eapol_m1_elements);
2851 if (sm->pairwise_set && sm->wpa != WPA_VERSION_WPA)
2853 wpa_send_eapol(sm->wpa_auth, sm, key_info, NULL,
2854 sm->ANonce, kde_len ? buf : NULL, kde_len, 0, 0);
2870 if (sm->wpa_auth->conf.force_kdk_derivation ||
2871 (!no_kdk && sm->wpa_auth->conf.secure_ltf &&
2872 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
2878 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2879 if (sm->ft_completed) {
2882 ret = wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len,
2883 sm->SNonce, sm->ANonce,
2886 sm->pmk_r1_name, ptk,
2887 ptk_name, sm->wpa_key_mgmt,
2888 sm->pairwise, kdk_len);
2900 if (!no_kdk && sm->wpa_auth->conf.secure_ltf &&
2901 ieee802_11_rsnx_capab(sm->rsnxe,
2903 ret = wpa_ltf_keyseed(ptk, sm->wpa_key_mgmt,
2904 sm->pairwise);
2916 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_z) {
2917 z = wpabuf_head(sm->dpp_z);
2918 z_len = wpabuf_len(sm->dpp_z);
2922 akmp = sm->wpa_key_mgmt;
2927 sm->ANonce, snonce, ptk, akmp,
2928 sm->pairwise, z, z_len, kdk_len);
2936 if (!no_kdk && sm->wpa_auth->conf.secure_ltf &&
2937 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)) {
2938 ret = wpa_ltf_keyseed(ptk, sm->wpa_key_mgmt, sm->pairwise);
2962 if (sm->wpa_auth->conf.force_kdk_derivation ||
2963 (sm->wpa_auth->conf.secure_ltf &&
2964 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
2972 &sm->PTK, ick, &ick_len,
2973 sm->wpa_key_mgmt, sm->pairwise,
2979 if (sm->wpa_auth->conf.secure_ltf &&
2980 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)) {
2981 res = wpa_ltf_keyseed(&sm->PTK, sm->wpa_key_mgmt, sm->pairwise);
2990 sm->PTK_valid = true;
2991 sm->tk_already_set = false;
2995 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2996 struct wpa_auth_config *conf = &wpa_auth->conf;
3000 conf->ssid, conf->ssid_len,
3001 conf->mobility_domain,
3002 conf->r0_key_holder,
3003 conf->r0_key_holder_len,
3005 sm->wpa_key_mgmt) < 0)
3006 return -1;
3011 res = wpa_derive_pmk_r1_name(pmk_r0_name, conf->r1_key_holder,
3013 sm->pmk_r1_name,
3017 return -1;
3018 wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR1Name", sm->pmk_r1_name,
3020 sm->pmk_r1_name_valid = 1;
3031 sm->wpa_key_mgmt, sm->fils_key_auth_sta,
3032 sm->fils_key_auth_ap,
3033 &sm->fils_key_auth_len);
3037 os_memcpy(sm->SNonce, snonce, FILS_NONCE_LEN);
3038 os_memcpy(sm->ANonce, anonce, FILS_NONCE_LEN);
3049 u8 *pos; local
3057 pos = (u8 *) (key + 1);
3058 key_data_len = WPA_GET_BE16(pos);
3060 key_data_len > buf_len - sizeof(*hdr) - sizeof(*key) - 2) {
3061 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
3062 "No room for AES-SIV data in the frame");
3063 return -1;
3065 pos += 2; /* Pointing at the Encrypted Key Data field */
3069 return -1;
3071 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
3074 aad_len[0] = pos - buf;
3075 if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, key_data_len,
3077 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
3078 "Invalid AES-SIV data in the frame");
3080 return -1;
3084 key_data_len -= AES_BLOCK_SIZE;
3089 os_memcpy(pos, tmp, key_data_len);
3090 pos -= 2; /* Key Data Length field */
3091 WPA_PUT_BE16(pos, key_data_len);
3106 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
3108 "FILS: Not a FILS AKM - reject association");
3129 "FILS: %s: Could not find FILS Session element in Assoc Req - reject",
3136 "FILS: %s: Could not find FILS Session element in STA entry - reject",
3161 return -1;
3166 return -1;
3171 return -1;
3174 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) {
3176 "FILS: Unexpected Key-Auth length %d (expected %zu)",
3178 sm->fils_key_auth_len);
3179 return -1;
3182 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_sta,
3183 sm->fils_key_auth_len) != 0) {
3184 wpa_printf(MSG_DEBUG, "FILS: Key-Auth mismatch");
3185 wpa_hexdump(MSG_DEBUG, "FILS: Received Key-Auth",
3187 wpa_hexdump(MSG_DEBUG, "FILS: Expected Key-Auth",
3188 sm->fils_key_auth_sta, sm->fils_key_auth_len);
3189 return -1;
3198 u8 *pos, size_t left) argument
3205 if (!sm || !sm->PTK_valid) {
3208 return -1;
3211 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
3213 "FILS: Not a FILS AKM - reject association");
3214 return -1;
3218 fc = le_to_host16(mgmt->frame_control);
3221 ie_start = mgmt->u.reassoc_req.variable;
3223 ie_start = mgmt->u.assoc_req.variable;
3230 session = wpa_fils_validate_fils_session(sm, ie, end - ie,
3234 return -1;
3239 if (end - crypt < AES_BLOCK_SIZE) {
3241 "FILS: Too short frame to include AES-SIV data");
3242 return -1;
3245 /* AES-SIV AAD vectors */
3248 aad[0] = mgmt->sa;
3251 aad[1] = mgmt->da;
3254 aad[2] = sm->SNonce;
3257 aad[3] = sm->ANonce;
3263 aad[4] = (const u8 *) &mgmt->u.assoc_req.capab_info;
3264 aad_len[4] = crypt - aad[4];
3266 if (aes_siv_decrypt(sm->PTK.kek, sm->PTK.kek_len, crypt, end - crypt,
3267 5, aad, aad_len, pos + (crypt - ie_start)) < 0) {
3269 "FILS: Invalid AES-SIV data in the frame");
3270 return -1;
3273 pos, left - AES_BLOCK_SIZE);
3275 if (wpa_fils_validate_key_confirm(sm, pos, left - AES_BLOCK_SIZE) < 0) {
3277 return -1;
3280 return left - AES_BLOCK_SIZE;
3289 u8 *pos = buf + current_len; local
3295 if (!sm || !sm->PTK_valid)
3296 return -1;
3304 /* AES-SIV AAD vectors */
3307 aad[0] = mgmt->sa;
3310 aad[1] = mgmt->da;
3313 aad[2] = sm->ANonce;
3316 aad[3] = sm->SNonce;
3323 aad[4] = (const u8 *) &mgmt->u.assoc_resp.capab_info;
3324 aad_len[4] = pos - aad[4];
3326 /* The following elements will be encrypted with AES-SIV */
3330 return -1;
3333 if (pos + wpabuf_len(plain) + AES_BLOCK_SIZE > end) {
3337 return -1;
3343 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len,
3345 5, aad, aad_len, pos) < 0) {
3347 return -1;
3352 pos, AES_BLOCK_SIZE + wpabuf_len(plain));
3356 sm->fils_completed = 1;
3372 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
3375 if (conf->transition_disable)
3385 wpabuf_put_u8(plain, 1 + sm->fils_key_auth_len); /* Length */
3388 wpabuf_put_data(plain, sm->fils_key_auth_ap, sm->fils_key_auth_len);
3397 gsm = sm->group;
3401 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN,
3404 gtk = gsm->GTK[gsm->GN - 1];
3405 gtk_len = gsm->GTK_len;
3406 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
3417 hdr[0] = gsm->GN & 0x03;
3422 wpabuf_put(plain, tmp2 - tmp);
3427 wpabuf_put(plain, tmp2 - tmp);
3429 if (conf->transition_disable) {
3432 &conf->transition_disable, 1, NULL, 0);
3433 wpabuf_put(plain, tmp2 - tmp);
3436 *len = (u8 *) wpabuf_put(plain, 0) - len - 1;
3441 u8 *pos; local
3443 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3450 if (conf->oci_freq_override_fils_assoc) {
3452 "TEST: Override OCI frequency %d -> %u MHz",
3454 conf->oci_freq_override_fils_assoc);
3455 ci.frequency = conf->oci_freq_override_fils_assoc;
3459 pos = wpabuf_put(plain, OCV_OCI_EXTENDED_LEN);
3460 if (ocv_insert_extended_oci(&ci, pos) < 0) {
3476 if (!sm || !sm->PTK_valid) {
3478 return -1;
3480 if (sm->tk_already_set) {
3482 return -1;
3485 alg = wpa_cipher_to_alg(sm->pairwise);
3486 klen = wpa_cipher_key_len(sm->pairwise);
3489 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
3490 sm->PTK.tk, klen, KEY_FLAG_PAIRWISE_RX_TX)) {
3492 return -1;
3496 if (sm->wpa_auth->conf.secure_ltf &&
3497 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) &&
3498 wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
3499 sm->PTK.ltf_keyseed,
3500 sm->PTK.ltf_keyseed_len)) {
3503 return -1;
3507 sm->pairwise_set = true;
3508 sm->tk_already_set = true;
3510 wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
3511 dot11RSNAConfigPMKLifetime, &sm->PTK);
3521 u8 *pos = buf; local
3524 *pos++ = WLAN_EID_EXTENSION; /* Element ID */
3525 *pos++ = 1 + FILS_SESSION_LEN; /* Length */
3526 *pos++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
3527 os_memcpy(pos, fils_session, FILS_SESSION_LEN);
3528 pos += FILS_SESSION_LEN;
3536 os_memcpy(pos, wpabuf_head(plain), wpabuf_len(plain));
3537 pos += wpabuf_len(plain);
3542 sm->fils_completed = 1;
3543 return pos;
3553 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3555 if (!wpa_auth->cb->get_sta_tx_params)
3556 return -1;
3557 return wpa_auth->cb->get_sta_tx_params(wpa_auth->cb_ctx, sm->addr,
3571 if (sm->mld_assoc_link_id < 0)
3575 if (!kde->mac_addr ||
3576 !ether_addr_equal(kde->mac_addr, sm->peer_mld_addr)) {
3578 return -1;
3582 for_each_link(kde->valid_mlo_links, i) {
3587 if (kde->mlo_link_len[i] != 1 + ETH_ALEN) {
3590 i, kde->mlo_link_len[i]);
3591 return -1;
3594 if (!sm->mld_links[i].valid || i == sm->mld_assoc_link_id) {
3597 return -1;
3600 if (!ether_addr_equal(sm->mld_links[i].peer_addr,
3601 kde->mlo_link[i] + 1)) {
3605 MAC2STR(kde->mlo_link[i] + 1),
3606 MAC2STR(sm->mld_links[i].peer_addr), i);
3607 return -1;
3614 if (n_links != sm->n_mld_affiliated_links) {
3617 sm->n_mld_affiliated_links, n_links);
3618 return -1;
3628 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3634 const u8 *eapol_key_ie, *key_data, *mic; local
3641 int owe_ptk_workaround = !!wpa_auth->conf.owe_ptk_workaround;
3650 sm->EAPOLKeyReceived = false;
3651 sm->update_snonce = false;
3654 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
3656 derive_kdk = sm->wpa_auth->conf.secure_ltf &&
3657 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF);
3660 * WPA-PSK: iterate through possible PSKs and select the one matching
3663 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
3664 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
3665 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
3666 sm->p2p_dev_addr, pmk, &pmk_len,
3672 if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
3673 os_memcpy(sm->xxkey, pmk, pmk_len);
3674 sm->xxkey_len = pmk_len;
3678 pmk = sm->PMK;
3679 pmk_len = sm->pmk_len;
3682 if ((!pmk || !pmk_len) && sm->pmksa) {
3684 pmk = sm->pmksa->pmk;
3685 pmk_len = sm->pmksa->pmk_len;
3690 if (wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK,
3696 wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
3697 sm->last_rx_eapol_key,
3698 sm->last_rx_eapol_key_len) == 0) {
3699 if (sm->PMK != pmk) {
3700 os_memcpy(sm->PMK, pmk, pmk_len);
3701 sm->pmk_len = pmk_len;
3709 wpa_aead_decrypt(sm, &PTK, sm->last_rx_eapol_key,
3710 sm->last_rx_eapol_key_len, NULL) == 0) {
3717 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && pmk_len > 32 &&
3729 * a PTK derived without KDK would result in a matching MIC. */
3730 if (!sm->wpa_auth->conf.force_kdk_derivation &&
3738 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
3739 wpa_key_mgmt_sae(sm->wpa_key_mgmt))
3744 /* The workaround worked, so allow the 4-way handshake to be
3747 "PTK without KDK worked - misbehaving STA "
3748 MACSTR, MAC2STR(sm->addr));
3751 if (!ok && wpa_key_mgmt_wpa_psk_no_sae(sm->wpa_key_mgmt) &&
3752 wpa_auth->conf.radius_psk && wpa_auth->cb->request_radius_psk &&
3753 !sm->waiting_radius_psk) {
3754 wpa_printf(MSG_DEBUG, "No PSK available - ask RADIUS server");
3755 wpa_auth->cb->request_radius_psk(wpa_auth->cb_ctx, sm->addr,
3756 sm->wpa_key_mgmt,
3757 sm->ANonce,
3758 sm->last_rx_eapol_key,
3759 sm->last_rx_eapol_key_len);
3760 sm->waiting_radius_psk = 1;
3765 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
3767 "invalid MIC in msg 2/4 of 4-Way Handshake");
3769 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
3777 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
3779 mic = (u8 *) (key + 1);
3780 key_info = WPA_GET_BE16(key->key_info);
3781 key_data = mic + mic_len + 2;
3782 key_data_length = WPA_GET_BE16(mic + mic_len);
3783 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
3784 sizeof(*key) - mic_len - 2)
3791 !wpa_use_aes_key_wrap(sm->wpa_key_mgmt)) {
3793 "Unsupported EAPOL-Key Key Data field encryption");
3799 "RSN: Unsupported AES-WRAP len %u",
3803 key_data_length -= 8; /* AES-WRAP adds 8 bytes */
3812 "RSN: AES unwrap failed - could not decrypt EAPOL-Key key data");
3816 wpa_hexdump_key(MSG_DEBUG, "RSN: Decrypted EAPOL-Key Key Data",
3822 "received EAPOL-Key msg 2/4 with invalid Key Data contents");
3835 ft = sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt);
3836 if (!sm->wpa_ie ||
3837 wpa_compare_rsn_ie(ft, sm->wpa_ie, sm->wpa_ie_len,
3841 if (sm->wpa_ie) {
3843 sm->wpa_ie, sm->wpa_ie_len);
3847 /* MLME-DEAUTHENTICATE.request */
3848 wpa_sta_disconnect(wpa_auth, sm->addr,
3852 if ((!sm->rsnxe && kde.rsnxe) ||
3853 (sm->rsnxe && !kde.rsnxe) ||
3854 (sm->rsnxe && kde.rsnxe &&
3855 (sm->rsnxe_len != kde.rsnxe_len ||
3856 os_memcmp(sm->rsnxe, kde.rsnxe, sm->rsnxe_len) != 0))) {
3858 "RSNXE from (Re)AssocReq did not match the one in EAPOL-Key msg 2/4");
3860 sm->rsnxe, sm->rsnxe_len);
3861 wpa_hexdump(MSG_DEBUG, "RSNXE in EAPOL-Key msg 2/4",
3863 /* MLME-DEAUTHENTICATE.request */
3864 wpa_sta_disconnect(wpa_auth, sm->addr,
3878 "Failed to get channel info to validate received OCI in EAPOL-Key 2/4");
3900 if (wpa_auth->conf.msg_ctx)
3901 wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
3903 " frame=eapol-key-m2 error=%s",
3912 wpa_sta_disconnect(wpa_auth, sm->addr,
3919 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
3922 "P2P: IP address requested in EAPOL-Key exchange");
3923 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
3925 u32 start = WPA_GET_BE32(wpa_auth->conf.ip_addr_start);
3926 bitfield_set(wpa_auth->ip_pool, idx);
3927 sm->ip_addr_bit = idx;
3928 WPA_PUT_BE32(sm->ip_addr, start + idx);
3932 sm->ip_addr[0], sm->ip_addr[1],
3933 sm->ip_addr[2], sm->ip_addr[3],
3935 sm->ip_addr_bit);
3945 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP &&
3946 wpa_auth->conf.dpp_pfs != 2 &&
3948 !sm->dpp_z) {
3951 wpa_sta_disconnect(wpa_auth, sm->addr,
3959 wpa_sta_disconnect(wpa_auth, sm->addr,
3964 if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
3965 wpa_auth_update_vlan(wpa_auth, sm->addr, vlan_id) < 0) {
3966 wpa_sta_disconnect(wpa_auth, sm->addr,
3971 sm->pending_1_of_4_timeout = 0;
3972 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
3974 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) {
3978 os_memcpy(sm->PMK, pmk, PMK_LEN);
3979 sm->pmk_len = PMK_LEN;
3982 sm->MICVerified = true;
3985 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt) && !sm->ft_completed) {
3986 wpa_printf(MSG_DEBUG, "FT: Store PMK-R0/PMK-R1");
3992 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
3994 sm->PTK_valid = true;
4005 sm->TimeoutCtr = 0;
4012 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
4014 if (sm->mgmt_frame_prot) {
4016 len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4019 if (wpa_auth->conf.tx_bss_auth)
4020 wpa_auth = wpa_auth->conf.tx_bss_auth;
4021 if (sm->mgmt_frame_prot && sm->wpa_auth->conf.beacon_prot) {
4023 len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4030 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) argument
4034 struct wpa_group *gsm = sm->group;
4036 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
4037 struct wpa_auth_config *conf = &wpa_auth->conf;
4038 size_t len = wpa_cipher_key_len(conf->group_mgmt_cipher);
4040 if (!sm->mgmt_frame_prot)
4041 return pos;
4044 if (sm->mld_assoc_link_id >= 0)
4045 return pos; /* Use per-link MLO KDEs instead */
4048 igtk.keyid[0] = gsm->GN_igtk;
4050 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
4051 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
4055 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
4056 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
4062 return pos;
4064 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
4069 if (wpa_auth->conf.tx_bss_auth) {
4070 wpa_auth = wpa_auth->conf.tx_bss_auth;
4071 conf = &wpa_auth->conf;
4072 len = wpa_cipher_key_len(conf->group_mgmt_cipher);
4073 gsm = wpa_auth->group;
4076 if (!sm->wpa_auth->conf.beacon_prot)
4077 return pos;
4079 bigtk.keyid[0] = gsm->GN_bigtk;
4081 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
4082 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_bigtk, rsc) < 0)
4086 os_memcpy(bigtk.bigtk, gsm->BIGTK[gsm->GN_bigtk - 6], len);
4087 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
4093 return pos;
4095 pos = wpa_add_kde(pos, RSN_KEY_DATA_BIGTK,
4100 return pos;
4123 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
4126 return -1;
4131 "TEST: Override OCI KDE frequency %d -> %u MHz",
4163 *len - (elem - buf) - elem_len);
4164 *len -= elem_len;
4182 struct wpa_group *gsm = a->group;
4187 info->link_id, mgmt_frame_prot, beacon_prot);
4189 info->gtkidx = gsm->GN & 0x03;
4190 info->gtk = gsm->GTK[gsm->GN - 1];
4191 info->gtk_len = gsm->GTK_len;
4193 if (wpa_auth_get_seqnum(a, NULL, gsm->GN, rsc) < 0)
4194 os_memset(info->pn, 0, sizeof(info->pn));
4196 os_memcpy(info->pn, rsc, sizeof(info->pn));
4201 info->igtkidx = gsm->GN_igtk;
4202 info->igtk = gsm->IGTK[gsm->GN_igtk - 4];
4203 info->igtk_len = wpa_cipher_key_len(a->conf.group_mgmt_cipher);
4205 if (wpa_auth_get_seqnum(a, NULL, gsm->GN_igtk, rsc) < 0)
4206 os_memset(info->ipn, 0, sizeof(info->ipn));
4208 os_memcpy(info->ipn, rsc, sizeof(info->ipn));
4213 if (a->conf.tx_bss_auth) {
4214 a = a->conf.tx_bss_auth;
4215 gsm = a->group;
4218 info->bigtkidx = gsm->GN_bigtk;
4219 info->bigtk = gsm->BIGTK[gsm->GN_bigtk - 6];
4221 if (wpa_auth_get_seqnum(a, NULL, gsm->GN_bigtk, rsc) < 0)
4222 os_memset(info->bipn, 0, sizeof(info->bipn));
4224 os_memcpy(info->bipn, rsc, sizeof(info->bipn));
4231 if (!wpa_auth->cb->get_ml_key_info)
4234 wpa_auth->cb->get_ml_key_info(wpa_auth->cb_ctx, info);
4244 if (sm->mld_assoc_link_id < 0)
4248 if (!sm->mld_links[link_id].valid)
4251 wpa_auth = sm->mld_links[link_id].wpa_auth;
4252 if (!wpa_auth || !wpa_auth->group)
4258 kde_len += wpa_auth->group->GTK_len;
4260 if (!sm->mgmt_frame_prot)
4263 if (wpa_auth->conf.tx_bss_auth)
4264 wpa_auth = wpa_auth->conf.tx_bss_auth;
4269 kde_len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4271 if (!wpa_auth->conf.beacon_prot)
4277 kde_len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4286 static u8 * wpa_auth_ml_group_kdes(struct wpa_state_machine *sm, u8 *pos) argument
4290 u8 *start = pos;
4294 ml_key_info.n_mld_links = sm->n_mld_affiliated_links + 1;
4300 ml_key_info.mgmt_frame_prot = sm->mgmt_frame_prot;
4301 ml_key_info.beacon_prot = sm->wpa_auth->conf.beacon_prot;
4304 if (!sm->mld_links[link_id].valid)
4310 wpa_auth_get_ml_key_info(sm->wpa_auth, &ml_key_info);
4314 if (!sm->mld_links[link_id].valid ||
4323 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
4324 *pos++ = RSN_SELECTOR_LEN + 1 + 6 +
4327 RSN_SELECTOR_PUT(pos, RSN_KEY_DATA_MLO_GTK);
4328 pos += RSN_SELECTOR_LEN;
4330 *pos++ = (ml_key_info.links[i].gtkidx & 0x3) | (link_id << 4);
4332 os_memcpy(pos, ml_key_info.links[i].pn, 6);
4333 pos += 6;
4335 os_memcpy(pos, ml_key_info.links[i].gtk,
4337 pos += ml_key_info.links[i].gtk_len;
4342 if (!sm->mgmt_frame_prot) {
4344 pos - start);
4345 return pos;
4350 if (!sm->mld_links[link_id].valid ||
4359 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
4360 *pos++ = RSN_SELECTOR_LEN + 2 + 1 +
4364 RSN_SELECTOR_PUT(pos, RSN_KEY_DATA_MLO_IGTK);
4365 pos += RSN_SELECTOR_LEN;
4368 *pos++ = ml_key_info.links[i].igtkidx;
4369 *pos++ = 0;
4372 os_memcpy(pos, ml_key_info.links[i].ipn,
4374 pos += sizeof(ml_key_info.links[i].ipn);
4376 *pos++ = ml_key_info.links[i].link_id << 4;
4378 os_memcpy(pos, ml_key_info.links[i].igtk,
4380 pos += ml_key_info.links[i].igtk_len;
4385 if (!sm->wpa_auth->conf.beacon_prot) {
4387 pos - start);
4388 return pos;
4393 if (!sm->mld_links[link_id].valid ||
4403 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
4404 *pos++ = RSN_SELECTOR_LEN + 2 + 1 +
4408 RSN_SELECTOR_PUT(pos, RSN_KEY_DATA_MLO_BIGTK);
4409 pos += RSN_SELECTOR_LEN;
4412 *pos++ = ml_key_info.links[i].bigtkidx;
4413 *pos++ = 0;
4416 os_memcpy(pos, ml_key_info.links[i].bipn,
4418 pos += sizeof(ml_key_info.links[i].bipn);
4420 *pos++ = ml_key_info.links[i].link_id << 4;
4422 os_memcpy(pos, ml_key_info.links[i].bigtk,
4424 pos += ml_key_info.links[i].igtk_len;
4429 wpa_printf(MSG_DEBUG, "RSN: MLO Group KDE len = %ld", pos - start);
4430 return pos;
4443 if (sm->mld_assoc_link_id < 0)
4454 wpa_auth = wpa_get_link_auth(sm->wpa_auth, link_id);
4459 ie = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4463 ie = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4476 static u8 * wpa_auth_ml_kdes(struct wpa_state_machine *sm, u8 *pos) argument
4480 u8 *start = pos;
4482 if (sm->mld_assoc_link_id < 0)
4483 return pos;
4486 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR,
4487 sm->wpa_auth->mld_addr, ETH_ALEN, NULL, 0);
4494 wpa_auth = wpa_get_link_auth(sm->wpa_auth, link_id);
4498 rsne = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4502 rsnxe = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4511 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
4512 *pos++ = RSN_SELECTOR_LEN + 1 + ETH_ALEN +
4515 RSN_SELECTOR_PUT(pos, RSN_KEY_DATA_MLO_LINK);
4516 pos += RSN_SELECTOR_LEN;
4519 *pos = link_id;
4521 *pos |= RSN_MLO_LINK_KDE_LI_RSNE_INFO;
4523 *pos |= RSN_MLO_LINK_KDE_LI_RSNXE_INFO;
4525 pos++;
4526 os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
4527 pos += ETH_ALEN;
4530 os_memcpy(pos, rsne, rsne_len);
4531 pos += rsne_len;
4535 os_memcpy(pos, rsnxe, rsnxe_len);
4536 pos += rsnxe_len;
4540 wpa_printf(MSG_DEBUG, "RSN: MLO Link KDE len = %ld", pos - start);
4541 pos = wpa_auth_ml_group_kdes(sm, pos);
4544 return pos;
4550 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde = NULL, *pos, stub_gtk[32]; local
4552 struct wpa_group *gsm = sm->group;
4557 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
4559 bool is_mld = sm->mld_assoc_link_id >= 0;
4565 sm->TimeoutEvt = false;
4567 sm->TimeoutCtr++;
4568 if (conf->wpa_disable_eapol_key_retries && sm->TimeoutCtr > 1) {
4569 /* Do not allow retransmission of EAPOL-Key msg 3/4 */
4572 if (sm->TimeoutCtr > conf->wpa_pairwise_update_count) {
4573 /* No point in sending the EAPOL-Key - we will disconnect
4578 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
4582 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
4583 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
4584 wpa_ie = sm->wpa_auth->wpa_ie;
4585 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
4586 if (sm->wpa == WPA_VERSION_WPA && (conf->wpa & WPA_PROTO_RSN) &&
4588 /* WPA-only STA, remove RSN IE and possible MDIE */
4597 if (conf->rsne_override_eapol_set) {
4600 conf->rsne_override_eapol,
4601 conf->rsne_override_eapol_len);
4606 if (conf->rsnxe_override_eapol_set) {
4609 conf->rsnxe_override_eapol,
4610 conf->rsnxe_override_eapol_len);
4616 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
4617 "sending 3/4 msg of 4-Way Handshake");
4618 if (sm->wpa == WPA_VERSION_WPA2) {
4619 if (sm->use_ext_key_id && sm->TimeoutCtr == 1 &&
4620 wpa_auth_set_key(sm->wpa_auth, 0,
4621 wpa_cipher_to_alg(sm->pairwise),
4622 sm->addr,
4623 sm->keyidx_active, sm->PTK.tk,
4624 wpa_cipher_key_len(sm->pairwise),
4626 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4632 if (sm->wpa_auth->conf.secure_ltf &&
4633 ieee802_11_rsnx_capab(sm->rsnxe,
4635 wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
4636 sm->PTK.ltf_keyseed,
4637 sm->PTK.ltf_keyseed_len)) {
4640 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4646 /* WPA2 send GTK in the 4-way handshake */
4648 gtk = gsm->GTK[gsm->GN - 1];
4649 gtk_len = gsm->GTK_len;
4650 if (conf->disable_gtk ||
4651 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
4660 gtkidx = gsm->GN;
4670 if (sm->rx_eapol_key_secure) {
4674 * MIC failure and it then rejects the 4-way handshake
4679 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
4681 "STA used Secure bit in WPA msg 2/4 - set Secure for 3/4 as workaround");
4688 if (sm->use_ext_key_id)
4694 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4700 if (WPA_GET_BE32(sm->ip_addr) > 0)
4704 if (conf->transition_disable)
4708 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP)
4714 if (sm->ssid_protection)
4715 kde_len += 2 + conf->ssid_len;
4718 if (conf->eapol_m3_elements)
4719 kde_len += wpabuf_len(conf->eapol_m3_elements);
4726 pos = kde;
4728 os_memcpy(pos, wpa_ie, wpa_ie_len);
4729 pos += wpa_ie_len;
4732 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4736 elen = pos - kde;
4737 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name, true);
4740 "FT: Failed to insert PMKR1Name into RSN IE in EAPOL-Key data");
4743 pos -= wpa_ie_len;
4744 pos += elen;
4749 if (sm->use_ext_key_id) {
4750 hdr[0] = sm->keyidx_active & 0x01;
4751 pos = wpa_add_kde(pos, RSN_KEY_DATA_KEYID, hdr, 2, NULL, 0);
4756 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
4759 pos = ieee80211w_kde_add(sm, pos);
4760 if (ocv_oci_add(sm, &pos, conf->oci_freq_override_eapol_m3) < 0)
4764 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4767 if (sm->assoc_resp_ftie &&
4768 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
4769 os_memcpy(pos, sm->assoc_resp_ftie,
4770 2 + sm->assoc_resp_ftie[1]);
4771 res = 2 + sm->assoc_resp_ftie[1];
4773 res = wpa_write_ftie(conf, sm->wpa_key_mgmt,
4774 sm->xxkey_len,
4775 conf->r0_key_holder,
4776 conf->r0_key_holder_len,
4777 NULL, NULL, pos,
4778 kde + kde_len - pos,
4783 "FT: Failed to insert FTIE into EAPOL-Key Key Data");
4786 pos += res;
4789 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
4790 *pos++ = 5;
4791 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
4792 WPA_PUT_LE32(pos, conf->reassociation_deadline);
4793 pos += 4;
4796 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
4797 *pos++ = 5;
4798 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
4799 WPA_PUT_LE32(pos, conf->r0_key_lifetime);
4800 pos += 4;
4804 if (WPA_GET_BE32(sm->ip_addr) > 0) {
4806 os_memcpy(addr, sm->ip_addr, 4);
4807 os_memcpy(addr + 4, conf->ip_addr_mask, 4);
4808 os_memcpy(addr + 8, conf->ip_addr_go, 4);
4809 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
4814 if (conf->transition_disable)
4815 pos = wpa_add_kde(pos, WFA_KEY_DATA_TRANSITION_DISABLE,
4816 &conf->transition_disable, 1, NULL, 0);
4819 if (DPP_VERSION > 1 && sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP) {
4824 if (conf->dpp_pfs == 0)
4826 else if (conf->dpp_pfs == 1)
4829 pos = wpa_add_kde(pos, WFA_KEY_DATA_DPP,
4834 pos = wpa_auth_ml_kdes(sm, pos);
4836 if (sm->ssid_protection) {
4837 *pos++ = WLAN_EID_SSID;
4838 *pos++ = conf->ssid_len;
4839 os_memcpy(pos, conf->ssid, conf->ssid_len);
4840 pos += conf->ssid_len;
4844 if (conf->eapol_m3_elements) {
4845 os_memcpy(pos, wpabuf_head(conf->eapol_m3_elements),
4846 wpabuf_len(conf->eapol_m3_elements));
4847 pos += wpabuf_len(conf->eapol_m3_elements);
4850 if (conf->eapol_m3_no_encrypt)
4854 wpa_send_eapol(sm->wpa_auth, sm,
4856 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
4860 _rsc, sm->ANonce, kde, pos - kde, 0, encr);
4874 const u8 *key_data, *mic; local
4878 if (sm->mld_assoc_link_id < 0)
4885 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
4887 hdr = (const struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
4889 mic = (const u8 *) (key + 1);
4890 key_data = mic + mic_len + 2;
4891 key_data_length = WPA_GET_BE16(mic + mic_len);
4892 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
4893 sizeof(*key) - mic_len - 2)
4894 return -1;
4897 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm),
4899 "received EAPOL-Key msg 4/4 with invalid Key Data contents");
4900 return -1;
4905 !ether_addr_equal(kde.mac_addr, sm->peer_mld_addr)) {
4907 "MLD: Mismatching or missing MLD address in EAPOL-Key msg 4/4");
4908 return -1;
4911 wpa_printf(MSG_DEBUG, "MLD: MLD address in EAPOL-Key msg 4/4: " MACSTR,
4922 sm->EAPOLKeyReceived = false;
4925 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4930 if (sm->Pair) {
4931 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
4932 int klen = wpa_cipher_key_len(sm->pairwise);
4935 if (sm->use_ext_key_id)
4936 res = wpa_auth_set_key(sm->wpa_auth, 0, 0, sm->addr,
4937 sm->keyidx_active, NULL, 0,
4940 res = wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr,
4941 0, sm->PTK.tk, klen,
4944 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4950 if (sm->wpa_auth->conf.secure_ltf &&
4951 ieee802_11_rsnx_capab(sm->rsnxe,
4953 wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
4954 sm->PTK.ltf_keyseed,
4955 sm->PTK.ltf_keyseed_len)) {
4958 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4964 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
4965 sm->pairwise_set = true;
4968 wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
4969 dot11RSNAConfigPMKLifetime, &sm->PTK);
4971 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
4972 sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP ||
4973 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) {
4974 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
4980 sm->keycount++;
4981 if (sm->keycount == 2) {
4982 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
4986 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
4989 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable,
4991 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, true);
4992 if (sm->wpa == WPA_VERSION_WPA)
4993 sm->PInitAKeys = true;
4995 sm->has_GTK = true;
4996 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
4998 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
4999 wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO, "EAPOL-4WAY-HS-COMPLETED "
5000 MACSTR, MAC2STR(sm->addr));
5003 wpa_ft_push_pmk_r1(sm->wpa_auth, wpa_auth_get_spa(sm));
5006 sm->ptkstart_without_success = 0;
5012 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
5013 struct wpa_auth_config *conf = &wpa_auth->conf;
5015 if (sm->Init)
5017 else if (sm->Disconnect
5020 "WPA_PTK: sm->Disconnect");
5023 else if (sm->DeauthenticationRequest)
5025 else if (sm->AuthenticationRequest)
5027 else if (sm->ReAuthenticationRequest)
5029 else if (sm->PTKRequest) {
5034 } else switch (sm->wpa_ptk_state) {
5047 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
5048 wpa_auth_get_eapol(wpa_auth, sm->addr,
5051 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
5052 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE
5055 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP)
5059 if (wpa_auth_get_eapol(wpa_auth, sm->addr,
5063 } else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && sm->pmksa) {
5067 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5070 "INITPMK - keyAvailable = false");
5075 if (wpa_auth_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
5079 } else if (wpa_auth_uses_sae(sm) && sm->pmksa) {
5082 } else if (wpa_key_mgmt_wpa_psk_no_sae(sm->wpa_key_mgmt) &&
5083 wpa_auth->conf.radius_psk) {
5085 "INITPSK: No PSK yet available for STA - use RADIUS later");
5091 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5096 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
5097 sm->EAPOLKeyPairwise)
5099 else if (sm->TimeoutCtr > conf->wpa_pairwise_update_count) {
5100 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5104 conf->wpa_pairwise_update_count);
5105 sm->disconnect_reason =
5108 } else if (sm->TimeoutEvt)
5112 if (sm->MICVerified)
5114 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
5115 sm->EAPOLKeyPairwise)
5117 else if (sm->TimeoutEvt)
5124 if (sm->update_snonce)
5126 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
5127 sm->EAPOLKeyPairwise && sm->MICVerified)
5129 else if (sm->TimeoutCtr >
5130 conf->wpa_pairwise_update_count ||
5131 (conf->wpa_disable_eapol_key_retries &&
5132 sm->TimeoutCtr > 1)) {
5133 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5137 conf->wpa_pairwise_update_count);
5138 sm->disconnect_reason =
5141 } else if (sm->TimeoutEvt)
5153 if (sm->Init) {
5156 sm->changed = false;
5158 sm->GTimeoutCtr = 0;
5165 struct wpa_group *gsm = sm->group;
5167 u8 *kde_buf = NULL, *pos, hdr[2]; local
5170 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
5174 is_mld = sm->mld_assoc_link_id >= 0;
5179 sm->GTimeoutCtr++;
5180 if (conf->wpa_disable_eapol_key_retries && sm->GTimeoutCtr > 1) {
5181 /* Do not allow retransmission of EAPOL-Key group msg 1/2 */
5184 if (sm->GTimeoutCtr > conf->wpa_group_update_count) {
5185 /* No point in sending the EAPOL-Key - we will disconnect
5190 if (sm->wpa == WPA_VERSION_WPA)
5191 sm->PInitAKeys = false;
5192 sm->TimeoutEvt = false;
5193 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
5195 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
5196 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
5197 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
5200 gtk = gsm->GTK[gsm->GN - 1];
5201 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
5206 if (random_get_bytes(stub_gtk, gsm->GTK_len) < 0)
5211 if (sm->wpa == WPA_VERSION_WPA2 && !is_mld) {
5212 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
5218 kde = pos = kde_buf;
5219 hdr[0] = gsm->GN & 0x03;
5221 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
5222 gtk, gsm->GTK_len);
5223 pos = ieee80211w_kde_add(sm, pos);
5224 if (ocv_oci_add(sm, &pos,
5225 conf->oci_freq_override_eapol_g1) < 0) {
5229 kde_len = pos - kde;
5231 } else if (sm->wpa == WPA_VERSION_WPA2 && is_mld) {
5238 kde = pos = kde_buf;
5239 pos = wpa_auth_ml_group_kdes(sm, pos);
5240 kde_len = pos - kde_buf;
5245 kde_len = gsm->GTK_len;
5248 wpa_send_eapol(sm->wpa_auth, sm,
5250 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
5253 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
5254 rsc, NULL, kde, kde_len, gsm->GN, 1);
5262 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
5264 const u8 *key_data, *mic; local
5273 sm->EAPOLKeyReceived = false;
5276 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
5282 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
5284 mic = (u8 *) (key + 1);
5285 key_data = mic + mic_len + 2;
5286 key_data_length = WPA_GET_BE16(mic + mic_len);
5287 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
5288 sizeof(*key) - mic_len - 2)
5293 "received EAPOL-Key group msg 2/2 with invalid Key Data contents");
5305 "Failed to get channel info to validate received OCI in EAPOL-Key group 2/2");
5321 if (wpa_auth->conf.msg_ctx)
5322 wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
5324 " frame=eapol-key-g2 error=%s",
5332 if (sm->GUpdateStationKeys)
5334 sm->GTimeoutCtr = 0;
5338 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
5339 sm->has_GTK = true;
5346 if (sm->GUpdateStationKeys)
5348 if (sm->wpa_auth->conf.no_disconnect_on_group_keyerror &&
5349 sm->wpa == WPA_VERSION_WPA2) {
5350 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm),
5352 "group key handshake failed after %u tries - allow STA to remain connected",
5353 sm->wpa_auth->conf.wpa_group_update_count);
5356 sm->Disconnect = true;
5357 sm->disconnect_reason = WLAN_REASON_GROUP_KEY_UPDATE_TIMEOUT;
5358 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
5360 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN",
5361 sm->wpa_auth->conf.wpa_group_update_count);
5367 if (sm->Init || sm->PtkGroupInit) {
5369 sm->PtkGroupInit = false;
5370 } else switch (sm->wpa_ptk_group_state) {
5372 if (sm->GUpdateStationKeys ||
5373 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
5377 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
5378 !sm->EAPOLKeyPairwise && sm->MICVerified)
5380 else if (sm->GTimeoutCtr >
5381 sm->wpa_auth->conf.wpa_group_update_count ||
5382 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
5383 sm->GTimeoutCtr > 1))
5385 else if (sm->TimeoutEvt)
5401 struct wpa_auth_config *conf = &wpa_auth->conf;
5405 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
5406 inc_byte_array(group->Counter, WPA_NONCE_LEN);
5407 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
5408 wpa_auth->addr, group->GNonce,
5409 group->GTK[group->GN - 1], group->GTK_len) < 0)
5410 ret = -1;
5412 group->GTK[group->GN - 1], group->GTK_len);
5414 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
5415 len = wpa_cipher_key_len(conf->group_mgmt_cipher);
5416 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
5417 inc_byte_array(group->Counter, WPA_NONCE_LEN);
5418 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
5419 wpa_auth->addr, group->GNonce,
5420 group->IGTK[group->GN_igtk - 4], len) < 0)
5421 ret = -1;
5423 group->IGTK[group->GN_igtk - 4], len);
5426 if (!wpa_auth->non_tx_beacon_prot &&
5427 conf->ieee80211w == NO_MGMT_FRAME_PROTECTION)
5429 if (!conf->beacon_prot)
5432 if (wpa_auth->conf.tx_bss_auth) {
5433 group = wpa_auth->conf.tx_bss_auth->group;
5434 if (group->bigtk_set)
5439 len = wpa_cipher_key_len(conf->group_mgmt_cipher);
5440 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
5441 inc_byte_array(group->Counter, WPA_NONCE_LEN);
5442 if (wpa_gmk_to_gtk(group->GMK, "BIGTK key expansion",
5443 wpa_auth->addr, group->GNonce,
5444 group->BIGTK[group->GN_bigtk - 6], len) < 0)
5445 return -1;
5446 group->bigtk_set = true;
5448 group->BIGTK[group->GN_bigtk - 6], len);
5458 "WPA: group state machine entering state GTK_INIT (VLAN-ID %d)",
5459 group->vlan_id);
5460 group->changed = false; /* GInit is not cleared here; avoid loop */
5461 group->wpa_group_state = WPA_GROUP_GTK_INIT;
5464 os_memset(group->GTK, 0, sizeof(group->GTK));
5465 group->GN = 1;
5466 group->GM = 2;
5467 group->GN_igtk = 4;
5468 group->GM_igtk = 5;
5469 group->GN_bigtk = 6;
5470 group->GM_bigtk = 7;
5478 if (ctx != NULL && ctx != sm->group)
5481 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
5482 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
5485 sm->GUpdateStationKeys = false;
5488 if (sm->GUpdateStationKeys) {
5494 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
5499 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
5500 if (sm->is_wnmsleep)
5503 sm->group->GKeyDoneStations++;
5504 sm->GUpdateStationKeys = true;
5512 /* update GTK when exiting WNM-Sleep Mode */
5515 if (!sm || sm->is_wnmsleep)
5525 sm->is_wnmsleep = !!flag;
5529 int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos) argument
5531 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
5532 struct wpa_group *gsm = sm->group;
5533 u8 *start = pos;
5537 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
5540 *pos++ = WNM_SLEEP_SUBELEM_GTK;
5541 *pos++ = 11 + gsm->GTK_len;
5542 /* Key ID in B0-B1 of Key Info */
5543 WPA_PUT_LE16(pos, gsm->GN & 0x03);
5544 pos += 2;
5545 *pos++ = gsm->GTK_len;
5546 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
5548 pos += 8;
5549 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
5550 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
5555 if (random_get_bytes(pos, gsm->GTK_len) < 0)
5558 pos += gsm->GTK_len;
5560 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
5561 gsm->GN);
5562 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
5563 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
5565 return pos - start;
5569 int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos) argument
5571 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
5572 struct wpa_group *gsm = sm->group;
5573 u8 *start = pos;
5574 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
5578 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
5580 *pos++ = WNM_SLEEP_SUBELEM_IGTK;
5581 *pos++ = 2 + 6 + len;
5582 WPA_PUT_LE16(pos, gsm->GN_igtk);
5583 pos += 2;
5584 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
5586 pos += 6;
5588 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
5589 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
5594 if (random_get_bytes(pos, len) < 0)
5597 pos += len;
5599 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
5600 gsm->GN_igtk);
5601 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
5602 gsm->IGTK[gsm->GN_igtk - 4], len);
5604 return pos - start;
5608 int wpa_wnmsleep_bigtk_subelem(struct wpa_state_machine *sm, u8 *pos) argument
5610 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
5611 struct wpa_group *gsm = wpa_auth->group;
5612 u8 *start = pos;
5613 size_t len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
5617 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
5619 *pos++ = WNM_SLEEP_SUBELEM_BIGTK;
5620 *pos++ = 2 + 6 + len;
5621 WPA_PUT_LE16(pos, gsm->GN_bigtk);
5622 pos += 2;
5623 if (wpa_auth_get_seqnum(wpa_auth, NULL, gsm->GN_bigtk, pos) != 0)
5625 pos += 6;
5627 os_memcpy(pos, gsm->BIGTK[gsm->GN_bigtk - 6], len);
5628 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
5633 if (random_get_bytes(pos, len) < 0)
5636 pos += len;
5638 wpa_printf(MSG_DEBUG, "WNM: BIGTK Key ID %u in WNM-Sleep Mode exit",
5639 gsm->GN_bigtk);
5640 wpa_hexdump_key(MSG_DEBUG, "WNM: BIGTK in WNM-Sleep Mode exit",
5641 gsm->BIGTK[gsm->GN_bigtk - 6], len);
5643 return pos - start;
5654 tmp = group->GM;
5655 group->GM = group->GN;
5656 group->GN = tmp;
5657 tmp = group->GM_igtk;
5658 group->GM_igtk = group->GN_igtk;
5659 group->GN_igtk = tmp;
5660 tmp = group->GM_bigtk;
5661 group->GM_bigtk = group->GN_bigtk;
5662 group->GN_bigtk = tmp;
5665 * including all STAs that could be in not-yet-completed state. */
5674 "WPA: group state machine entering state SETKEYS (VLAN-ID %d)",
5675 group->vlan_id);
5676 group->changed = true;
5677 group->wpa_group_state = WPA_GROUP_SETKEYS;
5678 group->GTKReKey = false;
5681 if (wpa_auth->is_ml)
5687 if (group->GKeyDoneStations) {
5690 group->GKeyDoneStations);
5691 group->GKeyDoneStations = 0;
5699 group->GKeyDoneStations);
5706 struct wpa_auth_config *conf = &wpa_auth->conf;
5709 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
5710 wpa_cipher_to_alg(conf->wpa_group),
5711 broadcast_ether_addr, group->GN,
5712 group->GTK[group->GN - 1], group->GTK_len,
5714 ret = -1;
5716 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
5720 alg = wpa_cipher_to_alg(conf->group_mgmt_cipher);
5721 len = wpa_cipher_key_len(conf->group_mgmt_cipher);
5724 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
5725 broadcast_ether_addr, group->GN_igtk,
5726 group->IGTK[group->GN_igtk - 4], len,
5728 ret = -1;
5730 if (ret || !conf->beacon_prot)
5732 if (wpa_auth->conf.tx_bss_auth) {
5733 wpa_auth = wpa_auth->conf.tx_bss_auth;
5734 group = wpa_auth->group;
5735 if (!group->bigtk_set || group->bigtk_configured)
5738 if (wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
5739 broadcast_ether_addr, group->GN_bigtk,
5740 group->BIGTK[group->GN_bigtk - 6], len,
5742 ret = -1;
5744 group->bigtk_configured = true;
5753 if (sm->group == ctx) {
5757 sm->Disconnect = true;
5769 group->changed = true;
5770 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
5779 "WPA: group state machine entering state SETKEYSDONE (VLAN-ID %d)",
5780 group->vlan_id);
5781 group->changed = true;
5782 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
5786 return -1;
5796 if (group->GInit) {
5798 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
5800 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
5801 group->GTKAuthenticator) {
5803 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
5804 group->GTKReKey) {
5806 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
5807 if (group->GKeyDoneStations == 0)
5809 else if (group->GTKReKey)
5821 sm->changed = false;
5822 sm->wpa_auth->group->changed = false;
5826 sm->mld_links[link_id].wpa_auth->group->changed = false;
5837 if (!sm || !sm->wpa_auth)
5839 wpa_group_sm_step(sm->wpa_auth, sm->wpa_auth->group);
5843 wpa_group_sm_step(sm->mld_links[link_id].wpa_auth,
5844 sm->mld_links[link_id].wpa_auth->group);
5857 if (!sm || !sm->wpa_auth)
5859 changed = sm->wpa_auth->group->changed;
5863 changed |= sm->mld_links[link_id].wpa_auth->group->changed;
5875 if (sm->in_step_loop) {
5883 sm->in_step_loop = 1;
5885 if (sm->pending_deinit)
5891 if (sm->pending_deinit)
5894 if (sm->pending_deinit)
5897 } while (sm->changed || wpa_group_sm_changed(sm));
5898 sm->in_step_loop = 0;
5900 if (sm->pending_deinit) {
5934 group = wpa_auth->group;
5937 tmp = group->GM;
5938 group->GM = group->GN;
5939 group->GN = tmp;
5940 tmp = group->GM_igtk;
5941 group->GM_igtk = group->GN_igtk;
5942 group->GN_igtk = tmp;
5943 if (!wpa_auth->conf.tx_bss_auth) {
5944 tmp = group->GM_bigtk;
5945 group->GM_bigtk = group->GN_bigtk;
5946 group->GN_bigtk = tmp;
5960 #define RSN_SUITE "%02x-%02x-%02x-%d"
5977 conf = &wpa_auth->conf;
5979 ret = os_snprintf(buf + len, buflen - len,
5985 wpa_bool_txt(conf->wpa & WPA_PROTO_RSN),
5986 wpa_bool_txt(conf->rsn_preauth));
5987 if (os_snprintf_error(buflen - len, ret))
5992 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
5995 buf + len, buflen - len,
6021 !!conf->wpa_strict_rekey,
6022 conf->wpa_group_update_count,
6023 conf->wpa_pairwise_update_count,
6024 wpa_cipher_key_len(conf->wpa_group) * 8,
6028 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
6029 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
6030 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
6032 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
6033 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
6034 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
6035 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
6036 wpa_auth->dot11RSNA4WayHandshakeFailures);
6037 if (os_snprintf_error(buflen - len, ret))
6045 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
6046 wpa_auth->group->wpa_group_state);
6047 if (os_snprintf_error(buflen - len, ret))
6063 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
6067 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
6069 sm->pairwise);
6074 buf + len, buflen - len,
6085 MAC2STR(sm->addr),
6087 sm->dot11RSNAStatsTKIPLocalMICFailures,
6088 sm->dot11RSNAStatsTKIPRemoteMICFailures);
6089 if (os_snprintf_error(buflen - len, ret))
6094 ret = os_snprintf(buf + len, buflen - len,
6100 sm->wpa,
6101 RSN_SUITE_ARG(wpa_akm_to_suite(sm->wpa_key_mgmt)),
6102 sm->wpa_ptk_state,
6103 sm->wpa_ptk_group_state,
6104 sm->mfpr);
6105 if (os_snprintf_error(buflen - len, ret))
6116 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
6122 return sm && sm->pairwise_set;
6128 return sm->pairwise;
6136 *len = sm->pmk_len;
6137 return sm->PMK;
6143 if (!sm || !sm->pmksa)
6145 return sm->pmksa->dpp_pkhash;
6152 return -1;
6153 return sm->wpa_key_mgmt;
6161 return sm->wpa;
6167 if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
6169 return sm->tk_already_set;
6175 if (!sm || !wpa_key_mgmt_fils(sm->wpa_key_mgmt))
6177 return sm->tk_already_set;
6184 if (!sm || sm->pmksa != entry)
6185 return -1;
6186 sm->pmksa = NULL;
6194 return sm ? sm->pmksa : NULL;
6201 sm->dot11RSNAStatsTKIPLocalMICFailures++;
6209 *len = wpa_auth->wpa_ie_len;
6210 return wpa_auth->wpa_ie;
6218 if (!sm || sm->wpa != WPA_VERSION_WPA2 ||
6219 sm->wpa_auth->conf.disable_pmksa_caching)
6220 return -1;
6223 if (pmk_len >= 2 * PMK_LEN && wpa_key_mgmt_ft(sm->wpa_key_mgmt) &&
6224 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6225 !wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
6231 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
6239 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
6240 sm->PTK.kck, sm->PTK.kck_len,
6243 eapol, sm->wpa_key_mgmt))
6246 return -1;
6256 return -1;
6259 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, NULL,
6261 wpa_auth->addr,
6266 return -1;
6274 if (wpa_auth->conf.disable_pmksa_caching)
6275 return -1;
6280 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
6281 NULL, 0, wpa_auth->addr, addr, 0, NULL, akmp))
6284 return -1;
6290 os_memcpy(sm->pmkid, pmkid, PMKID_LEN);
6291 sm->pmkid_set = 1;
6301 if (!wpa_auth || wpa_auth->conf.disable_pmksa_caching)
6302 return -1;
6305 entry = pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
6306 NULL, 0, wpa_auth->addr, addr, session_timeout,
6309 return -1;
6312 entry->dpp_pkhash = os_memdup(dpp_pkhash, SHA256_MAC_LEN);
6323 if (!wpa_auth || !wpa_auth->pmksa)
6325 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
6329 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
6337 if (!wpa_auth || !wpa_auth->pmksa)
6339 return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
6345 if (wpa_auth && wpa_auth->pmksa)
6346 pmksa_cache_auth_flush(wpa_auth->pmksa);
6356 if (!wpa_auth || !wpa_auth->pmksa)
6359 return pmksa_cache_auth_list_mesh(wpa_auth->pmksa, addr, buf, len);
6377 entry->expiration = now.sec + expiration;
6387 if (!wpa_auth || !wpa_auth->pmksa)
6388 return -1;
6390 ret = pmksa_cache_auth_add_entry(wpa_auth->pmksa, entry);
6394 MACSTR, MAC2STR(entry->spa));
6406 if (!wpa_auth || !wpa_auth->pmksa)
6408 return wpa_auth->pmksa;
6416 if (!wpa_auth || !wpa_auth->pmksa)
6418 return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, pmkid);
6430 sm->pmksa = pmksa;
6431 os_memcpy(pmk, pmksa->pmk, pmksa->pmk_len);
6432 *pmk_len = pmksa->pmk_len;
6433 os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN);
6434 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
6446 struct wpa_group *prev = wpa_auth->group;
6448 wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
6449 group->vlan_id);
6452 if (prev->next == group) {
6454 prev->next = group->next;
6458 prev = prev->next;
6469 if (wpa_auth->group == group)
6472 group->references++;
6481 if (wpa_auth->group == group)
6484 group->references--;
6485 if (group->references)
6500 if (!wpa_auth || !wpa_auth->group)
6503 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
6509 group->next = wpa_auth->group->next;
6510 wpa_auth->group->next = group;
6520 * Returns: -1 on error (group missing, group already failed); otherwise, 0
6529 group = wpa_auth->group;
6531 if (group->vlan_id == vlan_id)
6533 group = group->next;
6539 return -1;
6547 group->num_setup_iface++;
6549 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
6550 return -1;
6558 * returns: -1 on error (group not found, group in fail state)
6559 * -2 if wpa_group is still referenced
6570 group = wpa_auth->group;
6572 if (group->vlan_id == vlan_id)
6574 group = group->next;
6578 return -1;
6584 if (group->num_setup_iface <= 0) {
6588 return -1;
6590 group->num_setup_iface--;
6592 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
6593 ret = -1;
6595 if (group->references > 1) {
6599 ret = -2;
6612 if (!sm || !sm->wpa_auth)
6615 group = sm->wpa_auth->group;
6617 if (group->vlan_id == vlan_id)
6619 group = group->next;
6623 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
6625 return -1;
6628 if (sm->group == group)
6631 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
6632 return -1;
6638 wpa_group_get(sm->wpa_auth, group);
6639 wpa_group_put(sm->wpa_auth, sm->group);
6640 sm->group = group;
6651 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
6653 if (sm->pending_1_of_4_timeout && ack) {
6656 * for each EAPOL-Key 2/4 message even within the same 4-way
6658 * deriving the PTK. This results in unsuccessful 4-way
6660 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
6666 "WPA: Increase initial EAPOL-Key 1/4 timeout by %u ms because of acknowledged frame",
6675 if (sm->eapol_status_cb) {
6676 sm->eapol_status_cb(sm->eapol_status_cb_ctx1,
6677 sm->eapol_status_cb_ctx2);
6678 sm->eapol_status_cb = NULL;
6688 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
6696 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE ||
6697 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY;
6704 if (!sm || WPA_GET_BE32(sm->ip_addr) == 0)
6705 return -1;
6706 os_memcpy(addr, sm->ip_addr, 4);
6715 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
6725 for (group = wpa_auth->group; group; group = group->next)
6745 if (a == data->auth || !a->conf.fils_cache_id_set ||
6746 os_memcmp(a->conf.fils_cache_id, data->cache_id,
6749 data->pmksa = pmksa_cache_auth_get(a->pmksa, data->spa, data->pmkid);
6750 return data->pmksa != NULL;
6760 if (!wpa_auth->conf.fils_cache_id_set)
6763 idata.cache_id = wpa_auth->conf.fils_cache_id;
6777 struct wpa_auth_config *conf = &wpa_auth->conf;
6779 return wpa_write_ftie(conf, sm->wpa_key_mgmt, sm->xxkey_len,
6780 conf->r0_key_holder, conf->r0_key_holder_len,
6790 os_memcpy(fils_anonce, sm->ANonce, WPA_NONCE_LEN);
6791 os_memcpy(fils_snonce, sm->SNonce, WPA_NONCE_LEN);
6792 os_memcpy(fils_kek, sm->PTK.kek, WPA_KEK_MAX_LEN);
6793 *fils_kek_len = sm->PTK.kek_len;
6800 os_memcpy(sm->PMK, pmk, pmk_len);
6801 sm->pmk_len = pmk_len;
6802 os_memcpy(sm->pmkid, pmkid, PMKID_LEN);
6803 sm->pmkid_set = 1;
6812 sm->auth_alg = auth_alg;
6820 wpabuf_clear_free(sm->dpp_z);
6821 sm->dpp_z = z ? wpabuf_dup(z) : NULL;
6830 sm->ssid_protection = val;
6838 wpa_auth->conf.transition_disable = val;
6848 const u8 *anonce = sm->ANonce;
6853 return -1;
6857 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
6858 "sending 1/4 msg of 4-Way Handshake (TESTING)");
6859 wpa_send_eapol(sm->wpa_auth, sm,
6870 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos; local
6873 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
6874 struct wpa_group *gsm = sm->group;
6879 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
6885 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6886 wpa_ie = sm->wpa_auth->wpa_ie;
6887 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
6888 if (sm->wpa == WPA_VERSION_WPA &&
6889 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
6891 /* WPA-only STA, remove RSN IE and possible MDIE */
6899 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
6900 "sending 3/4 msg of 4-Way Handshake (TESTING)");
6901 if (sm->wpa == WPA_VERSION_WPA2) {
6902 /* WPA2 send GTK in the 4-way handshake */
6904 gtk = gsm->GTK[gsm->GN - 1];
6905 gtk_len = gsm->GTK_len;
6906 gtkidx = gsm->GN;
6915 if (sm->rx_eapol_key_secure) {
6919 * MIC failure and it then rejects the 4-way handshake
6924 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
6926 "STA used Secure bit in WPA msg 2/4 - set Secure for 3/4 as workaround");
6933 if (sm->use_ext_key_id)
6939 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
6946 return -1;
6948 pos = kde;
6949 os_memcpy(pos, wpa_ie, wpa_ie_len);
6950 pos += wpa_ie_len;
6952 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
6956 elen = pos - kde;
6957 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name, true);
6960 "FT: Failed to insert PMKR1Name into RSN IE in EAPOL-Key data");
6962 return -1;
6964 pos -= wpa_ie_len;
6965 pos += elen;
6970 if (sm->use_ext_key_id) {
6971 hdr[0] = sm->keyidx_active & 0x01;
6972 pos = wpa_add_kde(pos, RSN_KEY_DATA_KEYID, hdr, 2, NULL, 0);
6977 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
6980 opos = pos;
6981 pos = ieee80211w_kde_add(sm, pos);
6982 if (pos - opos >= 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) {
6987 if (ocv_oci_add(sm, &pos, conf->oci_freq_override_eapol_m3) < 0) {
6989 return -1;
6993 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
6996 if (sm->assoc_resp_ftie &&
6997 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
6998 os_memcpy(pos, sm->assoc_resp_ftie,
6999 2 + sm->assoc_resp_ftie[1]);
7000 res = 2 + sm->assoc_resp_ftie[1];
7002 res = wpa_write_ftie(conf, sm->wpa_key_mgmt,
7003 sm->xxkey_len,
7004 conf->r0_key_holder,
7005 conf->r0_key_holder_len,
7006 NULL, NULL, pos,
7007 kde + kde_len - pos,
7012 "FT: Failed to insert FTIE into EAPOL-Key Key Data");
7014 return -1;
7016 pos += res;
7019 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
7020 *pos++ = 5;
7021 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
7022 WPA_PUT_LE32(pos, conf->reassociation_deadline);
7023 pos += 4;
7026 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
7027 *pos++ = 5;
7028 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
7029 WPA_PUT_LE32(pos, conf->r0_key_lifetime);
7030 pos += 4;
7034 wpa_send_eapol(sm->wpa_auth, sm,
7036 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
7040 _rsc, sm->ANonce, kde, pos - kde, 0, encr);
7051 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
7052 struct wpa_group *gsm = sm->group;
7054 u8 *kde_buf = NULL, *pos, hdr[2]; local
7059 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
7062 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
7065 gtk = gsm->GTK[gsm->GN - 1];
7066 if (sm->wpa == WPA_VERSION_WPA2) {
7067 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
7071 return -1;
7073 kde = pos = kde_buf;
7074 hdr[0] = gsm->GN & 0x03;
7076 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
7077 gtk, gsm->GTK_len);
7078 opos = pos;
7079 pos = ieee80211w_kde_add(sm, pos);
7080 if (pos - opos >=
7086 if (ocv_oci_add(sm, &pos,
7087 conf->oci_freq_override_eapol_g1) < 0) {
7089 return -1;
7091 kde_len = pos - kde;
7094 kde_len = gsm->GTK_len;
7097 sm->eapol_status_cb = cb;
7098 sm->eapol_status_cb_ctx1 = ctx1;
7099 sm->eapol_status_cb_ctx2 = ctx2;
7101 wpa_send_eapol(sm->wpa_auth, sm,
7103 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
7106 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
7107 rsc, NULL, kde, kde_len, gsm->GN, 1);
7117 return -1;
7129 return -1;
7130 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
7140 wpa_auth->conf.ft_rsnxe_used = val;
7152 wpa_auth->conf.oci_freq_override_eapol_m3 = freq;
7155 wpa_auth->conf.oci_freq_override_eapol_g1 = freq;
7158 wpa_auth->conf.oci_freq_override_ft_assoc = freq;
7161 wpa_auth->conf.oci_freq_override_fils_assoc = freq;
7171 if (!sm->waiting_radius_psk) {
7175 MAC2STR(sm->addr));
7180 MAC2STR(sm->addr), success ? "success" : "fail");
7181 sm->waiting_radius_psk = 0;
7184 /* Try to process the EAPOL-Key msg 2/4 again */
7185 sm->EAPOLKeyReceived = true;
7187 sm->Disconnect = true;
7203 os_memset(sm->mld_links, 0, sizeof(sm->mld_links));
7204 sm->n_mld_affiliated_links = 0;
7206 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
7209 os_memcpy(sm->peer_mld_addr, info->common_info.mld_addr, ETH_ALEN);
7211 sm->mld_assoc_link_id = mld_assoc_link_id;
7214 struct mld_link_info *link = &info->links[link_id];
7215 struct mld_link *sm_link = &sm->mld_links[link_id];
7218 sm_link->valid = link->valid;
7219 if (!link->valid)
7222 os_memcpy(sm_link->peer_addr, link->peer_addr, ETH_ALEN);
7227 MAC2STR(sm_link->peer_addr));
7230 sm->n_mld_affiliated_links++;
7231 ctx.addr = link->local_addr;
7233 ctx.link_id = -1;
7235 wpa_auth_for_each_auth(sm->wpa_auth,
7238 sm_link->wpa_auth = ctx.wpa_auth;
7239 wpa_group_get(sm_link->wpa_auth,
7240 sm_link->wpa_auth->group);
7243 sm_link->wpa_auth = sm->wpa_auth;
7246 if (!sm_link->wpa_auth)
7250 MAC2STR(sm->wpa_auth->mld_addr),