1 /*
2 * WPA Supplicant - WPA state machine and EAPOL-Key processing
3 * Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi>
4 * Copyright(c) 2015 Intel Deutschland GmbH
5 *
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
8 */
9
10 #include "includes.h"
11
12 #include "common.h"
13 #include "crypto/aes.h"
14 #include "crypto/aes_wrap.h"
15 #include "crypto/crypto.h"
16 #include "crypto/random.h"
17 #include "crypto/aes_siv.h"
18 #include "crypto/sha256.h"
19 #include "crypto/sha384.h"
20 #include "crypto/sha512.h"
21 #include "common/ieee802_11_defs.h"
22 #include "common/ieee802_11_common.h"
23 #include "common/ocv.h"
24 #include "common/dpp.h"
25 #include "common/wpa_ctrl.h"
26 #include "eap_common/eap_defs.h"
27 #include "eapol_supp/eapol_supp_sm.h"
28 #include "drivers/driver.h"
29 #include "wpa.h"
30 #include "eloop.h"
31 #include "preauth.h"
32 #include "pmksa_cache.h"
33 #include "wpa_i.h"
34 #include "wpa_ie.h"
35
36
37 static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
38
39
_wpa_hexdump_link(int level,u8 link_id,const char * title,const void * buf,size_t len,bool key)40 static void _wpa_hexdump_link(int level, u8 link_id, const char *title,
41 const void *buf, size_t len, bool key)
42 {
43 char *link_title = NULL;
44
45 if (link_id >= MAX_NUM_MLD_LINKS)
46 goto out;
47
48 link_title = os_malloc(os_strlen(title) + 20);
49 if (!link_title)
50 goto out;
51
52 os_snprintf(link_title, os_strlen(title) + 20, "MLO link[%u]: %s",
53 link_id, title);
54
55 out:
56 if (key)
57 wpa_hexdump_key(level, link_title ? link_title : title, buf,
58 len);
59 else
60 wpa_hexdump(level, link_title ? link_title : title, buf, len);
61 os_free(link_title);
62 }
63
64
wpa_hexdump_link(int level,u8 link_id,const char * title,const void * buf,size_t len)65 static void wpa_hexdump_link(int level, u8 link_id, const char *title,
66 const void *buf, size_t len)
67 {
68 _wpa_hexdump_link(level, link_id, title, buf, len, false);
69 }
70
71
wpa_hexdump_link_key(int level,u8 link_id,const char * title,const void * buf,size_t len)72 static void wpa_hexdump_link_key(int level, u8 link_id, const char *title,
73 const void *buf, size_t len)
74 {
75 _wpa_hexdump_link(level, link_id, title, buf, len, true);
76 }
77
78
79 /**
80 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
81 * @sm: Pointer to WPA state machine data from wpa_sm_init()
82 * @ptk: PTK for Key Confirmation/Encryption Key
83 * @ver: Version field from Key Info
84 * @dest: Destination address for the frame
85 * @proto: Ethertype (usually ETH_P_EAPOL)
86 * @msg: EAPOL-Key message
87 * @msg_len: Length of message
88 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
89 * Returns: >= 0 on success, < 0 on failure
90 */
wpa_eapol_key_send(struct wpa_sm * sm,struct wpa_ptk * ptk,int ver,const u8 * dest,u16 proto,u8 * msg,size_t msg_len,u8 * key_mic)91 int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk,
92 int ver, const u8 *dest, u16 proto,
93 u8 *msg, size_t msg_len, u8 *key_mic)
94 {
95 int ret = -1;
96 size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
97
98 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL-Key frame to " MACSTR
99 " ver=%d mic_len=%d key_mgmt=0x%x",
100 MAC2STR(dest), ver, (int) mic_len, sm->key_mgmt);
101 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
102 /*
103 * Association event was not yet received; try to fetch
104 * BSSID from the driver.
105 */
106 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
107 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
108 "WPA: Failed to read BSSID for "
109 "EAPOL-Key destination address");
110 } else {
111 dest = sm->bssid;
112 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
113 "WPA: Use BSSID (" MACSTR
114 ") as the destination for EAPOL-Key",
115 MAC2STR(dest));
116 }
117 }
118
119 if (mic_len) {
120 if (key_mic && (!ptk || !ptk->kck_len))
121 goto out;
122
123 if (key_mic &&
124 wpa_eapol_key_mic(ptk->kck, ptk->kck_len, sm->key_mgmt, ver,
125 msg, msg_len, key_mic)) {
126 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
127 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
128 ver, sm->key_mgmt);
129 goto out;
130 }
131 if (ptk)
132 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK",
133 ptk->kck, ptk->kck_len);
134 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC",
135 key_mic, mic_len);
136 } else {
137 #ifdef CONFIG_FILS
138 /* AEAD cipher - Key MIC field not used */
139 struct ieee802_1x_hdr *s_hdr, *hdr;
140 struct wpa_eapol_key *s_key, *key;
141 u8 *buf, *s_key_data, *key_data;
142 size_t buf_len = msg_len + AES_BLOCK_SIZE;
143 size_t key_data_len;
144 u16 eapol_len;
145 const u8 *aad[1];
146 size_t aad_len[1];
147
148 if (!ptk || !ptk->kek_len)
149 goto out;
150
151 key_data_len = msg_len - sizeof(struct ieee802_1x_hdr) -
152 sizeof(struct wpa_eapol_key) - 2;
153
154 buf = os_malloc(buf_len);
155 if (!buf)
156 goto out;
157
158 os_memcpy(buf, msg, msg_len);
159 hdr = (struct ieee802_1x_hdr *) buf;
160 key = (struct wpa_eapol_key *) (hdr + 1);
161 key_data = ((u8 *) (key + 1)) + 2;
162
163 /* Update EAPOL header to include AES-SIV overhead */
164 eapol_len = be_to_host16(hdr->length);
165 eapol_len += AES_BLOCK_SIZE;
166 hdr->length = host_to_be16(eapol_len);
167
168 /* Update Key Data Length field to include AES-SIV overhead */
169 WPA_PUT_BE16((u8 *) (key + 1), AES_BLOCK_SIZE + key_data_len);
170
171 s_hdr = (struct ieee802_1x_hdr *) msg;
172 s_key = (struct wpa_eapol_key *) (s_hdr + 1);
173 s_key_data = ((u8 *) (s_key + 1)) + 2;
174
175 wpa_hexdump_key(MSG_DEBUG, "WPA: Plaintext Key Data",
176 s_key_data, key_data_len);
177
178 wpa_hexdump_key(MSG_DEBUG, "WPA: KEK", ptk->kek, ptk->kek_len);
179 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
180 * to Key Data (exclusive). */
181 aad[0] = buf;
182 aad_len[0] = key_data - buf;
183 if (aes_siv_encrypt(ptk->kek, ptk->kek_len,
184 s_key_data, key_data_len,
185 1, aad, aad_len, key_data) < 0) {
186 os_free(buf);
187 goto out;
188 }
189
190 wpa_hexdump(MSG_DEBUG, "WPA: Encrypted Key Data from SIV",
191 key_data, AES_BLOCK_SIZE + key_data_len);
192
193 os_free(msg);
194 msg = buf;
195 msg_len = buf_len;
196 #else /* CONFIG_FILS */
197 goto out;
198 #endif /* CONFIG_FILS */
199 }
200
201 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
202 ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
203 eapol_sm_notify_tx_eapol_key(sm->eapol);
204 out:
205 os_free(msg);
206 return ret;
207 }
208
209
210 /**
211 * wpa_sm_key_request - Send EAPOL-Key Request
212 * @sm: Pointer to WPA state machine data from wpa_sm_init()
213 * @error: Indicate whether this is an Michael MIC error report
214 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
215 *
216 * Send an EAPOL-Key Request to the current authenticator. This function is
217 * used to request rekeying and it is usually called when a local Michael MIC
218 * failure is detected.
219 */
wpa_sm_key_request(struct wpa_sm * sm,int error,int pairwise)220 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
221 {
222 size_t mic_len, hdrlen, rlen;
223 struct wpa_eapol_key *reply;
224 int key_info, ver;
225 u8 *rbuf, *key_mic, *mic;
226
227 if (pairwise && sm->wpa_deny_ptk0_rekey && !sm->use_ext_key_id &&
228 wpa_sm_get_state(sm) == WPA_COMPLETED && !error) {
229 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
230 "WPA: PTK0 rekey not allowed, reconnecting");
231 wpa_sm_reconnect(sm);
232 return;
233 }
234
235 if (!sm->ptk_set) {
236 wpa_printf(MSG_INFO,
237 "WPA: No PTK derived yet - cannot send EAPOL-Key Request");
238 return;
239 }
240
241 if (wpa_use_akm_defined(sm->key_mgmt))
242 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
243 else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
244 wpa_key_mgmt_sha256(sm->key_mgmt))
245 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
246 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
247 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
248 else
249 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
250
251 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
252 hdrlen = sizeof(*reply) + mic_len + 2;
253 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
254 hdrlen, &rlen, (void *) &reply);
255 if (rbuf == NULL)
256 return;
257
258 reply->type = (sm->proto == WPA_PROTO_RSN ||
259 sm->proto == WPA_PROTO_OSEN) ?
260 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
261 key_info = WPA_KEY_INFO_REQUEST | ver;
262 key_info |= WPA_KEY_INFO_SECURE;
263 if (mic_len)
264 key_info |= WPA_KEY_INFO_MIC;
265 else
266 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
267 if (error)
268 key_info |= WPA_KEY_INFO_ERROR;
269 if (pairwise)
270 key_info |= WPA_KEY_INFO_KEY_TYPE;
271 WPA_PUT_BE16(reply->key_info, key_info);
272 WPA_PUT_BE16(reply->key_length, 0);
273 os_memcpy(reply->replay_counter, sm->request_counter,
274 WPA_REPLAY_COUNTER_LEN);
275 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
276
277 mic = (u8 *) (reply + 1);
278 WPA_PUT_BE16(mic + mic_len, 0);
279 if (!(key_info & WPA_KEY_INFO_MIC))
280 key_mic = NULL;
281 else
282 key_mic = mic;
283
284 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
285 "WPA: Sending EAPOL-Key Request (error=%d "
286 "pairwise=%d ptk_set=%d len=%lu)",
287 error, pairwise, sm->ptk_set, (unsigned long) rlen);
288 wpa_eapol_key_send(sm, &sm->ptk, ver, wpa_sm_get_auth_addr(sm),
289 ETH_P_EAPOL, rbuf, rlen, key_mic);
290 }
291
292
wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm * sm)293 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm)
294 {
295 #ifdef CONFIG_IEEE80211R
296 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
297 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len))
298 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
299 "RSN: Cannot set low order 256 bits of MSK for key management offload");
300 } else {
301 #endif /* CONFIG_IEEE80211R */
302 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len))
303 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
304 "RSN: Cannot set PMK for key management offload");
305 #ifdef CONFIG_IEEE80211R
306 }
307 #endif /* CONFIG_IEEE80211R */
308 }
309
310
wpa_supplicant_get_pmk(struct wpa_sm * sm,const unsigned char * src_addr,const u8 * pmkid)311 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
312 const unsigned char *src_addr,
313 const u8 *pmkid)
314 {
315 int abort_cached = 0;
316
317 if (pmkid && !sm->cur_pmksa) {
318 /* When using drivers that generate RSN IE, wpa_supplicant may
319 * not have enough time to get the association information
320 * event before receiving this 1/4 message, so try to find a
321 * matching PMKSA cache entry here. */
322 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr,
323 sm->own_addr, pmkid,
324 NULL, 0);
325 if (sm->cur_pmksa) {
326 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
327 "RSN: found matching PMKID from PMKSA cache");
328 } else {
329 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
330 "RSN: no matching PMKID found");
331 abort_cached = 1;
332 }
333 }
334
335 if (pmkid && sm->cur_pmksa &&
336 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
337 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
338 wpa_sm_set_pmk_from_pmksa(sm);
339 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
340 sm->pmk, sm->pmk_len);
341 eapol_sm_notify_cached(sm->eapol);
342 #ifdef CONFIG_IEEE80211R
343 sm->xxkey_len = 0;
344 #ifdef CONFIG_SAE
345 if ((sm->key_mgmt == WPA_KEY_MGMT_FT_SAE ||
346 sm->key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY) &&
347 sm->pmk_len == PMK_LEN) {
348 /* Need to allow FT key derivation to proceed with
349 * PMK from SAE being used as the XXKey in cases where
350 * the PMKID in msg 1/4 matches the PMKSA entry that was
351 * just added based on SAE authentication for the
352 * initial mobility domain association. */
353 os_memcpy(sm->xxkey, sm->pmk, sm->pmk_len);
354 sm->xxkey_len = sm->pmk_len;
355 }
356 #endif /* CONFIG_SAE */
357 #endif /* CONFIG_IEEE80211R */
358 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
359 int res, pmk_len;
360 #ifdef CONFIG_IEEE80211R
361 u8 buf[2 * PMK_LEN];
362 #endif /* CONFIG_IEEE80211R */
363
364 if (wpa_key_mgmt_sha384(sm->key_mgmt))
365 pmk_len = PMK_LEN_SUITE_B_192;
366 else
367 pmk_len = PMK_LEN;
368 res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len);
369 if (res) {
370 if (pmk_len == PMK_LEN) {
371 /*
372 * EAP-LEAP is an exception from other EAP
373 * methods: it uses only 16-byte PMK.
374 */
375 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
376 pmk_len = 16;
377 }
378 }
379 #ifdef CONFIG_IEEE80211R
380 if (res == 0 &&
381 eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) {
382 if (wpa_key_mgmt_sha384(sm->key_mgmt)) {
383 os_memcpy(sm->xxkey, buf, SHA384_MAC_LEN);
384 sm->xxkey_len = SHA384_MAC_LEN;
385 } else {
386 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
387 sm->xxkey_len = PMK_LEN;
388 }
389 forced_memzero(buf, sizeof(buf));
390 if (sm->proto == WPA_PROTO_RSN &&
391 wpa_key_mgmt_ft(sm->key_mgmt)) {
392 struct rsn_pmksa_cache_entry *sa = NULL;
393 const u8 *fils_cache_id = NULL;
394
395 #ifdef CONFIG_FILS
396 if (sm->fils_cache_id_set)
397 fils_cache_id = sm->fils_cache_id;
398 #endif /* CONFIG_FILS */
399 wpa_hexdump_key(MSG_DEBUG,
400 "FT: Cache XXKey/MPMK",
401 sm->xxkey, sm->xxkey_len);
402 sa = pmksa_cache_add(sm->pmksa,
403 sm->xxkey, sm->xxkey_len,
404 NULL, NULL, 0,
405 src_addr, sm->own_addr,
406 sm->network_ctx,
407 sm->key_mgmt,
408 fils_cache_id);
409 if (!sm->cur_pmksa)
410 sm->cur_pmksa = sa;
411 }
412 }
413 #endif /* CONFIG_IEEE80211R */
414 if (res == 0) {
415 struct rsn_pmksa_cache_entry *sa = NULL;
416 const u8 *fils_cache_id = NULL;
417
418 #ifdef CONFIG_FILS
419 if (sm->fils_cache_id_set)
420 fils_cache_id = sm->fils_cache_id;
421 #endif /* CONFIG_FILS */
422
423 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
424 "machines", sm->pmk, pmk_len);
425 sm->pmk_len = pmk_len;
426 wpa_supplicant_key_mgmt_set_pmk(sm);
427 if (sm->proto == WPA_PROTO_RSN &&
428 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
429 !wpa_key_mgmt_ft(sm->key_mgmt)) {
430 sa = pmksa_cache_add(sm->pmksa,
431 sm->pmk, pmk_len, NULL,
432 NULL, 0,
433 src_addr, sm->own_addr,
434 sm->network_ctx,
435 sm->key_mgmt,
436 fils_cache_id);
437 }
438 if (!sm->cur_pmksa && pmkid &&
439 pmksa_cache_get(sm->pmksa, src_addr, sm->own_addr,
440 pmkid, NULL, 0)) {
441 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
442 "RSN: the new PMK matches with the "
443 "PMKID");
444 abort_cached = 0;
445 } else if (sa && !sm->cur_pmksa && pmkid) {
446 /*
447 * It looks like the authentication server
448 * derived mismatching MSK. This should not
449 * really happen, but bugs happen.. There is not
450 * much we can do here without knowing what
451 * exactly caused the server to misbehave.
452 */
453 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
454 "RSN: PMKID mismatch - authentication server may have derived different MSK?!");
455 return -1;
456 }
457
458 if (!sm->cur_pmksa)
459 sm->cur_pmksa = sa;
460 #ifdef CONFIG_IEEE80211R
461 } else if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->ft_protocol) {
462 wpa_printf(MSG_DEBUG,
463 "FT: Continue 4-way handshake without PMK/PMKID for association using FT protocol");
464 #endif /* CONFIG_IEEE80211R */
465 } else {
466 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
467 "WPA: Failed to get master session key from "
468 "EAPOL state machines - key handshake "
469 "aborted");
470 if (sm->cur_pmksa) {
471 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
472 "RSN: Cancelled PMKSA caching "
473 "attempt");
474 sm->cur_pmksa = NULL;
475 abort_cached = 1;
476 } else if (!abort_cached) {
477 return -1;
478 }
479 }
480 }
481
482 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
483 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
484 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
485 {
486 /* Send EAPOL-Start to trigger full EAP authentication. */
487 u8 *buf;
488 size_t buflen;
489
490 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
491 "RSN: no PMKSA entry found - trigger "
492 "full EAP authentication");
493 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
494 NULL, 0, &buflen, NULL);
495 if (buf) {
496 /* Set and reset eapFail to allow EAP state machine to
497 * proceed with new authentication. */
498 eapol_sm_notify_eap_fail(sm->eapol, true);
499 eapol_sm_notify_eap_fail(sm->eapol, false);
500 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
501 buf, buflen);
502 os_free(buf);
503 return -2;
504 }
505
506 return -1;
507 }
508
509 return 0;
510 }
511
512
513 /**
514 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
515 * @sm: Pointer to WPA state machine data from wpa_sm_init()
516 * @dst: Destination address for the frame
517 * @key: Pointer to the EAPOL-Key frame header
518 * @ver: Version bits from EAPOL-Key Key Info
519 * @nonce: Nonce value for the EAPOL-Key frame
520 * @wpa_ie: WPA/RSN IE
521 * @wpa_ie_len: Length of the WPA/RSN IE
522 * @ptk: PTK to use for keyed hash and encryption
523 * Returns: >= 0 on success, < 0 on failure
524 */
wpa_supplicant_send_2_of_4(struct wpa_sm * sm,const unsigned char * dst,const struct wpa_eapol_key * key,int ver,const u8 * nonce,const u8 * wpa_ie,size_t wpa_ie_len,struct wpa_ptk * ptk)525 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
526 const struct wpa_eapol_key *key,
527 int ver, const u8 *nonce,
528 const u8 *wpa_ie, size_t wpa_ie_len,
529 struct wpa_ptk *ptk)
530 {
531 size_t mic_len, hdrlen, rlen, extra_len = 0;
532 struct wpa_eapol_key *reply;
533 u8 *rbuf, *key_mic;
534 u8 *rsn_ie_buf = NULL;
535 u16 key_info;
536 #ifdef CONFIG_TESTING_OPTIONS
537 size_t pad_len = 0;
538 #endif /* CONFIG_TESTING_OPTIONS */
539
540 if (wpa_ie == NULL) {
541 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
542 "cannot generate msg 2/4");
543 return -1;
544 }
545
546 #ifdef CONFIG_IEEE80211R
547 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
548 int res;
549
550 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE before FT processing",
551 wpa_ie, wpa_ie_len);
552 /*
553 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
554 * FTIE from (Re)Association Response.
555 */
556 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
557 sm->assoc_resp_ies_len);
558 if (rsn_ie_buf == NULL)
559 return -1;
560 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
561 res = wpa_insert_pmkid(rsn_ie_buf, &wpa_ie_len,
562 sm->pmk_r1_name, !sm->ft_prepend_pmkid);
563 if (res < 0) {
564 os_free(rsn_ie_buf);
565 return -1;
566 }
567 wpa_hexdump(MSG_DEBUG,
568 "WPA: WPA IE after PMKID[PMKR1Name] addition into RSNE",
569 rsn_ie_buf, wpa_ie_len);
570
571 if (sm->assoc_resp_ies) {
572 wpa_hexdump(MSG_DEBUG, "WPA: Add assoc_resp_ies",
573 sm->assoc_resp_ies,
574 sm->assoc_resp_ies_len);
575 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
576 sm->assoc_resp_ies_len);
577 wpa_ie_len += sm->assoc_resp_ies_len;
578 }
579
580 wpa_ie = rsn_ie_buf;
581 }
582 #endif /* CONFIG_IEEE80211R */
583
584 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
585
586 #ifdef CONFIG_TESTING_OPTIONS
587 if (sm->test_eapol_m2_elems)
588 extra_len = wpabuf_len(sm->test_eapol_m2_elems);
589 if (sm->encrypt_eapol_m2) {
590 pad_len = (wpa_ie_len + extra_len) % 8;
591 if (pad_len)
592 pad_len = 8 - pad_len;
593 extra_len += pad_len + 8;
594 }
595 #endif /* CONFIG_TESTING_OPTIONS */
596
597 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
598 hdrlen = sizeof(*reply) + mic_len + 2;
599 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
600 NULL, hdrlen + wpa_ie_len + extra_len,
601 &rlen, (void *) &reply);
602 if (rbuf == NULL) {
603 os_free(rsn_ie_buf);
604 return -1;
605 }
606
607 reply->type = (sm->proto == WPA_PROTO_RSN ||
608 sm->proto == WPA_PROTO_OSEN) ?
609 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
610 key_info = ver | WPA_KEY_INFO_KEY_TYPE;
611 if (sm->ptk_set && sm->proto != WPA_PROTO_WPA)
612 key_info |= WPA_KEY_INFO_SECURE;
613 if (mic_len)
614 key_info |= WPA_KEY_INFO_MIC;
615 else
616 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
617 #ifdef CONFIG_TESTING_OPTIONS
618 if (sm->encrypt_eapol_m2)
619 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
620 #endif /* CONFIG_TESTING_OPTIONS */
621 WPA_PUT_BE16(reply->key_info, key_info);
622 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
623 WPA_PUT_BE16(reply->key_length, 0);
624 else
625 os_memcpy(reply->key_length, key->key_length, 2);
626 os_memcpy(reply->replay_counter, key->replay_counter,
627 WPA_REPLAY_COUNTER_LEN);
628 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
629 WPA_REPLAY_COUNTER_LEN);
630
631 key_mic = (u8 *) (reply + 1);
632 /* Key Data Length */
633 WPA_PUT_BE16(key_mic + mic_len, wpa_ie_len + extra_len);
634 os_memcpy(key_mic + mic_len + 2, wpa_ie, wpa_ie_len); /* Key Data */
635 os_free(rsn_ie_buf);
636 #ifdef CONFIG_TESTING_OPTIONS
637 if (sm->test_eapol_m2_elems) {
638 os_memcpy(key_mic + mic_len + 2 + wpa_ie_len,
639 wpabuf_head(sm->test_eapol_m2_elems),
640 wpabuf_len(sm->test_eapol_m2_elems));
641 }
642
643 if (sm->encrypt_eapol_m2) {
644 u8 *plain;
645 size_t plain_len;
646
647 if (sm->test_eapol_m2_elems)
648 extra_len = wpabuf_len(sm->test_eapol_m2_elems);
649 else
650 extra_len = 0;
651 plain_len = wpa_ie_len + extra_len + pad_len;
652 plain = os_memdup(key_mic + mic_len + 2, plain_len);
653 if (!plain) {
654 os_free(rbuf);
655 return -1;
656 }
657 if (pad_len)
658 plain[plain_len - pad_len] = 0xdd;
659
660 wpa_hexdump_key(MSG_DEBUG, "RSN: AES-WRAP using KEK",
661 ptk->kek, ptk->kek_len);
662 if (aes_wrap(ptk->kek, ptk->kek_len, plain_len / 8, plain,
663 key_mic + mic_len + 2)) {
664 os_free(plain);
665 os_free(rbuf);
666 return -1;
667 }
668 wpa_hexdump(MSG_DEBUG,
669 "RSN: Encrypted Key Data from AES-WRAP",
670 key_mic + mic_len + 2, plain_len + 8);
671 os_free(plain);
672 }
673 #endif /* CONFIG_TESTING_OPTIONS */
674
675 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
676
677 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
678 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
679 key_mic);
680 }
681
682
wpa_derive_ptk(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,struct wpa_ptk * ptk)683 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
684 const struct wpa_eapol_key *key, struct wpa_ptk *ptk)
685 {
686 int ret;
687 const u8 *z = NULL;
688 size_t z_len = 0, kdk_len;
689 int akmp;
690
691 #ifdef CONFIG_IEEE80211R
692 if (wpa_key_mgmt_ft(sm->key_mgmt))
693 return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
694 #endif /* CONFIG_IEEE80211R */
695
696 #ifdef CONFIG_DPP2
697 if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_z) {
698 z = wpabuf_head(sm->dpp_z);
699 z_len = wpabuf_len(sm->dpp_z);
700 }
701 #endif /* CONFIG_DPP2 */
702
703 akmp = sm->key_mgmt;
704 #ifdef CONFIG_OWE
705 if (sm->owe_ptk_workaround && akmp == WPA_KEY_MGMT_OWE &&
706 sm->pmk_len > 32) {
707 wpa_printf(MSG_DEBUG,
708 "OWE: Force SHA256 for PTK derivation");
709 akmp |= WPA_KEY_MGMT_PSK_SHA256;
710 }
711 #endif /* CONFIG_OWE */
712
713 if (sm->force_kdk_derivation ||
714 (sm->secure_ltf &&
715 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
716 kdk_len = WPA_KDK_MAX_LEN;
717 else
718 kdk_len = 0;
719
720 ret = wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
721 sm->own_addr, wpa_sm_get_auth_addr(sm), sm->snonce,
722 key->key_nonce, ptk, akmp,
723 sm->pairwise_cipher, z, z_len,
724 kdk_len);
725 if (ret) {
726 wpa_printf(MSG_ERROR, "WPA: PTK derivation failed");
727 return ret;
728 }
729
730 #ifdef CONFIG_PASN
731 if (sm->secure_ltf &&
732 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))
733 ret = wpa_ltf_keyseed(ptk, akmp, sm->pairwise_cipher);
734 #endif /* CONFIG_PASN */
735
736 return ret;
737 }
738
739
wpa_handle_ext_key_id(struct wpa_sm * sm,struct wpa_eapol_ie_parse * kde)740 static int wpa_handle_ext_key_id(struct wpa_sm *sm,
741 struct wpa_eapol_ie_parse *kde)
742 {
743 if (sm->ext_key_id) {
744 u16 key_id;
745
746 if (!kde->key_id) {
747 wpa_msg(sm->ctx->msg_ctx,
748 sm->use_ext_key_id ? MSG_INFO : MSG_DEBUG,
749 "RSN: No Key ID in Extended Key ID handshake");
750 sm->keyidx_active = 0;
751 return sm->use_ext_key_id ? -1 : 0;
752 }
753
754 key_id = kde->key_id[0] & 0x03;
755 if (key_id > 1) {
756 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
757 "RSN: Invalid Extended Key ID: %d", key_id);
758 return -1;
759 }
760 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
761 "RSN: Using Extended Key ID %d", key_id);
762 sm->keyidx_active = key_id;
763 sm->use_ext_key_id = 1;
764 } else {
765 if (kde->key_id && (kde->key_id[0] & 0x03)) {
766 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
767 "RSN: Non-zero Extended Key ID Key ID in PTK0 handshake");
768 return -1;
769 }
770
771 if (kde->key_id) {
772 /* This is not supposed to be included here, but ignore
773 * the case of matching Key ID 0 just in case. */
774 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
775 "RSN: Extended Key ID Key ID 0 in PTK0 handshake");
776 }
777 sm->keyidx_active = 0;
778 sm->use_ext_key_id = 0;
779 }
780
781 return 0;
782 }
783
784
rsn_add_kde(u8 * pos,u32 kde,const u8 * data,size_t data_len)785 static u8 * rsn_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len)
786 {
787 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
788 *pos++ = RSN_SELECTOR_LEN + data_len;
789 RSN_SELECTOR_PUT(pos, kde);
790 pos += RSN_SELECTOR_LEN;
791 os_memcpy(pos, data, data_len);
792 pos += data_len;
793
794 return pos;
795 }
796
797
wpa_mlo_link_kde_len(struct wpa_sm * sm)798 static size_t wpa_mlo_link_kde_len(struct wpa_sm *sm)
799 {
800 int i;
801 unsigned int num_links = 0;
802
803 for_each_link(sm->mlo.req_links, i) {
804 if (sm->mlo.assoc_link_id != i)
805 num_links++;
806 }
807
808 return num_links * (RSN_SELECTOR_LEN + 1 + ETH_ALEN + 2);
809 }
810
811
wpa_mlo_link_kde(struct wpa_sm * sm,u8 * pos)812 static u8 * wpa_mlo_link_kde(struct wpa_sm *sm, u8 *pos)
813 {
814 int i;
815 u8 hdr[1 + ETH_ALEN];
816
817 for_each_link(sm->mlo.req_links, i) {
818 if (sm->mlo.assoc_link_id == i)
819 continue;
820
821 wpa_printf(MSG_DEBUG,
822 "MLO: Add MLO Link %d KDE in EAPOL-Key 2/4", i);
823 hdr[0] = i & 0xF; /* LinkID; no RSNE or RSNXE */
824 os_memcpy(&hdr[1], sm->mlo.links[i].addr, ETH_ALEN);
825 pos = rsn_add_kde(pos, RSN_KEY_DATA_MLO_LINK, hdr, sizeof(hdr));
826 }
827
828 return pos;
829 }
830
831
is_valid_ap_mld_mac_kde(struct wpa_sm * sm,const u8 * mac_kde)832 static bool is_valid_ap_mld_mac_kde(struct wpa_sm *sm, const u8 *mac_kde)
833 {
834 return mac_kde &&
835 ether_addr_equal(mac_kde, sm->mlo.ap_mld_addr);
836 }
837
838
wpas_swap_tkip_mic_keys(struct wpa_ptk * ptk)839 static void wpas_swap_tkip_mic_keys(struct wpa_ptk *ptk)
840 {
841 u8 buf[8];
842
843 /* Supplicant: swap tx/rx Mic keys */
844 os_memcpy(buf, &ptk->tk[16], 8);
845 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
846 os_memcpy(&ptk->tk[24], buf, 8);
847 forced_memzero(buf, sizeof(buf));
848 }
849
850
wpa_supplicant_process_1_of_4_wpa(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,u16 ver,const u8 * key_data,size_t key_data_len,enum frame_encryption encrypted)851 static void wpa_supplicant_process_1_of_4_wpa(struct wpa_sm *sm,
852 const unsigned char *src_addr,
853 const struct wpa_eapol_key *key,
854 u16 ver, const u8 *key_data,
855 size_t key_data_len,
856 enum frame_encryption encrypted)
857 {
858 struct wpa_eapol_ie_parse ie;
859 struct wpa_ptk *ptk;
860 int res;
861
862 if (wpa_sm_get_network_ctx(sm) == NULL) {
863 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
864 "WPA: No SSID info found (msg 1 of 4)");
865 return;
866 }
867
868 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
869 "WPA: RX message 1 of 4-Way Handshake from " MACSTR
870 " (ver=%d)", MAC2STR(src_addr), ver);
871
872 os_memset(&ie, 0, sizeof(ie));
873
874 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
875 if (res == -2) {
876 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
877 "WPA: Do not reply to msg 1/4 - requesting full EAP authentication");
878 return;
879 }
880 if (res)
881 goto failed;
882
883 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
884
885 if (sm->renew_snonce) {
886 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
887 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
888 "WPA: Failed to get random data for SNonce");
889 goto failed;
890 }
891 sm->renew_snonce = 0;
892 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
893 sm->snonce, WPA_NONCE_LEN);
894 }
895
896 /* Calculate PTK which will be stored as a temporary PTK until it has
897 * been verified when processing message 3/4. */
898 ptk = &sm->tptk;
899 if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
900 goto failed;
901 if (sm->pairwise_cipher == WPA_CIPHER_TKIP)
902 wpas_swap_tkip_mic_keys(ptk);
903 sm->tptk_set = 1;
904
905 if (wpa_supplicant_send_2_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver,
906 sm->snonce, sm->assoc_wpa_ie,
907 sm->assoc_wpa_ie_len, ptk) < 0)
908 goto failed;
909
910 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
911 return;
912
913 failed:
914 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
915 }
916
917
wpa_supplicant_process_1_of_4(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,u16 ver,const u8 * key_data,size_t key_data_len,enum frame_encryption encrypted)918 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
919 const unsigned char *src_addr,
920 const struct wpa_eapol_key *key,
921 u16 ver, const u8 *key_data,
922 size_t key_data_len,
923 enum frame_encryption encrypted)
924 {
925 struct wpa_eapol_ie_parse ie;
926 struct wpa_ptk *ptk;
927 int res;
928 u8 *kde, *kde_buf = NULL;
929 size_t kde_len;
930 size_t mlo_kde_len = 0;
931
932 if (encrypted == FRAME_NOT_ENCRYPTED && sm->tk_set &&
933 wpa_sm_pmf_enabled(sm)) {
934 wpa_printf(MSG_DEBUG,
935 "RSN: Discard unencrypted EAPOL-Key msg 1/4 when TK is set and PMF is enabled");
936 return;
937 }
938
939 if (wpa_sm_get_network_ctx(sm) == NULL) {
940 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
941 "found (msg 1 of 4)");
942 return;
943 }
944
945 if (sm->wpa_deny_ptk0_rekey && !sm->use_ext_key_id &&
946 wpa_sm_get_state(sm) == WPA_COMPLETED) {
947 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
948 "WPA: PTK0 rekey not allowed, reconnecting");
949 wpa_sm_reconnect(sm);
950 return;
951 }
952
953 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
954 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
955
956 os_memset(&ie, 0, sizeof(ie));
957
958 /* RSN: msg 1/4 should contain PMKID for the selected PMK */
959 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", key_data, key_data_len);
960 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) {
961 wpa_printf(MSG_DEBUG,
962 "RSN: Discard EAPOL-Key msg 1/4 with invalid IEs/KDEs");
963 return;
964 }
965 if (ie.pmkid) {
966 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from Authenticator",
967 ie.pmkid, PMKID_LEN);
968 }
969
970 if (sm->mlo.valid_links && !is_valid_ap_mld_mac_kde(sm, ie.mac_addr)) {
971 wpa_printf(MSG_INFO,
972 "RSN: Discard EAPOL-Key msg 1/4 with invalid AP MLD MAC address KDE");
973 return;
974 }
975
976 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
977 if (res == -2) {
978 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
979 "msg 1/4 - requesting full EAP authentication");
980 return;
981 }
982 if (res)
983 goto failed;
984
985 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
986
987 if (sm->renew_snonce) {
988 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
989 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
990 "WPA: Failed to get random data for SNonce");
991 goto failed;
992 }
993 sm->renew_snonce = 0;
994 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
995 sm->snonce, WPA_NONCE_LEN);
996 }
997
998 /* Calculate PTK which will be stored as a temporary PTK until it has
999 * been verified when processing message 3/4. */
1000 ptk = &sm->tptk;
1001 if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
1002 goto failed;
1003 if (sm->pairwise_cipher == WPA_CIPHER_TKIP)
1004 wpas_swap_tkip_mic_keys(ptk);
1005 sm->tptk_set = 1;
1006
1007 /* Add MLO Link KDE and MAC KDE in M2 for ML connection */
1008 if (sm->mlo.valid_links)
1009 mlo_kde_len = wpa_mlo_link_kde_len(sm) +
1010 RSN_SELECTOR_LEN + ETH_ALEN + 2;
1011
1012 kde = sm->assoc_wpa_ie;
1013 kde_len = sm->assoc_wpa_ie_len;
1014 kde_buf = os_malloc(kde_len +
1015 2 + RSN_SELECTOR_LEN + 3 +
1016 sm->assoc_rsnxe_len +
1017 2 + RSN_SELECTOR_LEN + 1 +
1018 2 + RSN_SELECTOR_LEN + 2 + mlo_kde_len);
1019
1020 if (!kde_buf)
1021 goto failed;
1022 os_memcpy(kde_buf, kde, kde_len);
1023 kde = kde_buf;
1024
1025 #ifdef CONFIG_OCV
1026 if (wpa_sm_ocv_enabled(sm)) {
1027 struct wpa_channel_info ci;
1028 u8 *pos;
1029
1030 pos = kde + kde_len;
1031 if (wpa_sm_channel_info(sm, &ci) != 0) {
1032 wpa_printf(MSG_WARNING,
1033 "Failed to get channel info for OCI element in EAPOL-Key 2/4");
1034 goto failed;
1035 }
1036 #ifdef CONFIG_TESTING_OPTIONS
1037 if (sm->oci_freq_override_eapol) {
1038 wpa_printf(MSG_INFO,
1039 "TEST: Override OCI KDE frequency %d -> %d MHz",
1040 ci.frequency, sm->oci_freq_override_eapol);
1041 ci.frequency = sm->oci_freq_override_eapol;
1042 }
1043 #endif /* CONFIG_TESTING_OPTIONS */
1044
1045 if (ocv_insert_oci_kde(&ci, &pos) < 0)
1046 goto failed;
1047 kde_len = pos - kde;
1048 }
1049 #endif /* CONFIG_OCV */
1050
1051 if (sm->assoc_rsnxe && sm->assoc_rsnxe_len) {
1052 os_memcpy(kde + kde_len, sm->assoc_rsnxe, sm->assoc_rsnxe_len);
1053 kde_len += sm->assoc_rsnxe_len;
1054 }
1055
1056 #ifdef CONFIG_P2P
1057 if (sm->p2p) {
1058 u8 *pos;
1059
1060 wpa_printf(MSG_DEBUG,
1061 "P2P: Add IP Address Request KDE into EAPOL-Key 2/4");
1062 pos = kde + kde_len;
1063 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
1064 *pos++ = RSN_SELECTOR_LEN + 1;
1065 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
1066 pos += RSN_SELECTOR_LEN;
1067 *pos++ = 0x01;
1068 kde_len = pos - kde;
1069 }
1070 #endif /* CONFIG_P2P */
1071
1072 #ifdef CONFIG_DPP2
1073 if (DPP_VERSION > 1 && sm->key_mgmt == WPA_KEY_MGMT_DPP) {
1074 u8 *pos;
1075
1076 wpa_printf(MSG_DEBUG, "DPP: Add DPP KDE into EAPOL-Key 2/4");
1077 pos = kde + kde_len;
1078 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
1079 *pos++ = RSN_SELECTOR_LEN + 2;
1080 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_DPP);
1081 pos += RSN_SELECTOR_LEN;
1082 *pos++ = DPP_VERSION; /* Protocol Version */
1083 *pos = 0; /* Flags */
1084 if (sm->dpp_pfs == 0)
1085 *pos |= DPP_KDE_PFS_ALLOWED;
1086 else if (sm->dpp_pfs == 1)
1087 *pos |= DPP_KDE_PFS_ALLOWED | DPP_KDE_PFS_REQUIRED;
1088 pos++;
1089 kde_len = pos - kde;
1090 }
1091 #endif /* CONFIG_DPP2 */
1092
1093 if (sm->mlo.valid_links) {
1094 u8 *pos;
1095
1096 /* Add MAC KDE */
1097 wpa_printf(MSG_DEBUG, "MLO: Add MAC KDE into EAPOL-Key 2/4");
1098 pos = kde + kde_len;
1099 pos = rsn_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->own_addr,
1100 ETH_ALEN);
1101
1102 /* Add MLO Link KDE */
1103 wpa_printf(MSG_DEBUG, "Add MLO Link KDE(s) into EAPOL-Key 2/4");
1104 pos = wpa_mlo_link_kde(sm, pos);
1105 kde_len = pos - kde;
1106 }
1107
1108 if (wpa_supplicant_send_2_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver,
1109 sm->snonce, kde, kde_len, ptk) < 0)
1110 goto failed;
1111
1112 os_free(kde_buf);
1113 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
1114 return;
1115
1116 failed:
1117 os_free(kde_buf);
1118 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1119 }
1120
1121
wpa_sm_start_preauth(void * eloop_ctx,void * timeout_ctx)1122 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
1123 {
1124 struct wpa_sm *sm = eloop_ctx;
1125 rsn_preauth_candidate_process(sm);
1126 }
1127
1128
wpa_supplicant_key_neg_complete(struct wpa_sm * sm,const u8 * addr,int secure)1129 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
1130 const u8 *addr, int secure)
1131 {
1132 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1133 "WPA: Key negotiation completed with "
1134 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
1135 wpa_cipher_txt(sm->pairwise_cipher),
1136 wpa_cipher_txt(sm->group_cipher));
1137 wpa_sm_cancel_auth_timeout(sm);
1138 wpa_sm_set_state(sm, WPA_COMPLETED);
1139
1140 if (secure) {
1141 wpa_sm_mlme_setprotection(
1142 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
1143 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1144 eapol_sm_notify_portValid(sm->eapol, true);
1145 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
1146 sm->key_mgmt == WPA_KEY_MGMT_DPP ||
1147 sm->key_mgmt == WPA_KEY_MGMT_OWE)
1148 eapol_sm_notify_eap_success(sm->eapol, true);
1149 /*
1150 * Start preauthentication after a short wait to avoid a
1151 * possible race condition between the data receive and key
1152 * configuration after the 4-Way Handshake. This increases the
1153 * likelihood of the first preauth EAPOL-Start frame getting to
1154 * the target AP.
1155 */
1156 if (!dl_list_empty(&sm->pmksa_candidates))
1157 eloop_register_timeout(1, 0, wpa_sm_start_preauth,
1158 sm, NULL);
1159 }
1160
1161 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
1162 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1163 "RSN: Authenticator accepted "
1164 "opportunistic PMKSA entry - marking it valid");
1165 sm->cur_pmksa->opportunistic = 0;
1166 }
1167
1168 #ifdef CONFIG_IEEE80211R
1169 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1170 /* Prepare for the next transition */
1171 wpa_ft_prepare_auth_request(sm, NULL);
1172 }
1173 #endif /* CONFIG_IEEE80211R */
1174 }
1175
1176
wpa_sm_rekey_ptk(void * eloop_ctx,void * timeout_ctx)1177 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
1178 {
1179 struct wpa_sm *sm = eloop_ctx;
1180 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
1181 wpa_sm_key_request(sm, 0, 1);
1182 }
1183
1184
wpa_supplicant_install_ptk(struct wpa_sm * sm,const struct wpa_eapol_key * key,enum key_flag key_flag)1185 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
1186 const struct wpa_eapol_key *key,
1187 enum key_flag key_flag)
1188 {
1189 int keylen, rsclen;
1190 enum wpa_alg alg;
1191 const u8 *key_rsc;
1192
1193 if (sm->ptk.installed) {
1194 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1195 "WPA: Do not re-install same PTK to the driver");
1196 return 0;
1197 }
1198
1199 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1200 "WPA: Installing PTK to the driver");
1201
1202 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
1203 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
1204 "Suite: NONE - do not use pairwise keys");
1205 return 0;
1206 }
1207
1208 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
1209 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1210 "WPA: Unsupported pairwise cipher %d",
1211 sm->pairwise_cipher);
1212 return -1;
1213 }
1214
1215 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
1216 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
1217 if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
1218 wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu",
1219 keylen, (long unsigned int) sm->ptk.tk_len);
1220 return -1;
1221 }
1222 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
1223
1224 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
1225 key_rsc = null_rsc;
1226 } else {
1227 key_rsc = key->key_rsc;
1228 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
1229 }
1230
1231 if (wpa_sm_set_key(sm, -1, alg, wpa_sm_get_auth_addr(sm),
1232 sm->keyidx_active, 1, key_rsc, rsclen, sm->ptk.tk,
1233 keylen, KEY_FLAG_PAIRWISE | key_flag) < 0) {
1234 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1235 "WPA: Failed to set PTK to the driver (alg=%d keylen=%d auth_addr="
1236 MACSTR " idx=%d key_flag=0x%x)",
1237 alg, keylen, MAC2STR(wpa_sm_get_auth_addr(sm)),
1238 sm->keyidx_active, key_flag);
1239 return -1;
1240 }
1241
1242 #ifdef CONFIG_PASN
1243 if (sm->secure_ltf &&
1244 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) &&
1245 wpa_sm_set_ltf_keyseed(sm, sm->own_addr, sm->bssid,
1246 sm->ptk.ltf_keyseed_len,
1247 sm->ptk.ltf_keyseed) < 0) {
1248 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1249 "WPA: Failed to set LTF keyseed to the driver (keylen=%zu bssid="
1250 MACSTR ")", sm->ptk.ltf_keyseed_len,
1251 MAC2STR(sm->bssid));
1252 return -1;
1253 }
1254 #endif /* CONFIG_PASN */
1255
1256 wpa_sm_store_ptk(sm, sm->bssid, sm->pairwise_cipher,
1257 sm->dot11RSNAConfigPMKLifetime, &sm->ptk);
1258
1259 /* TK is not needed anymore in supplicant */
1260 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
1261 sm->ptk.tk_len = 0;
1262 sm->ptk.installed = 1;
1263 sm->tk_set = true;
1264
1265 if (sm->wpa_ptk_rekey) {
1266 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
1267 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
1268 sm, NULL);
1269 }
1270 return 0;
1271 }
1272
1273
wpa_supplicant_activate_ptk(struct wpa_sm * sm)1274 static int wpa_supplicant_activate_ptk(struct wpa_sm *sm)
1275 {
1276 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1277 "WPA: Activate PTK (idx=%d auth_addr=" MACSTR ")",
1278 sm->keyidx_active, MAC2STR(wpa_sm_get_auth_addr(sm)));
1279
1280 if (wpa_sm_set_key(sm, -1, 0, wpa_sm_get_auth_addr(sm),
1281 sm->keyidx_active, 0, NULL, 0, NULL, 0,
1282 KEY_FLAG_PAIRWISE_RX_TX_MODIFY) < 0) {
1283 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1284 "WPA: Failed to activate PTK for TX (idx=%d auth_addr="
1285 MACSTR ")", sm->keyidx_active,
1286 MAC2STR(wpa_sm_get_auth_addr(sm)));
1287 return -1;
1288 }
1289 return 0;
1290 }
1291
1292
wpa_supplicant_check_group_cipher(struct wpa_sm * sm,int group_cipher,int keylen,int maxkeylen,int * key_rsc_len,enum wpa_alg * alg)1293 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
1294 int group_cipher,
1295 int keylen, int maxkeylen,
1296 int *key_rsc_len,
1297 enum wpa_alg *alg)
1298 {
1299 int klen;
1300
1301 *alg = wpa_cipher_to_alg(group_cipher);
1302 if (*alg == WPA_ALG_NONE) {
1303 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1304 "WPA: Unsupported Group Cipher %d",
1305 group_cipher);
1306 return -1;
1307 }
1308 *key_rsc_len = wpa_cipher_rsc_len(group_cipher);
1309
1310 klen = wpa_cipher_key_len(group_cipher);
1311 if (keylen != klen || maxkeylen < klen) {
1312 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1313 "WPA: Unsupported %s Group Cipher key length %d (%d)",
1314 wpa_cipher_txt(group_cipher), keylen, maxkeylen);
1315 return -1;
1316 }
1317 return 0;
1318 }
1319
1320
1321 struct wpa_gtk_data {
1322 enum wpa_alg alg;
1323 int tx, key_rsc_len, keyidx;
1324 u8 gtk[32];
1325 int gtk_len;
1326 };
1327
1328
wpa_supplicant_install_gtk(struct wpa_sm * sm,const struct wpa_gtk_data * gd,const u8 * key_rsc,int wnm_sleep)1329 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
1330 const struct wpa_gtk_data *gd,
1331 const u8 *key_rsc, int wnm_sleep)
1332 {
1333 const u8 *_gtk = gd->gtk;
1334 u8 gtk_buf[32];
1335
1336 /* Detect possible key reinstallation */
1337 if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
1338 os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
1339 (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
1340 os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
1341 sm->gtk_wnm_sleep.gtk_len) == 0)) {
1342 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1343 "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
1344 gd->keyidx, gd->tx, gd->gtk_len);
1345 return 0;
1346 }
1347
1348 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
1349 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1350 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
1351 gd->keyidx, gd->tx, gd->gtk_len);
1352 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
1353 if (sm->group_cipher == WPA_CIPHER_TKIP) {
1354 /* Swap Tx/Rx keys for Michael MIC */
1355 os_memcpy(gtk_buf, gd->gtk, 16);
1356 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
1357 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
1358 _gtk = gtk_buf;
1359 }
1360 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
1361 if (wpa_sm_set_key(sm, -1, gd->alg, NULL,
1362 gd->keyidx, 1, key_rsc, gd->key_rsc_len,
1363 _gtk, gd->gtk_len,
1364 KEY_FLAG_GROUP_RX_TX_DEFAULT) < 0) {
1365 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1366 "WPA: Failed to set GTK to the driver "
1367 "(Group only)");
1368 forced_memzero(gtk_buf, sizeof(gtk_buf));
1369 return -1;
1370 }
1371 } else if (wpa_sm_set_key(sm, -1, gd->alg, broadcast_ether_addr,
1372 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
1373 _gtk, gd->gtk_len, KEY_FLAG_GROUP_RX) < 0) {
1374 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1375 "WPA: Failed to set GTK to "
1376 "the driver (alg=%d keylen=%d keyidx=%d)",
1377 gd->alg, gd->gtk_len, gd->keyidx);
1378 forced_memzero(gtk_buf, sizeof(gtk_buf));
1379 return -1;
1380 }
1381 forced_memzero(gtk_buf, sizeof(gtk_buf));
1382
1383 if (wnm_sleep) {
1384 sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
1385 os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
1386 sm->gtk_wnm_sleep.gtk_len);
1387 } else {
1388 sm->gtk.gtk_len = gd->gtk_len;
1389 os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
1390 }
1391
1392 return 0;
1393 }
1394
1395
wpa_supplicant_install_mlo_gtk(struct wpa_sm * sm,u8 link_id,const struct wpa_gtk_data * gd,const u8 * key_rsc,int wnm_sleep)1396 static int wpa_supplicant_install_mlo_gtk(struct wpa_sm *sm, u8 link_id,
1397 const struct wpa_gtk_data *gd,
1398 const u8 *key_rsc, int wnm_sleep)
1399 {
1400 const u8 *gtk = gd->gtk;
1401 u8 gtk_buf[32];
1402
1403 /* Detect possible key reinstallation */
1404 if ((sm->mlo.links[link_id].gtk.gtk_len == (size_t) gd->gtk_len &&
1405 os_memcmp(sm->mlo.links[link_id].gtk.gtk, gd->gtk,
1406 sm->mlo.links[link_id].gtk.gtk_len) == 0) ||
1407 (sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len ==
1408 (size_t) gd->gtk_len &&
1409 os_memcmp(sm->mlo.links[link_id].gtk_wnm_sleep.gtk, gd->gtk,
1410 sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len) == 0)) {
1411 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1412 "RSN: Not reinstalling already in-use GTK to the driver (link_id=%d keyidx=%d tx=%d len=%d)",
1413 link_id, gd->keyidx, gd->tx, gd->gtk_len);
1414 return 0;
1415 }
1416
1417 wpa_hexdump_link_key(MSG_DEBUG, link_id, "RSN: Group Key", gd->gtk,
1418 gd->gtk_len);
1419 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1420 "RSN: Installing GTK to the driver (link_id=%d keyidx=%d tx=%d len=%d)",
1421 link_id, gd->keyidx, gd->tx, gd->gtk_len);
1422 wpa_hexdump_link(MSG_DEBUG, link_id, "RSN: RSC",
1423 key_rsc, gd->key_rsc_len);
1424 if (sm->group_cipher == WPA_CIPHER_TKIP) {
1425 /* Swap Tx/Rx keys for Michael MIC */
1426 os_memcpy(gtk_buf, gd->gtk, 16);
1427 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
1428 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
1429 gtk = gtk_buf;
1430 }
1431 if (wpa_sm_set_key(sm, link_id, gd->alg, broadcast_ether_addr,
1432 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, gtk,
1433 gd->gtk_len, KEY_FLAG_GROUP_RX) < 0) {
1434 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1435 "RSN: Failed to set GTK to the driver (link_id=%d alg=%d keylen=%d keyidx=%d)",
1436 link_id, gd->alg, gd->gtk_len, gd->keyidx);
1437 forced_memzero(gtk_buf, sizeof(gtk_buf));
1438 return -1;
1439 }
1440 forced_memzero(gtk_buf, sizeof(gtk_buf));
1441
1442 if (wnm_sleep) {
1443 sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len = gd->gtk_len;
1444 os_memcpy(sm->mlo.links[link_id].gtk_wnm_sleep.gtk, gd->gtk,
1445 sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len);
1446 } else {
1447 sm->mlo.links[link_id].gtk.gtk_len = gd->gtk_len;
1448 os_memcpy(sm->mlo.links[link_id].gtk.gtk, gd->gtk,
1449 sm->mlo.links[link_id].gtk.gtk_len);
1450 }
1451
1452 return 0;
1453 }
1454
1455
wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm * sm,int tx)1456 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
1457 int tx)
1458 {
1459 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
1460 /* Ignore Tx bit for GTK if a pairwise key is used. One AP
1461 * seemed to set this bit (incorrectly, since Tx is only when
1462 * doing Group Key only APs) and without this workaround, the
1463 * data connection does not work because wpa_supplicant
1464 * configured non-zero keyidx to be used for unicast. */
1465 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1466 "WPA: Tx bit set for GTK, but pairwise "
1467 "keys are used - ignore Tx bit");
1468 return 0;
1469 }
1470 return tx;
1471 }
1472
1473
wpa_supplicant_rsc_relaxation(const struct wpa_sm * sm,const u8 * rsc)1474 static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm,
1475 const u8 *rsc)
1476 {
1477 int rsclen;
1478
1479 if (!sm->wpa_rsc_relaxation)
1480 return 0;
1481
1482 rsclen = wpa_cipher_rsc_len(sm->group_cipher);
1483
1484 /*
1485 * Try to detect RSC (endian) corruption issue where the AP sends
1486 * the RSC bytes in EAPOL-Key message in the wrong order, both if
1487 * it's actually a 6-byte field (as it should be) and if it treats
1488 * it as an 8-byte field.
1489 * An AP model known to have this bug is the Sapido RB-1632.
1490 */
1491 if (rsclen == 6 && ((rsc[5] && !rsc[0]) || rsc[6] || rsc[7])) {
1492 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1493 "RSC %02x%02x%02x%02x%02x%02x%02x%02x is likely bogus, using 0",
1494 rsc[0], rsc[1], rsc[2], rsc[3],
1495 rsc[4], rsc[5], rsc[6], rsc[7]);
1496
1497 return 1;
1498 }
1499
1500 return 0;
1501 }
1502
1503
wpa_supplicant_mlo_gtk(struct wpa_sm * sm,u8 link_id,const u8 * gtk,size_t gtk_len,int key_info)1504 static int wpa_supplicant_mlo_gtk(struct wpa_sm *sm, u8 link_id, const u8 *gtk,
1505 size_t gtk_len, int key_info)
1506 {
1507 struct wpa_gtk_data gd;
1508 const u8 *key_rsc;
1509 int ret;
1510
1511 /*
1512 * MLO GTK KDE format:
1513 * KeyID[bits 0-1], Tx [bit 2], Reserved [bit 3], link id [4-7]
1514 * PN
1515 * GTK
1516 */
1517 os_memset(&gd, 0, sizeof(gd));
1518 wpa_hexdump_link_key(MSG_DEBUG, link_id,
1519 "RSN: received GTK in pairwise handshake",
1520 gtk, gtk_len);
1521
1522 if (gtk_len < RSN_MLO_GTK_KDE_PREFIX_LENGTH ||
1523 gtk_len - RSN_MLO_GTK_KDE_PREFIX_LENGTH > sizeof(gd.gtk))
1524 return -1;
1525
1526 gd.keyidx = gtk[0] & 0x3;
1527 gtk += 1;
1528 gtk_len -= 1;
1529
1530 key_rsc = gtk;
1531
1532 gtk += 6;
1533 gtk_len -= 6;
1534
1535 os_memcpy(gd.gtk, gtk, gtk_len);
1536 gd.gtk_len = gtk_len;
1537
1538 ret = 0;
1539 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, gtk_len,
1540 gtk_len, &gd.key_rsc_len,
1541 &gd.alg) ||
1542 wpa_supplicant_install_mlo_gtk(sm, link_id, &gd, key_rsc, 0)) {
1543 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1544 "RSN: Failed to install GTK for MLO Link ID %u",
1545 link_id);
1546 ret = -1;
1547 goto out;
1548 }
1549
1550 out:
1551 forced_memzero(&gd, sizeof(gd));
1552 return ret;
1553 }
1554
1555
wpa_supplicant_pairwise_mlo_gtk(struct wpa_sm * sm,const struct wpa_eapol_key * key,struct wpa_eapol_ie_parse * ie,int key_info)1556 static int wpa_supplicant_pairwise_mlo_gtk(struct wpa_sm *sm,
1557 const struct wpa_eapol_key *key,
1558 struct wpa_eapol_ie_parse *ie,
1559 int key_info)
1560 {
1561 u8 i;
1562
1563 for_each_link(sm->mlo.valid_links, i) {
1564 if (!ie->mlo_gtk[i]) {
1565 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1566 "MLO RSN: GTK not found for link ID %u", i);
1567 return -1;
1568 }
1569
1570 if (wpa_supplicant_mlo_gtk(sm, i, ie->mlo_gtk[i],
1571 ie->mlo_gtk_len[i], key_info))
1572 return -1;
1573 }
1574
1575 return 0;
1576 }
1577
1578
wpa_supplicant_pairwise_gtk(struct wpa_sm * sm,const struct wpa_eapol_key * key,const u8 * gtk,size_t gtk_len,int key_info)1579 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
1580 const struct wpa_eapol_key *key,
1581 const u8 *gtk, size_t gtk_len,
1582 int key_info)
1583 {
1584 struct wpa_gtk_data gd;
1585 const u8 *key_rsc;
1586
1587 /*
1588 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
1589 * GTK KDE format:
1590 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
1591 * Reserved [bits 0-7]
1592 * GTK
1593 */
1594
1595 os_memset(&gd, 0, sizeof(gd));
1596 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
1597 gtk, gtk_len);
1598
1599 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
1600 return -1;
1601
1602 gd.keyidx = gtk[0] & 0x3;
1603 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1604 !!(gtk[0] & BIT(2)));
1605 gtk += 2;
1606 gtk_len -= 2;
1607
1608 os_memcpy(gd.gtk, gtk, gtk_len);
1609 gd.gtk_len = gtk_len;
1610
1611 key_rsc = key->key_rsc;
1612 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
1613 key_rsc = null_rsc;
1614
1615 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
1616 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1617 gtk_len, gtk_len,
1618 &gd.key_rsc_len, &gd.alg) ||
1619 wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
1620 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1621 "RSN: Failed to install GTK");
1622 forced_memzero(&gd, sizeof(gd));
1623 return -1;
1624 }
1625 forced_memzero(&gd, sizeof(gd));
1626
1627 return 0;
1628 }
1629
1630
wpa_supplicant_install_igtk(struct wpa_sm * sm,const struct wpa_igtk_kde * igtk,int wnm_sleep)1631 static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
1632 const struct wpa_igtk_kde *igtk,
1633 int wnm_sleep)
1634 {
1635 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1636 u16 keyidx = WPA_GET_LE16(igtk->keyid);
1637
1638 /* Detect possible key reinstallation */
1639 if ((sm->igtk.igtk_len == len &&
1640 os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
1641 (sm->igtk_wnm_sleep.igtk_len == len &&
1642 os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
1643 sm->igtk_wnm_sleep.igtk_len) == 0)) {
1644 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1645 "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
1646 keyidx);
1647 return 0;
1648 }
1649
1650 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1651 "WPA: IGTK keyid %d pn " COMPACT_MACSTR,
1652 keyidx, MAC2STR(igtk->pn));
1653 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
1654 if (keyidx > 4095) {
1655 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1656 "WPA: Invalid IGTK KeyID %d", keyidx);
1657 return -1;
1658 }
1659 if (wpa_sm_set_key(sm, -1, wpa_cipher_to_alg(sm->mgmt_group_cipher),
1660 broadcast_ether_addr,
1661 keyidx, 0, igtk->pn, sizeof(igtk->pn),
1662 igtk->igtk, len, KEY_FLAG_GROUP_RX) < 0) {
1663 if (keyidx == 0x0400 || keyidx == 0x0500) {
1664 /* Assume the AP has broken PMF implementation since it
1665 * seems to have swapped the KeyID bytes. The AP cannot
1666 * be trusted to implement BIP correctly or provide a
1667 * valid IGTK, so do not try to configure this key with
1668 * swapped KeyID bytes. Instead, continue without
1669 * configuring the IGTK so that the driver can drop any
1670 * received group-addressed robust management frames due
1671 * to missing keys.
1672 *
1673 * Normally, this error behavior would result in us
1674 * disconnecting, but there are number of deployed APs
1675 * with this broken behavior, so as an interoperability
1676 * workaround, allow the connection to proceed. */
1677 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1678 "WPA: Ignore IGTK configuration error due to invalid IGTK KeyID byte order");
1679 } else {
1680 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1681 "WPA: Failed to configure IGTK to the driver");
1682 return -1;
1683 }
1684 }
1685
1686 if (wnm_sleep) {
1687 sm->igtk_wnm_sleep.igtk_len = len;
1688 os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
1689 sm->igtk_wnm_sleep.igtk_len);
1690 } else {
1691 sm->igtk.igtk_len = len;
1692 os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
1693 }
1694
1695 return 0;
1696 }
1697
1698
wpa_supplicant_install_bigtk(struct wpa_sm * sm,const struct wpa_bigtk_kde * bigtk,int wnm_sleep)1699 static int wpa_supplicant_install_bigtk(struct wpa_sm *sm,
1700 const struct wpa_bigtk_kde *bigtk,
1701 int wnm_sleep)
1702 {
1703 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1704 u16 keyidx = WPA_GET_LE16(bigtk->keyid);
1705
1706 /* Detect possible key reinstallation */
1707 if ((sm->bigtk.bigtk_len == len &&
1708 os_memcmp(sm->bigtk.bigtk, bigtk->bigtk,
1709 sm->bigtk.bigtk_len) == 0) ||
1710 (sm->bigtk_wnm_sleep.bigtk_len == len &&
1711 os_memcmp(sm->bigtk_wnm_sleep.bigtk, bigtk->bigtk,
1712 sm->bigtk_wnm_sleep.bigtk_len) == 0)) {
1713 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1714 "WPA: Not reinstalling already in-use BIGTK to the driver (keyidx=%d)",
1715 keyidx);
1716 return 0;
1717 }
1718
1719 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1720 "WPA: BIGTK keyid %d pn " COMPACT_MACSTR,
1721 keyidx, MAC2STR(bigtk->pn));
1722 wpa_hexdump_key(MSG_DEBUG, "WPA: BIGTK", bigtk->bigtk, len);
1723 if (keyidx < 6 || keyidx > 7) {
1724 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1725 "WPA: Invalid BIGTK KeyID %d", keyidx);
1726 return -1;
1727 }
1728 if (wpa_sm_set_key(sm, -1, wpa_cipher_to_alg(sm->mgmt_group_cipher),
1729 broadcast_ether_addr,
1730 keyidx, 0, bigtk->pn, sizeof(bigtk->pn),
1731 bigtk->bigtk, len, KEY_FLAG_GROUP_RX) < 0) {
1732 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1733 "WPA: Failed to configure BIGTK to the driver");
1734 return -1;
1735 }
1736
1737 if (wnm_sleep) {
1738 sm->bigtk_wnm_sleep.bigtk_len = len;
1739 os_memcpy(sm->bigtk_wnm_sleep.bigtk, bigtk->bigtk,
1740 sm->bigtk_wnm_sleep.bigtk_len);
1741 } else {
1742 sm->bigtk.bigtk_len = len;
1743 os_memcpy(sm->bigtk.bigtk, bigtk->bigtk, sm->bigtk.bigtk_len);
1744 }
1745
1746 return 0;
1747 }
1748
1749
wpa_supplicant_install_mlo_igtk(struct wpa_sm * sm,u8 link_id,const struct rsn_mlo_igtk_kde * igtk,int wnm_sleep)1750 static int wpa_supplicant_install_mlo_igtk(struct wpa_sm *sm, u8 link_id,
1751 const struct rsn_mlo_igtk_kde *igtk,
1752 int wnm_sleep)
1753 {
1754 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1755 u16 keyidx = WPA_GET_LE16(igtk->keyid);
1756
1757 /* Detect possible key reinstallation */
1758 if ((sm->mlo.links[link_id].igtk.igtk_len == len &&
1759 os_memcmp(sm->mlo.links[link_id].igtk.igtk, igtk->igtk,
1760 sm->mlo.links[link_id].igtk.igtk_len) == 0) ||
1761 (sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len == len &&
1762 os_memcmp(sm->mlo.links[link_id].igtk_wnm_sleep.igtk, igtk->igtk,
1763 sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len) == 0)) {
1764 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1765 "RSN: Not reinstalling already in-use IGTK to the driver (link_id=%d keyidx=%d)",
1766 link_id, keyidx);
1767 return 0;
1768 }
1769
1770 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1771 "RSN: MLO Link %u IGTK keyid %d pn " COMPACT_MACSTR,
1772 link_id, keyidx, MAC2STR(igtk->pn));
1773 wpa_hexdump_link_key(MSG_DEBUG, link_id, "RSN: IGTK", igtk->igtk, len);
1774 if (keyidx > 4095) {
1775 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1776 "RSN: Invalid MLO Link %d IGTK KeyID %d", link_id,
1777 keyidx);
1778 return -1;
1779 }
1780 if (wpa_sm_set_key(sm, link_id,
1781 wpa_cipher_to_alg(sm->mgmt_group_cipher),
1782 broadcast_ether_addr, keyidx, 0, igtk->pn,
1783 sizeof(igtk->pn), igtk->igtk, len,
1784 KEY_FLAG_GROUP_RX) < 0) {
1785 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1786 "RSN: Failed to configure MLO Link %d IGTK to the driver",
1787 link_id);
1788 return -1;
1789 }
1790
1791 if (wnm_sleep) {
1792 sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len = len;
1793 os_memcpy(sm->mlo.links[link_id].igtk_wnm_sleep.igtk,
1794 igtk->igtk,
1795 sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len);
1796 } else {
1797 sm->mlo.links[link_id].igtk.igtk_len = len;
1798 os_memcpy(sm->mlo.links[link_id].igtk.igtk, igtk->igtk,
1799 sm->mlo.links[link_id].igtk.igtk_len);
1800 }
1801
1802 return 0;
1803 }
1804
1805
1806 static int
wpa_supplicant_install_mlo_bigtk(struct wpa_sm * sm,u8 link_id,const struct rsn_mlo_bigtk_kde * bigtk,int wnm_sleep)1807 wpa_supplicant_install_mlo_bigtk(struct wpa_sm *sm, u8 link_id,
1808 const struct rsn_mlo_bigtk_kde *bigtk,
1809 int wnm_sleep)
1810 {
1811 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1812 u16 keyidx = WPA_GET_LE16(bigtk->keyid);
1813
1814 /* Detect possible key reinstallation */
1815 if ((sm->mlo.links[link_id].bigtk.bigtk_len == len &&
1816 os_memcmp(sm->mlo.links[link_id].bigtk.bigtk, bigtk->bigtk,
1817 sm->mlo.links[link_id].bigtk.bigtk_len) == 0) ||
1818 (sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len == len &&
1819 os_memcmp(sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk,
1820 bigtk->bigtk,
1821 sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len) ==
1822 0)) {
1823 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1824 "RSN: Not reinstalling already in-use BIGTK to the driver (link_id=%d keyidx=%d)",
1825 link_id, keyidx);
1826 return 0;
1827 }
1828
1829 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1830 "RSN: MLO Link %u BIGTK keyid %d pn " COMPACT_MACSTR,
1831 link_id, keyidx, MAC2STR(bigtk->pn));
1832 wpa_hexdump_link_key(MSG_DEBUG, link_id, "RSN: BIGTK", bigtk->bigtk,
1833 len);
1834 if (keyidx < 6 || keyidx > 7) {
1835 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1836 "RSN: Invalid MLO Link %d BIGTK KeyID %d", link_id,
1837 keyidx);
1838 return -1;
1839 }
1840 if (wpa_sm_set_key(sm, link_id,
1841 wpa_cipher_to_alg(sm->mgmt_group_cipher),
1842 broadcast_ether_addr, keyidx, 0, bigtk->pn,
1843 sizeof(bigtk->pn), bigtk->bigtk, len,
1844 KEY_FLAG_GROUP_RX) < 0) {
1845 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1846 "RSN: Failed to configure MLO Link %d BIGTK to the driver",
1847 link_id);
1848 return -1;
1849 }
1850
1851 if (wnm_sleep) {
1852 sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len = len;
1853 os_memcpy(sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk,
1854 bigtk->bigtk,
1855 sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len);
1856 } else {
1857 sm->mlo.links[link_id].bigtk.bigtk_len = len;
1858 os_memcpy(sm->mlo.links[link_id].bigtk.bigtk, bigtk->bigtk,
1859 sm->mlo.links[link_id].bigtk.bigtk_len);
1860 }
1861
1862 return 0;
1863 }
1864
1865
_mlo_ieee80211w_set_keys(struct wpa_sm * sm,u8 link_id,struct wpa_eapol_ie_parse * ie)1866 static int _mlo_ieee80211w_set_keys(struct wpa_sm *sm, u8 link_id,
1867 struct wpa_eapol_ie_parse *ie)
1868 {
1869 size_t len;
1870
1871 if (ie->mlo_igtk[link_id]) {
1872 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1873 if (ie->mlo_igtk_len[link_id] !=
1874 RSN_MLO_IGTK_KDE_PREFIX_LENGTH + len)
1875 return -1;
1876
1877 if (wpa_supplicant_install_mlo_igtk(
1878 sm, link_id,
1879 (const struct rsn_mlo_igtk_kde *)
1880 ie->mlo_igtk[link_id],
1881 0) < 0)
1882 return -1;
1883 }
1884
1885 if (ie->mlo_bigtk[link_id] && sm->beacon_prot) {
1886 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1887 if (ie->mlo_bigtk_len[link_id] !=
1888 RSN_MLO_BIGTK_KDE_PREFIX_LENGTH + len)
1889 return -1;
1890
1891 if (wpa_supplicant_install_mlo_bigtk(
1892 sm, link_id,
1893 (const struct rsn_mlo_bigtk_kde *)
1894 ie->mlo_bigtk[link_id],
1895 0) < 0)
1896 return -1;
1897 }
1898
1899 return 0;
1900 }
1901
1902
mlo_ieee80211w_set_keys(struct wpa_sm * sm,struct wpa_eapol_ie_parse * ie)1903 static int mlo_ieee80211w_set_keys(struct wpa_sm *sm,
1904 struct wpa_eapol_ie_parse *ie)
1905 {
1906 u8 i;
1907
1908 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) ||
1909 sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED)
1910 return 0;
1911
1912 for_each_link(sm->mlo.valid_links, i) {
1913 if (_mlo_ieee80211w_set_keys(sm, i, ie))
1914 return -1;
1915 }
1916
1917 return 0;
1918 }
1919
1920
ieee80211w_set_keys(struct wpa_sm * sm,struct wpa_eapol_ie_parse * ie)1921 static int ieee80211w_set_keys(struct wpa_sm *sm,
1922 struct wpa_eapol_ie_parse *ie)
1923 {
1924 size_t len;
1925
1926 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) ||
1927 sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED)
1928 return 0;
1929
1930 if (ie->igtk) {
1931 const struct wpa_igtk_kde *igtk;
1932
1933 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1934 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
1935 return -1;
1936
1937 igtk = (const struct wpa_igtk_kde *) ie->igtk;
1938 if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
1939 return -1;
1940 }
1941
1942 if (ie->bigtk && sm->beacon_prot) {
1943 const struct wpa_bigtk_kde *bigtk;
1944
1945 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1946 if (ie->bigtk_len != WPA_BIGTK_KDE_PREFIX_LEN + len)
1947 return -1;
1948
1949 bigtk = (const struct wpa_bigtk_kde *) ie->bigtk;
1950 if (wpa_supplicant_install_bigtk(sm, bigtk, 0) < 0)
1951 return -1;
1952 }
1953
1954 return 0;
1955 }
1956
1957
wpa_report_ie_mismatch(struct wpa_sm * sm,const char * reason,const u8 * src_addr,const u8 * wpa_ie,size_t wpa_ie_len,const u8 * rsn_ie,size_t rsn_ie_len)1958 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
1959 const char *reason, const u8 *src_addr,
1960 const u8 *wpa_ie, size_t wpa_ie_len,
1961 const u8 *rsn_ie, size_t rsn_ie_len)
1962 {
1963 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
1964 reason, MAC2STR(src_addr));
1965
1966 if (sm->ap_wpa_ie) {
1967 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
1968 sm->ap_wpa_ie, sm->ap_wpa_ie_len);
1969 }
1970 if (wpa_ie) {
1971 if (!sm->ap_wpa_ie) {
1972 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1973 "WPA: No WPA IE in Beacon/ProbeResp");
1974 }
1975 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
1976 wpa_ie, wpa_ie_len);
1977 }
1978
1979 if (sm->ap_rsn_ie) {
1980 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
1981 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
1982 }
1983 if (rsn_ie) {
1984 if (!sm->ap_rsn_ie) {
1985 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1986 "WPA: No RSN IE in Beacon/ProbeResp");
1987 }
1988 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
1989 rsn_ie, rsn_ie_len);
1990 }
1991
1992 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
1993 }
1994
1995
1996 #ifdef CONFIG_IEEE80211R
1997
ft_validate_mdie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie,const u8 * assoc_resp_mdie)1998 static int ft_validate_mdie(struct wpa_sm *sm,
1999 const unsigned char *src_addr,
2000 struct wpa_eapol_ie_parse *ie,
2001 const u8 *assoc_resp_mdie)
2002 {
2003 struct rsn_mdie *mdie;
2004
2005 mdie = (struct rsn_mdie *) (ie->mdie + 2);
2006 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
2007 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
2008 MOBILITY_DOMAIN_ID_LEN) != 0) {
2009 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
2010 "not match with the current mobility domain");
2011 return -1;
2012 }
2013
2014 if (assoc_resp_mdie &&
2015 (assoc_resp_mdie[1] != ie->mdie[1] ||
2016 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
2017 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
2018 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
2019 ie->mdie, 2 + ie->mdie[1]);
2020 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
2021 assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
2022 return -1;
2023 }
2024
2025 return 0;
2026 }
2027
2028
ft_validate_ftie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie,const u8 * assoc_resp_ftie)2029 static int ft_validate_ftie(struct wpa_sm *sm,
2030 const unsigned char *src_addr,
2031 struct wpa_eapol_ie_parse *ie,
2032 const u8 *assoc_resp_ftie)
2033 {
2034 if (ie->ftie == NULL) {
2035 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2036 "FT: No FTIE in EAPOL-Key msg 3/4");
2037 return -1;
2038 }
2039
2040 if (assoc_resp_ftie == NULL)
2041 return 0;
2042
2043 if (assoc_resp_ftie[1] != ie->ftie[1] ||
2044 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
2045 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
2046 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
2047 ie->ftie, 2 + ie->ftie[1]);
2048 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
2049 assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
2050 return -1;
2051 }
2052
2053 return 0;
2054 }
2055
2056
ft_validate_rsnie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie)2057 static int ft_validate_rsnie(struct wpa_sm *sm,
2058 const unsigned char *src_addr,
2059 struct wpa_eapol_ie_parse *ie)
2060 {
2061 struct wpa_ie_data rsn;
2062
2063 if (!ie->rsn_ie)
2064 return 0;
2065
2066 /*
2067 * Verify that PMKR1Name from EAPOL-Key message 3/4
2068 * matches with the value we derived.
2069 */
2070 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
2071 rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
2072 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
2073 "FT 4-way handshake message 3/4");
2074 return -1;
2075 }
2076
2077 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
2078 {
2079 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2080 "FT: PMKR1Name mismatch in "
2081 "FT 4-way handshake message 3/4");
2082 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
2083 rsn.pmkid, WPA_PMK_NAME_LEN);
2084 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
2085 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2086 return -1;
2087 }
2088
2089 return 0;
2090 }
2091
2092
wpa_supplicant_validate_ie_ft(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie)2093 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
2094 const unsigned char *src_addr,
2095 struct wpa_eapol_ie_parse *ie)
2096 {
2097 const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
2098
2099 if (sm->assoc_resp_ies) {
2100 pos = sm->assoc_resp_ies;
2101 end = pos + sm->assoc_resp_ies_len;
2102 while (end - pos > 2) {
2103 if (2 + pos[1] > end - pos)
2104 break;
2105 switch (*pos) {
2106 case WLAN_EID_MOBILITY_DOMAIN:
2107 mdie = pos;
2108 break;
2109 case WLAN_EID_FAST_BSS_TRANSITION:
2110 ftie = pos;
2111 break;
2112 }
2113 pos += 2 + pos[1];
2114 }
2115 }
2116
2117 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
2118 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
2119 ft_validate_rsnie(sm, src_addr, ie) < 0)
2120 return -1;
2121
2122 return 0;
2123 }
2124
2125 #endif /* CONFIG_IEEE80211R */
2126
2127
wpa_supplicant_validate_ie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie)2128 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
2129 const unsigned char *src_addr,
2130 struct wpa_eapol_ie_parse *ie)
2131 {
2132 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
2133 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2134 "WPA: No WPA/RSN IE for this AP known. "
2135 "Trying to get from scan results");
2136 if (wpa_sm_get_beacon_ie(sm) < 0) {
2137 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2138 "WPA: Could not find AP from "
2139 "the scan results");
2140 return -1;
2141 }
2142 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
2143 "WPA: Found the current AP from updated scan results");
2144 }
2145
2146 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
2147 (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
2148 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
2149 "with IE in Beacon/ProbeResp (no IE?)",
2150 src_addr, ie->wpa_ie, ie->wpa_ie_len,
2151 ie->rsn_ie, ie->rsn_ie_len);
2152 return -1;
2153 }
2154
2155 if ((ie->wpa_ie && sm->ap_wpa_ie &&
2156 (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
2157 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
2158 (ie->rsn_ie && sm->ap_rsn_ie &&
2159 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
2160 sm->ap_rsn_ie, sm->ap_rsn_ie_len,
2161 ie->rsn_ie, ie->rsn_ie_len))) {
2162 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
2163 "with IE in Beacon/ProbeResp",
2164 src_addr, ie->wpa_ie, ie->wpa_ie_len,
2165 ie->rsn_ie, ie->rsn_ie_len);
2166 return -1;
2167 }
2168
2169 if (sm->proto == WPA_PROTO_WPA &&
2170 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
2171 wpa_report_ie_mismatch(sm, "Possible downgrade attack "
2172 "detected - RSN was enabled and RSN IE "
2173 "was in msg 3/4, but not in "
2174 "Beacon/ProbeResp",
2175 src_addr, ie->wpa_ie, ie->wpa_ie_len,
2176 ie->rsn_ie, ie->rsn_ie_len);
2177 return -1;
2178 }
2179
2180 if (sm->proto == WPA_PROTO_RSN &&
2181 ((sm->ap_rsnxe && !ie->rsnxe) ||
2182 (!sm->ap_rsnxe && ie->rsnxe) ||
2183 (sm->ap_rsnxe && ie->rsnxe &&
2184 (sm->ap_rsnxe_len != ie->rsnxe_len ||
2185 os_memcmp(sm->ap_rsnxe, ie->rsnxe, sm->ap_rsnxe_len) != 0)))) {
2186 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2187 "WPA: RSNXE mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4");
2188 wpa_hexdump(MSG_INFO, "RSNXE in Beacon/ProbeResp",
2189 sm->ap_rsnxe, sm->ap_rsnxe_len);
2190 wpa_hexdump(MSG_INFO, "RSNXE in EAPOL-Key msg 3/4",
2191 ie->rsnxe, ie->rsnxe_len);
2192 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
2193 return -1;
2194 }
2195
2196 #ifdef CONFIG_IEEE80211R
2197 if (wpa_key_mgmt_ft(sm->key_mgmt) &&
2198 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
2199 return -1;
2200 #endif /* CONFIG_IEEE80211R */
2201
2202 return 0;
2203 }
2204
2205
2206 /**
2207 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
2208 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2209 * @dst: Destination address for the frame
2210 * @key: Pointer to the EAPOL-Key frame header
2211 * @ver: Version bits from EAPOL-Key Key Info
2212 * @key_info: Key Info
2213 * @ptk: PTK to use for keyed hash and encryption
2214 * Returns: >= 0 on success, < 0 on failure
2215 */
wpa_supplicant_send_4_of_4(struct wpa_sm * sm,const unsigned char * dst,const struct wpa_eapol_key * key,u16 ver,u16 key_info,struct wpa_ptk * ptk)2216 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
2217 const struct wpa_eapol_key *key,
2218 u16 ver, u16 key_info,
2219 struct wpa_ptk *ptk)
2220 {
2221 size_t mic_len, hdrlen, rlen;
2222 struct wpa_eapol_key *reply;
2223 u8 *rbuf, *key_mic;
2224 u8 *kde = NULL;
2225 size_t kde_len = 0, extra_len = 0;
2226 #ifdef CONFIG_TESTING_OPTIONS
2227 size_t pad_len = 0;
2228 #endif /* CONFIG_TESTING_OPTIONS */
2229
2230 if (sm->mlo.valid_links) {
2231 u8 *pos;
2232
2233 kde = os_malloc(RSN_SELECTOR_LEN + ETH_ALEN + 2);
2234 if (!kde)
2235 return -1;
2236
2237 /* Add MAC KDE */
2238 wpa_printf(MSG_DEBUG, "MLO: Add MAC KDE into EAPOL-Key 4/4");
2239 pos = kde;
2240 pos = rsn_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->own_addr,
2241 ETH_ALEN);
2242 kde_len = pos - kde;
2243 }
2244
2245 #ifdef CONFIG_TESTING_OPTIONS
2246 if (sm->test_eapol_m4_elems)
2247 extra_len = wpabuf_len(sm->test_eapol_m4_elems);
2248 if (sm->encrypt_eapol_m4) {
2249 pad_len = (kde_len + extra_len) % 8;
2250 if (pad_len)
2251 pad_len = 8 - pad_len;
2252 extra_len += pad_len + 8;
2253 }
2254 #endif /* CONFIG_TESTING_OPTIONS */
2255
2256 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
2257 hdrlen = sizeof(*reply) + mic_len + 2;
2258 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
2259 hdrlen + kde_len + extra_len, &rlen,
2260 (void *) &reply);
2261 if (!rbuf) {
2262 os_free(kde);
2263 return -1;
2264 }
2265
2266 reply->type = (sm->proto == WPA_PROTO_RSN ||
2267 sm->proto == WPA_PROTO_OSEN) ?
2268 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
2269 key_info &= WPA_KEY_INFO_SECURE;
2270 key_info |= ver | WPA_KEY_INFO_KEY_TYPE;
2271 if (mic_len)
2272 key_info |= WPA_KEY_INFO_MIC;
2273 else
2274 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
2275 #ifdef CONFIG_TESTING_OPTIONS
2276 if (sm->encrypt_eapol_m4)
2277 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
2278 #endif /* CONFIG_TESTING_OPTIONS */
2279 WPA_PUT_BE16(reply->key_info, key_info);
2280 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
2281 WPA_PUT_BE16(reply->key_length, 0);
2282 else
2283 os_memcpy(reply->key_length, key->key_length, 2);
2284 os_memcpy(reply->replay_counter, key->replay_counter,
2285 WPA_REPLAY_COUNTER_LEN);
2286
2287 key_mic = (u8 *) (reply + 1);
2288 /* Key Data length */
2289 WPA_PUT_BE16(key_mic + mic_len, kde_len + extra_len);
2290 if (kde) {
2291 os_memcpy(key_mic + mic_len + 2, kde, kde_len); /* Key Data */
2292 os_free(kde);
2293 }
2294
2295 #ifdef CONFIG_TESTING_OPTIONS
2296 if (sm->test_eapol_m4_elems) {
2297 os_memcpy(key_mic + mic_len + 2 + kde_len,
2298 wpabuf_head(sm->test_eapol_m4_elems),
2299 wpabuf_len(sm->test_eapol_m4_elems));
2300 }
2301
2302 if (sm->encrypt_eapol_m4) {
2303 u8 *plain;
2304 size_t plain_len;
2305
2306 if (sm->test_eapol_m4_elems)
2307 extra_len = wpabuf_len(sm->test_eapol_m4_elems);
2308 else
2309 extra_len = 0;
2310 plain_len = kde_len + extra_len + pad_len;
2311 plain = os_memdup(key_mic + mic_len + 2, plain_len);
2312 if (!plain) {
2313 os_free(rbuf);
2314 return -1;
2315 }
2316 if (pad_len)
2317 plain[plain_len - pad_len] = 0xdd;
2318
2319 wpa_hexdump_key(MSG_DEBUG, "RSN: AES-WRAP using KEK",
2320 ptk->kek, ptk->kek_len);
2321 if (aes_wrap(ptk->kek, ptk->kek_len, plain_len / 8, plain,
2322 key_mic + mic_len + 2)) {
2323 os_free(plain);
2324 os_free(rbuf);
2325 return -1;
2326 }
2327 wpa_hexdump(MSG_DEBUG,
2328 "RSN: Encrypted Key Data from AES-WRAP",
2329 key_mic + mic_len + 2, plain_len + 8);
2330 os_free(plain);
2331 }
2332 #endif /* CONFIG_TESTING_OPTIONS */
2333
2334 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
2335 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
2336 key_mic);
2337 }
2338
2339
wpa_supplicant_validate_link_kde(struct wpa_sm * sm,u8 link_id,const u8 * link_kde,size_t link_kde_len)2340 static int wpa_supplicant_validate_link_kde(struct wpa_sm *sm, u8 link_id,
2341 const u8 *link_kde,
2342 size_t link_kde_len)
2343 {
2344 size_t rsne_len = 0, rsnxe_len = 0;
2345 const u8 *rsne = NULL, *rsnxe = NULL;
2346
2347 if (!link_kde ||
2348 link_kde_len < RSN_MLO_LINK_KDE_LINK_MAC_INDEX + ETH_ALEN) {
2349 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2350 "RSN: MLO Link KDE is not found for link ID %d",
2351 link_id);
2352 return -1;
2353 }
2354
2355 if (!ether_addr_equal(sm->mlo.links[link_id].bssid,
2356 &link_kde[RSN_MLO_LINK_KDE_LINK_MAC_INDEX])) {
2357 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2358 "RSN: MLO Link %u MAC address (" MACSTR
2359 ") not matching association response (" MACSTR ")",
2360 link_id,
2361 MAC2STR(&link_kde[RSN_MLO_LINK_KDE_LINK_MAC_INDEX]),
2362 MAC2STR(sm->mlo.links[link_id].bssid));
2363 return -1;
2364 }
2365
2366 if (link_kde[0] & RSN_MLO_LINK_KDE_LI_RSNE_INFO) {
2367 rsne = link_kde + RSN_MLO_LINK_KDE_FIXED_LENGTH;
2368 if (link_kde_len < RSN_MLO_LINK_KDE_FIXED_LENGTH + 2 ||
2369 link_kde_len <
2370 (size_t) (RSN_MLO_LINK_KDE_FIXED_LENGTH + 2 + rsne[1])) {
2371 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2372 "RSN: No room for link %u RSNE in MLO Link KDE",
2373 link_id);
2374 return -1;
2375 }
2376
2377 rsne_len = rsne[1] + 2;
2378 }
2379
2380 if (!rsne) {
2381 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2382 "RSN: RSNE not present in MLO Link %u KDE", link_id);
2383 return -1;
2384 }
2385
2386 if (link_kde[0] & RSN_MLO_LINK_KDE_LI_RSNXE_INFO) {
2387 rsnxe = link_kde + RSN_MLO_LINK_KDE_FIXED_LENGTH + rsne_len;
2388 if (link_kde_len <
2389 (RSN_MLO_LINK_KDE_FIXED_LENGTH + rsne_len + 2) ||
2390 link_kde_len <
2391 (RSN_MLO_LINK_KDE_FIXED_LENGTH + rsne_len + 2 + rsnxe[1])) {
2392 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2393 "RSN: No room for link %u RSNXE in MLO Link KDE",
2394 link_id);
2395 return -1;
2396 }
2397
2398 rsnxe_len = rsnxe[1] + 2;
2399 }
2400
2401 if (wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
2402 sm->mlo.links[link_id].ap_rsne,
2403 sm->mlo.links[link_id].ap_rsne_len,
2404 rsne, rsne_len)) {
2405 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2406 "RSN MLO: IE in 3/4 msg does not match with IE in Beacon/ProbeResp for link ID %u",
2407 link_id);
2408 wpa_hexdump(MSG_INFO, "RSNE in Beacon/ProbeResp",
2409 sm->mlo.links[link_id].ap_rsne,
2410 sm->mlo.links[link_id].ap_rsne_len);
2411 wpa_hexdump(MSG_INFO, "RSNE in EAPOL-Key msg 3/4",
2412 rsne, rsne_len);
2413 return -1;
2414 }
2415
2416 if ((sm->mlo.links[link_id].ap_rsnxe && !rsnxe) ||
2417 (!sm->mlo.links[link_id].ap_rsnxe && rsnxe) ||
2418 (sm->mlo.links[link_id].ap_rsnxe && rsnxe &&
2419 (sm->mlo.links[link_id].ap_rsnxe_len != rsnxe_len ||
2420 os_memcmp(sm->mlo.links[link_id].ap_rsnxe, rsnxe,
2421 sm->mlo.links[link_id].ap_rsnxe_len) != 0))) {
2422 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2423 "RSN MLO: RSNXE mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4 for link ID %u",
2424 link_id);
2425 wpa_hexdump(MSG_INFO, "RSNXE in Beacon/ProbeResp",
2426 sm->mlo.links[link_id].ap_rsnxe,
2427 sm->mlo.links[link_id].ap_rsnxe_len);
2428 wpa_hexdump(MSG_INFO, "RSNXE in EAPOL-Key msg 3/4",
2429 rsnxe, rsnxe_len);
2430 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
2431 return -1;
2432 }
2433
2434 return 0;
2435 }
2436
2437
wpa_validate_mlo_ieee80211w_kdes(struct wpa_sm * sm,u8 link_id,struct wpa_eapol_ie_parse * ie)2438 static int wpa_validate_mlo_ieee80211w_kdes(struct wpa_sm *sm,
2439 u8 link_id,
2440 struct wpa_eapol_ie_parse *ie)
2441 {
2442 if (ie->mlo_igtk[link_id] &&
2443 ie->mlo_igtk_len[link_id] != RSN_MLO_IGTK_KDE_PREFIX_LENGTH +
2444 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
2445 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2446 "RSN MLO: Invalid IGTK KDE length %lu for link ID %u",
2447 (unsigned long) ie->mlo_igtk_len[link_id], link_id);
2448 return -1;
2449 }
2450
2451 if (!sm->beacon_prot)
2452 return 0;
2453
2454 if (ie->mlo_bigtk[link_id] &&
2455 ie->mlo_bigtk_len[link_id] != RSN_MLO_BIGTK_KDE_PREFIX_LENGTH +
2456 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
2457 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2458 "RSN MLO: Invalid BIGTK KDE length %lu for link ID %u",
2459 (unsigned long) ie->mlo_bigtk_len[link_id], link_id);
2460 return -1;
2461 }
2462
2463 return 0;
2464 }
2465
2466
wpa_supplicant_process_3_of_4_wpa(struct wpa_sm * sm,const struct wpa_eapol_key * key,u16 ver,const u8 * key_data,size_t key_data_len)2467 static void wpa_supplicant_process_3_of_4_wpa(struct wpa_sm *sm,
2468 const struct wpa_eapol_key *key,
2469 u16 ver, const u8 *key_data,
2470 size_t key_data_len)
2471 {
2472 u16 key_info, keylen;
2473 struct wpa_eapol_ie_parse ie;
2474
2475 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
2476 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2477 "WPA: RX message 3 of 4-Way Handshake from " MACSTR
2478 " (ver=%d)", MAC2STR(sm->bssid), ver);
2479
2480 key_info = WPA_GET_BE16(key->key_info);
2481
2482 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
2483 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
2484 goto failed;
2485
2486 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
2487 goto failed;
2488
2489 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
2490 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2491 "WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet (src="
2492 MACSTR ")", MAC2STR(sm->bssid));
2493 goto failed;
2494 }
2495
2496 keylen = WPA_GET_BE16(key->key_length);
2497 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
2498 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2499 "WPA: Invalid %s key length %d (src=" MACSTR ")",
2500 wpa_cipher_txt(sm->pairwise_cipher), keylen,
2501 MAC2STR(sm->bssid));
2502 goto failed;
2503 }
2504
2505 if (wpa_supplicant_send_4_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver,
2506 key_info, &sm->ptk) < 0)
2507 goto failed;
2508
2509 /* SNonce was successfully used in msg 3/4, so mark it to be renewed
2510 * for the next 4-Way Handshake. If msg 3 is received again, the old
2511 * SNonce will still be used to avoid changing PTK. */
2512 sm->renew_snonce = 1;
2513
2514 if ((key_info & WPA_KEY_INFO_INSTALL) &&
2515 wpa_supplicant_install_ptk(sm, key, KEY_FLAG_RX_TX))
2516 goto failed;
2517
2518 if (key_info & WPA_KEY_INFO_SECURE) {
2519 wpa_sm_mlme_setprotection(
2520 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
2521 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
2522 eapol_sm_notify_portValid(sm->eapol, true);
2523 }
2524 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
2525
2526 sm->msg_3_of_4_ok = 1;
2527 return;
2528
2529 failed:
2530 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2531 }
2532
2533
wpa_supplicant_process_3_of_4(struct wpa_sm * sm,const struct wpa_eapol_key * key,u16 ver,const u8 * key_data,size_t key_data_len)2534 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
2535 const struct wpa_eapol_key *key,
2536 u16 ver, const u8 *key_data,
2537 size_t key_data_len)
2538 {
2539 u16 key_info, keylen;
2540 struct wpa_eapol_ie_parse ie;
2541 bool mlo = sm->mlo.valid_links;
2542 int i;
2543
2544 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
2545 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2546 "RSN: RX message 3 of 4-Way Handshake from " MACSTR
2547 " (ver=%d)%s", MAC2STR(sm->bssid), ver, mlo ? " (MLO)" : "");
2548
2549 key_info = WPA_GET_BE16(key->key_info);
2550
2551 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
2552 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
2553 goto failed;
2554
2555 if (sm->ssid_protection) {
2556 if (!ie.ssid) {
2557 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2558 "RSN: No SSID included in EAPOL-Key msg 3/4");
2559 goto failed;
2560 }
2561
2562 if (ie.ssid_len != sm->ssid_len ||
2563 os_memcmp(ie.ssid, sm->ssid, sm->ssid_len) != 0) {
2564 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2565 "RSN: SSID mismatch in EAPOL-Key msg 3/4");
2566 wpa_hexdump_ascii(MSG_DEBUG, "RSN: Received SSID",
2567 ie.ssid, ie.ssid_len);
2568 wpa_hexdump_ascii(MSG_DEBUG, "RSN: Expected SSID",
2569 sm->ssid, sm->ssid_len);
2570 goto failed;
2571 }
2572
2573 wpa_sm_ssid_verified(sm);
2574 }
2575
2576 if (mlo && !ie.valid_mlo_gtks) {
2577 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2578 "MLO RSN: No GTK KDE included in EAPOL-Key msg 3/4");
2579 goto failed;
2580 }
2581 if (mlo &&
2582 (key_info &
2583 (WPA_KEY_INFO_ENCR_KEY_DATA | WPA_KEY_INFO_INSTALL |
2584 WPA_KEY_INFO_SECURE)) !=
2585 (WPA_KEY_INFO_ENCR_KEY_DATA | WPA_KEY_INFO_INSTALL |
2586 WPA_KEY_INFO_SECURE)) {
2587 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2588 "RSN MLO: Invalid key info (0x%x) in EAPOL-Key msg 3/4",
2589 key_info);
2590 goto failed;
2591 }
2592
2593 if (mlo && !is_valid_ap_mld_mac_kde(sm, ie.mac_addr)) {
2594 wpa_printf(MSG_DEBUG, "RSN: Invalid AP MLD MAC address KDE");
2595 goto failed;
2596 }
2597
2598 for (i = 0; mlo && i < MAX_NUM_MLD_LINKS; i++) {
2599 if (!(sm->mlo.req_links & BIT(i)))
2600 continue;
2601
2602 if (wpa_supplicant_validate_link_kde(sm, i, ie.mlo_link[i],
2603 ie.mlo_link_len[i]) < 0)
2604 goto failed;
2605
2606 if (!(sm->mlo.valid_links & BIT(i)))
2607 continue;
2608
2609 if (!ie.mlo_gtk[i]) {
2610 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2611 "RSN: GTK not found for link ID %u", i);
2612 goto failed;
2613 }
2614
2615 if (sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED &&
2616 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
2617 wpa_validate_mlo_ieee80211w_kdes(sm, i, &ie) < 0)
2618 goto failed;
2619 }
2620
2621 #ifdef CONFIG_IEEE80211R
2622 if (mlo && wpa_key_mgmt_ft(sm->key_mgmt) &&
2623 wpa_supplicant_validate_ie_ft(sm, sm->bssid, &ie) < 0)
2624 goto failed;
2625 #endif /* CONFIG_IEEE80211R */
2626
2627 if (!mlo && ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2628 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2629 "WPA: GTK IE in unencrypted key data");
2630 goto failed;
2631 }
2632 if (!mlo && ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2633 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2634 "WPA: IGTK KDE in unencrypted key data");
2635 goto failed;
2636 }
2637
2638 if (!mlo && ie.igtk &&
2639 sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED &&
2640 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
2641 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
2642 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
2643 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2644 "WPA: Invalid IGTK KDE length %lu",
2645 (unsigned long) ie.igtk_len);
2646 goto failed;
2647 }
2648
2649 if (!mlo && wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
2650 goto failed;
2651
2652 if (wpa_handle_ext_key_id(sm, &ie))
2653 goto failed;
2654
2655 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
2656 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2657 "WPA: ANonce from message 1 of 4-Way Handshake "
2658 "differs from 3 of 4-Way Handshake - drop packet (src="
2659 MACSTR ")", MAC2STR(sm->bssid));
2660 goto failed;
2661 }
2662
2663 keylen = WPA_GET_BE16(key->key_length);
2664 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
2665 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2666 "WPA: Invalid %s key length %d (src=" MACSTR
2667 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
2668 MAC2STR(sm->bssid));
2669 goto failed;
2670 }
2671
2672 #ifdef CONFIG_P2P
2673 if (ie.ip_addr_alloc) {
2674 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
2675 wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
2676 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
2677 }
2678 #endif /* CONFIG_P2P */
2679
2680 #ifdef CONFIG_OCV
2681 if (wpa_sm_ocv_enabled(sm)) {
2682 struct wpa_channel_info ci;
2683
2684 if (wpa_sm_channel_info(sm, &ci) != 0) {
2685 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2686 "Failed to get channel info to validate received OCI in EAPOL-Key 3/4");
2687 return;
2688 }
2689
2690 if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
2691 channel_width_to_int(ci.chanwidth),
2692 ci.seg1_idx) != OCI_SUCCESS) {
2693 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
2694 "addr=" MACSTR " frame=eapol-key-m3 error=%s",
2695 MAC2STR(sm->bssid), ocv_errorstr);
2696 return;
2697 }
2698 }
2699 #endif /* CONFIG_OCV */
2700
2701 #ifdef CONFIG_DPP2
2702 if (DPP_VERSION > 1 && ie.dpp_kde) {
2703 wpa_printf(MSG_DEBUG,
2704 "DPP: peer Protocol Version %u Flags 0x%x",
2705 ie.dpp_kde[0], ie.dpp_kde[1]);
2706 if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_pfs != 2 &&
2707 (ie.dpp_kde[1] & DPP_KDE_PFS_ALLOWED) && !sm->dpp_z) {
2708 wpa_printf(MSG_INFO,
2709 "DPP: Peer indicated it supports PFS and local configuration allows this, but PFS was not negotiated for the association");
2710 goto failed;
2711 }
2712 }
2713 #endif /* CONFIG_DPP2 */
2714
2715 if (sm->use_ext_key_id &&
2716 wpa_supplicant_install_ptk(sm, key, KEY_FLAG_RX))
2717 goto failed;
2718
2719 if (wpa_supplicant_send_4_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver,
2720 key_info, &sm->ptk) < 0)
2721 goto failed;
2722
2723 /* SNonce was successfully used in msg 3/4, so mark it to be renewed
2724 * for the next 4-Way Handshake. If msg 3 is received again, the old
2725 * SNonce will still be used to avoid changing PTK. */
2726 sm->renew_snonce = 1;
2727
2728 if (key_info & WPA_KEY_INFO_INSTALL) {
2729 int res;
2730
2731 if (sm->use_ext_key_id)
2732 res = wpa_supplicant_activate_ptk(sm);
2733 else
2734 res = wpa_supplicant_install_ptk(sm, key,
2735 KEY_FLAG_RX_TX);
2736 if (res)
2737 goto failed;
2738 }
2739
2740 if (key_info & WPA_KEY_INFO_SECURE) {
2741 wpa_sm_mlme_setprotection(
2742 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
2743 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
2744 eapol_sm_notify_portValid(sm->eapol, true);
2745 }
2746 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
2747
2748 if (mlo) {
2749 if (wpa_supplicant_pairwise_mlo_gtk(sm, key, &ie,
2750 key_info) < 0) {
2751 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2752 "MLO RSN: Failed to configure MLO GTKs");
2753 goto failed;
2754 }
2755 } else if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
2756 /* No GTK to be set to the driver */
2757 } else if (!ie.gtk && sm->proto == WPA_PROTO_RSN) {
2758 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2759 "RSN: No GTK KDE included in EAPOL-Key msg 3/4");
2760 goto failed;
2761 } else if (ie.gtk &&
2762 wpa_supplicant_pairwise_gtk(sm, key,
2763 ie.gtk, ie.gtk_len, key_info) < 0) {
2764 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2765 "RSN: Failed to configure GTK");
2766 goto failed;
2767 }
2768
2769 if ((mlo && mlo_ieee80211w_set_keys(sm, &ie) < 0) ||
2770 (!mlo && ieee80211w_set_keys(sm, &ie) < 0)) {
2771 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2772 "RSN: Failed to configure IGTK");
2773 goto failed;
2774 }
2775
2776 if (mlo || sm->group_cipher == WPA_CIPHER_GTK_NOT_USED || ie.gtk)
2777 wpa_supplicant_key_neg_complete(sm, sm->bssid,
2778 key_info & WPA_KEY_INFO_SECURE);
2779
2780 if (mlo || ie.gtk)
2781 wpa_sm_set_rekey_offload(sm);
2782
2783 /* Add PMKSA cache entry for Suite B AKMs here since PMKID can be
2784 * calculated only after KCK has been derived. Though, do not replace an
2785 * existing PMKSA entry after each 4-way handshake (i.e., new KCK/PMKID)
2786 * to avoid unnecessary changes of PMKID while continuing to use the
2787 * same PMK. */
2788 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt) &&
2789 !sm->cur_pmksa) {
2790 struct rsn_pmksa_cache_entry *sa;
2791
2792 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL,
2793 sm->ptk.kck, sm->ptk.kck_len,
2794 wpa_sm_get_auth_addr(sm), sm->own_addr,
2795 sm->network_ctx, sm->key_mgmt, NULL);
2796 if (!sm->cur_pmksa)
2797 sm->cur_pmksa = sa;
2798 }
2799
2800 if (ie.transition_disable)
2801 wpa_sm_transition_disable(sm, ie.transition_disable[0]);
2802 sm->msg_3_of_4_ok = 1;
2803 return;
2804
2805 failed:
2806 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2807 }
2808
2809
wpa_supplicant_send_2_of_2(struct wpa_sm * sm,const struct wpa_eapol_key * key,int ver,u16 key_info)2810 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
2811 const struct wpa_eapol_key *key,
2812 int ver, u16 key_info)
2813 {
2814 size_t mic_len, hdrlen, rlen;
2815 struct wpa_eapol_key *reply;
2816 u8 *rbuf, *key_mic;
2817 size_t kde_len = 0;
2818
2819 #ifdef CONFIG_TESTING_OPTIONS
2820 if (sm->disable_eapol_g2_tx) {
2821 wpa_printf(MSG_INFO, "TEST: Disable sending EAPOL-Key 2/2");
2822 return 0;
2823 }
2824 #endif /* CONFIG_TESTING_OPTIONS */
2825
2826 #ifdef CONFIG_OCV
2827 if (wpa_sm_ocv_enabled(sm))
2828 kde_len = OCV_OCI_KDE_LEN;
2829 #endif /* CONFIG_OCV */
2830
2831 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
2832 hdrlen = sizeof(*reply) + mic_len + 2;
2833 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
2834 hdrlen + kde_len, &rlen, (void *) &reply);
2835 if (rbuf == NULL)
2836 return -1;
2837
2838 reply->type = (sm->proto == WPA_PROTO_RSN ||
2839 sm->proto == WPA_PROTO_OSEN) ?
2840 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
2841 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
2842 key_info |= ver | WPA_KEY_INFO_SECURE;
2843 if (mic_len)
2844 key_info |= WPA_KEY_INFO_MIC;
2845 else
2846 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
2847 WPA_PUT_BE16(reply->key_info, key_info);
2848 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
2849 WPA_PUT_BE16(reply->key_length, 0);
2850 else
2851 os_memcpy(reply->key_length, key->key_length, 2);
2852 os_memcpy(reply->replay_counter, key->replay_counter,
2853 WPA_REPLAY_COUNTER_LEN);
2854
2855 key_mic = (u8 *) (reply + 1);
2856 WPA_PUT_BE16(key_mic + mic_len, kde_len); /* Key Data Length */
2857
2858 #ifdef CONFIG_OCV
2859 if (wpa_sm_ocv_enabled(sm)) {
2860 struct wpa_channel_info ci;
2861 u8 *pos;
2862
2863 if (wpa_sm_channel_info(sm, &ci) != 0) {
2864 wpa_printf(MSG_WARNING,
2865 "Failed to get channel info for OCI element in EAPOL-Key 2/2");
2866 os_free(rbuf);
2867 return -1;
2868 }
2869 #ifdef CONFIG_TESTING_OPTIONS
2870 if (sm->oci_freq_override_eapol_g2) {
2871 wpa_printf(MSG_INFO,
2872 "TEST: Override OCI KDE frequency %d -> %d MHz",
2873 ci.frequency,
2874 sm->oci_freq_override_eapol_g2);
2875 ci.frequency = sm->oci_freq_override_eapol_g2;
2876 }
2877 #endif /* CONFIG_TESTING_OPTIONS */
2878
2879 pos = key_mic + mic_len + 2; /* Key Data */
2880 if (ocv_insert_oci_kde(&ci, &pos) < 0) {
2881 os_free(rbuf);
2882 return -1;
2883 }
2884 }
2885 #endif /* CONFIG_OCV */
2886
2887 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
2888 return wpa_eapol_key_send(sm, &sm->ptk, ver, wpa_sm_get_auth_addr(sm),
2889 ETH_P_EAPOL, rbuf, rlen, key_mic);
2890 }
2891
2892
wpa_supplicant_process_mlo_1_of_2(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,const u8 * key_data,size_t key_data_len,u16 ver)2893 static void wpa_supplicant_process_mlo_1_of_2(struct wpa_sm *sm,
2894 const unsigned char *src_addr,
2895 const struct wpa_eapol_key *key,
2896 const u8 *key_data,
2897 size_t key_data_len, u16 ver)
2898 {
2899 u16 key_info;
2900 u8 i;
2901 struct wpa_eapol_ie_parse ie;
2902
2903 if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
2904 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2905 "MLO RSN: Group Key Handshake started prior to completion of 4-way handshake");
2906 goto failed;
2907 }
2908
2909 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "MLO RSN: RX message 1 of Group "
2910 "Key Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr),
2911 ver);
2912
2913 key_info = WPA_GET_BE16(key->key_info);
2914
2915 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
2916
2917 wpa_hexdump_key(MSG_DEBUG, "MLO RSN: msg 1/2 key data", key_data,
2918 key_data_len);
2919 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
2920 goto failed;
2921
2922 if (!ie.valid_mlo_gtks) {
2923 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2924 "MLO RSN: No MLO GTK KDE in Group Key msg 1/2");
2925 goto failed;
2926 }
2927
2928 if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2929 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2930 "MLO RSN: MLO GTK KDE in unencrypted key data");
2931 goto failed;
2932 }
2933
2934 #ifdef CONFIG_OCV
2935 if (wpa_sm_ocv_enabled(sm)) {
2936 struct wpa_channel_info ci;
2937
2938 if (wpa_sm_channel_info(sm, &ci) != 0) {
2939 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2940 "Failed to get channel info to validate received OCI in EAPOL-Key group msg 1/2");
2941 goto failed;
2942 }
2943
2944 if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
2945 channel_width_to_int(ci.chanwidth),
2946 ci.seg1_idx) != OCI_SUCCESS) {
2947 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
2948 "addr=" MACSTR " frame=eapol-key-g1 error=%s",
2949 MAC2STR(sm->bssid), ocv_errorstr);
2950 goto failed;
2951 }
2952 }
2953 #endif /* CONFIG_OCV */
2954
2955 if (mlo_ieee80211w_set_keys(sm, &ie) < 0)
2956 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2957 "MLO RSN: Failed to configure MLO IGTK");
2958
2959 for_each_link(sm->mlo.valid_links, i) {
2960 /*
2961 * AP may send group keys for subset of the all links during
2962 * rekey
2963 */
2964 if (!ie.mlo_gtk[i])
2965 continue;
2966
2967 if (wpa_supplicant_mlo_gtk(sm, i, ie.mlo_gtk[i],
2968 ie.mlo_gtk_len[i], key_info))
2969 goto failed;
2970 }
2971
2972 if (wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
2973 goto failed;
2974
2975 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "MLO RSN: Group rekeying completed "
2976 "with " MACSTR " [GTK=%s]", MAC2STR(sm->mlo.ap_mld_addr),
2977 wpa_cipher_txt(sm->group_cipher));
2978 wpa_sm_cancel_auth_timeout(sm);
2979 wpa_sm_set_state(sm, WPA_COMPLETED);
2980
2981 wpa_sm_set_rekey_offload(sm);
2982
2983 return;
2984
2985 failed:
2986 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2987 }
2988
2989
wpa_supplicant_process_1_of_2_wpa(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,const u8 * key_data,size_t key_data_len,u16 ver)2990 static void wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
2991 const unsigned char *src_addr,
2992 const struct wpa_eapol_key *key,
2993 const u8 *key_data,
2994 size_t key_data_len, u16 ver)
2995 {
2996 u16 key_info;
2997 int rekey;
2998 struct wpa_gtk_data gd;
2999 const u8 *key_rsc;
3000 size_t maxkeylen;
3001 u16 gtk_len;
3002
3003 if (!sm->msg_3_of_4_ok) {
3004 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3005 "WPA: Group Key Handshake started prior to completion of 4-way handshake");
3006 goto failed;
3007 }
3008
3009 os_memset(&gd, 0, sizeof(gd));
3010
3011 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
3012 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3013 "WPA: RX message 1 of Group Key Handshake from " MACSTR
3014 " (ver=%d)", MAC2STR(src_addr), ver);
3015
3016 key_info = WPA_GET_BE16(key->key_info);
3017
3018 gtk_len = WPA_GET_BE16(key->key_length);
3019 maxkeylen = key_data_len;
3020 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3021 if (maxkeylen < 8) {
3022 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3023 "WPA: Too short maxkeylen (%lu)",
3024 (unsigned long) maxkeylen);
3025 goto failed;
3026 }
3027 maxkeylen -= 8;
3028 }
3029
3030 if (gtk_len > maxkeylen ||
3031 wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
3032 gtk_len, maxkeylen,
3033 &gd.key_rsc_len, &gd.alg))
3034 goto failed;
3035
3036 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
3037
3038 gd.gtk_len = gtk_len;
3039 gd.keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
3040 WPA_KEY_INFO_KEY_INDEX_SHIFT;
3041 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
3042 #if defined(CONFIG_NO_RC4) || defined(CONFIG_FIPS)
3043 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3044 "WPA: RC4 not supported in the build");
3045 goto failed;
3046 #else /* CONFIG_NO_RC4 || CONFIG_FIPS */
3047 u8 ek[32];
3048 if (key_data_len > sizeof(gd.gtk)) {
3049 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3050 "WPA: RC4 key data too long (%lu)",
3051 (unsigned long) key_data_len);
3052 goto failed;
3053 }
3054 os_memcpy(ek, key->key_iv, 16);
3055 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
3056 os_memcpy(gd.gtk, key_data, key_data_len);
3057 if (rc4_skip(ek, 32, 256, gd.gtk, key_data_len)) {
3058 forced_memzero(ek, sizeof(ek));
3059 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
3060 "WPA: RC4 failed");
3061 goto failed;
3062 }
3063 forced_memzero(ek, sizeof(ek));
3064 #endif /* CONFIG_NO_RC4 || CONFIG_FIPS */
3065 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3066 if (maxkeylen % 8) {
3067 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3068 "WPA: Unsupported AES-WRAP len %lu",
3069 (unsigned long) maxkeylen);
3070 goto failed;
3071 }
3072 if (maxkeylen > sizeof(gd.gtk)) {
3073 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3074 "WPA: AES-WRAP key data "
3075 "too long (keydatalen=%lu maxkeylen=%lu)",
3076 (unsigned long) key_data_len,
3077 (unsigned long) maxkeylen);
3078 goto failed;
3079 }
3080 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
3081 key_data, gd.gtk)) {
3082 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3083 "WPA: AES unwrap failed - could not decrypt "
3084 "GTK");
3085 goto failed;
3086 }
3087 } else {
3088 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3089 "WPA: Unsupported key_info type %d", ver);
3090 goto failed;
3091 }
3092 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
3093 sm, !!(key_info & WPA_KEY_INFO_TXRX));
3094
3095 key_rsc = key->key_rsc;
3096 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
3097 key_rsc = null_rsc;
3098
3099 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
3100 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
3101 goto failed;
3102 forced_memzero(&gd, sizeof(gd));
3103
3104 if (rekey) {
3105 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3106 "WPA: Group rekeying completed with " MACSTR
3107 " [GTK=%s]",
3108 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
3109 wpa_sm_cancel_auth_timeout(sm);
3110 wpa_sm_set_state(sm, WPA_COMPLETED);
3111 } else {
3112 wpa_supplicant_key_neg_complete(sm, sm->bssid,
3113 key_info & WPA_KEY_INFO_SECURE);
3114 }
3115
3116 wpa_sm_set_rekey_offload(sm);
3117
3118 return;
3119
3120 failed:
3121 forced_memzero(&gd, sizeof(gd));
3122 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
3123 }
3124
3125
wpa_supplicant_process_1_of_2(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,const u8 * key_data,size_t key_data_len,u16 ver)3126 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
3127 const unsigned char *src_addr,
3128 const struct wpa_eapol_key *key,
3129 const u8 *key_data,
3130 size_t key_data_len, u16 ver)
3131 {
3132 u16 key_info;
3133 struct wpa_gtk_data gd;
3134 const u8 *key_rsc;
3135 int maxkeylen;
3136 struct wpa_eapol_ie_parse ie;
3137 u16 gtk_len;
3138
3139 if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
3140 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3141 "RSN: Group Key Handshake started prior to completion of 4-way handshake");
3142 goto failed;
3143 }
3144
3145 os_memset(&gd, 0, sizeof(gd));
3146
3147 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3148 "RSN: RX message 1 of Group Key Handshake from " MACSTR
3149 " (ver=%d)", MAC2STR(src_addr), ver);
3150
3151 key_info = WPA_GET_BE16(key->key_info);
3152
3153 wpa_hexdump_key(MSG_DEBUG, "RSN: msg 1/2 key data",
3154 key_data, key_data_len);
3155 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
3156 goto failed;
3157
3158 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
3159
3160 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
3161 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3162 "RSN: GTK KDE in unencrypted key data");
3163 goto failed;
3164 }
3165 if (!ie.gtk) {
3166 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3167 "RSN: No GTK KDE in Group Key msg 1/2");
3168 goto failed;
3169 }
3170 gtk_len = ie.gtk_len;
3171 if (gtk_len < 2) {
3172 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3173 "RSN: Invalid GTK KDE length (%u) in Group Key msg 1/2",
3174 gtk_len);
3175 goto failed;
3176 }
3177 gtk_len -= 2;
3178 if (gtk_len > sizeof(gd.gtk)) {
3179 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3180 "RSN: Too long GTK in GTK KDE (len=%u)", gtk_len);
3181 goto failed;
3182 }
3183 maxkeylen = gd.gtk_len = gtk_len;
3184
3185 #ifdef CONFIG_OCV
3186 if (wpa_sm_ocv_enabled(sm)) {
3187 struct wpa_channel_info ci;
3188
3189 if (wpa_sm_channel_info(sm, &ci) != 0) {
3190 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3191 "Failed to get channel info to validate received OCI in EAPOL-Key group msg 1/2");
3192 goto failed;
3193 }
3194
3195 if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
3196 channel_width_to_int(ci.chanwidth),
3197 ci.seg1_idx) != OCI_SUCCESS) {
3198 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
3199 "addr=" MACSTR " frame=eapol-key-g1 error=%s",
3200 MAC2STR(sm->bssid), ocv_errorstr);
3201 goto failed;
3202 }
3203 }
3204 #endif /* CONFIG_OCV */
3205
3206 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
3207 gtk_len, maxkeylen,
3208 &gd.key_rsc_len, &gd.alg))
3209 goto failed;
3210
3211 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
3212 ie.gtk, 2 + gtk_len);
3213 gd.keyidx = ie.gtk[0] & 0x3;
3214 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
3215 !!(ie.gtk[0] & BIT(2)));
3216 os_memcpy(gd.gtk, ie.gtk + 2, gtk_len);
3217
3218 if (ieee80211w_set_keys(sm, &ie) < 0)
3219 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3220 "RSN: Failed to configure IGTK");
3221
3222 key_rsc = key->key_rsc;
3223 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
3224 key_rsc = null_rsc;
3225
3226 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
3227 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
3228 goto failed;
3229 forced_memzero(&gd, sizeof(gd));
3230
3231 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3232 "RSN: Group rekeying completed with " MACSTR " [GTK=%s]",
3233 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
3234 wpa_sm_cancel_auth_timeout(sm);
3235 wpa_sm_set_state(sm, WPA_COMPLETED);
3236
3237 wpa_sm_set_rekey_offload(sm);
3238
3239 return;
3240
3241 failed:
3242 forced_memzero(&gd, sizeof(gd));
3243 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
3244 }
3245
3246
wpa_supplicant_verify_eapol_key_mic(struct wpa_sm * sm,struct wpa_eapol_key * key,u16 ver,const u8 * buf,size_t len)3247 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
3248 struct wpa_eapol_key *key,
3249 u16 ver,
3250 const u8 *buf, size_t len)
3251 {
3252 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
3253 int ok = 0;
3254 size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
3255
3256 os_memcpy(mic, key + 1, mic_len);
3257 if (sm->tptk_set) {
3258 os_memset(key + 1, 0, mic_len);
3259 if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len,
3260 sm->key_mgmt,
3261 ver, buf, len, (u8 *) (key + 1)) < 0 ||
3262 os_memcmp_const(mic, key + 1, mic_len) != 0) {
3263 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3264 "WPA: Invalid EAPOL-Key MIC "
3265 "when using TPTK - ignoring TPTK");
3266 #ifdef TEST_FUZZ
3267 wpa_printf(MSG_INFO,
3268 "TEST: Ignore Key MIC failure for fuzz testing");
3269 goto continue_fuzz;
3270 #endif /* TEST_FUZZ */
3271 } else {
3272 #ifdef TEST_FUZZ
3273 continue_fuzz:
3274 #endif /* TEST_FUZZ */
3275 ok = 1;
3276 sm->tptk_set = 0;
3277 sm->ptk_set = 1;
3278 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
3279 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
3280 /*
3281 * This assures the same TPTK in sm->tptk can never be
3282 * copied twice to sm->ptk as the new PTK. In
3283 * combination with the installed flag in the wpa_ptk
3284 * struct, this assures the same PTK is only installed
3285 * once.
3286 */
3287 sm->renew_snonce = 1;
3288 }
3289 }
3290
3291 if (!ok && sm->ptk_set) {
3292 os_memset(key + 1, 0, mic_len);
3293 if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len,
3294 sm->key_mgmt,
3295 ver, buf, len, (u8 *) (key + 1)) < 0 ||
3296 os_memcmp_const(mic, key + 1, mic_len) != 0) {
3297 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3298 "WPA: Invalid EAPOL-Key MIC - "
3299 "dropping packet");
3300 #ifdef TEST_FUZZ
3301 wpa_printf(MSG_INFO,
3302 "TEST: Ignore Key MIC failure for fuzz testing");
3303 goto continue_fuzz2;
3304 #endif /* TEST_FUZZ */
3305 return -1;
3306 }
3307 #ifdef TEST_FUZZ
3308 continue_fuzz2:
3309 #endif /* TEST_FUZZ */
3310 ok = 1;
3311 }
3312
3313 if (!ok) {
3314 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3315 "WPA: Could not verify EAPOL-Key MIC - "
3316 "dropping packet");
3317 return -1;
3318 }
3319
3320 os_memcpy(sm->rx_replay_counter, key->replay_counter,
3321 WPA_REPLAY_COUNTER_LEN);
3322 sm->rx_replay_counter_set = 1;
3323 return 0;
3324 }
3325
3326
3327 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
wpa_supplicant_decrypt_key_data(struct wpa_sm * sm,struct wpa_eapol_key * key,size_t mic_len,u16 ver,u8 * key_data,size_t * key_data_len)3328 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
3329 struct wpa_eapol_key *key,
3330 size_t mic_len, u16 ver,
3331 u8 *key_data, size_t *key_data_len)
3332 {
3333 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
3334 key_data, *key_data_len);
3335 if (!sm->ptk_set) {
3336 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3337 "WPA: PTK not available, cannot decrypt EAPOL-Key Key "
3338 "Data");
3339 return -1;
3340 }
3341
3342 /* Decrypt key data here so that this operation does not need
3343 * to be implemented separately for each message type. */
3344 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
3345 #if defined(CONFIG_NO_RC4) || defined(CONFIG_FIPS)
3346 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3347 "WPA: RC4 not supported in the build");
3348 return -1;
3349 #else /* CONFIG_NO_RC4 || CONFIG_FIPS */
3350 u8 ek[32];
3351
3352 wpa_printf(MSG_DEBUG, "WPA: Decrypt Key Data using RC4");
3353 os_memcpy(ek, key->key_iv, 16);
3354 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
3355 if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
3356 forced_memzero(ek, sizeof(ek));
3357 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
3358 "WPA: RC4 failed");
3359 return -1;
3360 }
3361 forced_memzero(ek, sizeof(ek));
3362 #endif /* CONFIG_NO_RC4 || CONFIG_FIPS */
3363 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
3364 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
3365 wpa_use_aes_key_wrap(sm->key_mgmt)) {
3366 u8 *buf;
3367
3368 wpa_printf(MSG_DEBUG,
3369 "WPA: Decrypt Key Data using AES-UNWRAP (KEK length %u)",
3370 (unsigned int) sm->ptk.kek_len);
3371 if (*key_data_len < 8 || *key_data_len % 8) {
3372 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3373 "WPA: Unsupported AES-WRAP len %u",
3374 (unsigned int) *key_data_len);
3375 return -1;
3376 }
3377 *key_data_len -= 8; /* AES-WRAP adds 8 bytes */
3378 buf = os_malloc(*key_data_len);
3379 if (buf == NULL) {
3380 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3381 "WPA: No memory for AES-UNWRAP buffer");
3382 return -1;
3383 }
3384 #ifdef TEST_FUZZ
3385 os_memset(buf, 0x11, *key_data_len);
3386 #endif /* TEST_FUZZ */
3387 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
3388 key_data, buf)) {
3389 #ifdef TEST_FUZZ
3390 wpa_printf(MSG_INFO,
3391 "TEST: Ignore AES unwrap failure for fuzz testing");
3392 goto continue_fuzz;
3393 #endif /* TEST_FUZZ */
3394 bin_clear_free(buf, *key_data_len);
3395 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3396 "WPA: AES unwrap failed - "
3397 "could not decrypt EAPOL-Key key data");
3398 return -1;
3399 }
3400 #ifdef TEST_FUZZ
3401 continue_fuzz:
3402 #endif /* TEST_FUZZ */
3403 os_memcpy(key_data, buf, *key_data_len);
3404 bin_clear_free(buf, *key_data_len);
3405 WPA_PUT_BE16(((u8 *) (key + 1)) + mic_len, *key_data_len);
3406 } else {
3407 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3408 "WPA: Unsupported key_info type %d", ver);
3409 return -1;
3410 }
3411 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
3412 key_data, *key_data_len);
3413 return 0;
3414 }
3415
3416
3417 /**
3418 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
3419 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3420 */
wpa_sm_aborted_cached(struct wpa_sm * sm)3421 void wpa_sm_aborted_cached(struct wpa_sm *sm)
3422 {
3423 if (sm && sm->cur_pmksa) {
3424 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3425 "RSN: Cancelling PMKSA caching attempt");
3426 sm->cur_pmksa = NULL;
3427 }
3428 }
3429
3430
wpa_sm_aborted_external_cached(struct wpa_sm * sm)3431 void wpa_sm_aborted_external_cached(struct wpa_sm *sm)
3432 {
3433 if (sm && sm->cur_pmksa && sm->cur_pmksa->external) {
3434 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3435 "RSN: Cancelling external PMKSA caching attempt");
3436 sm->cur_pmksa = NULL;
3437 }
3438 }
3439
3440
wpa_eapol_key_dump(struct wpa_sm * sm,const struct wpa_eapol_key * key,unsigned int key_data_len,const u8 * mic,unsigned int mic_len)3441 static void wpa_eapol_key_dump(struct wpa_sm *sm,
3442 const struct wpa_eapol_key *key,
3443 unsigned int key_data_len,
3444 const u8 *mic, unsigned int mic_len)
3445 {
3446 #ifndef CONFIG_NO_STDOUT_DEBUG
3447 u16 key_info = WPA_GET_BE16(key->key_info);
3448
3449 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type);
3450 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3451 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
3452 key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
3453 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
3454 WPA_KEY_INFO_KEY_INDEX_SHIFT,
3455 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
3456 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
3457 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
3458 key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
3459 key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
3460 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
3461 key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
3462 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
3463 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
3464 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3465 " key_length=%u key_data_length=%u",
3466 WPA_GET_BE16(key->key_length), key_data_len);
3467 wpa_hexdump(MSG_DEBUG, " replay_counter",
3468 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
3469 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN);
3470 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16);
3471 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8);
3472 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8);
3473 wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len);
3474 #endif /* CONFIG_NO_STDOUT_DEBUG */
3475 }
3476
3477
3478 #ifdef CONFIG_FILS
wpa_supp_aead_decrypt(struct wpa_sm * sm,u8 * buf,size_t buf_len,size_t * key_data_len)3479 static int wpa_supp_aead_decrypt(struct wpa_sm *sm, u8 *buf, size_t buf_len,
3480 size_t *key_data_len)
3481 {
3482 struct wpa_ptk *ptk;
3483 struct ieee802_1x_hdr *hdr;
3484 struct wpa_eapol_key *key;
3485 u8 *pos, *tmp;
3486 const u8 *aad[1];
3487 size_t aad_len[1];
3488
3489 if (*key_data_len < AES_BLOCK_SIZE) {
3490 wpa_printf(MSG_INFO, "No room for AES-SIV data in the frame");
3491 return -1;
3492 }
3493
3494 if (sm->tptk_set)
3495 ptk = &sm->tptk;
3496 else if (sm->ptk_set)
3497 ptk = &sm->ptk;
3498 else
3499 return -1;
3500
3501 hdr = (struct ieee802_1x_hdr *) buf;
3502 key = (struct wpa_eapol_key *) (hdr + 1);
3503 pos = (u8 *) (key + 1);
3504 pos += 2; /* Pointing at the Encrypted Key Data field */
3505
3506 tmp = os_malloc(*key_data_len);
3507 if (!tmp)
3508 return -1;
3509
3510 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
3511 * to Key Data (exclusive). */
3512 aad[0] = buf;
3513 aad_len[0] = pos - buf;
3514 if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, *key_data_len,
3515 1, aad, aad_len, tmp) < 0) {
3516 wpa_printf(MSG_INFO, "Invalid AES-SIV data in the frame");
3517 bin_clear_free(tmp, *key_data_len);
3518 return -1;
3519 }
3520
3521 /* AEAD decryption and validation completed successfully */
3522 (*key_data_len) -= AES_BLOCK_SIZE;
3523 wpa_hexdump_key(MSG_DEBUG, "WPA: Decrypted Key Data",
3524 tmp, *key_data_len);
3525
3526 /* Replace Key Data field with the decrypted version */
3527 os_memcpy(pos, tmp, *key_data_len);
3528 pos -= 2; /* Key Data Length field */
3529 WPA_PUT_BE16(pos, *key_data_len);
3530 bin_clear_free(tmp, *key_data_len);
3531
3532 if (sm->tptk_set) {
3533 sm->tptk_set = 0;
3534 sm->ptk_set = 1;
3535 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
3536 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
3537 }
3538
3539 os_memcpy(sm->rx_replay_counter, key->replay_counter,
3540 WPA_REPLAY_COUNTER_LEN);
3541 sm->rx_replay_counter_set = 1;
3542
3543 return 0;
3544 }
3545 #endif /* CONFIG_FILS */
3546
3547
wpa_sm_rx_eapol_wpa(struct wpa_sm * sm,const u8 * src_addr,struct wpa_eapol_key * key,enum frame_encryption encrypted,const u8 * tmp,size_t data_len,u8 * key_data,size_t key_data_len)3548 static int wpa_sm_rx_eapol_wpa(struct wpa_sm *sm, const u8 *src_addr,
3549 struct wpa_eapol_key *key,
3550 enum frame_encryption encrypted,
3551 const u8 *tmp, size_t data_len,
3552 u8 *key_data, size_t key_data_len)
3553 {
3554 u16 key_info, ver;
3555
3556 key_info = WPA_GET_BE16(key->key_info);
3557
3558 if (key->type != EAPOL_KEY_TYPE_WPA) {
3559 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3560 "WPA: Unsupported EAPOL-Key type %d", key->type);
3561 return -1;
3562 }
3563
3564 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
3565 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
3566 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3567 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3568 "WPA: Unsupported EAPOL-Key descriptor version %d",
3569 ver);
3570 return -1;
3571 }
3572
3573 if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
3574 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3575 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3576 "WPA: CCMP is used, but EAPOL-Key descriptor version (%d) is not 2",
3577 ver);
3578 if (sm->group_cipher != WPA_CIPHER_CCMP &&
3579 !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
3580 /* Earlier versions of IEEE 802.11i did not explicitly
3581 * require version 2 descriptor for all EAPOL-Key
3582 * packets, so allow group keys to use version 1 if
3583 * CCMP is not used for them. */
3584 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3585 "WPA: Backwards compatibility: allow invalid version for non-CCMP group keys");
3586 } else
3587 return -1;
3588 }
3589
3590 if ((key_info & WPA_KEY_INFO_MIC) &&
3591 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
3592 return -1;
3593
3594 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
3595 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
3596 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3597 "WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index");
3598 return -1;
3599 }
3600 if (key_info & (WPA_KEY_INFO_MIC |
3601 WPA_KEY_INFO_ENCR_KEY_DATA)) {
3602 /* 3/4 4-Way Handshake */
3603 wpa_supplicant_process_3_of_4_wpa(sm, key, ver,
3604 key_data,
3605 key_data_len);
3606 } else {
3607 /* 1/4 4-Way Handshake */
3608 wpa_supplicant_process_1_of_4_wpa(sm, src_addr, key,
3609 ver, key_data,
3610 key_data_len,
3611 encrypted);
3612 }
3613 } else {
3614 if (key_info & WPA_KEY_INFO_MIC) {
3615 /* 1/2 Group Key Handshake */
3616 wpa_supplicant_process_1_of_2_wpa(sm, src_addr, key,
3617 key_data,
3618 key_data_len,
3619 ver);
3620 } else {
3621 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3622 "WPA: EAPOL-Key (Group) without Mic/Encr bit - dropped");
3623 }
3624 }
3625
3626 return 1;
3627 }
3628
3629
3630 /**
3631 * wpa_sm_rx_eapol - Process received WPA EAPOL frames
3632 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3633 * @src_addr: Source MAC address of the EAPOL packet
3634 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
3635 * @len: Length of the EAPOL frame
3636 * @encrypted: Whether the frame was encrypted
3637 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
3638 *
3639 * This function is called for each received EAPOL frame. Other than EAPOL-Key
3640 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
3641 * only processing WPA and WPA2 EAPOL-Key frames.
3642 *
3643 * The received EAPOL-Key packets are validated and valid packets are replied
3644 * to. In addition, key material (PTK, GTK) is configured at the end of a
3645 * successful key handshake.
3646 */
wpa_sm_rx_eapol(struct wpa_sm * sm,const u8 * src_addr,const u8 * buf,size_t len,enum frame_encryption encrypted)3647 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
3648 const u8 *buf, size_t len, enum frame_encryption encrypted)
3649 {
3650 size_t plen, data_len, key_data_len;
3651 const struct ieee802_1x_hdr *hdr;
3652 struct wpa_eapol_key *key;
3653 u16 key_info, ver;
3654 u8 *tmp = NULL;
3655 int ret = -1;
3656 u8 *mic, *key_data;
3657 size_t mic_len, keyhdrlen, pmk_len;
3658
3659 #ifdef CONFIG_IEEE80211R
3660 sm->ft_completed = 0;
3661 #endif /* CONFIG_IEEE80211R */
3662
3663 pmk_len = sm->pmk_len;
3664 if (!pmk_len && sm->cur_pmksa)
3665 pmk_len = sm->cur_pmksa->pmk_len;
3666 mic_len = wpa_mic_len(sm->key_mgmt, pmk_len);
3667 keyhdrlen = sizeof(*key) + mic_len + 2;
3668
3669 if (len < sizeof(*hdr) + keyhdrlen) {
3670 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3671 "WPA: EAPOL frame too short to be a WPA "
3672 "EAPOL-Key (len %lu, expecting at least %lu)",
3673 (unsigned long) len,
3674 (unsigned long) sizeof(*hdr) + keyhdrlen);
3675 return 0;
3676 }
3677
3678 hdr = (const struct ieee802_1x_hdr *) buf;
3679 plen = be_to_host16(hdr->length);
3680 data_len = plen + sizeof(*hdr);
3681 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3682 "IEEE 802.1X RX: version=%d type=%d length=%lu",
3683 hdr->version, hdr->type, (unsigned long) plen);
3684
3685 if (hdr->version < EAPOL_VERSION) {
3686 /* TODO: backwards compatibility */
3687 }
3688 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
3689 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3690 "WPA: EAPOL frame (type %u) discarded, "
3691 "not a Key frame", hdr->type);
3692 ret = 0;
3693 goto out;
3694 }
3695 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len);
3696 if (plen > len - sizeof(*hdr) || plen < keyhdrlen) {
3697 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3698 "WPA: EAPOL frame payload size %lu "
3699 "invalid (frame size %lu)",
3700 (unsigned long) plen, (unsigned long) len);
3701 ret = 0;
3702 goto out;
3703 }
3704 if (data_len < len) {
3705 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3706 "WPA: ignoring %lu bytes after the IEEE 802.1X data",
3707 (unsigned long) len - data_len);
3708 }
3709
3710 /*
3711 * Make a copy of the frame since we need to modify the buffer during
3712 * MAC validation and Key Data decryption.
3713 */
3714 tmp = os_memdup(buf, data_len);
3715 if (tmp == NULL)
3716 goto out;
3717 key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
3718 mic = (u8 *) (key + 1);
3719 key_data = mic + mic_len + 2;
3720
3721 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
3722 {
3723 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3724 "WPA: EAPOL-Key type (%d) unknown, discarded",
3725 key->type);
3726 ret = 0;
3727 goto out;
3728 }
3729
3730 key_data_len = WPA_GET_BE16(mic + mic_len);
3731 wpa_eapol_key_dump(sm, key, key_data_len, mic, mic_len);
3732
3733 if (key_data_len > plen - keyhdrlen) {
3734 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
3735 "frame - key_data overflow (%u > %u)",
3736 (unsigned int) key_data_len,
3737 (unsigned int) (plen - keyhdrlen));
3738 goto out;
3739 }
3740
3741 if (sm->rx_replay_counter_set &&
3742 os_memcmp(key->replay_counter, sm->rx_replay_counter,
3743 WPA_REPLAY_COUNTER_LEN) <= 0) {
3744 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3745 "WPA: EAPOL-Key Replay Counter did not increase - dropping packet");
3746 goto out;
3747 }
3748
3749 eapol_sm_notify_lower_layer_success(sm->eapol, 0);
3750
3751 key_info = WPA_GET_BE16(key->key_info);
3752
3753 if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
3754 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3755 "WPA: Unsupported SMK bit in key_info");
3756 goto out;
3757 }
3758
3759 if (!(key_info & WPA_KEY_INFO_ACK)) {
3760 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3761 "WPA: No Ack bit in key_info");
3762 goto out;
3763 }
3764
3765 if (key_info & WPA_KEY_INFO_REQUEST) {
3766 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3767 "WPA: EAPOL-Key with Request bit - dropped");
3768 goto out;
3769 }
3770
3771 if (sm->proto == WPA_PROTO_WPA) {
3772 ret = wpa_sm_rx_eapol_wpa(sm, src_addr, key, encrypted,
3773 tmp, data_len,
3774 key_data, key_data_len);
3775 goto out;
3776 }
3777
3778 if (key->type != EAPOL_KEY_TYPE_RSN) {
3779 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3780 "RSN: Unsupported EAPOL-Key type %d", key->type);
3781 goto out;
3782 }
3783
3784 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
3785 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
3786 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
3787 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
3788 !wpa_use_akm_defined(sm->key_mgmt)) {
3789 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3790 "RSN: Unsupported EAPOL-Key descriptor version %d",
3791 ver);
3792 goto out;
3793 }
3794
3795 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
3796 sm->pairwise_cipher != WPA_CIPHER_TKIP) {
3797 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3798 "RSN: EAPOL-Key descriptor version %d not allowed without TKIP as the pairwise cipher",
3799 ver);
3800 goto out;
3801 }
3802
3803 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
3804 (sm->key_mgmt != WPA_KEY_MGMT_IEEE8021X &&
3805 sm->key_mgmt != WPA_KEY_MGMT_PSK)) {
3806 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3807 "RSN: EAPOL-Key descriptor version %d not allowed due to negotiated AKM (0x%x)",
3808 ver, sm->key_mgmt);
3809 goto out;
3810 }
3811
3812 if (wpa_use_akm_defined(sm->key_mgmt) &&
3813 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
3814 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3815 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
3816 ver);
3817 goto out;
3818 }
3819
3820 #ifdef CONFIG_IEEE80211R
3821 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
3822 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
3823 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
3824 !wpa_use_akm_defined(sm->key_mgmt)) {
3825 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3826 "FT: AP did not use AES-128-CMAC");
3827 goto out;
3828 }
3829 } else
3830 #endif /* CONFIG_IEEE80211R */
3831 if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
3832 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
3833 !wpa_use_akm_defined(sm->key_mgmt)) {
3834 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3835 "RSN: AP did not use the negotiated AES-128-CMAC");
3836 goto out;
3837 }
3838 } else if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
3839 !wpa_use_akm_defined(sm->key_mgmt) &&
3840 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3841 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3842 "RSN: CCMP is used, but EAPOL-Key descriptor version (%d) is not 2", ver);
3843 if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
3844 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3845 "RSN: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
3846 } else {
3847 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3848 "RSN: Unexpected descriptor version %u", ver);
3849 goto out;
3850 }
3851 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
3852 !wpa_use_akm_defined(sm->key_mgmt) &&
3853 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3854 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3855 "RSN: GCMP is used, but EAPOL-Key descriptor version (%d) is not 2",
3856 ver);
3857 goto out;
3858 }
3859
3860 if ((key_info & WPA_KEY_INFO_MIC) &&
3861 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
3862 goto out;
3863
3864 #ifdef CONFIG_FILS
3865 if (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
3866 if (wpa_supp_aead_decrypt(sm, tmp, data_len, &key_data_len))
3867 goto out;
3868 }
3869 #endif /* CONFIG_FILS */
3870
3871 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
3872 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && mic_len) {
3873 /*
3874 * Only decrypt the Key Data field if the frame's authenticity
3875 * was verified. When using AES-SIV (FILS), the MIC flag is not
3876 * set, so this check should only be performed if mic_len != 0
3877 * which is the case in this code branch.
3878 */
3879 if (!(key_info & WPA_KEY_INFO_MIC)) {
3880 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3881 "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
3882 goto out;
3883 }
3884 if (wpa_supplicant_decrypt_key_data(sm, key, mic_len,
3885 ver, key_data,
3886 &key_data_len))
3887 goto out;
3888 }
3889
3890 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
3891 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
3892 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3893 "RSN: Ignored EAPOL-Key (Pairwise) with non-zero key index");
3894 goto out;
3895 }
3896 if (key_info & (WPA_KEY_INFO_MIC |
3897 WPA_KEY_INFO_ENCR_KEY_DATA)) {
3898 /* 3/4 4-Way Handshake */
3899 wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
3900 key_data_len);
3901 } else {
3902 /* 1/4 4-Way Handshake */
3903 wpa_supplicant_process_1_of_4(sm, src_addr, key,
3904 ver, key_data,
3905 key_data_len,
3906 encrypted);
3907 }
3908 } else {
3909 if ((mic_len && (key_info & WPA_KEY_INFO_MIC)) ||
3910 (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA))) {
3911 /* 1/2 Group Key Handshake */
3912 if (sm->mlo.valid_links)
3913 wpa_supplicant_process_mlo_1_of_2(sm, src_addr,
3914 key, key_data,
3915 key_data_len,
3916 ver);
3917 else
3918 wpa_supplicant_process_1_of_2(sm, src_addr, key,
3919 key_data,
3920 key_data_len,
3921 ver);
3922 } else {
3923 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3924 "RSN: EAPOL-Key (Group) without Mic/Encr bit - dropped");
3925 }
3926 }
3927
3928 ret = 1;
3929
3930 out:
3931 bin_clear_free(tmp, data_len);
3932 return ret;
3933 }
3934
3935
3936 #ifdef CONFIG_CTRL_IFACE
wpa_key_mgmt_suite(struct wpa_sm * sm)3937 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
3938 {
3939 switch (sm->key_mgmt) {
3940 case WPA_KEY_MGMT_IEEE8021X:
3941 return ((sm->proto == WPA_PROTO_RSN ||
3942 sm->proto == WPA_PROTO_OSEN) ?
3943 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
3944 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
3945 case WPA_KEY_MGMT_PSK:
3946 return (sm->proto == WPA_PROTO_RSN ?
3947 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
3948 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
3949 #ifdef CONFIG_IEEE80211R
3950 case WPA_KEY_MGMT_FT_IEEE8021X:
3951 return RSN_AUTH_KEY_MGMT_FT_802_1X;
3952 case WPA_KEY_MGMT_FT_PSK:
3953 return RSN_AUTH_KEY_MGMT_FT_PSK;
3954 #endif /* CONFIG_IEEE80211R */
3955 case WPA_KEY_MGMT_IEEE8021X_SHA256:
3956 return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
3957 case WPA_KEY_MGMT_PSK_SHA256:
3958 return RSN_AUTH_KEY_MGMT_PSK_SHA256;
3959 case WPA_KEY_MGMT_CCKM:
3960 return (sm->proto == WPA_PROTO_RSN ?
3961 RSN_AUTH_KEY_MGMT_CCKM:
3962 WPA_AUTH_KEY_MGMT_CCKM);
3963 case WPA_KEY_MGMT_WPA_NONE:
3964 return WPA_AUTH_KEY_MGMT_NONE;
3965 case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
3966 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
3967 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
3968 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
3969 case WPA_KEY_MGMT_IEEE8021X_SHA384:
3970 return RSN_AUTH_KEY_MGMT_802_1X_SHA384;
3971 default:
3972 return 0;
3973 }
3974 }
3975
3976
3977 #define RSN_SUITE "%02x-%02x-%02x-%d"
3978 #define RSN_SUITE_ARG(s) \
3979 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
3980
3981 /**
3982 * wpa_sm_get_mib - Dump text list of MIB entries
3983 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3984 * @buf: Buffer for the list
3985 * @buflen: Length of the buffer
3986 * Returns: Number of bytes written to buffer
3987 *
3988 * This function is used fetch dot11 MIB variables.
3989 */
wpa_sm_get_mib(struct wpa_sm * sm,char * buf,size_t buflen)3990 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
3991 {
3992 char pmkid_txt[PMKID_LEN * 2 + 1];
3993 bool rsna;
3994 int ret;
3995 size_t len;
3996
3997 if (sm->cur_pmksa) {
3998 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
3999 sm->cur_pmksa->pmkid, PMKID_LEN);
4000 } else
4001 pmkid_txt[0] = '\0';
4002
4003 rsna = (wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
4004 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
4005 sm->proto == WPA_PROTO_RSN;
4006
4007 ret = os_snprintf(buf, buflen,
4008 "dot11RSNAOptionImplemented=TRUE\n"
4009 "dot11RSNAPreauthenticationImplemented=TRUE\n"
4010 "dot11RSNAEnabled=%s\n"
4011 "dot11RSNAPreauthenticationEnabled=%s\n"
4012 "dot11RSNAConfigVersion=%d\n"
4013 "dot11RSNAConfigPairwiseKeysSupported=5\n"
4014 "dot11RSNAConfigGroupCipherSize=%d\n"
4015 "dot11RSNAConfigPMKLifetime=%d\n"
4016 "dot11RSNAConfigPMKReauthThreshold=%d\n"
4017 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
4018 "dot11RSNAConfigSATimeout=%d\n",
4019 rsna ? "TRUE" : "FALSE",
4020 rsna ? "TRUE" : "FALSE",
4021 RSN_VERSION,
4022 wpa_cipher_key_len(sm->group_cipher) * 8,
4023 sm->dot11RSNAConfigPMKLifetime,
4024 sm->dot11RSNAConfigPMKReauthThreshold,
4025 sm->dot11RSNAConfigSATimeout);
4026 if (os_snprintf_error(buflen, ret))
4027 return 0;
4028 len = ret;
4029
4030 ret = os_snprintf(
4031 buf + len, buflen - len,
4032 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
4033 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
4034 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
4035 "dot11RSNAPMKIDUsed=%s\n"
4036 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
4037 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
4038 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
4039 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
4040 "dot11RSNA4WayHandshakeFailures=%u\n",
4041 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
4042 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
4043 sm->pairwise_cipher)),
4044 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
4045 sm->group_cipher)),
4046 pmkid_txt,
4047 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
4048 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
4049 sm->pairwise_cipher)),
4050 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
4051 sm->group_cipher)),
4052 sm->dot11RSNA4WayHandshakeFailures);
4053 if (!os_snprintf_error(buflen - len, ret))
4054 len += ret;
4055
4056 return (int) len;
4057 }
4058 #endif /* CONFIG_CTRL_IFACE */
4059
4060
wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry * entry,void * ctx,enum pmksa_free_reason reason)4061 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
4062 void *ctx, enum pmksa_free_reason reason)
4063 {
4064 struct wpa_sm *sm = ctx;
4065 int deauth = 0;
4066
4067 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
4068 MACSTR " reason=%d", MAC2STR(entry->aa), reason);
4069
4070 if (sm->cur_pmksa == entry) {
4071 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4072 "RSN: %s current PMKSA entry",
4073 reason == PMKSA_REPLACE ? "replaced" : "removed");
4074 pmksa_cache_clear_current(sm);
4075
4076 /*
4077 * If an entry is simply being replaced, there's no need to
4078 * deauthenticate because it will be immediately re-added.
4079 * This happens when EAP authentication is completed again
4080 * (reauth or failed PMKSA caching attempt).
4081 */
4082 if (reason != PMKSA_REPLACE)
4083 deauth = 1;
4084 }
4085
4086 if (reason == PMKSA_EXPIRE &&
4087 (sm->pmk_len == entry->pmk_len &&
4088 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
4089 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4090 "RSN: deauthenticating due to expired PMK");
4091 pmksa_cache_clear_current(sm);
4092 deauth = 1;
4093 }
4094
4095 if (deauth) {
4096 sm->pmk_len = 0;
4097 os_memset(sm->pmk, 0, sizeof(sm->pmk));
4098 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
4099 }
4100 }
4101
4102
wpa_sm_pmksa_is_current_cb(struct rsn_pmksa_cache_entry * entry,void * ctx)4103 static bool wpa_sm_pmksa_is_current_cb(struct rsn_pmksa_cache_entry *entry,
4104 void *ctx)
4105 {
4106 struct wpa_sm *sm = ctx;
4107
4108 return sm->cur_pmksa == entry;
4109 }
4110
4111
wpa_sm_pmksa_notify_cb(struct rsn_pmksa_cache_entry * entry,void * ctx)4112 static void wpa_sm_pmksa_notify_cb(struct rsn_pmksa_cache_entry *entry,
4113 void *ctx)
4114 {
4115 struct wpa_sm *sm = ctx;
4116
4117 wpa_sm_notify_pmksa_cache_entry(sm, entry);
4118 }
4119
4120
4121 /**
4122 * wpa_sm_init - Initialize WPA state machine
4123 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
4124 * Returns: Pointer to the allocated WPA state machine data
4125 *
4126 * This function is used to allocate a new WPA state machine and the returned
4127 * value is passed to all WPA state machine calls.
4128 */
wpa_sm_init(struct wpa_sm_ctx * ctx)4129 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
4130 {
4131 struct wpa_sm *sm;
4132
4133 sm = os_zalloc(sizeof(*sm));
4134 if (sm == NULL)
4135 return NULL;
4136 dl_list_init(&sm->pmksa_candidates);
4137 sm->renew_snonce = 1;
4138 sm->ctx = ctx;
4139
4140 sm->dot11RSNAConfigPMKLifetime = 43200;
4141 sm->dot11RSNAConfigPMKReauthThreshold = 70;
4142 sm->dot11RSNAConfigSATimeout = 60;
4143
4144 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb,
4145 wpa_sm_pmksa_is_current_cb,
4146 wpa_sm_pmksa_notify_cb, sm, sm);
4147 if (sm->pmksa == NULL) {
4148 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
4149 "RSN: PMKSA cache initialization failed");
4150 os_free(sm);
4151 return NULL;
4152 }
4153
4154 return sm;
4155 }
4156
4157
4158 /**
4159 * wpa_sm_deinit - Deinitialize WPA state machine
4160 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4161 */
wpa_sm_deinit(struct wpa_sm * sm)4162 void wpa_sm_deinit(struct wpa_sm *sm)
4163 {
4164 int i;
4165
4166 if (sm == NULL)
4167 return;
4168 pmksa_cache_deinit(sm->pmksa);
4169 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
4170 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
4171 os_free(sm->assoc_wpa_ie);
4172 os_free(sm->assoc_rsnxe);
4173 os_free(sm->ap_wpa_ie);
4174 os_free(sm->ap_rsn_ie);
4175 os_free(sm->ap_rsnxe);
4176 for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
4177 os_free(sm->mlo.links[i].ap_rsne);
4178 os_free(sm->mlo.links[i].ap_rsnxe);
4179 }
4180 wpa_sm_drop_sa(sm);
4181 os_free(sm->ctx);
4182 #ifdef CONFIG_IEEE80211R
4183 os_free(sm->assoc_resp_ies);
4184 #endif /* CONFIG_IEEE80211R */
4185 #ifdef CONFIG_TESTING_OPTIONS
4186 wpabuf_free(sm->test_assoc_ie);
4187 wpabuf_free(sm->test_eapol_m2_elems);
4188 wpabuf_free(sm->test_eapol_m4_elems);
4189 #endif /* CONFIG_TESTING_OPTIONS */
4190 #ifdef CONFIG_FILS_SK_PFS
4191 crypto_ecdh_deinit(sm->fils_ecdh);
4192 #endif /* CONFIG_FILS_SK_PFS */
4193 #ifdef CONFIG_FILS
4194 wpabuf_free(sm->fils_ft_ies);
4195 #endif /* CONFIG_FILS */
4196 #ifdef CONFIG_OWE
4197 crypto_ecdh_deinit(sm->owe_ecdh);
4198 #endif /* CONFIG_OWE */
4199 #ifdef CONFIG_DPP2
4200 wpabuf_clear_free(sm->dpp_z);
4201 #endif /* CONFIG_DPP2 */
4202 os_free(sm);
4203 }
4204
4205
wpa_sm_clear_ptk(struct wpa_sm * sm)4206 static void wpa_sm_clear_ptk(struct wpa_sm *sm)
4207 {
4208 int i;
4209
4210 sm->ptk_set = 0;
4211 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
4212 sm->tptk_set = 0;
4213 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
4214 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
4215 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
4216 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
4217 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
4218 os_memset(&sm->bigtk, 0, sizeof(sm->bigtk));
4219 os_memset(&sm->bigtk_wnm_sleep, 0, sizeof(sm->bigtk_wnm_sleep));
4220 sm->tk_set = false;
4221 for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
4222 os_memset(&sm->mlo.links[i].gtk, 0,
4223 sizeof(sm->mlo.links[i].gtk));
4224 os_memset(&sm->mlo.links[i].gtk_wnm_sleep, 0,
4225 sizeof(sm->mlo.links[i].gtk_wnm_sleep));
4226 os_memset(&sm->mlo.links[i].igtk, 0,
4227 sizeof(sm->mlo.links[i].igtk));
4228 os_memset(&sm->mlo.links[i].igtk_wnm_sleep, 0,
4229 sizeof(sm->mlo.links[i].igtk_wnm_sleep));
4230 os_memset(&sm->mlo.links[i].bigtk, 0,
4231 sizeof(sm->mlo.links[i].bigtk));
4232 os_memset(&sm->mlo.links[i].bigtk_wnm_sleep, 0,
4233 sizeof(sm->mlo.links[i].bigtk_wnm_sleep));
4234 }
4235 }
4236
4237
4238 /**
4239 * wpa_sm_notify_assoc - Notify WPA state machine about association
4240 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4241 * @bssid: The BSSID of the new association
4242 *
4243 * This function is called to let WPA state machine know that the connection
4244 * was established.
4245 */
wpa_sm_notify_assoc(struct wpa_sm * sm,const u8 * bssid)4246 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
4247 {
4248 int clear_keys = 1;
4249
4250 if (sm == NULL)
4251 return;
4252
4253 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4254 "WPA: Association event - clear replay counter");
4255 os_memcpy(sm->bssid, bssid, ETH_ALEN);
4256 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
4257 sm->rx_replay_counter_set = 0;
4258 sm->renew_snonce = 1;
4259 if (ether_addr_equal(sm->preauth_bssid, bssid))
4260 rsn_preauth_deinit(sm);
4261
4262 #ifdef CONFIG_IEEE80211R
4263 if (wpa_ft_is_completed(sm)) {
4264 /*
4265 * Clear portValid to kick EAPOL state machine to re-enter
4266 * AUTHENTICATED state to get the EAPOL port Authorized.
4267 */
4268 eapol_sm_notify_portValid(sm->eapol, false);
4269 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
4270
4271 /* Prepare for the next transition */
4272 wpa_ft_prepare_auth_request(sm, NULL);
4273
4274 clear_keys = 0;
4275 sm->ft_protocol = 1;
4276 } else {
4277 sm->ft_protocol = 0;
4278 }
4279 #endif /* CONFIG_IEEE80211R */
4280 #ifdef CONFIG_FILS
4281 if (sm->fils_completed) {
4282 /*
4283 * Clear portValid to kick EAPOL state machine to re-enter
4284 * AUTHENTICATED state to get the EAPOL port Authorized.
4285 */
4286 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
4287 clear_keys = 0;
4288 }
4289 #endif /* CONFIG_FILS */
4290
4291 if (clear_keys) {
4292 /*
4293 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
4294 * this is not part of a Fast BSS Transition.
4295 */
4296 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
4297 wpa_sm_clear_ptk(sm);
4298 }
4299
4300 #ifdef CONFIG_TDLS
4301 wpa_tdls_assoc(sm);
4302 #endif /* CONFIG_TDLS */
4303
4304 #ifdef CONFIG_P2P
4305 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
4306 #endif /* CONFIG_P2P */
4307
4308 sm->keyidx_active = 0;
4309 }
4310
4311
4312 /**
4313 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
4314 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4315 *
4316 * This function is called to let WPA state machine know that the connection
4317 * was lost. This will abort any existing pre-authentication session.
4318 */
wpa_sm_notify_disassoc(struct wpa_sm * sm)4319 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
4320 {
4321 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
4322 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
4323 rsn_preauth_deinit(sm);
4324 pmksa_cache_clear_current(sm);
4325 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
4326 sm->dot11RSNA4WayHandshakeFailures++;
4327 #ifdef CONFIG_TDLS
4328 wpa_tdls_disassoc(sm);
4329 #endif /* CONFIG_TDLS */
4330 #ifdef CONFIG_FILS
4331 sm->fils_completed = 0;
4332 #endif /* CONFIG_FILS */
4333 #ifdef CONFIG_IEEE80211R
4334 sm->ft_reassoc_completed = 0;
4335 sm->ft_protocol = 0;
4336 #endif /* CONFIG_IEEE80211R */
4337
4338 /* Keys are not needed in the WPA state machine anymore */
4339 wpa_sm_drop_sa(sm);
4340 sm->keyidx_active = 0;
4341
4342 sm->msg_3_of_4_ok = 0;
4343 os_memset(sm->bssid, 0, ETH_ALEN);
4344 }
4345
4346
4347 /**
4348 * wpa_sm_set_pmk - Set PMK
4349 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4350 * @pmk: The new PMK
4351 * @pmk_len: The length of the new PMK in bytes
4352 * @pmkid: Calculated PMKID
4353 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK
4354 *
4355 * Configure the PMK for WPA state machine.
4356 */
wpa_sm_set_pmk(struct wpa_sm * sm,const u8 * pmk,size_t pmk_len,const u8 * pmkid,const u8 * bssid)4357 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
4358 const u8 *pmkid, const u8 *bssid)
4359 {
4360 if (sm == NULL)
4361 return;
4362
4363 wpa_hexdump_key(MSG_DEBUG, "WPA: Set PMK based on external data",
4364 pmk, pmk_len);
4365 sm->pmk_len = pmk_len;
4366 os_memcpy(sm->pmk, pmk, pmk_len);
4367
4368 #ifdef CONFIG_IEEE80211R
4369 /* Set XXKey to be PSK for FT key derivation */
4370 sm->xxkey_len = pmk_len;
4371 os_memcpy(sm->xxkey, pmk, pmk_len);
4372 #endif /* CONFIG_IEEE80211R */
4373
4374 if (bssid) {
4375 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len,
4376 pmkid, NULL, 0, bssid,
4377 sm->own_addr,
4378 sm->network_ctx, sm->key_mgmt,
4379 NULL);
4380 }
4381 }
4382
4383
4384 /**
4385 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
4386 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4387 *
4388 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
4389 * will be cleared.
4390 */
wpa_sm_set_pmk_from_pmksa(struct wpa_sm * sm)4391 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
4392 {
4393 if (sm == NULL)
4394 return;
4395
4396 if (sm->cur_pmksa) {
4397 wpa_hexdump_key(MSG_DEBUG,
4398 "WPA: Set PMK based on current PMKSA",
4399 sm->cur_pmksa->pmk, sm->cur_pmksa->pmk_len);
4400 sm->pmk_len = sm->cur_pmksa->pmk_len;
4401 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
4402 } else {
4403 wpa_printf(MSG_DEBUG, "WPA: No current PMKSA - clear PMK");
4404 sm->pmk_len = 0;
4405 os_memset(sm->pmk, 0, PMK_LEN_MAX);
4406 }
4407 }
4408
4409
4410 /**
4411 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
4412 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4413 * @fast_reauth: Whether fast reauthentication (EAP) is allowed
4414 */
wpa_sm_set_fast_reauth(struct wpa_sm * sm,int fast_reauth)4415 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
4416 {
4417 if (sm)
4418 sm->fast_reauth = fast_reauth;
4419 }
4420
4421
4422 /**
4423 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
4424 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4425 * @scard_ctx: Context pointer for smartcard related callback functions
4426 */
wpa_sm_set_scard_ctx(struct wpa_sm * sm,void * scard_ctx)4427 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
4428 {
4429 if (sm == NULL)
4430 return;
4431 sm->scard_ctx = scard_ctx;
4432 if (sm->preauth_eapol)
4433 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
4434 }
4435
4436
4437 /**
4438 * wpa_sm_set_config - Notification of current configuration change
4439 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4440 * @config: Pointer to current network configuration
4441 *
4442 * Notify WPA state machine that configuration has changed. config will be
4443 * stored as a backpointer to network configuration. This can be %NULL to clear
4444 * the stored pointed.
4445 */
wpa_sm_set_config(struct wpa_sm * sm,struct rsn_supp_config * config)4446 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
4447 {
4448 if (!sm)
4449 return;
4450
4451 if (config) {
4452 sm->network_ctx = config->network_ctx;
4453 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
4454 sm->proactive_key_caching = config->proactive_key_caching;
4455 sm->eap_workaround = config->eap_workaround;
4456 sm->eap_conf_ctx = config->eap_conf_ctx;
4457 if (config->ssid) {
4458 os_memcpy(sm->ssid, config->ssid, config->ssid_len);
4459 sm->ssid_len = config->ssid_len;
4460 } else
4461 sm->ssid_len = 0;
4462 sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
4463 sm->p2p = config->p2p;
4464 sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation;
4465 sm->owe_ptk_workaround = config->owe_ptk_workaround;
4466 sm->force_kdk_derivation = config->force_kdk_derivation;
4467 #ifdef CONFIG_FILS
4468 if (config->fils_cache_id) {
4469 sm->fils_cache_id_set = 1;
4470 os_memcpy(sm->fils_cache_id, config->fils_cache_id,
4471 FILS_CACHE_ID_LEN);
4472 } else {
4473 sm->fils_cache_id_set = 0;
4474 }
4475 #endif /* CONFIG_FILS */
4476 sm->beacon_prot = config->beacon_prot;
4477 } else {
4478 sm->network_ctx = NULL;
4479 sm->allowed_pairwise_cipher = 0;
4480 sm->proactive_key_caching = 0;
4481 sm->eap_workaround = 0;
4482 sm->eap_conf_ctx = NULL;
4483 sm->ssid_len = 0;
4484 sm->wpa_ptk_rekey = 0;
4485 sm->p2p = 0;
4486 sm->wpa_rsc_relaxation = 0;
4487 sm->owe_ptk_workaround = 0;
4488 sm->beacon_prot = 0;
4489 sm->force_kdk_derivation = false;
4490 }
4491 }
4492
4493
wpa_sm_set_ssid(struct wpa_sm * sm,const u8 * ssid,size_t ssid_len)4494 void wpa_sm_set_ssid(struct wpa_sm *sm, const u8 *ssid, size_t ssid_len)
4495 {
4496 if (!sm)
4497 return;
4498
4499 if (ssid) {
4500 os_memcpy(sm->ssid, ssid, ssid_len);
4501 sm->ssid_len = ssid_len;
4502 } else {
4503 sm->ssid_len = 0;
4504 }
4505 }
4506
4507
wpa_sm_set_mlo_params(struct wpa_sm * sm,const struct wpa_sm_mlo * mlo)4508 int wpa_sm_set_mlo_params(struct wpa_sm *sm, const struct wpa_sm_mlo *mlo)
4509 {
4510 int i;
4511
4512 if (!sm)
4513 return -1;
4514
4515 os_memcpy(sm->mlo.ap_mld_addr, mlo->ap_mld_addr, ETH_ALEN);
4516 sm->mlo.assoc_link_id = mlo->assoc_link_id;
4517 sm->mlo.valid_links = mlo->valid_links;
4518 sm->mlo.req_links = mlo->req_links;
4519
4520 for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
4521 const u8 *ie;
4522 size_t len;
4523
4524 if (sm->mlo.req_links & BIT(i)) {
4525 if (!mlo->links[i].ap_rsne ||
4526 mlo->links[i].ap_rsne_len == 0) {
4527 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO,
4528 "RSN: No RSNE for AP MLO link %d with BSSID "
4529 MACSTR,
4530 i, MAC2STR(mlo->links[i].bssid));
4531 return -1;
4532
4533 }
4534 os_memcpy(sm->mlo.links[i].addr, mlo->links[i].addr,
4535 ETH_ALEN);
4536 os_memcpy(sm->mlo.links[i].bssid, mlo->links[i].bssid,
4537 ETH_ALEN);
4538 }
4539
4540 ie = mlo->links[i].ap_rsne;
4541 len = mlo->links[i].ap_rsne_len;
4542 os_free(sm->mlo.links[i].ap_rsne);
4543 if (!ie || len == 0) {
4544 if (sm->mlo.links[i].ap_rsne)
4545 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4546 "RSN: Clearing MLO link[%u] AP RSNE",
4547 i);
4548 sm->mlo.links[i].ap_rsne = NULL;
4549 sm->mlo.links[i].ap_rsne_len = 0;
4550 } else {
4551 wpa_hexdump_link(MSG_DEBUG, i, "RSN: Set AP RSNE",
4552 ie, len);
4553 sm->mlo.links[i].ap_rsne = os_memdup(ie, len);
4554 if (!sm->mlo.links[i].ap_rsne) {
4555 sm->mlo.links[i].ap_rsne_len = 0;
4556 return -1;
4557 }
4558 sm->mlo.links[i].ap_rsne_len = len;
4559 }
4560
4561 ie = mlo->links[i].ap_rsnxe;
4562 len = mlo->links[i].ap_rsnxe_len;
4563 os_free(sm->mlo.links[i].ap_rsnxe);
4564 if (!ie || len == 0) {
4565 if (sm->mlo.links[i].ap_rsnxe)
4566 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4567 "RSN: Clearing MLO link[%u] AP RSNXE",
4568 i);
4569 sm->mlo.links[i].ap_rsnxe = NULL;
4570 sm->mlo.links[i].ap_rsnxe_len = 0;
4571 } else {
4572 wpa_hexdump_link(MSG_DEBUG, i, "RSN: Set AP RSNXE", ie,
4573 len);
4574 sm->mlo.links[i].ap_rsnxe = os_memdup(ie, len);
4575 if (!sm->mlo.links[i].ap_rsnxe) {
4576 sm->mlo.links[i].ap_rsnxe_len = 0;
4577 return -1;
4578 }
4579 sm->mlo.links[i].ap_rsnxe_len = len;
4580 }
4581 }
4582
4583 return 0;
4584 }
4585
4586
4587 /**
4588 * wpa_sm_set_own_addr - Set own MAC address
4589 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4590 * @addr: Own MAC address
4591 */
wpa_sm_set_own_addr(struct wpa_sm * sm,const u8 * addr)4592 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
4593 {
4594 if (sm)
4595 os_memcpy(sm->own_addr, addr, ETH_ALEN);
4596 }
4597
4598
4599 /**
4600 * wpa_sm_set_ifname - Set network interface name
4601 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4602 * @ifname: Interface name
4603 * @bridge_ifname: Optional bridge interface name (for pre-auth)
4604 */
wpa_sm_set_ifname(struct wpa_sm * sm,const char * ifname,const char * bridge_ifname)4605 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
4606 const char *bridge_ifname)
4607 {
4608 if (sm) {
4609 sm->ifname = ifname;
4610 sm->bridge_ifname = bridge_ifname;
4611 }
4612 }
4613
4614
4615 /**
4616 * wpa_sm_set_eapol - Set EAPOL state machine pointer
4617 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4618 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
4619 */
wpa_sm_set_eapol(struct wpa_sm * sm,struct eapol_sm * eapol)4620 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
4621 {
4622 if (sm)
4623 sm->eapol = eapol;
4624 }
4625
4626
4627 /**
4628 * wpa_sm_set_param - Set WPA state machine parameters
4629 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4630 * @param: Parameter field
4631 * @value: Parameter value
4632 * Returns: 0 on success, -1 on failure
4633 */
wpa_sm_set_param(struct wpa_sm * sm,enum wpa_sm_conf_params param,unsigned int value)4634 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
4635 unsigned int value)
4636 {
4637 int ret = 0;
4638
4639 if (sm == NULL)
4640 return -1;
4641
4642 switch (param) {
4643 case RSNA_PMK_LIFETIME:
4644 if (value > 0)
4645 sm->dot11RSNAConfigPMKLifetime = value;
4646 else
4647 ret = -1;
4648 break;
4649 case RSNA_PMK_REAUTH_THRESHOLD:
4650 if (value > 0 && value <= 100)
4651 sm->dot11RSNAConfigPMKReauthThreshold = value;
4652 else
4653 ret = -1;
4654 break;
4655 case RSNA_SA_TIMEOUT:
4656 if (value > 0)
4657 sm->dot11RSNAConfigSATimeout = value;
4658 else
4659 ret = -1;
4660 break;
4661 case WPA_PARAM_PROTO:
4662 sm->proto = value;
4663 break;
4664 case WPA_PARAM_PAIRWISE:
4665 sm->pairwise_cipher = value;
4666 break;
4667 case WPA_PARAM_GROUP:
4668 sm->group_cipher = value;
4669 break;
4670 case WPA_PARAM_KEY_MGMT:
4671 sm->key_mgmt = value;
4672 break;
4673 case WPA_PARAM_MGMT_GROUP:
4674 sm->mgmt_group_cipher = value;
4675 break;
4676 case WPA_PARAM_RSN_ENABLED:
4677 sm->rsn_enabled = value;
4678 break;
4679 case WPA_PARAM_MFP:
4680 sm->mfp = value;
4681 break;
4682 case WPA_PARAM_OCV:
4683 sm->ocv = value;
4684 break;
4685 case WPA_PARAM_SAE_PWE:
4686 sm->sae_pwe = value;
4687 break;
4688 case WPA_PARAM_SAE_PK:
4689 sm->sae_pk = value;
4690 break;
4691 case WPA_PARAM_DENY_PTK0_REKEY:
4692 sm->wpa_deny_ptk0_rekey = value;
4693 break;
4694 case WPA_PARAM_EXT_KEY_ID:
4695 sm->ext_key_id = value;
4696 break;
4697 case WPA_PARAM_USE_EXT_KEY_ID:
4698 sm->use_ext_key_id = value;
4699 break;
4700 #ifdef CONFIG_TESTING_OPTIONS
4701 case WPA_PARAM_FT_RSNXE_USED:
4702 sm->ft_rsnxe_used = value;
4703 break;
4704 case WPA_PARAM_OCI_FREQ_EAPOL:
4705 sm->oci_freq_override_eapol = value;
4706 break;
4707 case WPA_PARAM_OCI_FREQ_EAPOL_G2:
4708 sm->oci_freq_override_eapol_g2 = value;
4709 break;
4710 case WPA_PARAM_OCI_FREQ_FT_ASSOC:
4711 sm->oci_freq_override_ft_assoc = value;
4712 break;
4713 case WPA_PARAM_OCI_FREQ_FILS_ASSOC:
4714 sm->oci_freq_override_fils_assoc = value;
4715 break;
4716 case WPA_PARAM_DISABLE_EAPOL_G2_TX:
4717 sm->disable_eapol_g2_tx = value;
4718 break;
4719 case WPA_PARAM_ENCRYPT_EAPOL_M2:
4720 sm->encrypt_eapol_m2 = value;
4721 break;
4722 case WPA_PARAM_ENCRYPT_EAPOL_M4:
4723 sm->encrypt_eapol_m4 = value;
4724 break;
4725 #endif /* CONFIG_TESTING_OPTIONS */
4726 #ifdef CONFIG_DPP2
4727 case WPA_PARAM_DPP_PFS:
4728 sm->dpp_pfs = value;
4729 break;
4730 #endif /* CONFIG_DPP2 */
4731 case WPA_PARAM_WMM_ENABLED:
4732 sm->wmm_enabled = value;
4733 break;
4734 case WPA_PARAM_FT_PREPEND_PMKID:
4735 sm->ft_prepend_pmkid = value;
4736 break;
4737 case WPA_PARAM_SSID_PROTECTION:
4738 sm->ssid_protection = value;
4739 break;
4740 default:
4741 break;
4742 }
4743
4744 return ret;
4745 }
4746
4747
4748 /**
4749 * wpa_sm_get_status - Get WPA state machine
4750 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4751 * @buf: Buffer for status information
4752 * @buflen: Maximum buffer length
4753 * @verbose: Whether to include verbose status information
4754 * Returns: Number of bytes written to buf.
4755 *
4756 * Query WPA state machine for status information. This function fills in
4757 * a text area with current status information. If the buffer (buf) is not
4758 * large enough, status information will be truncated to fit the buffer.
4759 */
wpa_sm_get_status(struct wpa_sm * sm,char * buf,size_t buflen,int verbose)4760 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
4761 int verbose)
4762 {
4763 char *pos = buf, *end = buf + buflen;
4764 int ret;
4765
4766 ret = os_snprintf(pos, end - pos,
4767 "pairwise_cipher=%s\n"
4768 "group_cipher=%s\n"
4769 "key_mgmt=%s\n",
4770 wpa_cipher_txt(sm->pairwise_cipher),
4771 wpa_cipher_txt(sm->group_cipher),
4772 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
4773 if (os_snprintf_error(end - pos, ret))
4774 return pos - buf;
4775 pos += ret;
4776
4777 #ifdef CONFIG_DPP2
4778 if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_z) {
4779 ret = os_snprintf(pos, end - pos, "dpp_pfs=1\n");
4780 if (os_snprintf_error(end - pos, ret))
4781 return pos - buf;
4782 pos += ret;
4783 }
4784 #endif /* CONFIG_DPP2 */
4785
4786 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
4787 struct wpa_ie_data rsn;
4788 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
4789 >= 0 &&
4790 rsn.capabilities & (WPA_CAPABILITY_MFPR |
4791 WPA_CAPABILITY_MFPC)) {
4792 ret = os_snprintf(pos, end - pos, "pmf=%d\n"
4793 "mgmt_group_cipher=%s\n",
4794 (rsn.capabilities &
4795 WPA_CAPABILITY_MFPR) ? 2 : 1,
4796 wpa_cipher_txt(
4797 sm->mgmt_group_cipher));
4798 if (os_snprintf_error(end - pos, ret))
4799 return pos - buf;
4800 pos += ret;
4801 }
4802 }
4803
4804 return pos - buf;
4805 }
4806
4807
wpa_sm_pmf_enabled(struct wpa_sm * sm)4808 int wpa_sm_pmf_enabled(struct wpa_sm *sm)
4809 {
4810 struct wpa_ie_data rsn;
4811
4812 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
4813 return 0;
4814
4815 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
4816 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
4817 return 1;
4818
4819 return 0;
4820 }
4821
4822
wpa_sm_ext_key_id(struct wpa_sm * sm)4823 int wpa_sm_ext_key_id(struct wpa_sm *sm)
4824 {
4825 return sm ? sm->ext_key_id : 0;
4826 }
4827
4828
wpa_sm_ext_key_id_active(struct wpa_sm * sm)4829 int wpa_sm_ext_key_id_active(struct wpa_sm *sm)
4830 {
4831 return sm ? sm->use_ext_key_id : 0;
4832 }
4833
4834
wpa_sm_ocv_enabled(struct wpa_sm * sm)4835 int wpa_sm_ocv_enabled(struct wpa_sm *sm)
4836 {
4837 struct wpa_ie_data rsn;
4838
4839 if (!sm->ocv || !sm->ap_rsn_ie)
4840 return 0;
4841
4842 return wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len,
4843 &rsn) >= 0 &&
4844 (rsn.capabilities & WPA_CAPABILITY_OCVC);
4845 }
4846
4847
4848 /**
4849 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
4850 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4851 * @wpa_ie: Pointer to buffer for WPA/RSN IE
4852 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
4853 * Returns: 0 on success, -1 on failure
4854 */
wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm * sm,u8 * wpa_ie,size_t * wpa_ie_len)4855 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
4856 size_t *wpa_ie_len)
4857 {
4858 int res;
4859
4860 if (sm == NULL)
4861 return -1;
4862
4863 #ifdef CONFIG_TESTING_OPTIONS
4864 if (sm->test_assoc_ie) {
4865 wpa_printf(MSG_DEBUG,
4866 "TESTING: Replace association WPA/RSN IE");
4867 if (*wpa_ie_len < wpabuf_len(sm->test_assoc_ie))
4868 return -1;
4869 os_memcpy(wpa_ie, wpabuf_head(sm->test_assoc_ie),
4870 wpabuf_len(sm->test_assoc_ie));
4871 res = wpabuf_len(sm->test_assoc_ie);
4872 } else
4873 #endif /* CONFIG_TESTING_OPTIONS */
4874 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
4875 if (res < 0)
4876 return -1;
4877 *wpa_ie_len = res;
4878
4879 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
4880 wpa_ie, *wpa_ie_len);
4881
4882 if (sm->assoc_wpa_ie == NULL) {
4883 /*
4884 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
4885 * the correct version of the IE even if PMKSA caching is
4886 * aborted (which would remove PMKID from IE generation).
4887 */
4888 sm->assoc_wpa_ie = os_memdup(wpa_ie, *wpa_ie_len);
4889 if (sm->assoc_wpa_ie == NULL)
4890 return -1;
4891
4892 sm->assoc_wpa_ie_len = *wpa_ie_len;
4893 } else {
4894 wpa_hexdump(MSG_DEBUG,
4895 "WPA: Leave previously set WPA IE default",
4896 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
4897 }
4898
4899 return 0;
4900 }
4901
4902
4903 /**
4904 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
4905 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4906 * @ie: Pointer to IE data (starting from id)
4907 * @len: IE length
4908 * Returns: 0 on success, -1 on failure
4909 *
4910 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
4911 * Request frame. The IE will be used to override the default value generated
4912 * with wpa_sm_set_assoc_wpa_ie_default().
4913 */
wpa_sm_set_assoc_wpa_ie(struct wpa_sm * sm,const u8 * ie,size_t len)4914 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
4915 {
4916 if (sm == NULL)
4917 return -1;
4918
4919 os_free(sm->assoc_wpa_ie);
4920 if (ie == NULL || len == 0) {
4921 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4922 "WPA: clearing own WPA/RSN IE");
4923 sm->assoc_wpa_ie = NULL;
4924 sm->assoc_wpa_ie_len = 0;
4925 } else {
4926 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
4927 sm->assoc_wpa_ie = os_memdup(ie, len);
4928 if (sm->assoc_wpa_ie == NULL)
4929 return -1;
4930
4931 sm->assoc_wpa_ie_len = len;
4932 }
4933
4934 return 0;
4935 }
4936
4937
4938 /**
4939 * wpa_sm_set_assoc_rsnxe_default - Generate own RSNXE from configuration
4940 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4941 * @rsnxe: Pointer to buffer for RSNXE
4942 * @rsnxe_len: Pointer to the length of the rsne buffer
4943 * Returns: 0 on success, -1 on failure
4944 */
wpa_sm_set_assoc_rsnxe_default(struct wpa_sm * sm,u8 * rsnxe,size_t * rsnxe_len)4945 int wpa_sm_set_assoc_rsnxe_default(struct wpa_sm *sm, u8 *rsnxe,
4946 size_t *rsnxe_len)
4947 {
4948 int res;
4949
4950 if (!sm)
4951 return -1;
4952
4953 res = wpa_gen_rsnxe(sm, rsnxe, *rsnxe_len);
4954 if (res < 0)
4955 return -1;
4956 *rsnxe_len = res;
4957
4958 wpa_hexdump(MSG_DEBUG, "RSN: Set own RSNXE default", rsnxe, *rsnxe_len);
4959
4960 if (sm->assoc_rsnxe) {
4961 wpa_hexdump(MSG_DEBUG,
4962 "RSN: Leave previously set RSNXE default",
4963 sm->assoc_rsnxe, sm->assoc_rsnxe_len);
4964 } else if (*rsnxe_len > 0) {
4965 /*
4966 * Make a copy of the RSNXE so that 4-Way Handshake gets the
4967 * correct version of the IE even if it gets changed.
4968 */
4969 sm->assoc_rsnxe = os_memdup(rsnxe, *rsnxe_len);
4970 if (!sm->assoc_rsnxe)
4971 return -1;
4972
4973 sm->assoc_rsnxe_len = *rsnxe_len;
4974 }
4975
4976 return 0;
4977 }
4978
4979
4980 /**
4981 * wpa_sm_set_assoc_rsnxe - Set own RSNXE from (Re)AssocReq
4982 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4983 * @ie: Pointer to IE data (starting from id)
4984 * @len: IE length
4985 * Returns: 0 on success, -1 on failure
4986 *
4987 * Inform WPA state machine about the RSNXE used in (Re)Association Request
4988 * frame. The IE will be used to override the default value generated
4989 * with wpa_sm_set_assoc_rsnxe_default().
4990 */
wpa_sm_set_assoc_rsnxe(struct wpa_sm * sm,const u8 * ie,size_t len)4991 int wpa_sm_set_assoc_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len)
4992 {
4993 if (!sm)
4994 return -1;
4995
4996 os_free(sm->assoc_rsnxe);
4997 if (!ie || len == 0) {
4998 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4999 "RSN: clearing own RSNXE");
5000 sm->assoc_rsnxe = NULL;
5001 sm->assoc_rsnxe_len = 0;
5002 } else {
5003 wpa_hexdump(MSG_DEBUG, "RSN: set own RSNXE", ie, len);
5004 sm->assoc_rsnxe = os_memdup(ie, len);
5005 if (!sm->assoc_rsnxe)
5006 return -1;
5007
5008 sm->assoc_rsnxe_len = len;
5009 }
5010
5011 if (sm->ssid_protection &&
5012 !ieee802_11_rsnx_capab(sm->assoc_rsnxe,
5013 WLAN_RSNX_CAPAB_SSID_PROTECTION)) {
5014 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5015 "RSN: Disabling SSID protection based on own RSNXE update");
5016 sm->ssid_protection = 0;
5017 }
5018
5019 return 0;
5020 }
5021
5022
5023 /**
5024 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
5025 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5026 * @ie: Pointer to IE data (starting from id)
5027 * @len: IE length
5028 * Returns: 0 on success, -1 on failure
5029 *
5030 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
5031 * frame.
5032 */
wpa_sm_set_ap_wpa_ie(struct wpa_sm * sm,const u8 * ie,size_t len)5033 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
5034 {
5035 if (sm == NULL)
5036 return -1;
5037
5038 os_free(sm->ap_wpa_ie);
5039 if (ie == NULL || len == 0) {
5040 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5041 "WPA: clearing AP WPA IE");
5042 sm->ap_wpa_ie = NULL;
5043 sm->ap_wpa_ie_len = 0;
5044 } else {
5045 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
5046 sm->ap_wpa_ie = os_memdup(ie, len);
5047 if (sm->ap_wpa_ie == NULL)
5048 return -1;
5049
5050 sm->ap_wpa_ie_len = len;
5051 }
5052
5053 return 0;
5054 }
5055
5056
5057 /**
5058 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
5059 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5060 * @ie: Pointer to IE data (starting from id)
5061 * @len: IE length
5062 * Returns: 0 on success, -1 on failure
5063 *
5064 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
5065 * frame.
5066 */
wpa_sm_set_ap_rsn_ie(struct wpa_sm * sm,const u8 * ie,size_t len)5067 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
5068 {
5069 if (sm == NULL)
5070 return -1;
5071
5072 os_free(sm->ap_rsn_ie);
5073 if (ie == NULL || len == 0) {
5074 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5075 "WPA: clearing AP RSN IE");
5076 sm->ap_rsn_ie = NULL;
5077 sm->ap_rsn_ie_len = 0;
5078 } else {
5079 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
5080 sm->ap_rsn_ie = os_memdup(ie, len);
5081 if (sm->ap_rsn_ie == NULL)
5082 return -1;
5083
5084 sm->ap_rsn_ie_len = len;
5085 }
5086
5087 return 0;
5088 }
5089
5090
5091 /**
5092 * wpa_sm_set_ap_rsnxe - Set AP RSNXE from Beacon/ProbeResp
5093 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5094 * @ie: Pointer to IE data (starting from id)
5095 * @len: IE length
5096 * Returns: 0 on success, -1 on failure
5097 *
5098 * Inform WPA state machine about the RSNXE used in Beacon / Probe Response
5099 * frame.
5100 */
wpa_sm_set_ap_rsnxe(struct wpa_sm * sm,const u8 * ie,size_t len)5101 int wpa_sm_set_ap_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len)
5102 {
5103 if (!sm)
5104 return -1;
5105
5106 os_free(sm->ap_rsnxe);
5107 if (!ie || len == 0) {
5108 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: clearing AP RSNXE");
5109 sm->ap_rsnxe = NULL;
5110 sm->ap_rsnxe_len = 0;
5111 } else {
5112 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSNXE", ie, len);
5113 sm->ap_rsnxe = os_memdup(ie, len);
5114 if (!sm->ap_rsnxe)
5115 return -1;
5116
5117 sm->ap_rsnxe_len = len;
5118 }
5119
5120 return 0;
5121 }
5122
5123
5124 /**
5125 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
5126 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5127 * @data: Pointer to data area for parsing results
5128 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
5129 *
5130 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
5131 * parsed data into data.
5132 */
wpa_sm_parse_own_wpa_ie(struct wpa_sm * sm,struct wpa_ie_data * data)5133 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
5134 {
5135 if (sm == NULL)
5136 return -1;
5137
5138 if (sm->assoc_wpa_ie == NULL) {
5139 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5140 "WPA: No WPA/RSN IE available from association info");
5141 return -1;
5142 }
5143 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
5144 return -2;
5145 return 0;
5146 }
5147
5148
wpa_sm_pmksa_cache_list(struct wpa_sm * sm,char * buf,size_t len)5149 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
5150 {
5151 return pmksa_cache_list(sm->pmksa, buf, len);
5152 }
5153
5154
wpa_sm_pmksa_cache_head(struct wpa_sm * sm)5155 struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_head(struct wpa_sm *sm)
5156 {
5157 return pmksa_cache_head(sm->pmksa);
5158 }
5159
5160
5161 struct rsn_pmksa_cache_entry *
wpa_sm_pmksa_cache_add_entry(struct wpa_sm * sm,struct rsn_pmksa_cache_entry * entry)5162 wpa_sm_pmksa_cache_add_entry(struct wpa_sm *sm,
5163 struct rsn_pmksa_cache_entry * entry)
5164 {
5165 return pmksa_cache_add_entry(sm->pmksa, entry);
5166 }
5167
5168
wpa_sm_pmksa_cache_add(struct wpa_sm * sm,const u8 * pmk,size_t pmk_len,const u8 * pmkid,const u8 * bssid,const u8 * fils_cache_id)5169 void wpa_sm_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
5170 const u8 *pmkid, const u8 *bssid,
5171 const u8 *fils_cache_id)
5172 {
5173 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
5174 bssid, sm->own_addr, sm->network_ctx,
5175 sm->key_mgmt, fils_cache_id);
5176 }
5177
5178
wpa_sm_pmksa_exists(struct wpa_sm * sm,const u8 * bssid,const u8 * own_addr,const void * network_ctx)5179 int wpa_sm_pmksa_exists(struct wpa_sm *sm, const u8 *bssid, const u8 *own_addr,
5180 const void *network_ctx)
5181 {
5182 return pmksa_cache_get(sm->pmksa, bssid, own_addr, NULL, network_ctx,
5183 0) != NULL;
5184 }
5185
5186
wpa_sm_pmksa_cache_get(struct wpa_sm * sm,const u8 * aa,const u8 * pmkid,const void * network_ctx,int akmp)5187 struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_get(struct wpa_sm *sm,
5188 const u8 *aa,
5189 const u8 *pmkid,
5190 const void *network_ctx,
5191 int akmp)
5192 {
5193 return pmksa_cache_get(sm->pmksa, aa, sm->own_addr, pmkid, network_ctx,
5194 akmp);
5195 }
5196
5197
wpa_sm_pmksa_cache_remove(struct wpa_sm * sm,struct rsn_pmksa_cache_entry * entry)5198 void wpa_sm_pmksa_cache_remove(struct wpa_sm *sm,
5199 struct rsn_pmksa_cache_entry *entry)
5200 {
5201 if (sm && sm->pmksa)
5202 pmksa_cache_remove(sm->pmksa, entry);
5203 }
5204
5205
wpa_sm_drop_sa(struct wpa_sm * sm)5206 void wpa_sm_drop_sa(struct wpa_sm *sm)
5207 {
5208 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
5209 wpa_sm_clear_ptk(sm);
5210 sm->pmk_len = 0;
5211 os_memset(sm->pmk, 0, sizeof(sm->pmk));
5212 #ifdef CONFIG_IEEE80211R
5213 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
5214 sm->xxkey_len = 0;
5215 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
5216 sm->pmk_r0_len = 0;
5217 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
5218 sm->pmk_r1_len = 0;
5219 #ifdef CONFIG_PASN
5220 os_free(sm->pasn_r1kh);
5221 sm->pasn_r1kh = NULL;
5222 sm->n_pasn_r1kh = 0;
5223 #endif /* CONFIG_PASN */
5224 #endif /* CONFIG_IEEE80211R */
5225 }
5226
5227
5228 #ifdef CONFIG_IEEE80211R
wpa_sm_has_ft_keys(struct wpa_sm * sm,const u8 * md)5229 bool wpa_sm_has_ft_keys(struct wpa_sm *sm, const u8 *md)
5230 {
5231 if (!sm)
5232 return false;
5233 if (!wpa_key_mgmt_ft(sm->key_mgmt) ||
5234 os_memcmp(md, sm->key_mobility_domain,
5235 MOBILITY_DOMAIN_ID_LEN) != 0) {
5236 /* Do not allow FT protocol to be used even if we were to have
5237 * an PTK since the mobility domain has changed. */
5238 return false;
5239 }
5240 return sm->ptk_set;
5241 }
5242 #endif /* CONFIG_IEEE80211R */
5243
5244
wpa_sm_has_ptk_installed(struct wpa_sm * sm)5245 int wpa_sm_has_ptk_installed(struct wpa_sm *sm)
5246 {
5247 if (!sm)
5248 return 0;
5249 return sm->tk_set || sm->ptk.installed;
5250 }
5251
5252
wpa_sm_update_replay_ctr(struct wpa_sm * sm,const u8 * replay_ctr)5253 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
5254 {
5255 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
5256 }
5257
5258
wpa_sm_pmksa_cache_flush(struct wpa_sm * sm,void * network_ctx)5259 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
5260 {
5261 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0, false);
5262 }
5263
5264
wpa_sm_external_pmksa_cache_flush(struct wpa_sm * sm,void * network_ctx)5265 void wpa_sm_external_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
5266 {
5267 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0, true);
5268 }
5269
5270
5271 #ifdef CONFIG_WNM
wpa_wnmsleep_install_key(struct wpa_sm * sm,u8 subelem_id,u8 * buf)5272 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
5273 {
5274 u16 keyinfo;
5275 u8 keylen; /* plaintext key len */
5276 u8 *key_rsc;
5277
5278 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
5279 struct wpa_gtk_data gd;
5280
5281 os_memset(&gd, 0, sizeof(gd));
5282 keylen = wpa_cipher_key_len(sm->group_cipher);
5283 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
5284 gd.alg = wpa_cipher_to_alg(sm->group_cipher);
5285 if (gd.alg == WPA_ALG_NONE) {
5286 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
5287 return -1;
5288 }
5289
5290 key_rsc = buf + 5;
5291 keyinfo = WPA_GET_LE16(buf + 2);
5292 gd.gtk_len = keylen;
5293 if (gd.gtk_len != buf[4]) {
5294 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
5295 gd.gtk_len, buf[4]);
5296 return -1;
5297 }
5298 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
5299 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
5300 sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
5301
5302 os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
5303
5304 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
5305 gd.gtk, gd.gtk_len);
5306 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
5307 forced_memzero(&gd, sizeof(gd));
5308 wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
5309 "WNM mode");
5310 return -1;
5311 }
5312 forced_memzero(&gd, sizeof(gd));
5313 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
5314 const struct wpa_igtk_kde *igtk;
5315
5316 igtk = (const struct wpa_igtk_kde *) (buf + 2);
5317 if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
5318 return -1;
5319 } else if (subelem_id == WNM_SLEEP_SUBELEM_BIGTK) {
5320 const struct wpa_bigtk_kde *bigtk;
5321
5322 bigtk = (const struct wpa_bigtk_kde *) (buf + 2);
5323 if (sm->beacon_prot &&
5324 wpa_supplicant_install_bigtk(sm, bigtk, 1) < 0)
5325 return -1;
5326 } else {
5327 wpa_printf(MSG_DEBUG, "Unknown element id");
5328 return -1;
5329 }
5330
5331 return 0;
5332 }
5333 #endif /* CONFIG_WNM */
5334
5335
5336 #ifdef CONFIG_P2P
5337
wpa_sm_get_p2p_ip_addr(struct wpa_sm * sm,u8 * buf)5338 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
5339 {
5340 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
5341 return -1;
5342 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
5343 return 0;
5344 }
5345
5346 #endif /* CONFIG_P2P */
5347
5348
wpa_sm_set_rx_replay_ctr(struct wpa_sm * sm,const u8 * rx_replay_counter)5349 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter)
5350 {
5351 if (rx_replay_counter == NULL)
5352 return;
5353
5354 os_memcpy(sm->rx_replay_counter, rx_replay_counter,
5355 WPA_REPLAY_COUNTER_LEN);
5356 sm->rx_replay_counter_set = 1;
5357 wpa_printf(MSG_DEBUG, "Updated key replay counter");
5358 }
5359
5360
wpa_sm_set_ptk_kck_kek(struct wpa_sm * sm,const u8 * ptk_kck,size_t ptk_kck_len,const u8 * ptk_kek,size_t ptk_kek_len)5361 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
5362 const u8 *ptk_kck, size_t ptk_kck_len,
5363 const u8 *ptk_kek, size_t ptk_kek_len)
5364 {
5365 if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) {
5366 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len);
5367 sm->ptk.kck_len = ptk_kck_len;
5368 wpa_printf(MSG_DEBUG, "Updated PTK KCK");
5369 }
5370 if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) {
5371 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len);
5372 sm->ptk.kek_len = ptk_kek_len;
5373 wpa_printf(MSG_DEBUG, "Updated PTK KEK");
5374 }
5375 sm->ptk_set = 1;
5376 }
5377
5378
5379 #ifdef CONFIG_TESTING_OPTIONS
5380
wpa_sm_set_test_assoc_ie(struct wpa_sm * sm,struct wpabuf * buf)5381 void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf)
5382 {
5383 wpabuf_free(sm->test_assoc_ie);
5384 sm->test_assoc_ie = buf;
5385 }
5386
5387
wpa_sm_set_test_eapol_m2_elems(struct wpa_sm * sm,struct wpabuf * buf)5388 void wpa_sm_set_test_eapol_m2_elems(struct wpa_sm *sm, struct wpabuf *buf)
5389 {
5390 wpabuf_free(sm->test_eapol_m2_elems);
5391 sm->test_eapol_m2_elems = buf;
5392 }
5393
5394
wpa_sm_set_test_eapol_m4_elems(struct wpa_sm * sm,struct wpabuf * buf)5395 void wpa_sm_set_test_eapol_m4_elems(struct wpa_sm *sm, struct wpabuf *buf)
5396 {
5397 wpabuf_free(sm->test_eapol_m4_elems);
5398 sm->test_eapol_m4_elems = buf;
5399 }
5400
5401
wpa_sm_get_anonce(struct wpa_sm * sm)5402 const u8 * wpa_sm_get_anonce(struct wpa_sm *sm)
5403 {
5404 return sm->anonce;
5405 }
5406
5407 #endif /* CONFIG_TESTING_OPTIONS */
5408
5409
wpa_sm_get_key_mgmt(struct wpa_sm * sm)5410 unsigned int wpa_sm_get_key_mgmt(struct wpa_sm *sm)
5411 {
5412 return sm->key_mgmt;
5413 }
5414
5415
wpa_sm_get_auth_addr(struct wpa_sm * sm)5416 const u8 * wpa_sm_get_auth_addr(struct wpa_sm *sm)
5417 {
5418 return sm->mlo.valid_links ? sm->mlo.ap_mld_addr : sm->bssid;
5419 }
5420
5421
5422 #ifdef CONFIG_FILS
5423
fils_build_auth(struct wpa_sm * sm,int dh_group,const u8 * md)5424 struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md)
5425 {
5426 struct wpabuf *buf = NULL;
5427 struct wpabuf *erp_msg;
5428 struct wpabuf *pub = NULL;
5429
5430 erp_msg = eapol_sm_build_erp_reauth_start(sm->eapol);
5431 if (!erp_msg && !sm->cur_pmksa) {
5432 wpa_printf(MSG_DEBUG,
5433 "FILS: Neither ERP EAP-Initiate/Re-auth nor PMKSA cache entry is available - skip FILS");
5434 goto fail;
5435 }
5436
5437 wpa_printf(MSG_DEBUG, "FILS: Try to use FILS (erp=%d pmksa_cache=%d)",
5438 erp_msg != NULL, sm->cur_pmksa != NULL);
5439
5440 sm->fils_completed = 0;
5441
5442 if (!sm->assoc_wpa_ie) {
5443 wpa_printf(MSG_INFO, "FILS: No own RSN IE set for FILS");
5444 goto fail;
5445 }
5446
5447 if (random_get_bytes(sm->fils_nonce, FILS_NONCE_LEN) < 0 ||
5448 random_get_bytes(sm->fils_session, FILS_SESSION_LEN) < 0)
5449 goto fail;
5450
5451 wpa_hexdump(MSG_DEBUG, "FILS: Generated FILS Nonce",
5452 sm->fils_nonce, FILS_NONCE_LEN);
5453 wpa_hexdump(MSG_DEBUG, "FILS: Generated FILS Session",
5454 sm->fils_session, FILS_SESSION_LEN);
5455
5456 #ifdef CONFIG_FILS_SK_PFS
5457 sm->fils_dh_group = dh_group;
5458 if (dh_group) {
5459 crypto_ecdh_deinit(sm->fils_ecdh);
5460 sm->fils_ecdh = crypto_ecdh_init(dh_group);
5461 if (!sm->fils_ecdh) {
5462 wpa_printf(MSG_INFO,
5463 "FILS: Could not initialize ECDH with group %d",
5464 dh_group);
5465 goto fail;
5466 }
5467 pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1);
5468 if (!pub)
5469 goto fail;
5470 wpa_hexdump_buf(MSG_DEBUG, "FILS: Element (DH public key)",
5471 pub);
5472 sm->fils_dh_elem_len = wpabuf_len(pub);
5473 }
5474 #endif /* CONFIG_FILS_SK_PFS */
5475
5476 buf = wpabuf_alloc(1000 + sm->assoc_wpa_ie_len +
5477 (pub ? wpabuf_len(pub) : 0));
5478 if (!buf)
5479 goto fail;
5480
5481 /* Fields following the Authentication algorithm number field */
5482
5483 /* Authentication Transaction seq# */
5484 wpabuf_put_le16(buf, 1);
5485
5486 /* Status Code */
5487 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
5488
5489 /* TODO: FILS PK */
5490 #ifdef CONFIG_FILS_SK_PFS
5491 if (dh_group) {
5492 /* Finite Cyclic Group */
5493 wpabuf_put_le16(buf, dh_group);
5494 /* Element */
5495 wpabuf_put_buf(buf, pub);
5496 }
5497 #endif /* CONFIG_FILS_SK_PFS */
5498
5499 /* RSNE */
5500 wpa_hexdump(MSG_DEBUG, "FILS: RSNE in FILS Authentication frame",
5501 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
5502 wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
5503
5504 if (md) {
5505 /* MDE when using FILS for FT initial association */
5506 struct rsn_mdie *mdie;
5507
5508 wpabuf_put_u8(buf, WLAN_EID_MOBILITY_DOMAIN);
5509 wpabuf_put_u8(buf, sizeof(*mdie));
5510 mdie = wpabuf_put(buf, sizeof(*mdie));
5511 os_memcpy(mdie->mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
5512 mdie->ft_capab = 0;
5513 }
5514
5515 /* FILS Nonce */
5516 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
5517 wpabuf_put_u8(buf, 1 + FILS_NONCE_LEN); /* Length */
5518 /* Element ID Extension */
5519 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_NONCE);
5520 wpabuf_put_data(buf, sm->fils_nonce, FILS_NONCE_LEN);
5521
5522 /* FILS Session */
5523 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
5524 wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN); /* Length */
5525 /* Element ID Extension */
5526 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION);
5527 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN);
5528
5529 /* Wrapped Data */
5530 sm->fils_erp_pmkid_set = 0;
5531 if (erp_msg) {
5532 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
5533 wpabuf_put_u8(buf, 1 + wpabuf_len(erp_msg)); /* Length */
5534 /* Element ID Extension */
5535 wpabuf_put_u8(buf, WLAN_EID_EXT_WRAPPED_DATA);
5536 wpabuf_put_buf(buf, erp_msg);
5537 /* Calculate pending PMKID here so that we do not need to
5538 * maintain a copy of the EAP-Initiate/Reauth message. */
5539 if (fils_pmkid_erp(sm->key_mgmt, wpabuf_head(erp_msg),
5540 wpabuf_len(erp_msg),
5541 sm->fils_erp_pmkid) == 0)
5542 sm->fils_erp_pmkid_set = 1;
5543 }
5544
5545 wpa_hexdump_buf(MSG_DEBUG, "RSN: FILS fields for Authentication frame",
5546 buf);
5547
5548 fail:
5549 wpabuf_free(erp_msg);
5550 wpabuf_free(pub);
5551 return buf;
5552 }
5553
5554
fils_process_auth(struct wpa_sm * sm,const u8 * bssid,const u8 * data,size_t len)5555 int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
5556 size_t len)
5557 {
5558 const u8 *pos, *end;
5559 struct ieee802_11_elems elems;
5560 struct wpa_ie_data rsn;
5561 int pmkid_match = 0;
5562 u8 ick[FILS_ICK_MAX_LEN];
5563 size_t ick_len;
5564 int res;
5565 struct wpabuf *dh_ss = NULL;
5566 const u8 *g_sta = NULL;
5567 size_t g_sta_len = 0;
5568 const u8 *g_ap = NULL;
5569 size_t g_ap_len = 0, kdk_len;
5570 struct wpabuf *pub = NULL;
5571 #ifdef CONFIG_IEEE80211R
5572 struct wpa_ft_ies parse;
5573
5574 os_memset(&parse, 0, sizeof(parse));
5575 #endif /* CONFIG_IEEE80211R */
5576
5577 os_memcpy(sm->bssid, bssid, ETH_ALEN);
5578
5579 wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields",
5580 data, len);
5581 pos = data;
5582 end = data + len;
5583
5584 /* TODO: FILS PK */
5585 #ifdef CONFIG_FILS_SK_PFS
5586 if (sm->fils_dh_group) {
5587 u16 group;
5588
5589 /* Using FILS PFS */
5590
5591 /* Finite Cyclic Group */
5592 if (end - pos < 2) {
5593 wpa_printf(MSG_DEBUG,
5594 "FILS: No room for Finite Cyclic Group");
5595 goto fail;
5596 }
5597 group = WPA_GET_LE16(pos);
5598 pos += 2;
5599 if (group != sm->fils_dh_group) {
5600 wpa_printf(MSG_DEBUG,
5601 "FILS: Unexpected change in Finite Cyclic Group: %u (expected %u)",
5602 group, sm->fils_dh_group);
5603 goto fail;
5604 }
5605
5606 /* Element */
5607 if ((size_t) (end - pos) < sm->fils_dh_elem_len) {
5608 wpa_printf(MSG_DEBUG, "FILS: No room for Element");
5609 goto fail;
5610 }
5611
5612 if (!sm->fils_ecdh) {
5613 wpa_printf(MSG_DEBUG, "FILS: No ECDH state available");
5614 goto fail;
5615 }
5616 dh_ss = crypto_ecdh_set_peerkey(sm->fils_ecdh, 1, pos,
5617 sm->fils_dh_elem_len);
5618 if (!dh_ss) {
5619 wpa_printf(MSG_DEBUG, "FILS: ECDH operation failed");
5620 goto fail;
5621 }
5622 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", dh_ss);
5623 g_ap = pos;
5624 g_ap_len = sm->fils_dh_elem_len;
5625 pos += sm->fils_dh_elem_len;
5626 }
5627 #endif /* CONFIG_FILS_SK_PFS */
5628
5629 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
5630 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
5631 wpa_printf(MSG_DEBUG, "FILS: Could not parse elements");
5632 goto fail;
5633 }
5634
5635 /* RSNE */
5636 wpa_hexdump(MSG_DEBUG, "FILS: RSN element", elems.rsn_ie,
5637 elems.rsn_ie_len);
5638 if (!elems.rsn_ie ||
5639 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
5640 &rsn) < 0) {
5641 wpa_printf(MSG_DEBUG, "FILS: No RSN element");
5642 goto fail;
5643 }
5644
5645 if (!elems.fils_nonce) {
5646 wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
5647 goto fail;
5648 }
5649 os_memcpy(sm->fils_anonce, elems.fils_nonce, FILS_NONCE_LEN);
5650 wpa_hexdump(MSG_DEBUG, "FILS: ANonce", sm->fils_anonce, FILS_NONCE_LEN);
5651
5652 #ifdef CONFIG_IEEE80211R
5653 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
5654 if (!elems.mdie || !elems.ftie) {
5655 wpa_printf(MSG_DEBUG, "FILS+FT: No MDE or FTE");
5656 goto fail;
5657 }
5658
5659 if (wpa_ft_parse_ies(pos, end - pos, &parse,
5660 sm->key_mgmt, false) < 0) {
5661 wpa_printf(MSG_DEBUG, "FILS+FT: Failed to parse IEs");
5662 goto fail;
5663 }
5664
5665 if (!parse.r0kh_id) {
5666 wpa_printf(MSG_DEBUG,
5667 "FILS+FT: No R0KH-ID subelem in FTE");
5668 goto fail;
5669 }
5670 os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
5671 sm->r0kh_id_len = parse.r0kh_id_len;
5672 wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: R0KH-ID",
5673 sm->r0kh_id, sm->r0kh_id_len);
5674
5675 if (!parse.r1kh_id) {
5676 wpa_printf(MSG_DEBUG,
5677 "FILS+FT: No R1KH-ID subelem in FTE");
5678 goto fail;
5679 }
5680 os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
5681 wpa_hexdump(MSG_DEBUG, "FILS+FT: R1KH-ID",
5682 sm->r1kh_id, FT_R1KH_ID_LEN);
5683
5684 /* TODO: Check MDE and FTE payload */
5685
5686 wpabuf_free(sm->fils_ft_ies);
5687 sm->fils_ft_ies = wpabuf_alloc(2 + elems.mdie_len +
5688 2 + elems.ftie_len);
5689 if (!sm->fils_ft_ies)
5690 goto fail;
5691 wpabuf_put_data(sm->fils_ft_ies, elems.mdie - 2,
5692 2 + elems.mdie_len);
5693 wpabuf_put_data(sm->fils_ft_ies, elems.ftie - 2,
5694 2 + elems.ftie_len);
5695 } else {
5696 wpabuf_free(sm->fils_ft_ies);
5697 sm->fils_ft_ies = NULL;
5698 }
5699 #endif /* CONFIG_IEEE80211R */
5700
5701 /* PMKID List */
5702 if (rsn.pmkid && rsn.num_pmkid > 0) {
5703 wpa_hexdump(MSG_DEBUG, "FILS: PMKID List",
5704 rsn.pmkid, rsn.num_pmkid * PMKID_LEN);
5705
5706 if (rsn.num_pmkid != 1) {
5707 wpa_printf(MSG_DEBUG, "FILS: Invalid PMKID selection");
5708 goto fail;
5709 }
5710 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", rsn.pmkid, PMKID_LEN);
5711 if (os_memcmp(sm->cur_pmksa->pmkid, rsn.pmkid, PMKID_LEN) != 0)
5712 {
5713 wpa_printf(MSG_DEBUG, "FILS: PMKID mismatch");
5714 wpa_hexdump(MSG_DEBUG, "FILS: Expected PMKID",
5715 sm->cur_pmksa->pmkid, PMKID_LEN);
5716 goto fail;
5717 }
5718 wpa_printf(MSG_DEBUG,
5719 "FILS: Matching PMKID - continue using PMKSA caching");
5720 pmkid_match = 1;
5721 }
5722 if (!pmkid_match && sm->cur_pmksa) {
5723 wpa_printf(MSG_DEBUG,
5724 "FILS: No PMKID match - cannot use cached PMKSA entry");
5725 sm->cur_pmksa = NULL;
5726 }
5727
5728 /* FILS Session */
5729 if (!elems.fils_session) {
5730 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
5731 goto fail;
5732 }
5733 wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session,
5734 FILS_SESSION_LEN);
5735 if (os_memcmp(sm->fils_session, elems.fils_session, FILS_SESSION_LEN)
5736 != 0) {
5737 wpa_printf(MSG_DEBUG, "FILS: Session mismatch");
5738 wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session",
5739 sm->fils_session, FILS_SESSION_LEN);
5740 goto fail;
5741 }
5742
5743 /* Wrapped Data */
5744 if (!sm->cur_pmksa && elems.wrapped_data) {
5745 u8 rmsk[ERP_MAX_KEY_LEN];
5746 size_t rmsk_len;
5747
5748 wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data",
5749 elems.wrapped_data,
5750 elems.wrapped_data_len);
5751 eapol_sm_process_erp_finish(sm->eapol, elems.wrapped_data,
5752 elems.wrapped_data_len);
5753 if (eapol_sm_failed(sm->eapol))
5754 goto fail;
5755
5756 rmsk_len = ERP_MAX_KEY_LEN;
5757 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len);
5758 if (res == PMK_LEN) {
5759 rmsk_len = PMK_LEN;
5760 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len);
5761 }
5762 if (res)
5763 goto fail;
5764
5765 res = fils_rmsk_to_pmk(sm->key_mgmt, rmsk, rmsk_len,
5766 sm->fils_nonce, sm->fils_anonce,
5767 dh_ss ? wpabuf_head(dh_ss) : NULL,
5768 dh_ss ? wpabuf_len(dh_ss) : 0,
5769 sm->pmk, &sm->pmk_len);
5770 forced_memzero(rmsk, sizeof(rmsk));
5771
5772 /* Don't use DHss in PTK derivation if PMKSA caching is not
5773 * used. */
5774 wpabuf_clear_free(dh_ss);
5775 dh_ss = NULL;
5776
5777 if (res)
5778 goto fail;
5779
5780 if (!sm->fils_erp_pmkid_set) {
5781 wpa_printf(MSG_DEBUG, "FILS: PMKID not available");
5782 goto fail;
5783 }
5784 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", sm->fils_erp_pmkid,
5785 PMKID_LEN);
5786 wpa_printf(MSG_DEBUG, "FILS: ERP processing succeeded - add PMKSA cache entry for the result");
5787 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len,
5788 sm->fils_erp_pmkid, NULL, 0,
5789 sm->bssid, sm->own_addr,
5790 sm->network_ctx, sm->key_mgmt,
5791 NULL);
5792 }
5793
5794 if (!sm->cur_pmksa) {
5795 wpa_printf(MSG_DEBUG,
5796 "FILS: No remaining options to continue FILS authentication");
5797 goto fail;
5798 }
5799
5800 if (sm->force_kdk_derivation ||
5801 (sm->secure_ltf &&
5802 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
5803 kdk_len = WPA_KDK_MAX_LEN;
5804 else
5805 kdk_len = 0;
5806
5807 if (fils_pmk_to_ptk(sm->pmk, sm->pmk_len, sm->own_addr,
5808 wpa_sm_get_auth_addr(sm),
5809 sm->fils_nonce, sm->fils_anonce,
5810 dh_ss ? wpabuf_head(dh_ss) : NULL,
5811 dh_ss ? wpabuf_len(dh_ss) : 0,
5812 &sm->ptk, ick, &ick_len,
5813 sm->key_mgmt, sm->pairwise_cipher,
5814 sm->fils_ft, &sm->fils_ft_len,
5815 kdk_len) < 0) {
5816 wpa_printf(MSG_DEBUG, "FILS: Failed to derive PTK");
5817 goto fail;
5818 }
5819
5820 #ifdef CONFIG_PASN
5821 if (sm->secure_ltf &&
5822 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) &&
5823 wpa_ltf_keyseed(&sm->ptk, sm->key_mgmt, sm->pairwise_cipher)) {
5824 wpa_printf(MSG_DEBUG, "FILS: Failed to derive LTF keyseed");
5825 goto fail;
5826 }
5827 #endif /* CONFIG_PASN */
5828
5829 wpabuf_clear_free(dh_ss);
5830 dh_ss = NULL;
5831
5832 sm->ptk_set = 1;
5833 sm->tptk_set = 0;
5834 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
5835
5836 #ifdef CONFIG_FILS_SK_PFS
5837 if (sm->fils_dh_group) {
5838 if (!sm->fils_ecdh) {
5839 wpa_printf(MSG_INFO, "FILS: ECDH not initialized");
5840 goto fail;
5841 }
5842 pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1);
5843 if (!pub)
5844 goto fail;
5845 wpa_hexdump_buf(MSG_DEBUG, "FILS: gSTA", pub);
5846 g_sta = wpabuf_head(pub);
5847 g_sta_len = wpabuf_len(pub);
5848 if (!g_ap) {
5849 wpa_printf(MSG_INFO, "FILS: gAP not available");
5850 goto fail;
5851 }
5852 wpa_hexdump(MSG_DEBUG, "FILS: gAP", g_ap, g_ap_len);
5853 }
5854 #endif /* CONFIG_FILS_SK_PFS */
5855
5856 res = fils_key_auth_sk(ick, ick_len, sm->fils_nonce,
5857 sm->fils_anonce, sm->own_addr, sm->bssid,
5858 g_sta, g_sta_len, g_ap, g_ap_len,
5859 sm->key_mgmt, sm->fils_key_auth_sta,
5860 sm->fils_key_auth_ap,
5861 &sm->fils_key_auth_len);
5862 wpabuf_free(pub);
5863 forced_memzero(ick, sizeof(ick));
5864 #ifdef CONFIG_IEEE80211R
5865 wpa_ft_parse_ies_free(&parse);
5866 #endif /* CONFIG_IEEE80211R */
5867 return res;
5868 fail:
5869 wpabuf_free(pub);
5870 wpabuf_clear_free(dh_ss);
5871 #ifdef CONFIG_IEEE80211R
5872 wpa_ft_parse_ies_free(&parse);
5873 #endif /* CONFIG_IEEE80211R */
5874 return -1;
5875 }
5876
5877
5878 #ifdef CONFIG_IEEE80211R
fils_ft_build_assoc_req_rsne(struct wpa_sm * sm,struct wpabuf * buf)5879 static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf)
5880 {
5881 struct rsn_ie_hdr *rsnie;
5882 u16 capab;
5883 u8 *pos;
5884 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
5885
5886 /* RSNIE[PMKR0Name/PMKR1Name] */
5887 rsnie = wpabuf_put(buf, sizeof(*rsnie));
5888 rsnie->elem_id = WLAN_EID_RSN;
5889 WPA_PUT_LE16(rsnie->version, RSN_VERSION);
5890
5891 /* Group Suite Selector */
5892 if (!wpa_cipher_valid_group(sm->group_cipher)) {
5893 wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)",
5894 sm->group_cipher);
5895 return -1;
5896 }
5897 pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
5898 RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN,
5899 sm->group_cipher));
5900
5901 /* Pairwise Suite Count */
5902 wpabuf_put_le16(buf, 1);
5903
5904 /* Pairwise Suite List */
5905 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
5906 wpa_printf(MSG_WARNING, "FT: Invalid pairwise cipher (%d)",
5907 sm->pairwise_cipher);
5908 return -1;
5909 }
5910 pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
5911 RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN,
5912 sm->pairwise_cipher));
5913
5914 /* Authenticated Key Management Suite Count */
5915 wpabuf_put_le16(buf, 1);
5916
5917 /* Authenticated Key Management Suite List */
5918 pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
5919 if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256)
5920 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
5921 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384)
5922 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
5923 else {
5924 wpa_printf(MSG_WARNING,
5925 "FILS+FT: Invalid key management type (%d)",
5926 sm->key_mgmt);
5927 return -1;
5928 }
5929
5930 /* RSN Capabilities */
5931 capab = 0;
5932 if (sm->mfp)
5933 capab |= WPA_CAPABILITY_MFPC;
5934 if (sm->mfp == 2)
5935 capab |= WPA_CAPABILITY_MFPR;
5936 if (sm->ocv)
5937 capab |= WPA_CAPABILITY_OCVC;
5938 if (sm->ext_key_id)
5939 capab |= WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST;
5940 wpabuf_put_le16(buf, capab);
5941
5942 /* PMKID Count */
5943 wpabuf_put_le16(buf, 1);
5944
5945 /* PMKID List [PMKR1Name] */
5946 wpa_hexdump_key(MSG_DEBUG, "FILS+FT: XXKey (FILS-FT)",
5947 sm->fils_ft, sm->fils_ft_len);
5948 wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: SSID", sm->ssid, sm->ssid_len);
5949 wpa_hexdump(MSG_DEBUG, "FILS+FT: MDID",
5950 sm->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
5951 wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: R0KH-ID",
5952 sm->r0kh_id, sm->r0kh_id_len);
5953 if (wpa_derive_pmk_r0(sm->fils_ft, sm->fils_ft_len, sm->ssid,
5954 sm->ssid_len, sm->mobility_domain,
5955 sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
5956 sm->pmk_r0, sm->pmk_r0_name, sm->key_mgmt) < 0) {
5957 wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMK-R0");
5958 return -1;
5959 }
5960 if (wpa_key_mgmt_sae_ext_key(sm->key_mgmt))
5961 sm->pmk_r0_len = sm->fils_ft_len;
5962 else
5963 sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
5964 wpa_printf(MSG_DEBUG, "FILS+FT: R1KH-ID: " MACSTR,
5965 MAC2STR(sm->r1kh_id));
5966 pos = wpabuf_put(buf, WPA_PMK_NAME_LEN);
5967 if (wpa_derive_pmk_r1_name(sm->pmk_r0_name, sm->r1kh_id, sm->own_addr,
5968 sm->pmk_r1_name, sm->fils_ft_len) < 0) {
5969 wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMKR1Name");
5970 return -1;
5971 }
5972 os_memcpy(pos, sm->pmk_r1_name, WPA_PMK_NAME_LEN);
5973
5974 os_memcpy(sm->key_mobility_domain, sm->mobility_domain,
5975 MOBILITY_DOMAIN_ID_LEN);
5976
5977 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
5978 /* Management Group Cipher Suite */
5979 pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
5980 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
5981 }
5982
5983 rsnie->len = ((u8 *) wpabuf_put(buf, 0) - (u8 *) rsnie) - 2;
5984 return 0;
5985 }
5986 #endif /* CONFIG_IEEE80211R */
5987
5988
fils_build_assoc_req(struct wpa_sm * sm,const u8 ** kek,size_t * kek_len,const u8 ** snonce,const u8 ** anonce,const struct wpabuf ** hlp,unsigned int num_hlp)5989 struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,
5990 size_t *kek_len, const u8 **snonce,
5991 const u8 **anonce,
5992 const struct wpabuf **hlp,
5993 unsigned int num_hlp)
5994 {
5995 struct wpabuf *buf;
5996 size_t len;
5997 unsigned int i;
5998
5999 len = 1000;
6000 #ifdef CONFIG_IEEE80211R
6001 if (sm->fils_ft_ies)
6002 len += wpabuf_len(sm->fils_ft_ies);
6003 if (wpa_key_mgmt_ft(sm->key_mgmt))
6004 len += 256;
6005 #endif /* CONFIG_IEEE80211R */
6006 for (i = 0; hlp && i < num_hlp; i++)
6007 len += 10 + wpabuf_len(hlp[i]);
6008 buf = wpabuf_alloc(len);
6009 if (!buf)
6010 return NULL;
6011
6012 #ifdef CONFIG_IEEE80211R
6013 if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) {
6014 /* MDE and FTE when using FILS+FT */
6015 wpabuf_put_buf(buf, sm->fils_ft_ies);
6016 /* RSNE with PMKR1Name in PMKID field */
6017 if (fils_ft_build_assoc_req_rsne(sm, buf) < 0) {
6018 wpabuf_free(buf);
6019 return NULL;
6020 }
6021 }
6022 #endif /* CONFIG_IEEE80211R */
6023
6024 /* FILS Session */
6025 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
6026 wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN); /* Length */
6027 /* Element ID Extension */
6028 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION);
6029 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN);
6030
6031 /* Everything after FILS Session element gets encrypted in the driver
6032 * with KEK. The buffer returned from here is the plaintext version. */
6033
6034 /* TODO: FILS Public Key */
6035
6036 /* FILS Key Confirm */
6037 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
6038 wpabuf_put_u8(buf, 1 + sm->fils_key_auth_len); /* Length */
6039 /* Element ID Extension */
6040 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_KEY_CONFIRM);
6041 wpabuf_put_data(buf, sm->fils_key_auth_sta, sm->fils_key_auth_len);
6042
6043 /* FILS HLP Container */
6044 for (i = 0; hlp && i < num_hlp; i++) {
6045 const u8 *pos = wpabuf_head(hlp[i]);
6046 size_t left = wpabuf_len(hlp[i]);
6047
6048 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
6049 if (left <= 254)
6050 len = 1 + left;
6051 else
6052 len = 255;
6053 wpabuf_put_u8(buf, len); /* Length */
6054 /* Element ID Extension */
6055 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_HLP_CONTAINER);
6056 /* Destination MAC Address, Source MAC Address, HLP Packet.
6057 * HLP Packet is in MSDU format (i.e., included the LLC/SNAP
6058 * header when LPD is used). */
6059 wpabuf_put_data(buf, pos, len - 1);
6060 pos += len - 1;
6061 left -= len - 1;
6062 while (left) {
6063 wpabuf_put_u8(buf, WLAN_EID_FRAGMENT);
6064 len = left > 255 ? 255 : left;
6065 wpabuf_put_u8(buf, len);
6066 wpabuf_put_data(buf, pos, len);
6067 pos += len;
6068 left -= len;
6069 }
6070 }
6071
6072 /* TODO: FILS IP Address Assignment */
6073
6074 #ifdef CONFIG_OCV
6075 if (wpa_sm_ocv_enabled(sm)) {
6076 struct wpa_channel_info ci;
6077 u8 *pos;
6078
6079 if (wpa_sm_channel_info(sm, &ci) != 0) {
6080 wpa_printf(MSG_WARNING,
6081 "FILS: Failed to get channel info for OCI element");
6082 wpabuf_free(buf);
6083 return NULL;
6084 }
6085 #ifdef CONFIG_TESTING_OPTIONS
6086 if (sm->oci_freq_override_fils_assoc) {
6087 wpa_printf(MSG_INFO,
6088 "TEST: Override OCI KDE frequency %d -> %d MHz",
6089 ci.frequency,
6090 sm->oci_freq_override_fils_assoc);
6091 ci.frequency = sm->oci_freq_override_fils_assoc;
6092 }
6093 #endif /* CONFIG_TESTING_OPTIONS */
6094
6095 pos = wpabuf_put(buf, OCV_OCI_EXTENDED_LEN);
6096 if (ocv_insert_extended_oci(&ci, pos) < 0) {
6097 wpabuf_free(buf);
6098 return NULL;
6099 }
6100 }
6101 #endif /* CONFIG_OCV */
6102
6103 wpa_hexdump_buf(MSG_DEBUG, "FILS: Association Request plaintext", buf);
6104
6105 *kek = sm->ptk.kek;
6106 *kek_len = sm->ptk.kek_len;
6107 wpa_hexdump_key(MSG_DEBUG, "FILS: KEK for AEAD", *kek, *kek_len);
6108 *snonce = sm->fils_nonce;
6109 wpa_hexdump(MSG_DEBUG, "FILS: SNonce for AEAD AAD",
6110 *snonce, FILS_NONCE_LEN);
6111 *anonce = sm->fils_anonce;
6112 wpa_hexdump(MSG_DEBUG, "FILS: ANonce for AEAD AAD",
6113 *anonce, FILS_NONCE_LEN);
6114
6115 return buf;
6116 }
6117
6118
fils_process_hlp_resp(struct wpa_sm * sm,const u8 * resp,size_t len)6119 static void fils_process_hlp_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
6120 {
6121 const u8 *pos, *end;
6122
6123 wpa_hexdump(MSG_MSGDUMP, "FILS: HLP response", resp, len);
6124 if (len < 2 * ETH_ALEN)
6125 return;
6126 pos = resp + 2 * ETH_ALEN;
6127 end = resp + len;
6128 if (end - pos >= 6 &&
6129 os_memcmp(pos, "\xaa\xaa\x03\x00\x00\x00", 6) == 0)
6130 pos += 6; /* Remove SNAP/LLC header */
6131 wpa_sm_fils_hlp_rx(sm, resp, resp + ETH_ALEN, pos, end - pos);
6132 }
6133
6134
fils_process_hlp_container(struct wpa_sm * sm,const u8 * pos,size_t len)6135 static void fils_process_hlp_container(struct wpa_sm *sm, const u8 *pos,
6136 size_t len)
6137 {
6138 const u8 *end = pos + len;
6139 u8 *tmp, *tmp_pos;
6140
6141 /* Check if there are any FILS HLP Container elements */
6142 while (end - pos >= 2) {
6143 if (2 + pos[1] > end - pos)
6144 return;
6145 if (pos[0] == WLAN_EID_EXTENSION &&
6146 pos[1] >= 1 + 2 * ETH_ALEN &&
6147 pos[2] == WLAN_EID_EXT_FILS_HLP_CONTAINER)
6148 break;
6149 pos += 2 + pos[1];
6150 }
6151 if (end - pos < 2)
6152 return; /* No FILS HLP Container elements */
6153
6154 tmp = os_malloc(end - pos);
6155 if (!tmp)
6156 return;
6157
6158 while (end - pos >= 2) {
6159 if (2 + pos[1] > end - pos ||
6160 pos[0] != WLAN_EID_EXTENSION ||
6161 pos[1] < 1 + 2 * ETH_ALEN ||
6162 pos[2] != WLAN_EID_EXT_FILS_HLP_CONTAINER)
6163 break;
6164 tmp_pos = tmp;
6165 os_memcpy(tmp_pos, pos + 3, pos[1] - 1);
6166 tmp_pos += pos[1] - 1;
6167 pos += 2 + pos[1];
6168
6169 /* Add possible fragments */
6170 while (end - pos >= 2 && pos[0] == WLAN_EID_FRAGMENT &&
6171 2 + pos[1] <= end - pos) {
6172 os_memcpy(tmp_pos, pos + 2, pos[1]);
6173 tmp_pos += pos[1];
6174 pos += 2 + pos[1];
6175 }
6176
6177 fils_process_hlp_resp(sm, tmp, tmp_pos - tmp);
6178 }
6179
6180 os_free(tmp);
6181 }
6182
6183
fils_process_assoc_resp(struct wpa_sm * sm,const u8 * resp,size_t len)6184 int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
6185 {
6186 const struct ieee80211_mgmt *mgmt;
6187 const u8 *end, *ie_start;
6188 struct ieee802_11_elems elems;
6189 int keylen, rsclen;
6190 enum wpa_alg alg;
6191 struct wpa_gtk_data gd;
6192 int maxkeylen;
6193 struct wpa_eapol_ie_parse kde;
6194
6195 if (!sm || !sm->ptk_set) {
6196 wpa_printf(MSG_DEBUG, "FILS: No KEK available");
6197 return -1;
6198 }
6199
6200 if (!wpa_key_mgmt_fils(sm->key_mgmt)) {
6201 wpa_printf(MSG_DEBUG, "FILS: Not a FILS AKM");
6202 return -1;
6203 }
6204
6205 if (sm->fils_completed) {
6206 wpa_printf(MSG_DEBUG,
6207 "FILS: Association has already been completed for this FILS authentication - ignore unexpected retransmission");
6208 return -1;
6209 }
6210
6211 wpa_hexdump(MSG_DEBUG, "FILS: (Re)Association Response frame",
6212 resp, len);
6213
6214 mgmt = (const struct ieee80211_mgmt *) resp;
6215 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_resp))
6216 return -1;
6217
6218 end = resp + len;
6219 /* Same offset for Association Response and Reassociation Response */
6220 ie_start = mgmt->u.assoc_resp.variable;
6221
6222 if (ieee802_11_parse_elems(ie_start, end - ie_start, &elems, 1) ==
6223 ParseFailed) {
6224 wpa_printf(MSG_DEBUG,
6225 "FILS: Failed to parse decrypted elements");
6226 goto fail;
6227 }
6228
6229 if (!elems.fils_session) {
6230 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
6231 return -1;
6232 }
6233 if (os_memcmp(elems.fils_session, sm->fils_session,
6234 FILS_SESSION_LEN) != 0) {
6235 wpa_printf(MSG_DEBUG, "FILS: FILS Session mismatch");
6236 wpa_hexdump(MSG_DEBUG, "FILS: Received FILS Session",
6237 elems.fils_session, FILS_SESSION_LEN);
6238 wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session",
6239 sm->fils_session, FILS_SESSION_LEN);
6240 }
6241
6242 if (!elems.rsn_ie) {
6243 wpa_printf(MSG_DEBUG,
6244 "FILS: No RSNE in (Re)Association Response");
6245 /* As an interop workaround, allow this for now since IEEE Std
6246 * 802.11ai-2016 did not include all the needed changes to make
6247 * a FILS AP include RSNE in the frame. This workaround might
6248 * eventually be removed and replaced with rejection (goto fail)
6249 * to follow a strict interpretation of the standard. */
6250 } else if (wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
6251 sm->ap_rsn_ie, sm->ap_rsn_ie_len,
6252 elems.rsn_ie - 2, elems.rsn_ie_len + 2)) {
6253 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
6254 "FILS: RSNE mismatch between Beacon/Probe Response and (Re)Association Response");
6255 wpa_hexdump(MSG_DEBUG, "FILS: RSNE in Beacon/Probe Response",
6256 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
6257 wpa_hexdump(MSG_DEBUG, "FILS: RSNE in (Re)Association Response",
6258 elems.rsn_ie, elems.rsn_ie_len);
6259 goto fail;
6260 }
6261
6262 /* TODO: FILS Public Key */
6263
6264 if (!elems.fils_key_confirm) {
6265 wpa_printf(MSG_DEBUG, "FILS: No FILS Key Confirm element");
6266 goto fail;
6267 }
6268 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) {
6269 wpa_printf(MSG_DEBUG,
6270 "FILS: Unexpected Key-Auth length %d (expected %d)",
6271 elems.fils_key_confirm_len,
6272 (int) sm->fils_key_auth_len);
6273 goto fail;
6274 }
6275 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_ap,
6276 sm->fils_key_auth_len) != 0) {
6277 wpa_printf(MSG_DEBUG, "FILS: Key-Auth mismatch");
6278 wpa_hexdump(MSG_DEBUG, "FILS: Received Key-Auth",
6279 elems.fils_key_confirm,
6280 elems.fils_key_confirm_len);
6281 wpa_hexdump(MSG_DEBUG, "FILS: Expected Key-Auth",
6282 sm->fils_key_auth_ap, sm->fils_key_auth_len);
6283 goto fail;
6284 }
6285
6286 #ifdef CONFIG_OCV
6287 if (wpa_sm_ocv_enabled(sm)) {
6288 struct wpa_channel_info ci;
6289
6290 if (wpa_sm_channel_info(sm, &ci) != 0) {
6291 wpa_printf(MSG_WARNING,
6292 "Failed to get channel info to validate received OCI in FILS (Re)Association Response frame");
6293 goto fail;
6294 }
6295
6296 if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
6297 channel_width_to_int(ci.chanwidth),
6298 ci.seg1_idx) != OCI_SUCCESS) {
6299 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
6300 "addr=" MACSTR " frame=fils-assoc error=%s",
6301 MAC2STR(sm->bssid), ocv_errorstr);
6302 goto fail;
6303 }
6304 }
6305 #endif /* CONFIG_OCV */
6306
6307 #ifdef CONFIG_IEEE80211R
6308 if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) {
6309 struct wpa_ie_data rsn;
6310
6311 /* Check that PMKR1Name derived by the AP matches */
6312 if (!elems.rsn_ie ||
6313 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
6314 &rsn) < 0 ||
6315 !rsn.pmkid || rsn.num_pmkid != 1 ||
6316 os_memcmp(rsn.pmkid, sm->pmk_r1_name,
6317 WPA_PMK_NAME_LEN) != 0) {
6318 wpa_printf(MSG_DEBUG,
6319 "FILS+FT: No RSNE[PMKR1Name] match in AssocResp");
6320 goto fail;
6321 }
6322 }
6323 #endif /* CONFIG_IEEE80211R */
6324
6325 /* Key Delivery */
6326 if (!elems.key_delivery) {
6327 wpa_printf(MSG_DEBUG, "FILS: No Key Delivery element");
6328 goto fail;
6329 }
6330
6331 /* Parse GTK and set the key to the driver */
6332 os_memset(&gd, 0, sizeof(gd));
6333 if (wpa_supplicant_parse_ies(elems.key_delivery + WPA_KEY_RSC_LEN,
6334 elems.key_delivery_len - WPA_KEY_RSC_LEN,
6335 &kde) < 0) {
6336 wpa_printf(MSG_DEBUG, "FILS: Failed to parse KDEs");
6337 goto fail;
6338 }
6339 if (!kde.gtk) {
6340 wpa_printf(MSG_DEBUG, "FILS: No GTK KDE");
6341 goto fail;
6342 }
6343 maxkeylen = gd.gtk_len = kde.gtk_len - 2;
6344 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
6345 gd.gtk_len, maxkeylen,
6346 &gd.key_rsc_len, &gd.alg))
6347 goto fail;
6348
6349 wpa_hexdump_key(MSG_DEBUG, "FILS: Received GTK", kde.gtk, kde.gtk_len);
6350 gd.keyidx = kde.gtk[0] & 0x3;
6351 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
6352 !!(kde.gtk[0] & BIT(2)));
6353 if (kde.gtk_len - 2 > sizeof(gd.gtk)) {
6354 wpa_printf(MSG_DEBUG, "FILS: Too long GTK in GTK KDE (len=%lu)",
6355 (unsigned long) kde.gtk_len - 2);
6356 goto fail;
6357 }
6358 os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2);
6359
6360 wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver");
6361 if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) {
6362 wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK");
6363 goto fail;
6364 }
6365
6366 if (ieee80211w_set_keys(sm, &kde) < 0) {
6367 wpa_printf(MSG_DEBUG, "FILS: Failed to set IGTK");
6368 goto fail;
6369 }
6370
6371 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
6372 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
6373 if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
6374 wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu",
6375 keylen, (long unsigned int) sm->ptk.tk_len);
6376 goto fail;
6377 }
6378
6379 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
6380 wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver",
6381 sm->ptk.tk, keylen);
6382 if (wpa_sm_set_key(sm, -1, alg, wpa_sm_get_auth_addr(sm), 0, 1,
6383 null_rsc, rsclen,
6384 sm->ptk.tk, keylen, KEY_FLAG_PAIRWISE_RX_TX) < 0) {
6385 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
6386 "FILS: Failed to set PTK to the driver (alg=%d keylen=%d auth_addr="
6387 MACSTR ")",
6388 alg, keylen, MAC2STR(wpa_sm_get_auth_addr(sm)));
6389 goto fail;
6390 }
6391
6392 wpa_sm_store_ptk(sm, sm->bssid, sm->pairwise_cipher,
6393 sm->dot11RSNAConfigPMKLifetime, &sm->ptk);
6394
6395 /* TODO: TK could be cleared after auth frame exchange now that driver
6396 * takes care of association frame encryption/decryption. */
6397 /* TK is not needed anymore in supplicant */
6398 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
6399 sm->ptk.tk_len = 0;
6400 sm->ptk.installed = 1;
6401 sm->tk_set = true;
6402
6403 /* FILS HLP Container */
6404 fils_process_hlp_container(sm, ie_start, end - ie_start);
6405
6406 /* TODO: FILS IP Address Assignment */
6407
6408 wpa_printf(MSG_DEBUG, "FILS: Auth+Assoc completed successfully");
6409 sm->fils_completed = 1;
6410 forced_memzero(&gd, sizeof(gd));
6411
6412 if (kde.transition_disable)
6413 wpa_sm_transition_disable(sm, kde.transition_disable[0]);
6414
6415 return 0;
6416 fail:
6417 forced_memzero(&gd, sizeof(gd));
6418 return -1;
6419 }
6420
6421
wpa_sm_set_reset_fils_completed(struct wpa_sm * sm,int set)6422 void wpa_sm_set_reset_fils_completed(struct wpa_sm *sm, int set)
6423 {
6424 if (sm)
6425 sm->fils_completed = !!set;
6426 }
6427
6428 #endif /* CONFIG_FILS */
6429
6430
wpa_fils_is_completed(struct wpa_sm * sm)6431 int wpa_fils_is_completed(struct wpa_sm *sm)
6432 {
6433 #ifdef CONFIG_FILS
6434 return sm && sm->fils_completed;
6435 #else /* CONFIG_FILS */
6436 return 0;
6437 #endif /* CONFIG_FILS */
6438 }
6439
6440
6441 #ifdef CONFIG_OWE
6442
owe_build_assoc_req(struct wpa_sm * sm,u16 group)6443 struct wpabuf * owe_build_assoc_req(struct wpa_sm *sm, u16 group)
6444 {
6445 struct wpabuf *ie = NULL, *pub = NULL;
6446 size_t prime_len;
6447
6448 if (group == 19)
6449 prime_len = 32;
6450 else if (group == 20)
6451 prime_len = 48;
6452 else if (group == 21)
6453 prime_len = 66;
6454 else
6455 return NULL;
6456
6457 crypto_ecdh_deinit(sm->owe_ecdh);
6458 sm->owe_ecdh = crypto_ecdh_init(group);
6459 if (!sm->owe_ecdh)
6460 goto fail;
6461 sm->owe_group = group;
6462 pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0);
6463 pub = wpabuf_zeropad(pub, prime_len);
6464 if (!pub)
6465 goto fail;
6466
6467 ie = wpabuf_alloc(5 + wpabuf_len(pub));
6468 if (!ie)
6469 goto fail;
6470 wpabuf_put_u8(ie, WLAN_EID_EXTENSION);
6471 wpabuf_put_u8(ie, 1 + 2 + wpabuf_len(pub));
6472 wpabuf_put_u8(ie, WLAN_EID_EXT_OWE_DH_PARAM);
6473 wpabuf_put_le16(ie, group);
6474 wpabuf_put_buf(ie, pub);
6475 wpabuf_free(pub);
6476 wpa_hexdump_buf(MSG_DEBUG, "OWE: Diffie-Hellman Parameter element",
6477 ie);
6478
6479 return ie;
6480 fail:
6481 wpabuf_free(pub);
6482 crypto_ecdh_deinit(sm->owe_ecdh);
6483 sm->owe_ecdh = NULL;
6484 return NULL;
6485 }
6486
6487
owe_process_assoc_resp(struct wpa_sm * sm,const u8 * bssid,const u8 * resp_ies,size_t resp_ies_len)6488 int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid,
6489 const u8 *resp_ies, size_t resp_ies_len)
6490 {
6491 struct ieee802_11_elems elems;
6492 u16 group;
6493 struct wpabuf *secret, *pub, *hkey;
6494 int res;
6495 u8 prk[SHA512_MAC_LEN], pmkid[SHA512_MAC_LEN];
6496 const char *info = "OWE Key Generation";
6497 const u8 *addr[2];
6498 size_t len[2];
6499 size_t hash_len, prime_len;
6500 struct wpa_ie_data data;
6501
6502 if (!resp_ies ||
6503 ieee802_11_parse_elems(resp_ies, resp_ies_len, &elems, 1) ==
6504 ParseFailed) {
6505 wpa_printf(MSG_INFO,
6506 "OWE: Could not parse Association Response frame elements");
6507 return -1;
6508 }
6509
6510 if (sm->cur_pmksa && elems.rsn_ie &&
6511 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, 2 + elems.rsn_ie_len,
6512 &data) == 0 &&
6513 data.num_pmkid == 1 && data.pmkid &&
6514 os_memcmp(sm->cur_pmksa->pmkid, data.pmkid, PMKID_LEN) == 0) {
6515 wpa_printf(MSG_DEBUG, "OWE: Use PMKSA caching");
6516 wpa_sm_set_pmk_from_pmksa(sm);
6517 return 0;
6518 }
6519
6520 if (!elems.owe_dh) {
6521 wpa_printf(MSG_INFO,
6522 "OWE: No Diffie-Hellman Parameter element found in Association Response frame");
6523 return -1;
6524 }
6525
6526 group = WPA_GET_LE16(elems.owe_dh);
6527 if (group != sm->owe_group) {
6528 wpa_printf(MSG_INFO,
6529 "OWE: Unexpected Diffie-Hellman group in response: %u",
6530 group);
6531 return -1;
6532 }
6533
6534 if (!sm->owe_ecdh) {
6535 wpa_printf(MSG_INFO, "OWE: No ECDH state available");
6536 return -1;
6537 }
6538
6539 if (group == 19)
6540 prime_len = 32;
6541 else if (group == 20)
6542 prime_len = 48;
6543 else if (group == 21)
6544 prime_len = 66;
6545 else
6546 return -1;
6547
6548 secret = crypto_ecdh_set_peerkey(sm->owe_ecdh, 0,
6549 elems.owe_dh + 2,
6550 elems.owe_dh_len - 2);
6551 secret = wpabuf_zeropad(secret, prime_len);
6552 if (!secret) {
6553 wpa_printf(MSG_DEBUG, "OWE: Invalid peer DH public key");
6554 return -1;
6555 }
6556 wpa_hexdump_buf_key(MSG_DEBUG, "OWE: DH shared secret", secret);
6557
6558 /* prk = HKDF-extract(C | A | group, z) */
6559
6560 pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0);
6561 if (!pub) {
6562 wpabuf_clear_free(secret);
6563 return -1;
6564 }
6565
6566 /* PMKID = Truncate-128(Hash(C | A)) */
6567 addr[0] = wpabuf_head(pub);
6568 len[0] = wpabuf_len(pub);
6569 addr[1] = elems.owe_dh + 2;
6570 len[1] = elems.owe_dh_len - 2;
6571 if (group == 19) {
6572 res = sha256_vector(2, addr, len, pmkid);
6573 hash_len = SHA256_MAC_LEN;
6574 } else if (group == 20) {
6575 res = sha384_vector(2, addr, len, pmkid);
6576 hash_len = SHA384_MAC_LEN;
6577 } else if (group == 21) {
6578 res = sha512_vector(2, addr, len, pmkid);
6579 hash_len = SHA512_MAC_LEN;
6580 } else {
6581 res = -1;
6582 hash_len = 0;
6583 }
6584 pub = wpabuf_zeropad(pub, prime_len);
6585 if (res < 0 || !pub) {
6586 wpabuf_free(pub);
6587 wpabuf_clear_free(secret);
6588 return -1;
6589 }
6590
6591 hkey = wpabuf_alloc(wpabuf_len(pub) + elems.owe_dh_len - 2 + 2);
6592 if (!hkey) {
6593 wpabuf_free(pub);
6594 wpabuf_clear_free(secret);
6595 return -1;
6596 }
6597
6598 wpabuf_put_buf(hkey, pub); /* C */
6599 wpabuf_free(pub);
6600 wpabuf_put_data(hkey, elems.owe_dh + 2, elems.owe_dh_len - 2); /* A */
6601 wpabuf_put_le16(hkey, sm->owe_group); /* group */
6602 if (group == 19)
6603 res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey),
6604 wpabuf_head(secret), wpabuf_len(secret), prk);
6605 else if (group == 20)
6606 res = hmac_sha384(wpabuf_head(hkey), wpabuf_len(hkey),
6607 wpabuf_head(secret), wpabuf_len(secret), prk);
6608 else if (group == 21)
6609 res = hmac_sha512(wpabuf_head(hkey), wpabuf_len(hkey),
6610 wpabuf_head(secret), wpabuf_len(secret), prk);
6611 wpabuf_clear_free(hkey);
6612 wpabuf_clear_free(secret);
6613 if (res < 0)
6614 return -1;
6615
6616 wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len);
6617
6618 /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */
6619
6620 if (group == 19)
6621 res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *) info,
6622 os_strlen(info), sm->pmk, hash_len);
6623 else if (group == 20)
6624 res = hmac_sha384_kdf(prk, hash_len, NULL, (const u8 *) info,
6625 os_strlen(info), sm->pmk, hash_len);
6626 else if (group == 21)
6627 res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info,
6628 os_strlen(info), sm->pmk, hash_len);
6629 forced_memzero(prk, SHA512_MAC_LEN);
6630 if (res < 0) {
6631 sm->pmk_len = 0;
6632 return -1;
6633 }
6634 sm->pmk_len = hash_len;
6635
6636 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sm->pmk, sm->pmk_len);
6637 wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
6638 pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, pmkid, NULL, 0,
6639 bssid, sm->own_addr, sm->network_ctx, sm->key_mgmt,
6640 NULL);
6641
6642 return 0;
6643 }
6644
6645 #endif /* CONFIG_OWE */
6646
6647
wpa_sm_set_fils_cache_id(struct wpa_sm * sm,const u8 * fils_cache_id)6648 void wpa_sm_set_fils_cache_id(struct wpa_sm *sm, const u8 *fils_cache_id)
6649 {
6650 #ifdef CONFIG_FILS
6651 if (sm && fils_cache_id) {
6652 sm->fils_cache_id_set = 1;
6653 os_memcpy(sm->fils_cache_id, fils_cache_id, FILS_CACHE_ID_LEN);
6654 }
6655 #endif /* CONFIG_FILS */
6656 }
6657
6658
6659 #ifdef CONFIG_DPP2
wpa_sm_set_dpp_z(struct wpa_sm * sm,const struct wpabuf * z)6660 void wpa_sm_set_dpp_z(struct wpa_sm *sm, const struct wpabuf *z)
6661 {
6662 if (sm) {
6663 wpabuf_clear_free(sm->dpp_z);
6664 sm->dpp_z = z ? wpabuf_dup(z) : NULL;
6665 }
6666 }
6667 #endif /* CONFIG_DPP2 */
6668
6669
6670 #ifdef CONFIG_PASN
6671
wpa_pasn_sm_set_caps(struct wpa_sm * sm,unsigned int flags2)6672 void wpa_pasn_sm_set_caps(struct wpa_sm *sm, unsigned int flags2)
6673 {
6674 if (flags2 & WPA_DRIVER_FLAGS2_SEC_LTF_STA)
6675 sm->secure_ltf = 1;
6676 if (flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_STA)
6677 sm->secure_rtt = 1;
6678 if (flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA)
6679 sm->prot_range_neg = 1;
6680 }
6681
6682 #endif /* CONFIG_PASN */
6683
6684
wpa_sm_pmksa_cache_reconfig(struct wpa_sm * sm)6685 void wpa_sm_pmksa_cache_reconfig(struct wpa_sm *sm)
6686 {
6687 if (sm)
6688 pmksa_cache_reconfig(sm->pmksa);
6689 }
6690
6691
wpa_sm_get_pmksa_cache(struct wpa_sm * sm)6692 struct rsn_pmksa_cache * wpa_sm_get_pmksa_cache(struct wpa_sm *sm)
6693 {
6694 return sm ? sm->pmksa : NULL;
6695 }
6696
6697
wpa_sm_set_cur_pmksa(struct wpa_sm * sm,struct rsn_pmksa_cache_entry * entry)6698 void wpa_sm_set_cur_pmksa(struct wpa_sm *sm,
6699 struct rsn_pmksa_cache_entry *entry)
6700 {
6701 if (sm)
6702 sm->cur_pmksa = entry;
6703 }
6704
6705
wpa_sm_set_driver_bss_selection(struct wpa_sm * sm,bool driver_bss_selection)6706 void wpa_sm_set_driver_bss_selection(struct wpa_sm *sm,
6707 bool driver_bss_selection)
6708 {
6709 if (sm)
6710 sm->driver_bss_selection = driver_bss_selection;
6711 }
6712